LXC or Linux Continers is is an operating system-level virtualization, using which we can run multiple isolated Linux systems on a single host. LXC relies on the cgroups functionality of the Linux Kernels. Cgroups (control groups) is a Linux kernel feature to limit, account and isolate resource usage (CPU, memory, disk I/O, etc.) of process groups. LXC does not provide a virtual machine, but rather provides a virtual environment that has its own process and network space. It is similar to a chroot, but offers much more isolation.
First, let’s install the necessary packages.
$ apt-get install lxc btrutils
By default in Ubuntu, when we install the lxc package, it will create a default bridge network called “lxcbr0”. If we don’t want to use this bridge network, we can disbale it by editing the
/etc/default/lxc file. We can also create bridge networks using the “btrcl” or we can directly define the bridge networks in the interfaces file. There are a few templates, which gts shipped with the lxc package, which will be present in the
/usr/share/lxc/template. I’m going to use the default template to create the containers. We can also use OPENVZ templates to create containers.
I’m going to keep my keep all my container’s files in a default path say “/lxc”
$ mkdir /lxc
Now we can create the first debian container.
$ mkdir /lxc/vm0 # where vm0 is the name of my conatiner. $ /usr/share/lxc/templates/lxc-debian -p /lxc/vm0
Now this will install and build the necessary files for the container. If we go inside the vm0 folder, we can see two things, one is the config file, and second is the root folder of the container. This root folder will be the virtual environment for our container. Now we can edit the config file, to mention the default Network options.
lxc.network.ipv4 = 192.168.0.123/24 # IP address should end with CIDR lxc.network.hwaddr = 4a:59:43:49:79:bf # MAC address lxc.network.link = br0 # name of the bridge interface lxc.network.type = veth lxc.network.veth.pair = veth_vm0
Now we need to add the ip to the lxc’s interface file alos, for that we need to edit the
/lxc/vm0/rootfs/etc/network/interfaces file and set the ip address in it for the interface eth0
We can create a bridge interface and we can bind it with the physical interface of the host, so that the lxc will be in the same network as that of the host. If there is a virtual network already existing, for example, when we install libvirt, it will create a bridge interface called “virbr0”, or in Ubuntu the lxc package installation wil create a bridge interface called ‘lxcbr0’, we can alos use those with lxc. Or we can define a bridge interface in the “interfaces” file. Below is a configuration of creating a bridge interface.
auto eth0 iface eth0 inet manual # Bridge setup iface br0 inet static bridge_ports eth0 address 192.168.0.2 broadcast 192.168.0.255 netmask 255.255.255.0 gateway 192.168.0.1
If a separate network has to be given for the lxc’s, then we can to go for NATing. The below configuration on the interfaces file is for the NAT enabled.
auto br0 iface br0 inet static address 172.16.0.1 netmask 255.255.255.0 bridge_stp off bridge_maxwait 5 pre-up /usr/sbin/brctl addbr br0 post-up /usr/sbin/brctl setfd br0 0 post-up /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up echo 1 > /proc/sys/net/ipv4/ip_forward
Once we are ready with the configurations, we can start our container using the below command.
$ lxc-start -n vm0 -f /lxc/vm0/config
In the NAT scenario, the lxc machines are under the “172.16” network, while the host lies in “192.168.0” network. There are some good projects which works around with lxc, vagabond is an example for that.Vagabond is a tool integrated with Chef to build local nodes easily and most importantly, quickly. Vagabond is built for Chef.