Difference between revisions of "LXC"
| Line 9: | Line 9: | ||
=== Optional: user configuration for unprivileged containers === | === Optional: user configuration for unprivileged containers === | ||
| − | + | On Ubuntu 14.04 and later, you can now use unprivileged containers, i.e. you don't need to use sudo all the time, and the containers live in your <code>~/.local/share/lxc</code> directory. From 15.04 onwards this has been set up for you, but for 14.04 LTS, the Ubuntu Server Guide tells you all you need to know to set this up; the short version is that unprivileged containers use user namespaces, so you need to create a subuid and subgid mapping for your user and allow your user to access the bridge network: | |
sudo usermod -v 100000-200000 -w 100000-200000 $USER | sudo usermod -v 100000-200000 -w 100000-200000 $USER | ||
Revision as of 01:03, 3 December 2015
LXC, or Linux Containers, is a lightweight chroot-style virtual machine emulation in the main Linux kernel; most modern distributions should have it. The LXC Ubuntu Server Guide is very good and contains pretty much all you need to know. A lot of work has been done on 14.04 to make it very simple to get started and now supports unprivileged containers. These instructions assume Ubuntu 14.04 LTS.
Install and set up LXC containers
In sum, we install LXC and create a base container, set it up nicely, then clone project containers from it as required. Here's roughly what I had to do to set up LXC nicely.
sudo apt-get install lxc
Optional: user configuration for unprivileged containers
On Ubuntu 14.04 and later, you can now use unprivileged containers, i.e. you don't need to use sudo all the time, and the containers live in your ~/.local/share/lxc directory. From 15.04 onwards this has been set up for you, but for 14.04 LTS, the Ubuntu Server Guide tells you all you need to know to set this up; the short version is that unprivileged containers use user namespaces, so you need to create a subuid and subgid mapping for your user and allow your user to access the bridge network:
sudo usermod -v 100000-200000 -w 100000-200000 $USER echo "$USER veth lxcbr0 2" | sudo tee -a /etc/lxc/lxc-usernet
Then configure your user account for LXC containers, :
mkdir -p ~/.config/lxc echo "lxc.id_map = u 0 100000 65536 lxc.id_map = g 0 100000 65536 lxc.network.type = veth lxc.network.link = lxcbr0" > ~/.config/lxc/default.conf
Create a base container to serve as a template
The -d -r and -a options are distribution, release, and architecture.
lxc-create -t download -n base -- -d ubuntu -r trusty -a amd64 lxc-start -n base
Log in with the default account, (username ubuntu, password ubuntu), then add yourself as a user with sudo:
sudo adduser username sudo adduser username sudo
This installs some nifty default guff, fixes the probably broken UTC timezone, and fixes locales BEFORE you install things that expect UTF-8 locales, but in particular PostgreSQL (otherwise you end up with SQL_ASCII encoding and nobody wants that):
sudo apt-get install git bash-completion language-pack-en openssh-server sudo dpkg-reconfigure tzdata
Set up a SSH shortcut for containers
Back on your host workstation, set up an SSH shortcut. If you add the following to your ~/.ssh/config, you will be able to ssh to your containers nice and easily:
# LXC containers
Host *.lxc
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ProxyCommand nc $(host $(echo %h | sed "s/\.lxc//g") 10.0.3.1 | tail -1 | awk '{print $NF}') %p
Then one can ssh to the containers by appending .lxc to the container name:
ssh myproject.lxc
and then schlepp your handy stuff over:
scp -rp ~/.bashrc ~/.vim* ~/.gitconfig base.lxc: scp ~/.ssh/authorized_keys base.lxc:.ssh/authorized_keys
Clone a new project container from the template
Now you should have a useful base container, so clone it for your nifty-kitten project and start it (most usefully in a screen session):
lxc-shutdown -n base lxc-clone -o base -n nifty-kitten screen lxc-start -n nifty-kitten [Ctrl-a] [d] to detach
ssh nifty-kitten.lxc