Introduction
LXC, also known as a Linux Container is a lightweight Linux kernel based virtualisation solution that allows us to host multiple isolated Linux systems (Containers) in a single host.
However, unlike some virtualisation solutions, the guest systems uses the same kernel of the host system. All guests will efficiently shares the resources such as CPU, RAM, Hard disk, and network etc of your host system. LXC runs on top of the Operating System, allowing you to run multiple isolated distributions the same time.
The Linux kernel provides the cgroups functionality that allows limitation and prioritisation of resources (CPU, memory, block I/O, network, etc.) without the need for starting any virtual machines, and namespace isolation functionality that allows complete isolation of an applications’ view of the operating environment, including process trees, networking, user IDs and mounted file systems.
LXC combines kernel’s cgroups and support for isolated namespaces to provide an isolated environment for applications. Docker can also use LXC as one of its execution drivers, enabling image management and providing deployment services.
Features
- LXC enables running multiple instances of an operating system or application on a single host, without inducing overhead on CPU and memory. This saves both rack space and power.
- Safely and securely run multiple applications on a single system without the risk of them interfering with each other. If security of one container has been compromised, the other containers are unaffected.
- Containers can be useful to quickly set up a “sandbox” environment, e.g. to test a new version of a Linux distribution or to simulate a “clean” environment for testing/QA purposes. When using the Btrfs file system for a container repository, new instances can be cloned and spawned in seconds, without requiring significant additional disk space.
Limitations of LXC
- All LXC containers are running inside the host system’s Kernel and not with a different Kernel.
- Only allows Linux “guest” operating systems.
- LXC is not a full virtualisation stack like Xen, KVM, or libvirt.
- Security depends on the host system. LXC is not secure. If you need a secure system, use KVM.
In this tutorial, we will learn how to install and setup LXC (Linux Container) on Ubuntu-14.04
Requirements
- A server running Ubuntu-14.04 on your system.
- A non-root user account with sudo privilege set up on your server.
Install LXC
Before starting, you will need to update your system. You can do this by running the following command:
sudo apt-get update -ysudo apt-get upgrade -y
When you are finished, install LXC by running the following command:
sudo apt-get install lxc lxctl lxc-templates
The above command will install LXC with all required dependencies and setup the network structure for the containers.
Once the installation is complete, run the following command to check everything OK.
sudo lxc-checkconfig
You should see the following output:
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.13.0-32-generic
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled
--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled
--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
Creating a New Linux Container
By default, there are many LXC templates containers already installed on your system.
You can list all available templates using the following command:
sudo ls /usr/share/lxc/templates/
You should see the following list of available templates:
lxc-alpine lxc-centos lxc-fedora lxc-oracle lxc-ubuntu-cloud
lxc-altlinux lxc-cirros lxc-gentoo lxc-plamo
lxc-archlinux lxc-debian lxc-openmandriva lxc-sshd
lxc-busybox lxc-download lxc-opensuse lxc-ubuntu
You can create a new LXC container using the lxe-create command:
For example, you can use the ubuntu template to create and populate a new container named ubuntu-container as follows:
sudo lxc-create -n ubuntu-container -t ubuntu
You should see the following output:
Checking cache download in /var/cache/lxc/precise/rootfs-amd64 ...
Installing packages in template: ssh,vim,language-pack-en,language-pack-es
Downloading ubuntu precise minimal ...
I: Retrieving Release
I: Retrieving Release.gpg
I: Checking Release signature
I: Valid Release signature (key id 630239CC130E1A7FD81A27B140976EAF437D05B5)
I: Retrieving Packages
I: Validating Packages
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional base dependencies: language-pack-en-base language-pack-es-base libbsd0 libedit2 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libpython2.7 libwrap0 openssh-client openssh-server vim-runtime
.
.
.
Download complete
Copy /var/cache/lxc/precise/rootfs-amd64 to /var/lib/lxc/ubuntu-container/rootfs ...
Copying rootfs to /var/lib/lxc/ubuntu-container/rootfs ...
Generating locales...
en_IN.UTF-8... done
Generation complete.
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Creating SSH2 ECDSA key; this may take some time ...
Current default time zone: 'Asia/Kolkata'
Local time is now: Tue Jun 14 23:46:00 IST 2016.
Universal Time is now: Tue Jun 14 18:16:00 UTC 2016.
##
# The default user is 'ubuntu' with password 'ubuntu'!
# Use the 'sudo' command to run tasks as root in the container.
##
You should see that the new Ubuntu container has been created. The default username is ubuntu and password ubuntu.
After creating the LXC container, you can easily start it by running the following command:
sudo lxc-start -n ubuntu-container -d
You can check the status of running container using the following command:
sudo lxc-ls --fancy
Output:
NAME STATE IPV4 IPV6 AUTOSTART
-----------------------------------------------------
ubuntu-container RUNNING 10.0.3.74 - NO
Finally, you can access your container using lxc-console command:
sudo lxc-console -n ubuntu-container
The above command will enter you into login prompt, after giving username and password, you have a regular bash prompt from which you can do almost anything you would on the host machine.
After login, you should see the following output:
Ubuntu 14.04 LTS ubuntu-container tty1
ubuntu-container login: ubuntu
Password:
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-32-generic x86_64)
* Documentation: https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
When you are done, you can exit its console and return to the host by typing Ctrl-A followed by Q from your keyboard. Now, you’ll be returned back to the original host computer’s Terminal.
You can use lxc-info command to view the complete details of running container:
sudo lxc-info -n ubuntu-container
Output:
Name: ubuntu-container
State: RUNNING
PID: 16666
IP: 10.0.3.74
CPU use: 0.98 seconds
BlkIO use: 128.00 KiB
Memory use: 4.81 MiB
KMem use: 0 bytes
Link: vethI8L2M6
TX bytes: 2.65 KiB
RX bytes: 6.99 KiB
Total bytes: 9.64 KiB
You can also stop the running container using the following command:
sudo lxc-stop -n ubuntu-container
Now, check the state of the ubuntu container using the following command:
sudo lxc-ls --fancy ubuntu-container
NAME STATE IPV4 IPV6 AUTOSTART
------------------------------------------------
ubuntu-container STOPPED - - NO
Auto-start a Container
By default, containers will not be started after a reboot. If you will want to autostart the containers after system reboot, then you will need to add the following lines to /var/lib/lxc/ubuntu-container/config file:
sudo nano /var/lib/lxc/ubuntu-container/config
Add the following lines at the end of file:
lxc.start.auto = 1
lxc.start.delay = 5
Save and close the file.
With above parameters, the container will start when the host server boots, then the host system will wait 5 seconds before starting any other containers.
Now run lxc-ls --fancy command to check that your container is setup to autostart:
sudo lxc-ls --fancy
Output
NAME STATE IPV4 IPV6 AUTOSTART
------------------------------------------------
ubuntu-container STARTED - - YES
Cloning Container
Cloning containers has the same intent and purpose as with cloning virtual machines. Cloning allows you to make an exact copy of a container and save it for later use. Say that you want to setup a container for development purposes and you had to install a bunch of packages and run some configurations commands to make it just right. When you get to the point where your container is ready, you can clone it so that next time you won’t have to redo everything again.
For example, to clone a new container called ubuntu-container2″ from an existing containerubuntu-container`, you first need to stop it if it’s running:
sudo lxc-stop -n ubuntu-container
Then you can clone the original container to a new one called ubuntu-container2:
sudo lxc-clone ubuntu-container ubuntu-container2
Take snapshot of a Container
If you want to take snapshot of the container ubuntu-container, enter the following commands:
sudo lxc-stop -n ubuntu-container
sudo lxc-snapshot -n ubuntu-container
You should see the following output:
lxc_container: lxccontainer.c: lxcapi_snapshot: 2879 Snapshot of directory-backed container requested.
lxc_container: lxccontainer.c: lxcapi_snapshot: 2880 Making a copy-clone. If you do want snapshots, then
lxc_container: lxccontainer.c: lxcapi_snapshot: 2881 please create an aufs or overlayfs clone first, snapshot that
lxc_container: lxccontainer.c: lxcapi_snapshot: 2882 and keep the original container pristine.
In Ubuntu 14.04 and older versions, the snapshots will be stored in /var/lib/lxcsnaps/ directory.
To see the snapshot, run the following command:
sudo ls /var/lib/lxcsnaps/
Output:
ubuntu-container
You can restore a container from the snapshot using the following command:
sudo lxc-snapshot -n ubuntu-container -r snap0
Destroying a Container
You can also delete a container from your system to free up disk space.
First, you will need to stop the running container using lxc-stop command:
sudo lxc-stop -n ubuntu-container
Once container has been stopped and you are sure there is no data you wish to retain on the container, you can destroyed container using lxc-destroy command:
sudo lxc-destroy -n ubuntu-container
Conclusion
In this tutorial, you have learnt how to install and work with Linux Containers.
Share this Article!
