Debian, virtualization

Virtualization with LXC

LXC or Linux Continers is is an operating system-level virtualization, using which we can run multiple isolated Linux systems on a single host. LXC relies on the cgroups functionality of the Linux Kernels. Cgroups (control groups) is a Linux kernel feature to limit, account and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups. LXC does not provide a virtual machine, but rather provides a virtual environment that has its own process and network space. It is similar to a chroot, but offers much more isolation.

First, let’s install the necessary packages.

$ apt-get install lxc btrutils

By default in Ubuntu, when we install the lxc package, it will create a default bridge network called “lxcbr0”. If we don’t want to use this bridge network, we can disbale it by editing the /etc/default/lxc file. We can also create bridge networks using the “btrcl” or we can directly define the bridge networks in the interfaces file. There are a few templates, which gts shipped with the lxc package, which will be present in the /usr/share/lxc/template. I’m going to use the default template to create the containers. We can also use OPENVZ templates to create containers.

I’m going to keep my keep all my container’s files in a default path say “/lxc”

$ mkdir /lxc

Now we can create the first debian container.

$ mkdir /lxc/vm0    # where vm0 is the name of my conatiner.

$ /usr/share/lxc/templates/lxc-debian -p /lxc/vm0

Now this will install and build the necessary files for the container. If we go inside the vm0 folder, we can see two things, one is the config file, and second is the root folder of the container. This root folder will be the virtual environment for our container. Now we can edit the config file, to mention the default Network options.

lxc.network.ipv4 = 192.168.0.123/24 # IP address should end with CIDR
lxc.network.hwaddr = 4a:59:43:49:79:bf # MAC address
lxc.network.link = br0 # name of the bridge interface
lxc.network.type = veth 
lxc.network.veth.pair = veth_vm0

Now we need to add the ip to the lxc’s interface file alos, for that we need to edit the /lxc/vm0/rootfs/etc/network/interfaces file and set the ip address in it for the interface eth0
We can create a bridge interface and we can bind it with the physical interface of the host, so that the lxc will be in the same network as that of the host. If there is a virtual network already existing, for example, when we install libvirt, it will create a bridge interface called “virbr0”, or in Ubuntu the lxc package installation wil create a bridge interface called ‘lxcbr0’, we can alos use those with lxc. Or we can define a bridge interface in the “interfaces” file. Below is a configuration of creating a bridge interface.

    auto eth0
    iface eth0 inet manual

# Bridge setup
    iface br0 inet static
        bridge_ports eth0 
        address 192.168.0.2
        broadcast 192.168.0.255
        netmask 255.255.255.0
        gateway 192.168.0.1

If a separate network has to be given for the lxc’s, then we can to go for NATing. The below configuration on the interfaces file is for the NAT enabled.

auto br0
iface br0 inet static
address 172.16.0.1
netmask 255.255.255.0
bridge_stp off
bridge_maxwait 5
pre-up  /usr/sbin/brctl addbr br0
post-up /usr/sbin/brctl setfd br0 0
post-up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
post-up echo 1 > /proc/sys/net/ipv4/ip_forward

Once we are ready with the configurations, we can start our container using the below command.

$ lxc-start -n vm0 -f /lxc/vm0/config

In the NAT scenario, the lxc machines are under the “172.16” network, while the host lies in “192.168.0” network. There are some good projects which works around with lxc, vagabond is an example for that.Vagabond is a tool integrated with Chef to build local nodes easily and most importantly, quickly. Vagabond is built for Chef.

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s