Installation is pretty much straightforward, just apt-getting it.
$ sudo apt-get install lxc
Checking the default LXC configuration. Compare to LXC in F22, the Cgroup memory controller was enabled by default and the kernel is still using 3.19 compare to 4.0.1.
$ lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.19.0-10-generic
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled
--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
One of the issue encounterd for LXC in F22 is the installation did not create the default lxcbr0 bridge interface. Not so in Ubuntu.
$ cat /etc/lxc/default.conf | grep network.link
lxc.network.link = lxcbr0
Checking the activated bridge interface, lxcbr0.
$ brctl show
bridge name bridge id STP enabled interfaces
lxcbr0 8000.000000000000 no
Instead of creating a new LXC container as root user, we can create unprivileged containers as normal or non-root user.
$ lxc-create -n test-ubuntu -t ubuntu
lxc_container: conf.c: chown_mapped_root: 3394 No mapping for container root
lxc_container: lxccontainer.c: do_bdev_create: 849 Error chowning /home/ang/.local/share/lxc/test-ubuntu/rootfs to container root
lxc_container: conf.c: suggest_default_idmap: 4534 You must either run as root, or define uid mappings
lxc_container: conf.c: suggest_default_idmap: 4535 To pass uid mappings to lxc-create, you could create
lxc_container: conf.c: suggest_default_idmap: 4536 ~/.config/lxc/default.conf:
lxc_container: conf.c: suggest_default_idmap: 4537 lxc.include = /etc/lxc/default.conf
lxc_container: conf.c: suggest_default_idmap: 4538 lxc.id_map = u 0 100000 65536
lxc_container: conf.c: suggest_default_idmap: 4539 lxc.id_map = g 0 100000 65536
lxc_container: lxccontainer.c: lxcapi_create: 1320 Error creating backing store type (none) for test-ubuntu
lxc_container: lxc_create.c: main: 274 Error creating container test-ubuntu
From the above error, we need to define the uid mappings for both user and group. Duplicate the LXC’s default.conf to our own home directory and add in the mapping.
$ mkdir -p ~/.config/lxc
mkdir: created directory ‘/home/ang/.config/lxc’
$ cp /etc/lxc/default.conf ~/.config/lxc/
$ echo "lxc.id_map = u 0 100000 65536" >> ~/.config/lxc/default.conf
$ echo "lxc.id_map = g 0 100000 65536" >> ~/.config/lxc/default.conf
$ echo "$USER veth lxcbr0 2" | sudo tee -a /etc/lxc/lxc-usernet
ang veth lxcbr0 2
Checking back our own user’s default.conf config file.
$ cat ~/.config/lxc/default.conf
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
Try to create our unprivileged container again. As the error indicate below, unprivileged containers can only be created through the download template.
$ lxc-create -n test-ubuntu -t ubuntu
This template can't be used for unprivileged containers.
You may want to try the "download" template instead.
lxc_container: lxccontainer.c: create_run_template: 1108 container creation template for test-ubuntu failed
lxc_container: lxc_create.c: main: 274 Error creating container test-ubuntu
Re-run the command to create the container but using the download template. This will take a while.
$ lxc-create -t download -n test-ubuntu -- -d ubuntu -r trusty -a amd64
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
---
You just created an Ubuntu container (release=trusty, arch=amd64, variant=default)
To enable sshd, run: apt-get install openssh-server
For security reason, container images ship without user accounts
and without a root password.
Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.
Start the container in daemon or background mode. It seems we have error here.
$ lxc-start -n test-ubuntu -d
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 346 To get more details, run the container in foreground mode.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
Restart the container again in foreground mode.
$ lxc-start -n test-ubuntu -F
lxc-start: start.c: print_top_failing_dir: 102 Permission denied - could not access /home/ang. Please grant it 'x' access, or add an ACL for the container root.
lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 2
lxc-start: start.c: __lxc_start: 1164 failed to spawn 'test-ubuntu'
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
To fix this, we need to grant access to our $HOME directory.
$ sudo chmod +x $HOME
Let’s us try again.
$ lxc-start -n test-ubuntu -d
$ lxc-attach -n test-ubuntu
Compare to Fedora 22, LXC in Ubuntu 15.04 is easier to setup although we still need to reconfigure it to enable unprivileged container creation. In short, if you want good LXC support, use Ubuntu 15.04.