Small LXC Writeup



  • So I've been using LXC for some things. I figured I'd do a quick small write up. I'm using it on Ubuntu because each distro is different on how they deploy it and it's most documented with Ubuntu and seems to have the least issues.

    Start by installing lxc

    sudo apt-get install lxc lxc-templates
    

    There are a couple ways to do networking. I'm running these on my desktop so I can bridge the NIC and have addresses for each container on my subnet. If you're running on a VPS or cloud server you will most likely need to use iptables to port forward to the container.

    For now I'll just show how to use the containers themselves.

    To list containers you can use

    sudo lxc-ls --fancy
    

    It will give you this output

    NAME    STATE    IPV4        IPV6  AUTOSTART  
    --------------------------------------------  
    d1      RUNNING  10.0.0.30   -     NO
    xo      RUNNING  10.0.0.188  -     NO
    

    Next create a new container. I'll use Ubuntu trusty 64 bit.

    sudo lxc-create -t download -n cont1 -- -d ubuntu -r trusty -a amd64
    

    That will download the ubuntu trusty 64 bit template, name the container cont1, and create the file system. It takes a little longer the first time since it needs to download everything.

    Once it's finished just type:

    sudo lxc-start -n cont1 -d
    

    If you don't run it as a daemon, you will be launched into the container and then have to shut it down to get out. This way it runs in the background.

    Next you will need to attach to the container and change the default user's (ubuntu) password.

    sudo lxc-attach -n cont1
    
    passwd ubuntu
    
    exit
    

    To attach to the container with a console just type:

    sudo lxc-console -n cont1
    

    And to leave the console use ctrl+a q

    If you want to start up a handful at once here's a quick one liner:

    for i in {1..5}; do  (sudo lxc-create -t download -n cont$i -- -d ubuntu -r trusty -a amd64 && echo "Container cont$i is finished..."); done
    

    You can run unprivileged containers where normal non-sudo users can create the container and it's limited to their space, but it's some more work.