From Fedora Project Wiki

m (Added a link to https://us.images.linuxcontainers.org/images/fedora/)
 
(4 intermediate revisions by 3 users not shown)
Line 1: Line 1:
'''LXC''' (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.
'''LXC''' (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.


Official project website: [https://linuxcontainers.org/ https://linuxcontainers.org]
* Official project website: [https://linuxcontainers.org/lxc https://linuxcontainers.org/lxc]
 
* Fedora LXC images: [https://us.images.linuxcontainers.org/images/fedora/ https://us.images.linuxcontainers.org/images/fedora/]


= Getting started =
= Getting started =
Line 8: Line 8:
== Installation ==  
== Installation ==  


    $ sudo dnf install lxc lxc-templates lxc-extra debootstrap libvirt
# dnf install lxc lxc-templates


The 'debootstrap' is necessary in order to build Debian-based containers.
If you want to create your own container images additional tools such as {{package|debootstrap}} for building Debian/Ubuntu-based containers might be required.
<br>The libvirt will provide basic networking management, such us bridge, NAT and DHCP.


== Change default bridge ==
== Networking ==


Edit the file /etc/lxc/default.conf and change the parameter 'lxc.network.link' from 'lxcbr0' to 'virbr0':
If the containers should have network access, the easiest option is to attach them to a network bridge provided by the host system. This bridge can be managed outside LXC e.g. via <code>systemd-networkd</code> or {{package|libvirt}} or from within LXC with help of the <code>lxc-net</code> script.
 
=== lxc-net ===
 
LXC can be setup to manage its own network bridge with a DHCP server providing host-local network addresses to the containers which can communicate with external network hosts through NAT. DNS and DHCP services are provided via managed {{package|dnsmasq}} instance.
 
1. Make sure dnsmasq is installed:
 
# dnf install dnsmasq
 
2. Enable LXC bridge by setting the following variable in <code>/etc/sysconfig/lxc</code>:
 
USE_LXC_BRIDGE="true"
 
3. Optionally you can further customize the bridge network and <code>dnsmasq</code> configuration by redefining the following variables in <code>/etc/sysconfig/lxc-net</code>. This file must be created as it doesn't exist by default. The list below shows the default values defined in <code>/usr/libexec/lxc/lxc-net</code>:
 
  LXC_BRIDGE="lxcbr0"
  LXC_BRIDGE_MAC="00:16:3e:00:00:00"
  LXC_ADDR="10.0.3.1"
  LXC_NETMASK="255.255.255.0"
  LXC_NETWORK="10.0.3.0/24"
  LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
  LXC_DHCP_MAX="253"
  LXC_DHCP_CONFILE=""
  LXC_DHCP_PING="true"
  LXC_DOMAIN=""
  LXC_IPV6_ADDR=""
  LXC_IPV6_MASK=""
  LXC_IPV6_NETWORK=""
  LXC_IPV6_NAT="false"
 
4. The bridge and dnsmasq instance are managed via <code>lxc-net.service</code>. To create and persist the bridge, run:
 
# systemctl enable --now lxc-net.service
 
=== Use custom network bridge ===
 
If you want to use a network bridge managed independently or if you changed the bridge name in <code>LXC_BRIDGE</code> above, make sure to set the appropriate bridge name in <code>/etc/lxc/default.conf</code>.
 
For example when using the default bridge manged by <code>libvirt</code>, you must change it to:


     lxc.network.type = veth
     lxc.network.type = veth
Line 24: Line 62:
== SELinux ==
== SELinux ==


Work in progress.
SELinux currently prevents lxc to start containers, the issue has been reported at [https://bugzilla.redhat.com/show_bug.cgi?id=1227071 #1227071]
 
A possible workaround is to set SELinux to permissive mode.
 
== Create a container ==
 
    # lxc-create -n container1 -t ubuntu -- -r xenial
    # lxc-start -n container1
    # lxc-attach -n container1

Latest revision as of 12:55, 17 October 2018

LXC (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.

Getting started

Installation

# dnf install lxc lxc-templates

If you want to create your own container images additional tools such as debootstrap for building Debian/Ubuntu-based containers might be required.

Networking

If the containers should have network access, the easiest option is to attach them to a network bridge provided by the host system. This bridge can be managed outside LXC e.g. via systemd-networkd or libvirt or from within LXC with help of the lxc-net script.

lxc-net

LXC can be setup to manage its own network bridge with a DHCP server providing host-local network addresses to the containers which can communicate with external network hosts through NAT. DNS and DHCP services are provided via managed dnsmasq instance.

1. Make sure dnsmasq is installed:

# dnf install dnsmasq

2. Enable LXC bridge by setting the following variable in /etc/sysconfig/lxc:

USE_LXC_BRIDGE="true"

3. Optionally you can further customize the bridge network and dnsmasq configuration by redefining the following variables in /etc/sysconfig/lxc-net. This file must be created as it doesn't exist by default. The list below shows the default values defined in /usr/libexec/lxc/lxc-net:

 LXC_BRIDGE="lxcbr0"
 LXC_BRIDGE_MAC="00:16:3e:00:00:00"
 LXC_ADDR="10.0.3.1"
 LXC_NETMASK="255.255.255.0"
 LXC_NETWORK="10.0.3.0/24"
 LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
 LXC_DHCP_MAX="253"
 LXC_DHCP_CONFILE=""
 LXC_DHCP_PING="true"
 LXC_DOMAIN=""
 LXC_IPV6_ADDR=""
 LXC_IPV6_MASK=""
 LXC_IPV6_NETWORK=""
 LXC_IPV6_NAT="false"

4. The bridge and dnsmasq instance are managed via lxc-net.service. To create and persist the bridge, run:

# systemctl enable --now lxc-net.service

Use custom network bridge

If you want to use a network bridge managed independently or if you changed the bridge name in LXC_BRIDGE above, make sure to set the appropriate bridge name in /etc/lxc/default.conf.

For example when using the default bridge manged by libvirt, you must change it to:

   lxc.network.type = veth
   lxc.network.link = virbr0
   lxc.network.flags = up
   lxc.network.hwaddr = 00:16:3e:xx:xx:xx

SELinux

SELinux currently prevents lxc to start containers, the issue has been reported at #1227071

A possible workaround is to set SELinux to permissive mode.

Create a container

   # lxc-create -n container1 -t ubuntu -- -r xenial
   # lxc-start -n container1
   # lxc-attach -n container1