Container management with LXC
Worlds Apart
Chroot lets you run a largely autonomous guest system on a computer, without the need to emulate hardware. The LXC container management tool refines this technique with a comprehensive range of additional functions.
Chroot seals off parts of a directory tree against a break-out, thus isolating users, groups, or special services in an area that is harmless for the rest of the system. FreeBSD refined the concept with "Jails," Solaris with "Zones," and Linux with container services such as LXC [1]. LXC does not use virtual machines, like VMware, but creates a virtual environment with its own processes, but using a shared kernel on the host system.
Getting Started
The following exercise uses Debian 8.0 "jessie" as the host, but it can also be transferred to other systems like openSUSE or Ubuntu with minor changes.
To begin, you need to install the lxc, lxctl, and libvirt-bin packages, including the dependencies required by the package manager (e.g., debootstrap). If you have a custom kernel, you need to enable control groups (cgroups), which you can check with the command:
lxc-checkconfig
Depending on the installation source, creating the root filesystem for a container can take some time. On Debian, perform this task with the command:
$ LANG=en_US.UTF-8 SUITE=jessie MIRROR=http://httpredir.debian.org/debian lxc-create -n debian8 -t debian
The LANG
switch defines the language settings, and SUITE
defines the desired template. The -n
option lets you assign the container name (Figure 1). Subsystem templates created with the -t
option come from the /usr/share/lxc/templates/
directory. However, you have shorter way to accomplish the same thing, as an alternative proposal from the Debian wiki [2] for creating the container shows:
$ lxc-create -n debian8 -t debian -- -r jessie
After successful installation, the procedure ends by outputting a randomly generated root password, which you should write down and change with the passwd
command when you first log in to the container. Entering lxc-ls
lists all existing containers.
To access the container you just created at a local level, launch it with the
lxc-start -n debian8 -d
command. As with almost all lxc
commands, you use the -n
option to name the container (Figure 2). Make sure you enter the -d
option when starting; otherwise, the login prompt appears, and you cannot kill it in the same terminal! Now request a console with the login prompt:
lxc-console -n debian8
To help you discover the status and process ID of an active container and to stop the current container, use the
lxc-info -n <container> lxc-stop -n <container>
commands. For a selection of the most important control programs, see Table 1.
Table 1
Important LXC commands
Action | Command |
---|---|
Create, Clone, Delete |
|
Create a container |
|
Clone a container |
|
Delete a container |
|
Starting and Stopping |
|
Start a container |
|
Freeze a container |
|
Continue a container |
|
Stop a container |
|
Information |
|
List all containers |
|
List all active containers |
|
List all stopped containers |
|
Info for a container |
|
IP address of the container |
|
Process ID of the container |
|
Monitor a container |
|
Running Applications |
|
Start an application in the container |
|
Network
To access the container on the network, you need to adjust the network settings on the host and guest. In both cases you need to edit the /etc/network/interfaces
file. Additionally, you need to configure the network settings for the container in /var/lib/lxc/<Container>/config
. To address the container with its own name on the LAN, add an entry to /etc/hosts
(see the box "Network Configuration"); then, run adduser <user>
to create a user in the container. Now enter
Network Configuration
In the following examples, the network is 192.168.0.0/24, with an IP address of 192.168.0.37 for the host system and 192.168.0.90 for the guest; the container name is debian8
. You need to adjust the values from the listings to match your local conditions.
Listing 1 shows the changes to the /etc/network/interfaces
file on the host; for correct name resolution in this case, also add the line 192.168.0.90 debian8
to the /etc/hosts
file. Then, working on the host system, open the /var/lib/lxc/debian8/config
file, and add the entries from Listing 2. Finally, modify the /var/lib/lxc/debian8/rootfs/etc/network/interfaces
file as shown in Listing 3.
The settings configure the network card in the host as a bridge (br0
instead eth0
). The container has a virtual Ethernet (veth
) interface to which br0
is connected.
After completing the changes, you first start the network on the host with the
/etc/init.d/networking restart
command. Now test the configuration by pinging the IP address of the container. To verify name resolution, you can specify the hostname instead of the IP address.
Listing 1
Host /etc/network/interfaces
Listing 2
Host /var/lib/lxc/debian8/config
Listing 3
Container Network Setup
systemctl status sshd.service
to check whether the SSH server is running in the container (Figure 3). When you pop up a new terminal, log in with
ssh <user>@<container>
and respond to the prompt for the new SSH keys; the login to the shell should work. You can log off again by typing exit
.
Cloning Containers
To create a clone of the debian8
container, you just type:
lxc-clone -o original -n new
But this only works if you stop the guest system first. Cloning in our lab took about 20 seconds. Next, change the IP address under /var/lib/lxc/debian_clone/config
and /var/lib/lxc/debian_clone/rootfs/etc/network/interfaces
to suit your needs. You also need to add an appropriate entry for the cloned container to the hosts
files. When you start the cloned container, try to open a connection via SSH. The configuration file of the clone might have more entries than those of the original – this is normal.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.
-
Plasma Desktop 6.1.4 Release Includes Improvements and Bug Fixes
The latest release from the KDE team improves the KWin window and composite managers and plenty of fixes.
-
Manjaro Team Tests Immutable Version of its Arch-Based Distribution
If you're a fan of immutable operating systems, you'll be thrilled to know that the Manjaro team is working on an immutable spin that is now available for testing.