Linux Containers

From Funtoo Linux
Revision as of 19:21, 1 November 2011 by Drobbins (Talk)

Jump to: navigation, search

Linux Containers, or LXC, is a Linux feature that allows Linux to run one or more isolated virtual systems (with their own network interfaces, process namespace, user namespace, and power state) using a single Linux kernel on a single server.

Contents

Configuring the Funtoo Host System

Install LXC kernel

Emerge lxc

Configure Networking For Container

Typically, one uses a bridge to allow containers to connect to the network. This is how to do it under Funtoo Linux:

  1. create a bridge using the Funtoo network configuration scripts. Name the bridge something like brwan (using /etc/init.d/netif.brwan). Configure your bridge to have an IP address.
  2. Make your physical interface, such as eth0, an interface with no IP address (use the Funtoo interface-noip template.)
  3. Make netif.eth0 a slave of netif.brwan in /etc/conf.d/netif.brwan.
  4. Enable your new bridged network and make sure it is functioning properly on the host.

You will now be able to configure LXC to automatically add your container's virtual ethernet interface to the bridge when it starts, which will connect it to your network.

Setting up a Funtoo Linux LXC Container

Here are the steps required to get Funtoo Linux running inside a container.

Create and Configure Container Filesystem

  1. Start with a Funtoo OpenVZ template, and unpack it to a directory such as /lxc/funtoo.
  2. Edit /lxc/funtoo/etc/rc.conf and change rc_sys=openvz to rc_sys=lxc.
  3. Create an empty /lxc/funtoo/etc/fstab file.
  4. Comment out c2 through c6 lines in /lxc/funtoo/etc/inittab.

That's all you need to get the container filesystem ready to start.

Create Container Configuration Files

Create the following files:

/etc/lxc/funtoo.conf 

lxc.utsname = funtoo
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = brwan
lxc.network.ipv4 = <your IPv4 address here, like 1.2.3.4/29>
lxc.network.hwaddr = <your randomly-generated MAC address here, like a2:97:b6:df:df:28>
lxc.network.name = eth0
lxc.mount = /etc/lxc/funtoo.fstab
lxc.rootfs = /lxc/funtoo
lxc.tty = 12
lxc.pts = 128
# restrict capabilities
lxc.cap.drop = audit_control
lxc.cap.drop = audit_write
lxc.cap.drop = mac_admin
lxc.cap.drop = mac_override
lxc.cap.drop = mknod
lxc.cap.drop = setpcap
lxc.cap.drop = sys_admin
lxc.cap.drop = sys_boot
lxc.cap.drop = sys_module
lxc.cap.drop = sys_rawio

Above, use the following command to generate a random MAC for lxc.network.hwaddr: 

# openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'

It is a very good idea to assign a static MAC address to your container using lxc.network.hwaddr. If you don't, LXC will auto-generate a new random MAC every time your container starts, which may confuse network equipment that expects MAC addresses to remain constant.

/etc/lxc/funtoo.fstab 

none /lxc/funtoo/dev/pts devpts defaults 0 0
none /lxc/funtoo/proc proc defaults 0 0
none /lxc/funtoo/sys sysfs defaults 0 0
none /lxc/funtoo/dev/shm tmpfs defaults 0 0

Initializing and Starting the Container

Run: 

# lxc-start -n funtoo -d

The -d option will cause it to run in the background.

To attach to the console: 

# lxc-console -n funtoo

You should now be able to log in and use the container. In addition, the container should now be accessible on the network.

To stop the container: 

# lxc-stop -n funtoo
Retrieved from "http://www.funtoo.org/index.php?title=Linux_Containers&oldid=5806"
Personal tools
Namespaces

Variants
Actions
Categories
Toolbox
Stuff