Difference between revisions of "LXC"
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | '''LXC''', or '''Linux Containers''', is | + | '''LXC''', or '''Linux Containers''', is a lightweight chroot-style virtual machine emulation in the main Linux kernel; most modern distributions should have it. The [https://help.ubuntu.com/serverguide/lxc.html LXC Ubuntu Server Guide] is very good and contains pretty much all you need to know. A lot of work has been done on 14.04 to make it very simple to get started and now supports unprivileged containers. These instructions assume Ubuntu 14.04 LTS. |
| − | |||
| − | == Install and set up LXC | + | == Install and set up LXC containers == |
In sum, we install LXC and create a base container, set it up nicely, then clone project containers from it as required. Here's roughly what I had to do to set up LXC nicely. | In sum, we install LXC and create a base container, set it up nicely, then clone project containers from it as required. Here's roughly what I had to do to set up LXC nicely. | ||
sudo apt-get install lxc | sudo apt-get install lxc | ||
| + | |||
| + | === Optional: user configuration for unprivileged containers === | ||
| + | |||
| + | You can use unprivileged containers, i.e. you don't need to use sudo all the time, and the containers live in your <code>~/.local/share/lxc</code> directory. The Ubuntu Server Guide tells you all you need to know to set this up; the short version is that unprivileged containers use user namespaces, so you need to create a subuid and subgid mapping for your user and allow your user to access the bridge network: | ||
| + | |||
| + | sudo usermod -v 100000-200000 -w 100000-200000 $USER | ||
| + | echo "$USER veth lxcbr0 2" | sudo tee -a /etc/lxc/lxc-usernet | ||
| + | |||
| + | Then configure your user account for LXC containers, : | ||
| + | |||
| + | mkdir -p ~/.config/lxc | ||
| + | echo "lxc.include = /etc/lxc/default.conf | ||
| + | lxc.idmap = u 0 100000 65536 | ||
| + | lxc.idmap = g 0 100000 65536" > ~/.config/lxc/default.conf | ||
=== Create a base container to serve as a template === | === Create a base container to serve as a template === | ||
| − | + | The -d -r and -a options are distribution, release, and architecture. | |
| − | + | ||
| + | lxc-create -t download -n base -- -d ubuntu -r trusty -a amd64 | ||
| + | lxc-start -n base | ||
Log in with the default account, (username ubuntu, password ''ubuntu''), then add yourself as a user with sudo: | Log in with the default account, (username ubuntu, password ''ubuntu''), then add yourself as a user with sudo: | ||
| Line 44: | Line 59: | ||
=== Clone a new project container from the template === | === Clone a new project container from the template === | ||
| − | Now you should have a useful base container, so clone it for your ''nifty-kitten'' project and start it (most usefully in a | + | Now you should have a useful base container, so clone it for your ''nifty-kitten'' project and start it (most usefully in a screen session): |
| − | + | lxc-shutdown -n base | |
| − | + | lxc-clone -o base -n '''nifty-kitten''' | |
screen | screen | ||
| − | + | lxc-start -n '''nifty-kitten''' | |
'''''[Ctrl-a] [d]''''' ''to detach'' | '''''[Ctrl-a] [d]''''' ''to detach'' | ||
| + | |||
| + | ssh nifty-kitten.lxc | ||
Latest revision as of 11:35, 20 August 2021
LXC, or Linux Containers, is a lightweight chroot-style virtual machine emulation in the main Linux kernel; most modern distributions should have it. The LXC Ubuntu Server Guide is very good and contains pretty much all you need to know. A lot of work has been done on 14.04 to make it very simple to get started and now supports unprivileged containers. These instructions assume Ubuntu 14.04 LTS.
Install and set up LXC containers
In sum, we install LXC and create a base container, set it up nicely, then clone project containers from it as required. Here's roughly what I had to do to set up LXC nicely.
sudo apt-get install lxc
Optional: user configuration for unprivileged containers
You can use unprivileged containers, i.e. you don't need to use sudo all the time, and the containers live in your ~/.local/share/lxc directory. The Ubuntu Server Guide tells you all you need to know to set this up; the short version is that unprivileged containers use user namespaces, so you need to create a subuid and subgid mapping for your user and allow your user to access the bridge network:
sudo usermod -v 100000-200000 -w 100000-200000 $USER echo "$USER veth lxcbr0 2" | sudo tee -a /etc/lxc/lxc-usernet
Then configure your user account for LXC containers, :
mkdir -p ~/.config/lxc echo "lxc.include = /etc/lxc/default.conf lxc.idmap = u 0 100000 65536 lxc.idmap = g 0 100000 65536" > ~/.config/lxc/default.conf
Create a base container to serve as a template
The -d -r and -a options are distribution, release, and architecture.
lxc-create -t download -n base -- -d ubuntu -r trusty -a amd64 lxc-start -n base
Log in with the default account, (username ubuntu, password ubuntu), then add yourself as a user with sudo:
sudo adduser username sudo adduser username sudo
This installs some nifty default guff, fixes the probably broken UTC timezone, and fixes locales BEFORE you install things that expect UTF-8 locales, but in particular PostgreSQL (otherwise you end up with SQL_ASCII encoding and nobody wants that):
sudo apt-get install git bash-completion language-pack-en openssh-server sudo dpkg-reconfigure tzdata
Set up a SSH shortcut for containers
Back on your host workstation, set up an SSH shortcut. If you add the following to your ~/.ssh/config, you will be able to ssh to your containers nice and easily:
# LXC containers
Host *.lxc
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ProxyCommand nc $(host $(echo %h | sed "s/\.lxc//g") 10.0.3.1 | tail -1 | awk '{print $NF}') %p
Then one can ssh to the containers by appending .lxc to the container name:
ssh myproject.lxc
and then schlepp your handy stuff over:
scp -rp ~/.bashrc ~/.vim* ~/.gitconfig base.lxc: scp ~/.ssh/authorized_keys base.lxc:.ssh/authorized_keys
Clone a new project container from the template
Now you should have a useful base container, so clone it for your nifty-kitten project and start it (most usefully in a screen session):
lxc-shutdown -n base lxc-clone -o base -n nifty-kitten screen lxc-start -n nifty-kitten [Ctrl-a] [d] to detach
ssh nifty-kitten.lxc