"LinuX Containers (LXC) provide lightweight virtualization that lets you isolate processes and resources without the need to provide instruction interpretation mechanisms and other complexities of full virtualization."

In this tutorial I provide step by step instructions to install LXC on an Ubuntu Natty server.

Basic *nix knowledge is assumed though.

Install required packages

apt-get install lxc debootstrap bridge-utils screen

Add a new bridge for LXC, including NAT rule

Each container will have its own local ip, which will be bound to a bridge network interface on the main server called "br-lxc".

The IP of the bridge is 192.168.254.1, the first container will get IP 192.168.254.2, the second will get 192.168.254.3, etc.

In /etc/network/interfaces add the following:

auto br-lxc
iface br-lxc inet static
        address 192.168.254.1
        netmask 255.255.255.0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
        pre-down echo 0 > /proc/sys/net/ipv4/ip_forward
        pre-down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

        bridge_ports none
        bridge_stp off

Bring up the bridge:


ifup br-lxc


Create a mountpoint and mount cgroup

mkdir /cgroup
echo "cgroup /cgroup cgroup" >> /etc/fstab
mount /cgroup

Create the first container

First create an LXC configuration file for the container named <container name>.conf:
 

        lxc.network.type = veth
        lxc.network.flags = up
        lxc.network.link = br-lxc
        lxc.network.ipv4 = 192.168.254.2/24
        lxc.network.name = eth0
        lxc.cgroup.cpu.shares = 512
        lxc.cgroup.memory.limit_in_bytes = 1024M
        lxc.cgroup.memory.memsw.limit_in_bytes = 3072M

This container is limited on cpu shares (512 vs the default 1024), a maximum amount of 1024M RAM and a maximum total amount of memory (RAM+swap) of 3072M

Next we create the container:

lxc-create -n <container name> -t natty -f <container name>.conf


The container will contain its own minimal version of Ubuntu Natty. The files of the container can be found in /var/lib/lxc/<container name>/rootfs/.

Configure networking

Edit the file /var/lib/lxc/<container name>/rootfs/etc/network/interfaces and make it look like this:

    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet static
        address 192.168.254.2
        netmask 255.255.255.0
        gateway 192.168.254.1

You can then forward ports to your container with basic iptables:
 

iptables -t nat -I PREROUTING -p tcp -d <external IP> -j DNAT --dport <port> --to-destination 192.168.254.2

Sharing foders between host and container (optional)

If you want a folder to be shared between the host and a container, or between multiple containers, you can do that with a bind mount. For example, to share the folder /var/data, add the following to /etc/fstab:

/var/data/        /var/lib/lxc/<container name>/rootfs/var/data/     none    bind    0       0

Make sure the directories exist (mkdir), and mount them:

mount /var/lib/lxc/<container name>/rootfs/var/data/

Start the container

I always start the container in a screen, so it's accessible without using SSH.

screen -dmS init-<container name> lxc-start -n  <container name>

A screen session named init-<container name> will be created in the background.

You can log in with root/root. Either ssh to it, or if that doesn't work connect to the screen. I had the problem that the network didn't always come up. When this happens, log in through the screen and type ifdown eth0 && ifup eth0, and everything should work.

Credits:

• http://www.stgraber.org/category/lxc/
• http://www.phenona.com/blog/using-lxc-linux-containers-in-amazon-ec2/
• https://help.ubuntu.com/community/LXC