See https://fusionforge.org/plugins/mediawiki/wiki/fusionforge/index.php/LXC#Network_Bridging_Setup == Introduction == The goal of this small document is to explain how to install LXC and how to create templates on top of Debian Squeeze. One show how to create typical templates that supports static IP or DHCP as debian 6 or centos 5 linux container. == Install Debian == Choose your install mode from: [http://www.debian.org/CD/ Debian Web Site] and install debian Squeeze version or a more recent one. == Install LXC == apt-get install lxc bridge-utils resolvconf cgroup-bin netmask rinse dpkg-dev sudo optionnally you may like to apt-get install subversion bzr git if you use this for continuous integration === Debian === You may need to create cgroup directory: mkdir /cgroup Modify /etc/fstab and add the following: none /cgroup cgroup defaults 0 0 but it looks like on squeeze the cgroup mount is handled by some start scripts that mount cgroup on /mnt/cgroup (see /etc/cgconfig.conf) === Ubuntu 11.04 / Natty === On Natty you don't need to mount cgroup virtual filesystem manually, it's already done by default. However, lxc package has some [https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/784093 configuration bug]. You can either: * Install oneiric package (not tested) or * Modify /etc/cgconfig.conf to (see [https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/784093/comments/1 comment]): mount { cpu = /sys/fs//cgroup/cpu; cpuacct = /sys/fs/cgroup/cpu; devices = /sys/fs/cgroup/cpu; memory = /sys/fs/cgroup/cpu; } == Network Bridging Setup == Edit /etc/network/interfaces In the following, we distinguish the two cases : your server/desktop runs Static IP or DHCP. === If you use static IP === You may use the following template example, replacing values with your network parameters: auto lo iface lo inet loopback auto br0 iface br0 inet static bridge_ports eth0 bridge_fd 0 address 10.194.10.35 netmask 255.255.255.0 gateway 10.194.10.1 dns-nameservers 10.194.11.20 10.194.11.21 dns-search fusionforge.org === If you use DHCP === auto lo iface lo inet loopback auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_fd 0 You may now reboot your server/desktop and see if everything is ok you may run mount : root@g-virtual05:~# mount /dev/sda1 on / type ext3 (rw,errors=remount-ro) tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) udev on /dev type tmpfs (rw,mode=0755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620) cgroup on /cgroup type cgroup (rw) fusectl on /sys/fs/fuse/connections type fusectl (rw) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev) you must have a cgroup line in the list. == Bridge with a local network == This one is nice if you don't want to modify your main interface and have a local isolated network Here is a working sample # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet static address 10.0.2.25 netmask 255.255.0.0 network 10.0.0.0 broadcast 10.0.255.255 gateway 10.0.2.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 88.191.254.60 88.191.254.70 dns-search local # The following is a bit complex but allow not to touch eth0 # this requires uml-utilities # usermod -G uml-net jenkins auto tap0 iface tap0 inet manual tunctl_user jenkins pre-up tunctl -u jenkins -t tap0 up ifconfig tap0 up down ifconfig tap0 down post-down tunctl -d tap0 auto br0 iface br0 inet static bridge_ports tap0 bridge_stp off bridge_maxwait 5 address 172.16.0.1 netmask 255.255.0.0 network 172.16.0.0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -s '172.16.0.1/16' -o eth0 -j MASQUERADE post-up service isc-dhcp-server restart post-down iptables -t nat -D POSTROUTING -s '172.16.0.1/16' -o eth0 -j MASQUERADE Then you may install a dhcp server, with the file /etc/default/isc-dhcp-server set like this : # Defaults for dhcp initscript # sourced by /etc/init.d/dhcp # installed at /etc/default/isc-dhcp-server by the maintainer scripts # # This is a POSIX shell fragment # # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? # Separate multiple interfaces with spaces, e.g. "eth0 eth1". INTERFACES="br0" And in the default /etc/dhcp/dhcpd.conf file I added at the end: subnet 172.16.0.0 netmask 255.255.0.0 { range 172.16.0.10 172.16.0.50; option routers 172.16.0.1; option domain-name "local"; option domain-name-servers 88.191.254.60, 88.191.254.70; } For the name resolution I install avahi in the lxc virtual machines and in lxc host server. then vhosts are available with their .local name. == Create your first Debian container == === Create a config file === Edit config.debian6 with the following content lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 === Templates === Debian squeeze provides a set of predefined templates you can find in /usr/lib/lxc/templates/ directory, the syntax is lxc-