Mercurial Mercurial > tips / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
lxc.rst
author Oleksandr Gavenko <gavenkoa@gmail.com>
Tue, 29 Jan 2019 01:01:06 +0200
changeset 2347 26666adc0987
parent 2346 f644e8d27cd2
child 2348 fbfaded9734e
permissions -rw-r--r--
To include config as separate file.

.. -*- coding: utf-8; -*-

=====
 LXC
=====
.. contents::
   :local:

LXC releases
============

https://discuss.linuxcontainers.org/tags/release
  Announces of LXC & LXD releases.
https://discuss.linuxcontainers.org/t/lxc-3-0-0-has-been-released/1449
  LXC 3.0.0 has been released.

Supported templates
===================

https://github.com/lxc/lxc-templates
  Old style template scripts for LXC (prefer distrobuilder).
https://github.com/lxc/distrobuilder
  System container image builder for LXC and LXD.
https://brauner.github.io/2018/02/27/lxc-removes-legacy-template-build-system.html
  Details about replacing template stripts.

Install LXC under Debian
========================

Installation::

  $ sudo apt install lxc

Verify that your host/kernel satisfies LXC requirements::

  $ sudo lxc-checkconfig

To make network bridge install supplement packages::

  $ sudo apt-get install bridge-utils dnsmasq

To bootstrap Debian dostro into container install::

  $ sudo apt-get install debootstrap

To bring up network bridge create or edit ``/etc/default/lxc-net``::

  USE_LXC_BRIDGE="true"

  LXC_ADDR="10.0.0.1"
  LXC_NETMASK="255.255.255.0"
  LXC_NETWORK="10.0.0.0/24"
  LXC_DHCP_RANGE="10.0.0.2,10.0.0.254"
  LXC_DHCP_MAX="253"
  LXC_DHCP_CONFILE=""
  LXC_DOMAIN=""

and start service::

  $ sudo service lxc-net start
  $ sudo systemctl restart lxc-net.service

Create new container in LXC
===========================

Create container from template::

  $ sudo lxc-create -t $TMPL -n $NAME -- $EXTRA_ARGS

.. note::
   * ``-t`` defines distro name
   * ``-n`` gives name for container for further referencing
   * everything after ``--`` is passed to template script

Template name is based on file name from ``/usr/share/lxc/templates`` directory without ``lxc-``
prefix.

List available templates with::

  $ ls -alh /usr/share/lxc/templates/

Examples of container creation command::

  $ sudo lxc-create -t debian -n deb-sid --  -r sid --enable-non-free
  $ sudo lxc-create -t debian -n deb-testing --  -r testing
  $ sudo lxc-create -t debian -n deb-stable --  -r stable -a amd64

  $ sudo lxc-create -t alpine -n alpine-3.7 --  -r 3.7

Examples of destroying container::

  $ sudo lxc-destroy --name $NAME

Each template has own options, which can be passed after ``--``. To get help on template specific
options run::

  $ /usr/share/lxc/templates/lxc-ubuntu -h
  $ /usr/share/lxc/templates/lxc-debian -h
  $ /usr/share/lxc/templates/lxc-alpine -h
  $ /usr/share/lxc/templates/lxc-download -h
  ...

For Debian in order to use another miror::

  $ MIRROR=http://httpredir.debian.org/debian sudo lxc-create -t debian -n debtest -- -r sid

List of prebuild containers:

* Visit http://images.linuxcontainers.org/ (default storage of LXC project).
* Run ``/usr/share/lxc/templates/lxc-download --list``

Creating container by downloading pre-built image::

   sudo lxc-create -t download -n alpine-edge -- -d alpine -r edge -a amd64
   sudo lxc-create -t download -n debian-sid -- -d debian -r sid -a amd64
   sudo lxc-create -t download -n ubuntu-bio -- --dist ubuntu --release bionic --arch amd64

Since LXC v3.0 sh-templates moved to separate project and only 4 are left supported::

  $ lxc-create my-busybox -t busybox
  $ lxc-create my-x -t download
  $ lxc-create c1 -t local -- --metadata /path/to/meta.tar.xz --fstree /path/to/rootfs.tar.xz
  $ lxc-create c2 -t oci -- --url docker://alpine

Put ``veth`` network configuration into container config ``/var/lib/lxc/$NAME/config``::

  lxc.network.type = veth
  lxc.network.flags = up
  lxc.network.link = lxcbr0
  lxc.network.veth.pair = veth-stretch
  lxc.network.name = veth-stretch
  lxc.network.ipv4 = 192.168.99.12/24
  lxc.network.ipv4.gateway = 192.168.99.1

Fix DNS resolution in container::

  $ echo nameserver 8.8.8.8 | sudo tee /var/lib/lxc/$NAME/rootfs/etc/resolv.conf

LXC Container management
========================

List available containers::

  $ sudo lxc-ls
  $ sudo lxc-ls --fancy

Show details about container::

  $ sudo lxc-info --name $NAME

Start container::

  $ sudo lxc-start -n $NAME

Show boot process output during container start with ``-F``::

  $ sudo lxc-start -n $NAME -F
  $ sudo lxc-start -n $NAME --foreground

Safely stop container (by default sends ``SIGPWR`` signal to container ``init`` process and waits 60
sec and then send ``SIGKILL``)::

  $ sudo lxc-stop -n $NAME

To signal reboot (by default sends ``SIGINT`` signal to container ``init`` process)::

  $ sudo lxc-stop -n $NAME -r
  $ sudo lxc-stop -n $NAME --reboot

Urgently stop container (kills all processes)::

  $ sudo lxc-stop -n $NAME -k
  $ sudo lxc-stop -n $NAME --kill

Mark container to start on boot in ``/var/lib/lxc/$NAME/config``::

  lxc.start.auto = 1

Link containers in non standard location to take them in account::

  $ ln -s /opt/lxc/$NAME /var/lib/lxc/$NAME

Run command in running container::

  $ sudo lxc-attach -n $NAME
  $ sudo lxc-attach -n $NAME bash
  $ sudo lxc-attach -n $NAME -- ls -a
  $ sudo lxc-attach -n $NAME -- apk list

Making snapshot
===============

See ``lxc-snapshot(1)``.

List of snapshots::

  $ sudo lxc-snapshot --list
  $ sudo lxc-snapshot -n $NAME --list

Make a snapshot::

  $ sudo lcx-halt -n $NAME
  $ sudo lcx-snapshot -n $NAME

Restore from snapshot::

  $ sudo lcx-halt -n $NAME
  $ sudo lcx-snapshot -n $NAME -r $SNAPNAME
tips