Albert Lea Data Wiki

User Tools

Site Tools

Trace: lxc
tech:lxc:start

Table of Contents

LXC - Linux Containers

Ubuntu-specific LXC info

Resources

Basic setup

  • Physical host has to have a network bridge
  • On physical host, in /etc/lxc/default.conf:
    lxc.network.type=veth
lxc.network.link=br0
lxc.network.flags=up
  • If using OpenVPN in container, config also needs:
    lxc.hook.autodev = sh -c "modprobe tun ; cd ${LXC_ROOTFS_MOUNT}/dev ; mkdir net ; mknod net/tun c 10 200 ; chmod 0666 net/tun"
lxc.cgroup.devices.allow = c 10:200 rwm
  • Create container: lxc-create -n lxcguest -t /usr/share/lxc/templates/lxc-freeslack
  • Edit container's config and:
    • Set MAC for virtual NIC: lxc.network.hwaddr = DE:AD:BE:EF:00:00
    • Change location(s) of mount(s), if needed
    • Change container's /etc/rc.d/rc.inet1.conf
  • Start container: lxc-start -n lxcguest -d
  • Connect to container's console: lxc-console -n lxcname
    Default login/password is root/root
  • Packages to add:
    • glibc-i18n
    • groff
    • man
    • ksh93
    • vim
    • less
    • rsync
    • perl
    • python
    • python-setuptools
    • sudo
    • db48
    • gnupg
    • gnupg2
    • curl
    • guile
    • gc
    • make
    • nmap
    • libunistring
    • libffi
    • git

Unprivileged

  1. Prerequisites
  2. Create standard root-privileged container
  3. Remap that container's owner & group numbers to the user's subuid & subgid
  4. Move the container into the user's file space
  5. Run the unprivileged container

Prerequisites

  • Ensure the libcgroup package is at least libcgroup-0.41-x86_64-2_slack14.2
  • In /etc/cgconfig.conf: 
    group lxc { 
    perm {
        task {
            uid = rk4n3;
            gid = rk4n3;
        }
    admin {
          uid = rk4n3;
          gid = rk4n3;
      }
  }

  cpuset {
      cgroup.clone_children = 1;
      cpuset.mems = 0;
      cpuset.cpus = 0-3;
  }
  cpu {}
  cpuacct {}
  blkio {}
  memory { memory.use_hierarchy = 1; }
  devices {}
  freezer {}
  net_cls {}
  perf_event {}
  net_prio {}
}
  • In /etc/cgrules.conf:
    rk4n3           *               lxc/
  • As root: 
    usermod --add-subuids 100000-165536 rk4n3
usermod --add-subgids 100000-165536 rk4n3
  • Start cgconfig (1st) and cgred (2nd) services, verify with: lscgroup

Re-Mapping Container UIDs & GIDs

Acquire uidmapshift.c and container-userns-convert from: nsexec tools

Build uidmapshift with: 

gcc -o uidmapshift uidmapshift.c

Near the end of the container-userns-convert , around line 61, change the call to uidmapshift to be $PATHTOYOUR/uidmapshift, then make container-userns-convert executable. Perform the actual conversion with (as root): 

./container-userns-convert yourcontainername 100000

In $HOME/.config/lxc/default.conf: 

lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up
lxc.network.hwaddr = DE:AD:BE:EF:xx:xx
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536

In /etc/lxc/lxc-usernet: 

rk4n3 veth br0 10

Extra Setup

lighttpd

  • Packages to install for lighttpd (preferred)
    • php
  • Packages to install for lighttpd2 (experimental)
    • lua
    • colm
    • kelbt
    • ragel
    • libev
    • libunwind (optional: pass UNWIND=yes to lighttpd2 slackbuild)
    • libiodbc
    • libmcrypt
    • libxml2
    • cyrus-sasl
    • enchant
    • aspell
    • aspell-en
    • t1lib
    • icu4c
    • sqlite
    • net-snmp
    • libxslt
    • libgcrypt
    • libnl3
    • libgpg-error
    • lighttpd2

MySQL

  • Install the mysql package(s)
    • Prerequisites in addition to template's packages: libaio and jemalloc

Minimal X Footprint

  • libXaw
  • libXft
  • libXmu
  • libXt
  • libX11
  • libXpm
  • libXau
  • libXdmcp
  • libxcb
  • libXrender
  • libXext
  • libXfont
  • libXcursor
  • libXfixes
  • xsetroot
  • xcursorgen
  • libSM
  • libICE
  • libXinerama
  • xauth
  • xdm
  • rgb
  • utempter
  • harfbuzz
  • freetype
  • fontconfig
  • dejavu-fonts-ttf
  • font-misc-misc
  • libsecret
  • libnotify
  • glibmm
  • xterm
  • twm

FreeSlack Template

Full text here ...

Full Package Set

  • flex
  • procmail
  • db48
  • sendmail-cf
  • sendmail
  • mailx
  • libffi
  • cyrus-sasl
  • less
  • libunistring
  • amanda
  • xz
  • which
  • wget
  • vim
  • util-linux
  • tar
  • sysvinit-scripts
  • sysvinit-functions
  • sysvinit
  • sysklogd
  • sudo
  • slackpkg
  • sharutils
  • shadow
  • sed
  • rsync
  • python
  • procps-ng
  • pkgtools
  • perl
  • openssl-solibs
  • openssh
  • network-scripts
  • net-tools
  • ncurses
  • mpfr
  • logrotate
  • iputils
  • gzip
  • grep
  • gnupg
  • glibc-solibs
  • gawk
  • findutils
  • eudev
  • etc
  • e2fsprogs
  • diffutils
  • dialog
  • dhcpcd
  • dcron
  • coreutils
  • bzip2
  • bin
  • bash
  • aaa_terminfo
  • aaa_elflibs
  • aaa_base

CentOS/RHEL Specifics

To see available templates: ls -alh /usr/share/lxc/templates/
See official CentOS topic for further detail

tech/lxc/start.txt · Last modified: 2018/02/20 18:23 by rk4n3

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki