Wiki

• FrontPage
• RecentChanges
• FindPage
• HelpContents
• LXC

Translation(s): none

Linux Containers (LXC) provide a Free Software virtualization system for computers running GNU/Linux. This is accomplished through kernel level isolation. It allows one to run multiple virtual units simultaneously. Those units, similar to chroots, are sufficiently isolated to guarantee the required security, but utilize available resources efficiently, as they run on the same kernel.

For all related information visit : http://lxc.sourceforge.net/

LXC is available starting with Debian 5.0 - Lenny (Kernel 2.6.26), however the LXC userspace tools are not packaged for Lenny, so they would have to be built from source. Debian 6.0 - Squeeze has full support for LXC.

LXC installs corrrectly on Wheezy, but there are some problems with the template which ships with Wheezy. Other templates can be downloaded, for more reading go to the LXC container mailing list.

You can also read some sub pages :

• LXC/Squeeze-Backport

Installation

• Install required packages

aptitude install lxc

• Install optional packages

aptitude install bridge-utils libvirt-bin debootstrap

Prepare the host

• Required: Mount cgroup reboot save (since 595964 /sys/fs/cgroup is prepared to mount cgroup, see also 601757)

Add this line to /etc/fstab

cgroup  /sys/fs/cgroup  cgroup  defaults  0   0

Try to mount it (a reboot solves an eventual "resource busy problem" in any case)

mount /sys/fs/cgroup

• Optional: Enable memory cgroup support (534964) (CONFIG_CGROUP_MEM_RES_CTLR) - Since 2.6.39-bpo60-2 for Squeeze the memory cgroup support is built in, so lxc-checkconfig will give you a green result about this point. At the same time, it is deactivated by default. You need to activate memory cgroup support with a kernel parameter. When using grub2, this can be easily done by adding GRUB_CMDLINE_LINUX="cgroup_enable=memory" in /etc/default/grub and running update-grub2. Same for CONFIG_CGROUP_MEM_RES_CTLR_SWAP - see http://lists.debian.org/debian-kernel/2012/01/msg00804.html .

Check kernel configuration :

# lxc-checkconfig 
Kernel config /proc/config.gz not found, looking in other places...
Found kernel config file /boot/config-2.6.32-5-amd64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup namespace: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: missing
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Here, I've Cgroup memory controller: missing. If you want memory control via cgroups then the Kernel recompilation is needed.

RootFS creation

Debian Squeeze

• In theory you may use any tool to create a rootfs (debootstrap, multistrap, rootstock) as long as you are sure, that the result will run inside a container.
• For the first time and as an example, use the provided creation script of the lxc package.

cp -a /usr/lib/lxc/templates/lxc-debian /usr/lib/lxc/templates/lxc-squeeze

• (lxc-debian is designed to install lenny, which is no longer accessible from the specified archive.) Edit lxc-squeeze, replacing "lenny" with "squeeze" and "dhcp-client" with "isc-dhcp-client"

lxc-create -n myfirstcontainer -t squeeze -f /usr/share/doc/lxc/examples/lxc-veth.conf

• Here, we use lxc-veth.conf config file

Debian Wheezy

lxc-create -n myfirstcontainer -t debian

This will prompt you on what distribution to install.

Setup networked containers

• Create a bridge on the host (natted/routed), /SimpleBridge

• VLAN + bridge setup description, see /VlanNetworking

• Use libvirt package for easy network setup (/LibVirtDefaultNetwork)

Start and stop containers

• To start a container and stay attached to the console run (by default, login/password is root/root) :

lxc-start -n myfirstcontainer

• To start a container in the background and attached to the console at any time later run:

lxc-start -n myfirstcontainer -d
lxc-console -n myfirstcontainer

• To halt a container cleanly by the containers initv-system:

lxc-halt -n myfirstcontainer

• To stop a container without proper halt inside the container:

lxc-stop -n myfirstcontainer

• To have containers automatically started on booting the host, edit the host's /etc/default/lxc

Support

• To discuss about LXC and Debian LXC : LXC mailing list (On Gmane)

References

• The repository of current main developer of LXC Debian Package

• LXC Homepage

• LXC on Debian Squeeze (Published on 2010-05-01)

• Setting up LXC on Debian squeeze (Published on 06/11/2011)

• LXC Userspace Tools

• Introduction to cgroups

• LXC Container based Virtualization on Debian Squeeze HowTo

• How to use Linux containers (lxc) under Debian Squeeze

See also :

• http://blog.rot13.org/2010/03/lxc-watchdog_missing_bits_for_openvz_-_linux_containers_migration.html which describes a tool that allows controlling the guest's startup/shutdown through power signals, and also some more setup for consoles.

Known bugs and "got to know issues"

• 600466 - "Respawning too fast" messages due to missing tty(1234) nodes in generated container rootfs (workaround: remove from container's /etc/inittab}} or {{{mknod -m 660 dev/tty1 c 5 1 for each device)

See also

• SystemVirtualization alternatives