1 See https://fusionforge.org/plugins/mediawiki/wiki/fusionforge/index.php/LXC#Network_Bridging_Setup
5 The goal of this small document is to explain how to install LXC and how to create templates on top of Debian Squeeze. One show how to create typical templates that supports static IP or DHCP as debian 6 or centos 5 linux container.
9 Choose your install mode from: [http://www.debian.org/CD/ Debian Web Site] and install debian Squeeze version or a more recent one.
12 apt-get install lxc bridge-utils resolvconf cgroup-bin netmask rinse dpkg-dev sudo
14 optionnally you may like to
15 apt-get install subversion bzr git
17 if you use this for continuous integration
20 You may need to create cgroup directory:
23 Modify /etc/fstab and add the following:
24 none /cgroup cgroup defaults 0 0
26 but it looks like on squeeze the cgroup mount is handled by some start scripts
27 that mount cgroup on /mnt/cgroup (see /etc/cgconfig.conf)
29 === Ubuntu 11.04 / Natty ===
31 On Natty you don't need to mount cgroup virtual filesystem manually, it's already done by default. However, lxc package has some [https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/784093 configuration bug]. You can either:
32 * Install oneiric package (not tested) or
33 * Modify /etc/cgconfig.conf to (see [https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/784093/comments/1 comment]):
35 cpu = /sys/fs//cgroup/cpu;
36 cpuacct = /sys/fs/cgroup/cpu;
37 devices = /sys/fs/cgroup/cpu;
38 memory = /sys/fs/cgroup/cpu;
41 == Network Bridging Setup ==
42 Edit /etc/network/interfaces
44 In the following, we distinguish the two cases : your server/desktop runs Static IP or DHCP.
46 === If you use static IP ===
47 You may use the following template example, replacing values with your network parameters:
49 iface lo inet loopback
57 dns-nameservers 10.194.11.20 10.194.11.21
58 dns-search fusionforge.org
60 === If you use DHCP ===
62 iface lo inet loopback
68 You may now reboot your server/desktop and see if everything is ok
70 root@g-virtual05:~# mount
71 /dev/sda1 on / type ext3 (rw,errors=remount-ro)
72 tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
73 proc on /proc type proc (rw,noexec,nosuid,nodev)
74 sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
75 udev on /dev type tmpfs (rw,mode=0755)
76 tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
77 devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
78 cgroup on /cgroup type cgroup (rw)
79 fusectl on /sys/fs/fuse/connections type fusectl (rw)
80 binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
82 you must have a cgroup line in the list.
84 == Bridge with a local network ==
85 This one is nice if you don't want to modify your main interface and have a local isolated network
86 Here is a working sample
88 # This file describes the network interfaces available on your system
89 # and how to activate them. For more information, see interfaces(5).
91 # The loopback network interface
93 iface lo inet loopback
95 # The primary network interface
97 iface eth0 inet static
101 broadcast 10.0.255.255
103 # dns-* options are implemented by the resolvconf package, if installed
104 dns-nameservers 88.191.254.60 88.191.254.70
107 # The following is a bit complex but allow not to touch eth0
108 # this requires uml-utilities
109 # usermod -G uml-net jenkins
111 iface tap0 inet manual
113 pre-up tunctl -u jenkins -t tap0
115 down ifconfig tap0 down
116 post-down tunctl -d tap0
119 iface br0 inet static
126 post-up echo 1 > /proc/sys/net/ipv4/ip_forward
127 post-up iptables -t nat -A POSTROUTING -s '172.16.0.1/16' -o eth0 -j MASQUERADE
128 post-up service isc-dhcp-server restart
129 post-down iptables -t nat -D POSTROUTING -s '172.16.0.1/16' -o eth0 -j MASQUERADE
131 Then you may install a dhcp server, with the file /etc/default/isc-dhcp-server set like this :
132 # Defaults for dhcp initscript
133 # sourced by /etc/init.d/dhcp
134 # installed at /etc/default/isc-dhcp-server by the maintainer scripts
137 # This is a POSIX shell fragment
140 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
141 # Separate multiple interfaces with spaces, e.g. "eth0 eth1".
144 And in the default /etc/dhcp/dhcpd.conf file I added at the end:
146 subnet 172.16.0.0 netmask 255.255.0.0 {
147 range 172.16.0.10 172.16.0.50;
148 option routers 172.16.0.1;
149 option domain-name "local";
150 option domain-name-servers 88.191.254.60, 88.191.254.70;
153 For the name resolution I install avahi in the lxc virtual machines and in lxc host server. then vhosts are available with their <servername>.local name.
155 == Create your first Debian container ==
156 === Create a config file ===
157 Edit config.debian6 with the following content
158 lxc.network.type = veth
159 lxc.network.flags = up
160 lxc.network.link = br0
163 Debian squeeze provides a set of predefined templates you can find in /usr/lib/lxc/templates/ directory, the syntax
164 is lxc-<Template Name>, as the time I write busybox, debian, fedora, sshd, ubuntu.
165 You can find extra templates to copy in this dir in fusionforge svn repository, get them using
166 apt-get install subversion
167 svn checkout svn://scm.fusionforge.org/svn/fusionforge/trunk/tests/lxc
169 === Create the container ===
170 As root user or using sudo
171 sudo apt-get install debootstrap
172 sudo /usr/bin/lxc-create -n debian6.local -f config.debian6 -t debian6
175 * debian6.local is the hostname
176 * config.debian6 is the config file
177 * debian6 (after -t) is the template name
179 lxc-create calls /usr/lib/lxc/templates/lxc-debian6 script (lxc-template_name).
180 this script copie the files cached in /var/cache/lxc/debian/rootfs-squeeze-amd64/ (rootfs-distro-arch)
181 to /var/lib/lxc/debian6.local
183 If the cache does not exist it will be created using deboostrap
185 when you update the script, run
186 rm -rf /var/cache/lxc/debian/rootfs-squeeze-amd64
187 if you want your changes to be taken in account
189 tip for curious people
190 diff /usr/lib/lxc/templates/lxc-debian /usr/lib/lxc/templates/lxc-debian6
193 Some extra config is embedded in the lxc-* scripts,
194 such as dhcp, hostname, caching host keys, caching mac address.
195 Config file can be completed like this.
197 lxc.network.type = veth
198 lxc.network.flags = up
199 lxc.network.link = br0
200 #lxc.pubkey = /var/lib/jenkins/.ssh/id_rsa.pub
201 lxc.network.ipv4 = 192.168.50.1/24
202 lxc.network.hwaddr = 00:16:3e:37:54:4d
204 lxc.pubkey must be commented, since it's not an lxc known parameter, it's taken in account by my modified scripts.
206 === Start the container ===
207 sudo /usr/bin/lxc-start -n debian6.local -d
209 === Enter the container ===
210 lxc-console -n debian6.local
212 you can exit typing <ctrl-a> q
214 === Stop the container ===
215 lxc-stop -n debian6.local
217 === Destroy the container ===
218 lxc-destroy -n debian6.local
220 == Create your first centos container ==
221 It works like the debian container, just replace debian, with centos
223 You will need for recent version of Centos: to install:
224 * rinse >= 1.8 (not available on debian stable at time of writting, you can download 1.9 from unstable on http://www.debian.org/distrib/packages with wget & install with dpkg -i)
225 * netmask dpkg-dev (req. for dpkg-architecture)