Getting started with LXC on Debian Wheezy

EDIT: Deprecated article. I think libvirt is overkill in this case. I plan to update the article with bridge-utils in some time.

LXC (LinuX Containers) is an operating system-level virtualization method for running multiple isolated Linux systems (containers) on a single control host. This is extremely useful for easy/fast deployments and tests without messing with the host.

In this article, I will briefly explain how to install a Debian Wheezy based container inside a Debian Wheezy host. I will use libvirt for the network part.

Prepare the host

  • Install required packages
host# apt-get install lxc
  • Required: Mount cgroup reboot save.
# Update /etc/fstab with cgroup
host# echo "cgroup  /sys/fs/cgroup  cgroup  defaults  0   0" >> /etc/fstab
# Try to mount /sys/fs/cgroup
host# mount /sys/fs/cgroup
  • Check kernel configuration. Everything should be 'enabled'.
host# lxc-checkconfig
Kernel config /proc/config.gz not found, looking in other places...
Found kernel config file /boot/config-3.2.0-4-amd64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
  • Setup the network
host# apt-get install libvirt-bin
  • Important: Keep in mind that you cannot edit a network that is ON. So if you want to configure it, turn it OFF before:
host# virsh net-destroy default
host# virsh net-edit default
host# virsh net-start default
  • Optional static DHCP config: If you like to give the containers always the same IP (mapped by mac address) you could enhance the dhcp node in your network config.
<!-- config sample -->
<dhcp>
  <range start="192.168.122.100" end="192.168.122.254" />
  <host mac="00:1E:A2:B6:7E:DA" name="cozy" ip="192.168.122.101" />
</dhcp>
  • Verify that the network 'default' is enabled:
host# virsh net-info default
Name            default
UUID            3a4c0467-bab8-97df-98aa-e053d1c16df6
Active:         yes
Persistent:     yes
Autostart:      no
Bridge:         virbr0
  • Optional: Make network 'default' start when host boots.
host# virsh net-autostart default
host# virsh net-info default # You can verify that autostart is set to 'yes'

Create the container

# Template intallation:
host# wget https://github.com/simonvanderveldt/lxc-debian-wheezy-template/raw/master/lxc-debian-wheezy-robvdhoeven -O /usr/share/lxc/templates/lxc-debian-wheezy
host# chown root:root /usr/share/lxc/templates/lxc-debian-wheezy
host# chmod +x /usr/share/lxc/templates/lxc-debian-wheezy
  • Create a container using the newly installed template 'debian-wheezy':
host# lxc-create -n cozy -t debian-wheezy # let's name it 'cozy' because I plan to install cozycloud in it :)
  • Configure the network of the container:
host# vi /var/lib/lxc/cozy/config
# Config sample
lxc.utsname = cozy
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = virbr0 # This is important. You should have this NIC on your host.
lxc.network.ipv4 = 192.168.122.101/24 # For DHCP, use 0.0.0.0/24
lxc.network.hwaddr = 00:1E:A2:B6:7E:DA # For a static DHCP configuration, use the same ethernet address you specified for virsh 'default'
  • Optional: Change the path of the rootfs. Useful if your host's rootfs is not big...
host# vi /var/lib/lxc/cozy/config
# config sample
lxc.rootfs = /home/lxc/cozy
# don't forget to move /var/lib/lxc/cozy/rootfs to /home/lxc/cozy ;)

Start the container

host# lxc-start -n cozy # usefull the see the transcript of the boot. This way you can see if the container is booting properly.
# or
host# lxc-start -n cozy -d # use this command to daemonize the container launch.
  • You can now open a console to the container.
host# lxc-console -n cozy # C-A Q to quit
  • Optional: Add the entry to your /etc/hosts to make it easy to SSH to it.
host# echo "192.168.122.101 cozy" >> /etc/hosts
  • Connect to your container using SSH:
host# ssh root@cozy # default password is 'root'
cozy# echo Enjoy :)
  • Bonus: here is an extract of a pstree on the host running a cozycloud container
├─lxc-start───init─┬─cron
│                  ├─dbus-daemon
│                  ├─dhclient
│                  ├─5*[getty]
│                  ├─master─┬─pickup
│                  │        └─qmgr
│                  ├─nginx───nginx
│                  ├─rsyslogd───3*[{rsyslogd}]
│                  ├─sshd
│                  └─supervisord─┬─beam.smp─┬─4*[couchjs───{couchjs}]
│                                │          ├─sh
│                                │          └─12*[{beam.smp}]
│                                ├─node─┬─2*[node───{node}]
│                                │      └─{node}
│                                └─python