Albert Lea Data Wiki

User Tools

Site Tools

Trace: lxc
tech:lxc:start

This is an old revision of the document!

Table of Contents

LXC - Linux Containers

Resources

Basic setup

  • Physical host has to have a network bridge
  • On physical host, in /etc/lxc/default.conf:
    lxc.network.type=veth
lxc.network.link=br0
lxc.network.flags=up
  • Create container: lxc-create -n lxcguest -t /usr/share/lxc/templates/lxc-freeslack
  • Edit container's config and:
    • Set MAC for virtual NIC: lxc.network.hwaddr = DE:AD:BE:EF:00:00
    • Change location(s) of mount(s), if needed
    • Change container's /etc/rc.d/rc.inet1.conf
  • Start container: lxc-start -n lxcguest -d
  • Connect to container's console: lxc-console -n lxcname
    Default login/password is root/root
  • Packages to add:
    • perl
    • python
    • python-setuptools
    • vim
    • less
    • rsync
    • sudo
    • make
    • guile
    • gc
    • libffi

Unprivileged

  1. Prerequisites
  2. Create standard root-privileged container
  3. Remap that container's owner & group numbers to the user's subuid & subgid
  4. Move the container into the user's file space
  5. Run the unprivileged container

Prerequisites

  • Ensure the libcgroup package is at least libcgroup-0.41-x86_64-2_slack14.2
  • In /etc/cgconfig.conf: 
    group lxc { 
    perm {
        task {
            uid = rk4n3;
            gid = rk4n3;
        }
    admin {
          uid = rk4n3;
          gid = rk4n3;
      }
  }

  cpuset {
      cgroup.clone_children = 1;
      cpuset.mems = 0;
      cpuset.cpus = 0-3;
  }
  cpu {}
  cpuacct {}
  blkio {}
  memory { memory.use_hierarchy = 1; }
  devices {}
  freezer {}
  net_cls {}
  perf_event {}
  net_prio {}
}
  • In /etc/cgrules.conf:
    rk4n3           *               lxc/
  • As root: 
    usermod --add-subuids 100000-165536 rk4n3
usermod --add-subgids 100000-165536 rk4n3
  • Start cgconfig (1st) and cgred (2nd) services, verify with: lscgroup

Re-Mapping Container UIDs & GIDs

Acquire uidmapshift.c and container-userns-convert from: nsexec tools

Build uidmapshift with: 

gcc -o uidmapshift uidmapshift.c

Near the end of the container-userns-convert , around line 61, change the call to uidmapshift to be $PATHTOYOUR/uidmapshift, then make container-userns-convert executable. Perform the actual conversion with (as root): 

./container-userns-convert yourcontainername 100000

In $HOME/.config/lxc/default.conf: 

lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up
lxc.network.hwaddr = DE:AD:BE:EF:xx:xx
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536

In /etc/lxc/lxc-usernet: 

rk4n3 veth br0 10

Extra Setup

MySQL

  • Install the mysql package(s)
    • Prerequisites in addition to template's packages: libaio and jemalloc
tech/lxc/start.1494177741.txt.gz · Last modified: 2017/05/07 12:22 by rk4n3

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki