Overslaan naar inhoud

What is LXC?

5 maart 2021 in
Administrator

LXC is a process model that lets you run Linux within Linux. It accomplishes this through containment of a group of one or more processes in isolation.

LXC architecture

Its Lightweight.

LXC does not virtualize hardware and relies on the host operating system (which is Linux). It operates within Userspace. Unlike hypervisors which each have an instance of an operating system running within its sandbox, LXC containers share the host kernel. This makes LXC lightweight.

Its Portable. Its Scalable.

A cool thing about containers is that their contents can be compressed. You can then move the image over to another Linux system with the same CPU architecture making this a nice portable and scalable solution.

Installing LXC Container Support

To get the most stable version from the Ubuntu respositories:

  1. sudo apt-get update
  2. sudo apt-get install lxc

A better download though is to get the most stable build in PPA from the source. It will be much fresher and let you work with the latest and greatest. More about that here. For Trusty 14.04, you can add the following to /etc/apt/sources.lst:

If you get a GPG error. run the rm command in the next step before updating.:

W: GPG error: http://ppa.launchpad.net trusty Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY D5495F657635B973

  1. rm /var/lib/apt/lists/* -vf #run this if GPG error
  2. apt-get update && apt-get upgrade # run this always

Your host operating system must be LXC enabled. Check to make sure that after installing, your system complies:

  1. lxc-checkconfig

You should see something like this:

LXC check config

Namespaces, control groups, and miscellaneous subsystems must be installed and enabled in the kernel. Because we are using Ubuntu 14.04 LTS, we get these for free.

Before We Begin

On my Ubuntu 14.04 LTS system, I attempted to create a container (I’m getting ahead of you a little here but bear with me). Something that I immediately ran into was missing GPG keys. After a little research I came across this discussion on how to fix it. The following fixed the problem:

  1. sudo rm /var/lib/apt/lists/* -vf
  2. sudo apt-get update && sudo apt-get upgrade

According to Ubuntu, GPG is installed by default. So something is going wrong here that I don’t have time to look into. But will keep an eye out for what set of conditions are causing this problem.

LXC Templates

LXC templates are a convenient way to quickly get a container up and running based on a Linux distribution. These templates are bash script files meticulously created to pour your favorite operating system into it. At this time only Linux distributions are supported. Looking at Ubuntu’s template folder, I see support for:

  • Alpine
  • AltLinux
  • ArchLinux
  • BusyBox
  • CentOs
  • Cirros
  • Debian
  • Fedora
  • Gentoo
  • OpenMandriva
  • OpenSuse
  • Oracle
  • Plamo
  • SSHD
  • Ubuntu
  • Ubuntu Cloud

The LXC developers keep a master template list on Github which correlate to your Ubuntu template folder.

The most useful template is the download template. This one template when executed via lxc_create lets the administrator choose among a specific distribution, release number, and CPU architecture. This is an awesome template, that promises to be added to as more distributions get added. It’s what makes LXC so very useful.

Ubuntu LXC templates

Unfortunately, the download template doesn’t include some of the other Linux distributions that are in the master template list.

To see the actual template files under Ubuntu, visit /usr/share/lxc/templates.

Basic LXC Container Operations

Lets go through a container setup. Our goal will be to install an Gentoo container.

Refer to the LXC architecture diagram above. The Ubuntu Trusty 14.04 LTS kernel is installed on our Linux VPS host. This kernel is to be shared among all containers. The App we are going to install is Gentoo, the operating system.

Every LXC command will be run from the root user

Create a Container

Lets create the Gentoo container. We’ll use the download template.

  1. lxc-create –template download –name gentoo

On return we get our Gentoo container created:

LXC Create Success

Start a Container

Next, lets start a container to get it running. We will set the -d option to run it as a background daemon:

  1. lxc-start -n gentoo -d

If we do not start gentoo as a daemon, we will get prompted. Since we have not set up login credentials for a user, we won’t be able to log in. By default, containers created from images don’t have users initially created.

Show Running Containers

To show all containers that are running:

  1. lxc-ls -f

Starting a Process Running Inside the Container

To run a command inside a container that is already running:

  1. lxc-attach -n gentoo — echo “Hello, World!”

To run a shell, specify no arguments:

  1. lxc-attach -n gentoo

Stop a Container

To stop a container is easy:

  1. lxc-stop -n gentoo

Getting Info About a Container

If you want detailed information about your container:

  1. lxc-info -n gentoo

Copying a Container

One of the best features of LXC containers is the ability to copy a back store of a container.

  1. # must not be running before copying
  2. lxc-stop -n gentoo
  3. lxc-clone -o gentoo -n gentoo-copy

This will take gentoo’s rootfs and copy it to gentoo-copy.

Destroying a Container

To remove a container from your system, do:

  1. lxc-destroy -n gentoo-copy

Snapshot a Container

Even better yet, we can take a snapshot of a container. Let’s take an example.

So we have our Gentoo container all setup and looking good. Assume we made some administration tweaks to it and have it running exactly the way we want. What we want to do next is install LAMP services on top of it. But before we do, we want to take a snapshot of it.

  1. # must stop container before taking a snapshot
  2. lxc-stop -n gentoo
  3. # take snapshot
  4. lxc-snapshot -n gentoo
  5. # check snapshot
  6. lxc-snapshot -n gentoo -C -L

Now suppose we went out and installed LAMP onto our existing gentoo image. We went out and played a bit with LAMP and hosed it. What we can do is rollback to our gentoo snapshot!

  1. lxc-snapshot -n gentoo -r snap0

Are you starting to see how useful LXC containers can be? If you were not using LXC, you’d have to wipe out the entire system and reinstall gentoo over again. If you are a system administrator, this is a gift. For developers, this lets you quickly test out new ideas and revert back to original state to try again.

Because snapshots accumulate on your disk, you may want to wipe them off:

  1. lxc-snapshot -n gentoo -d snap0

To list all the snapshots for a container:

  1. lxc-snapshot -n gentoo -L

Where are LXC Containers Stored on Ubuntu?

LXC containers are stored in /var/lib/lxc. The clones are stored there too.

All folders are root owned so in order to see whats in them, you need to either login as root or sudo chown to your user account. I annotated each folder and file for ownership and file permission settings to see the layout.

  1. /var (755 root:root)
  2. /lib (751 root:root)
  3. /lxc (700 root:root)
  4. /gentoo-copy (770 root:root)
  5. config (644 root:root)
  6. /rootfs (755 root:root)
  7. /gentoo (770 root:root)
  8. config (644 root:root)
  9. /rootfs (755 root:root)

The config file has this in it:

  1. #Distribution configuration
  2. lxc.include = /usr/share/lxc/config/gentoo.common.conf
  3. lxc.arch = x86
  5. # Container specific configuratoin
  6. lxc.rootfs = /var/lib/lxc/gentoo/rootfs
  7. lxc.utsname = gentoo
  9. # Network configuration
  10. lxc.network.type = veth
  11. lxc.flags = up
  12. lxc.link = lxcbr0
  13. lxc.network.hwaddr = 00:16:3e:5b:7e:99

And since we are getting nosey, the layout of rootfs is like this:

  1. /
  2. bin
  3. boot
  4. dev
  5. etc
  6. home
  7. lib
  8. media
  9. mnt
  10. opt
  11. proc
  12. root
  13. run
  14. sbin
  15. sys
  16. tmp
  17. usr
  18. var

As one would expect, it contains Gentoo.

Where are Snapshots Stored in Ubuntu?

Snapshots are stored in /var/lib/lxc/snapshots folder.

  1. /
  2. /var
  3. /lib
  4. /lxcsnaps
  5. /gentoo
  6. /snap0
  7. config
  8. /rootfs
  9. /snap1
  10. config
  11. /rootfs

Summary

LXC can be confusing and there is quite a bit involved. I only scratched the surface. There are a lot of other things I need to look at including:

  • Privilege vs. Unprivilege containers
  • Using other file systems besides LVM
  • How to communicate from one container to another
  • Networking with containers
  • Cgroups and namespaces
  • Running multiple dedicated containers per service
  • Running more than one process per container

Things of that sort.

Ok, I’ll leave it here and perhaps someday come back to answer those issues above in future articles.

How to Grab | Disable BIND Version Banner