Install and Setup LXC on Ubuntu-14.04

Want your very own server? Get our 1GB memory, Xeon V4, 25GB SSD VPS for £10.00 / month. Get a Cloud Server

Introduction

LXC, also known as a Linux Container is a lightweight Linux kernel based virtualisation solution that allows us to host multiple isolated Linux systems (Containers) in a single host.

However, unlike some virtualisation solutions, the guest systems uses the same kernel of the host system. All guests will efficiently shares the resources such as CPU, RAM, Hard disk, and network etc of your host system. LXC runs on top of the Operating System, allowing you to run multiple isolated distributions the same time.

The Linux kernel provides the cgroups functionality that allows limitation and prioritisation of resources (CPU, memory, block I/O, network, etc.) without the need for starting any virtual machines, and namespace isolation functionality that allows complete isolation of an applications' view of the operating environment, including process trees, networking, user IDs and mounted file systems.

LXC combines kernel's cgroups and support for isolated namespaces to provide an isolated environment for applications. Docker can also use LXC as one of its execution drivers, enabling image management and providing deployment services.

Features

LXC enables running multiple instances of an operating system or application on a single host, without inducing overhead on CPU and memory. This saves both rack space and power.

Safely and securely run multiple applications on a single system without the risk of them interfering with each other. If security of one container has been compromised, the other containers are unaffected.

Containers can be useful to quickly set up a "sandbox" environment, e.g. to test a new version of a Linux distribution or to simulate a "clean" environment for testing/QA purposes. When using the Btrfs file system for a container repository, new instances can be cloned and spawned in seconds, without requiring significant additional disk space.

Limitations of LXC

All LXC containers are running inside the host system's Kernel and not with a different Kernel.

Only allows Linux "guest" operating systems.

LXC is not a full virtualisation stack like Xen, KVM, or libvirt.

Security depends on the host system. LXC is not secure. If you need a secure system, use KVM.

In this tutorial, we will learn how to install and setup LXC (Linux Container) on Ubuntu-14.04

Requirements

A server running Ubuntu-14.04 on your system.

A non-root user account with sudo privilege set up on your server.

Install LXC

Before starting, you will need to update your system. You can do this by running the following command:

sudo apt-get update -y

sudo apt-get upgrade -y

When you are finished, install LXC by running the following command:

sudo apt-get install lxc lxctl lxc-templates

The above command will install LXC with all required dependencies and setup the network structure for the containers.

Once the installation is complete, run the following command to check everything OK.

sudo lxc-checkconfig

You should see the following output:

Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.13.0-32-generic --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled Bridges: enabled Advanced netfilter: enabled CONFIG_NF_NAT_IPV4: enabled CONFIG_NF_NAT_IPV6: enabled CONFIG_IP_NF_TARGET_MASQUERADE: enabled CONFIG_IP6_NF_TARGET_MASQUERADE: enabled CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled --- Checkpoint/Restore --- checkpoint restore: enabled CONFIG_FHANDLE: enabled CONFIG_EVENTFD: enabled CONFIG_EPOLL: enabled CONFIG_UNIX_DIAG: enabled CONFIG_INET_DIAG: enabled CONFIG_PACKET_DIAG: enabled CONFIG_NETLINK_DIAG: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Creating a New Linux Container

By default, there are many LXC templates containers already installed on your system.

You can list all available templates using the following command:

sudo ls /usr/share/lxc/templates/

You should see the following list of available templates:

lxc-alpine lxc-centos lxc-fedora lxc-oracle lxc-ubuntu-cloud lxc-altlinux lxc-cirros lxc-gentoo lxc-plamo lxc-archlinux lxc-debian lxc-openmandriva lxc-sshd lxc-busybox lxc-download lxc-opensuse lxc-ubuntu

You can create a new LXC container using the lxe-create command:

For example, you can use the ubuntu template to create and populate a new container named ubuntu-container as follows:

sudo lxc-create -n ubuntu-container -t ubuntu

You should see the following output:

Checking cache download in /var/cache/lxc/precise/rootfs-amd64 ... Installing packages in template: ssh,vim,language-pack-en,language-pack-es Downloading ubuntu precise minimal ... I: Retrieving Release I: Retrieving Release.gpg I: Checking Release signature I: Valid Release signature (key id 630239CC130E1A7FD81A27B140976EAF437D05B5) I: Retrieving Packages I: Validating Packages I: Retrieving Packages I: Validating Packages I: Resolving dependencies of required packages... I: Resolving dependencies of base packages... I: Found additional base dependencies: language-pack-en-base language-pack-es-base libbsd0 libedit2 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libpython2.7 libwrap0 openssh-client openssh-server vim-runtime . . . Download complete Copy /var/cache/lxc/precise/rootfs-amd64 to /var/lib/lxc/ubuntu-container/rootfs ... Copying rootfs to /var/lib/lxc/ubuntu-container/rootfs ... Generating locales... en_IN.UTF-8... done Generation complete. Creating SSH2 RSA key; this may take some time ... Creating SSH2 DSA key; this may take some time ... Creating SSH2 ECDSA key; this may take some time ... Current default time zone: 'Asia/Kolkata' Local time is now: Tue Jun 14 23:46:00 IST 2016. Universal Time is now: Tue Jun 14 18:16:00 UTC 2016. ## # The default user is 'ubuntu' with password 'ubuntu'! # Use the 'sudo' command to run tasks as root in the container. ##

You should see that the new Ubuntu container has been created. The default username is ubuntu and password ubuntu .

After creating the LXC container, you can easily start it by running the following command:

sudo lxc-start -n ubuntu-container -d

You can check the status of running container using the following command:

sudo lxc-ls --fancy

Output:

NAME STATE IPV4 IPV6 AUTOSTART ----------------------------------------------------- ubuntu-container RUNNING 10.0.3.74 - NO

Finally, you can access your container using lxc-console command:

sudo lxc-console -n ubuntu-container

The above command will enter you into login prompt, after giving username and password, you have a regular bash prompt from which you can do almost anything you would on the host machine.

After login, you should see the following output:

Ubuntu 14.04 LTS ubuntu-container tty1 ubuntu-container login: ubuntu Password: Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-32-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

When you are done, you can exit its console and return to the host by typing Ctrl-A followed by Q from your keyboard. Now, you'll be returned back to the original host computer's Terminal.

You can use lxc-info command to view the complete details of running container:

sudo lxc-info -n ubuntu-container

Output:

Name: ubuntu-container State: RUNNING PID: 16666 IP: 10.0.3.74 CPU use: 0.98 seconds BlkIO use: 128.00 KiB Memory use: 4.81 MiB KMem use: 0 bytes Link: vethI8L2M6 TX bytes: 2.65 KiB RX bytes: 6.99 KiB Total bytes: 9.64 KiB

You can also stop the running container using the following command:

sudo lxc-stop -n ubuntu-container

Now, check the state of the ubuntu container using the following command:

sudo lxc-ls --fancy ubuntu-container

NAME STATE IPV4 IPV6 AUTOSTART ------------------------------------------------ ubuntu-container STOPPED - - NO

Auto-start a Container

By default, containers will not be started after a reboot. If you will want to autostart the containers after system reboot, then you will need to add the following lines to /var/lib/lxc/ubuntu-container/config file:

sudo nano /var/lib/lxc/ubuntu-container/config

Add the following lines at the end of file:

lxc.start.auto = 1 lxc.start.delay = 5

Save and close the file.

With above parameters, the container will start when the host server boots, then the host system will wait 5 seconds before starting any other containers.

Now run lxc-ls --fancy command to check that your container is setup to autostart:

sudo lxc-ls --fancy

Output

NAME STATE IPV4 IPV6 AUTOSTART ------------------------------------------------ ubuntu-container STARTED - - YES

Cloning Container

Cloning containers has the same intent and purpose as with cloning virtual machines. Cloning allows you to make an exact copy of a container and save it for later use. Say that you want to setup a container for development purposes and you had to install a bunch of packages and run some configurations commands to make it just right. When you get to the point where your container is ready, you can clone it so that next time you won't have to redo everything again.

For example, to clone a new container called ubuntu-container2″ from an existing container ubuntu-container`, you first need to stop it if it's running:

sudo lxc-stop -n ubuntu-container

Then you can clone the original container to a new one called ubuntu-container2:

sudo lxc-clone ubuntu-container ubuntu-container2

Take snapshot of a Container

If you want to take snapshot of the container ubuntu-container, enter the following commands:

sudo lxc-stop -n ubuntu-container

sudo lxc-snapshot -n ubuntu-container

You should see the following output:

lxc_container: lxccontainer.c: lxcapi_snapshot: 2879 Snapshot of directory-backed container requested. lxc_container: lxccontainer.c: lxcapi_snapshot: 2880 Making a copy-clone. If you do want snapshots, then lxc_container: lxccontainer.c: lxcapi_snapshot: 2881 please create an aufs or overlayfs clone first, snapshot that lxc_container: lxccontainer.c: lxcapi_snapshot: 2882 and keep the original container pristine.

In Ubuntu 14.04 and older versions, the snapshots will be stored in /var/lib/lxcsnaps/ directory.

To see the snapshot, run the following command:

sudo ls /var/lib/lxcsnaps/

Output:

ubuntu-container

You can restore a container from the snapshot using the following command:

sudo lxc-snapshot -n ubuntu-container -r snap0

Destroying a Container

You can also delete a container from your system to free up disk space.

First, you will need to stop the running container using lxc-stop command:

sudo lxc-stop -n ubuntu-container

Once container has been stopped and you are sure there is no data you wish to retain on the container, you can destroyed container using lxc-destroy command:

sudo lxc-destroy -n ubuntu-container

Conclusion

In this tutorial, you have learnt how to install and work with Linux Containers.