Setting up LXC on Debian squeeze

This is a step-by-step tutorial on how to install LXC on Debian Squeeze (and possibly other versions). I wrote this down as a reminder to myself because I was unable to find one consistent example source that worked for me. I will not talk what LXC is or why is it good, it has been already done in numerous places.

Installation

  • Installing required packages:
# apt-get install bridge-utils debootstrap
  • Setting up a bridge interface:

As I already had bridge set up for OpenVPN, so I skipped this step.
For the most basic bridge add following configuration to /etc/network/interfaces:

# Bridge setup
iface br0 inet static
        bridge_ports eth0 eth1
        address 192.168.0.2
        broadcast 192.168.0.255
        netmask 255.255.255.0
        gateway 192.168.0.1

bridge_ports – specify physical interfaces to be added to br0. You should not put any lines to configure the interfaces that will be used by the bridge, as this will be setup automatically by the scripts when bringing the bridge up.

  • Installing LXC:
    Assuming you’re running Debian Stable (squeeze (v6.0) at the time of writing), then the candidate LXC version should be <0.7.3:

    apt-cache policy lxc | grep -i candidate

    All versions up to 0.7.3 (see: bug #601422) by default uses debian lenny distribution for the VM containers. If you are ok with that, go directly to “Using lenny for the container”, otherwise, see below “Using squeeze for the container”.

    • Using squeeze for the container:

The one possible way to get LXC >=0.7.3 with squeeze is to use testing repository, as backports do not include LXC yet. This is more a hack, than a good solution, but because LXC does not have many dependencies it works just fine for our purposes.
Add default release parameter for apt:

# echo "echo "APT::Default-Release \"stable\";" >> /etc/apt/apt.conf.d/70debconf

Add testing repositories to your sources list:

# echo "deb ftp://ftp.lt.debian.org/debian/ testing main non-free contrib" >> /etc/apt/sources.list
# echo "deb-src ftp://ftp.lt.debian.org/debian/ testing main non-free contrib" >> /etc/apt/sources.list

Alternatively you can use any testing mirror. Now all is left to do, is to install LXC itself:

# apt-get update && apt-get -t testing install lxc

Just to be sure your stable system does not “drift” into testing packages, you can remove the testing repositories from sources.list. As newer LXC package moves into stable, apt should automatically catch that and update accordingly without breaking any dependencies.

  • Using lenny for the container:

For using lenny as a VM container simply install LXC tools from stable repository:

# apt-get update && apt-get install lxc

After isntalling LXC tools, it is time to set up cgroups:

# echo "cgroup /sys/fs/cgroup cgroup defaults 0 0" >> /etc/fstab
# mount cgroup

And a quick check to ensure everything is ok so far:

# lxc-checkconfig

In output you should see everything enabled apart “Cgroup memory controller”. If you want memory control via cgroups then the Kernel recompilation is needed, which is beyond the scope of this tutorial.

Creating your first VM

  • Creating root filesystem:
    Create directory for VM and install Debian base system using lxc template:

    # mkdir -p /lxc/vm0
    # /usr/lib/lxc/templates/lxc-debian -p /lxc/vm0/

    This will take longer to complete only the first time you run it, as the subsequent template creations will use debootstrap’s cache.

    • Error “Failed getting release file”
      If you get this error during first install, simply change mirror in /usr/lib/lxc/templates/lxc-debianĀ file and repeat steps, e.g.:

      MIRROR=${MIRROR:-ftp://ftp.lt.debian.org/debian/}
  • Configuring VM:
    We are nearly done. The last step is to configure our VM container. Edit the file /lxc/vm0/configĀ while taking special attention to parameters:

    lxc.network.ipv4 = 192.168.0.123/24
    lxc.network.hwaddr = 4a:59:43:49:79:bf
    lxc.network.link = br0
    lxc.network.type = veth
    lxc.network.veth.pair = veth_vm0

    Notes:

    1. IP (in lxc.network.ipv4) must end with CIDR notation of subnet. “/24″ means subnet mask of “255.255.255.0”
    2. MAC (in lxc.network.hwaddr) address must not be multicast
    3. Name of interface (in lxc.network.veth.pair) can be anything, but I prefer convention “veth_VM-NAME”

    Do not forget to configure VM’s interface in file /lxc/vm0/rootfs/etc/network/interfaces to something like:

    auto eth0
    iface eth0 inet static
            address 192.168.0.123
            netmask 255.255.255.0
            gateway 192.168.0.1
  • Starting VM:
    Now the final step is to power on and start using your VM:

    lxc-start -n vm0 -f /lxc/vm0/config

    You will be attached to a VM console where you can login with user root:root. Do not forget to change the root’s password or disable the account altogether!

Other:

  • Stopping VM:
lxc-stop -n vm0
  • Attaching to VM’s console:
lxc-console -n vm0
  • Auto-starting VMs when host starts:
    • LXC <0.7.5:
      Create config symlink:

      # ln -s /lxc/vm0/conf /etc/lxc/vm0.conf

      Then edit file /etc/default/lxc and include something like:

      RUN=yes
      CONF_DIR=/etc/lxc
      CONTAINERS="vm0"
    • LXC >=0.7.5:
      # ln -s /lxc/vm0/config /etc/lxc/auto/vm0.conf
  • Cloning VM:
    This can be achieved by simply copying VM’s directory with:

    # cp -r /lxc/vm0 /lxc/new_vm

    After that do not forget to change /lxc/new_vm/config and /lxc/new_vm/rootfs/etc/network/interfaces files to reflect new changes of name, IP/MAC address and rootfs location.

  • Sharing (binding) host’s directory in VM:
    In VM’s config include lxc.mount.entry, e.g. for VM running Apache:

    lxc.mount.entry = /var/www /lxc/vm0/rootfs/var/www none defaults,bind 0 0

References

  1. http://wiki.debian.org/LXC
  2. http://www.jotschi.de/?p=554
  3. http://lxc.teegra.net/
  4. http://nigel.mcnie.name/blog/a-five-minute-guide-to-linux-containers-for-debian#id3
  5. http://jim.studt.net/depository/index.php/using-linux-containers-with-debian-lenny
  6. http://alfie.ist.org/blog/2011/03/23
  7. http://www.mail-archive.com/[email protected]/msg00783.html
  8. http://ubuntuforums.org/showthread.php?t=1476832

One thought on “Setting up LXC on Debian squeeze

  1. wryfi

    Thanks for the very helpful guide. LXC is great!

    A few days ago, however, the mechanism for configuring LXC containers changed in the wheezy packages. It caused me no end of frustration until I figured it out.

    My first attempted lxc install was 5 or 6 days ago, on version 0.7.5-3. Your instructions worked flawlessly with that version.

    I attempted another installation yesterday, this time with the slightly-newer 0.7.5-9. I found that my newly-created containers wouldn’t start up properly, and had all kinds of problems.

    Eventually I read through the Debian changelog, and realized that most of the container configuration has been moved from the lxc-debian template to a package you’re supposed to install in the container, called (appropriately) linux-container. This package uses debconf to help you set up your container properly.

    The lxc-debian template shipped in 0.7.5-9 attempts to install the linux-container package in any container it creates. However, the linux-container package does not exist in any squeeze repo, so it fails to install.

    One option is to download the squeeze package, chroot into your container, and install it. Since I already maintain my own apt repo, however, I simply added the linux-container package to it, then hacked up the lxc-debian template to add my repository and signing key to the container. YMMV.

    A good lesson here: be careful using packages from -testing! They are moving targets (especially, it would seem, the lxc packages).

    Reply

Leave a Reply