Rcheleguini (talk | contribs) |
Denisarnaud (talk | contribs) m (Added a link to https://us.images.linuxcontainers.org/images/fedora/) |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
'''LXC''' (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host. | '''LXC''' (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host. | ||
Official project website: [https://linuxcontainers.org/ https://linuxcontainers.org] | * Official project website: [https://linuxcontainers.org/lxc https://linuxcontainers.org/lxc] | ||
* Fedora LXC images: [https://us.images.linuxcontainers.org/images/fedora/ https://us.images.linuxcontainers.org/images/fedora/] | |||
= Getting started = | = Getting started = | ||
| Line 8: | Line 8: | ||
== Installation == | == Installation == | ||
# dnf install lxc lxc-templates | |||
If you want to create your own container images additional tools such as {{package|debootstrap}} for building Debian/Ubuntu-based containers might be required. | |||
== | == Networking == | ||
If the containers should have network access, the easiest option is to attach them to a network bridge provided by the host system. This bridge can be managed outside LXC e.g. via <code>systemd-networkd</code> or {{package|libvirt}} or from within LXC with help of the <code>lxc-net</code> script. | |||
=== lxc-net === | |||
LXC can be setup to manage its own network bridge with a DHCP server providing host-local network addresses to the containers which can communicate with external network hosts through NAT. DNS and DHCP services are provided via managed {{package|dnsmasq}} instance. | |||
1. Make sure dnsmasq is installed: | |||
# dnf install dnsmasq | |||
2. Enable LXC bridge by setting the following variable in <code>/etc/sysconfig/lxc</code>: | |||
USE_LXC_BRIDGE="true" | |||
3. Optionally you can further customize the bridge network and <code>dnsmasq</code> configuration by redefining the following variables in <code>/etc/sysconfig/lxc-net</code>. This file must be created as it doesn't exist by default. The list below shows the default values defined in <code>/usr/libexec/lxc/lxc-net</code>: | |||
LXC_BRIDGE="lxcbr0" | |||
LXC_BRIDGE_MAC="00:16:3e:00:00:00" | |||
LXC_ADDR="10.0.3.1" | |||
LXC_NETMASK="255.255.255.0" | |||
LXC_NETWORK="10.0.3.0/24" | |||
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" | |||
LXC_DHCP_MAX="253" | |||
LXC_DHCP_CONFILE="" | |||
LXC_DHCP_PING="true" | |||
LXC_DOMAIN="" | |||
LXC_IPV6_ADDR="" | |||
LXC_IPV6_MASK="" | |||
LXC_IPV6_NETWORK="" | |||
LXC_IPV6_NAT="false" | |||
4. The bridge and dnsmasq instance are managed via <code>lxc-net.service</code>. To create and persist the bridge, run: | |||
# systemctl enable --now lxc-net.service | |||
=== Use custom network bridge === | |||
If you want to use a network bridge managed independently or if you changed the bridge name in <code>LXC_BRIDGE</code> above, make sure to set the appropriate bridge name in <code>/etc/lxc/default.conf</code>. | |||
For example when using the default bridge manged by <code>libvirt</code>, you must change it to: | |||
lxc.network.type = veth | lxc.network.type = veth | ||
| Line 24: | Line 62: | ||
== SELinux == | == SELinux == | ||
SELinux currently prevents lxc to start containers, the issue has been reported at [https://bugzilla.redhat.com/show_bug.cgi?id=1227071 #1227071] | |||
A possible workaround is to set SELinux to permissive mode. | |||
== Create a container == | |||
# lxc-create -n container1 -t ubuntu -- -r xenial | |||
# lxc-start -n container1 | |||
# lxc-attach -n container1 | |||
Latest revision as of 12:55, 17 October 2018
LXC (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.
- Official project website: https://linuxcontainers.org/lxc
- Fedora LXC images: https://us.images.linuxcontainers.org/images/fedora/
Getting started
Installation
# dnf install lxc lxc-templates
If you want to create your own container images additional tools such as 
debootstrap
Networking
If the containers should have network access, the easiest option is to attach them to a network bridge provided by the host system. This bridge can be managed outside LXC e.g. via systemd-networkd or lxc-net script.
lxc-net
LXC can be setup to manage its own network bridge with a DHCP server providing host-local network addresses to the containers which can communicate with external network hosts through NAT. DNS and DHCP services are provided via managed
1. Make sure dnsmasq is installed:
# dnf install dnsmasq
2. Enable LXC bridge by setting the following variable in /etc/sysconfig/lxc:
USE_LXC_BRIDGE="true"
3. Optionally you can further customize the bridge network and dnsmasq configuration by redefining the following variables in /etc/sysconfig/lxc-net. This file must be created as it doesn't exist by default. The list below shows the default values defined in /usr/libexec/lxc/lxc-net:
LXC_BRIDGE="lxcbr0" LXC_BRIDGE_MAC="00:16:3e:00:00:00" LXC_ADDR="10.0.3.1" LXC_NETMASK="255.255.255.0" LXC_NETWORK="10.0.3.0/24" LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" LXC_DHCP_MAX="253" LXC_DHCP_CONFILE="" LXC_DHCP_PING="true" LXC_DOMAIN="" LXC_IPV6_ADDR="" LXC_IPV6_MASK="" LXC_IPV6_NETWORK="" LXC_IPV6_NAT="false"
4. The bridge and dnsmasq instance are managed via lxc-net.service. To create and persist the bridge, run:
# systemctl enable --now lxc-net.service
Use custom network bridge
If you want to use a network bridge managed independently or if you changed the bridge name in LXC_BRIDGE above, make sure to set the appropriate bridge name in /etc/lxc/default.conf.
For example when using the default bridge manged by libvirt, you must change it to:
lxc.network.type = veth lxc.network.link = virbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:xx:xx:xx
SELinux
SELinux currently prevents lxc to start containers, the issue has been reported at #1227071
A possible workaround is to set SELinux to permissive mode.
Create a container
# lxc-create -n container1 -t ubuntu -- -r xenial # lxc-start -n container1 # lxc-attach -n container1