From Fedora Project Wiki

m (Added a link to https://us.images.linuxcontainers.org/images/fedora/)
 
(16 intermediate revisions by 4 users not shown)
Line 1: Line 1:
'''LXC''' (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.
'''LXC''' (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.


Official project website: [https://linuxcontainers.org/ https://linuxcontainers.org]
* Official project website: [https://linuxcontainers.org/lxc https://linuxcontainers.org/lxc]
* Fedora LXC images: [https://us.images.linuxcontainers.org/images/fedora/ https://us.images.linuxcontainers.org/images/fedora/]
 
= Getting started =
 
== Installation ==
 
# dnf install lxc lxc-templates
 
If you want to create your own container images additional tools such as {{package|debootstrap}} for building Debian/Ubuntu-based containers might be required.
 
== Networking ==
 
If the containers should have network access, the easiest option is to attach them to a network bridge provided by the host system. This bridge can be managed outside LXC e.g. via <code>systemd-networkd</code> or {{package|libvirt}} or from within LXC with help of the <code>lxc-net</code> script.
 
=== lxc-net ===
 
LXC can be setup to manage its own network bridge with a DHCP server providing host-local network addresses to the containers which can communicate with external network hosts through NAT. DNS and DHCP services are provided via managed {{package|dnsmasq}} instance.
 
1. Make sure dnsmasq is installed:
 
# dnf install dnsmasq
 
2. Enable LXC bridge by setting the following variable in <code>/etc/sysconfig/lxc</code>:
 
USE_LXC_BRIDGE="true"
 
3. Optionally you can further customize the bridge network and <code>dnsmasq</code> configuration by redefining the following variables in <code>/etc/sysconfig/lxc-net</code>. This file must be created as it doesn't exist by default. The list below shows the default values defined in <code>/usr/libexec/lxc/lxc-net</code>:
 
  LXC_BRIDGE="lxcbr0"
  LXC_BRIDGE_MAC="00:16:3e:00:00:00"
  LXC_ADDR="10.0.3.1"
  LXC_NETMASK="255.255.255.0"
  LXC_NETWORK="10.0.3.0/24"
  LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
  LXC_DHCP_MAX="253"
  LXC_DHCP_CONFILE=""
  LXC_DHCP_PING="true"
  LXC_DOMAIN=""
  LXC_IPV6_ADDR=""
  LXC_IPV6_MASK=""
  LXC_IPV6_NETWORK=""
  LXC_IPV6_NAT="false"
 
4. The bridge and dnsmasq instance are managed via <code>lxc-net.service</code>. To create and persist the bridge, run:
 
# systemctl enable --now lxc-net.service
 
=== Use custom network bridge ===
 
If you want to use a network bridge managed independently or if you changed the bridge name in <code>LXC_BRIDGE</code> above, make sure to set the appropriate bridge name in <code>/etc/lxc/default.conf</code>.
 
For example when using the default bridge manged by <code>libvirt</code>, you must change it to:
 
    lxc.network.type = veth
    lxc.network.link = virbr0
    lxc.network.flags = up
    lxc.network.hwaddr = 00:16:3e:xx:xx:xx
 
== SELinux ==
 
SELinux currently prevents lxc to start containers, the issue has been reported at [https://bugzilla.redhat.com/show_bug.cgi?id=1227071 #1227071]
 
A possible workaround is to set SELinux to permissive mode.
 
== Create a container ==
 
    # lxc-create -n container1 -t ubuntu -- -r xenial
    # lxc-start -n container1
    # lxc-attach -n container1

Latest revision as of 12:55, 17 October 2018

LXC (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.

Getting started

Installation

# dnf install lxc lxc-templates

If you want to create your own container images additional tools such as Package-x-generic-16.pngdebootstrap for building Debian/Ubuntu-based containers might be required.

Networking

If the containers should have network access, the easiest option is to attach them to a network bridge provided by the host system. This bridge can be managed outside LXC e.g. via systemd-networkd or Package-x-generic-16.pnglibvirt or from within LXC with help of the lxc-net script.

lxc-net

LXC can be setup to manage its own network bridge with a DHCP server providing host-local network addresses to the containers which can communicate with external network hosts through NAT. DNS and DHCP services are provided via managed Package-x-generic-16.pngdnsmasq instance.

1. Make sure dnsmasq is installed:

# dnf install dnsmasq

2. Enable LXC bridge by setting the following variable in /etc/sysconfig/lxc:

USE_LXC_BRIDGE="true"

3. Optionally you can further customize the bridge network and dnsmasq configuration by redefining the following variables in /etc/sysconfig/lxc-net. This file must be created as it doesn't exist by default. The list below shows the default values defined in /usr/libexec/lxc/lxc-net:

 LXC_BRIDGE="lxcbr0"
 LXC_BRIDGE_MAC="00:16:3e:00:00:00"
 LXC_ADDR="10.0.3.1"
 LXC_NETMASK="255.255.255.0"
 LXC_NETWORK="10.0.3.0/24"
 LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
 LXC_DHCP_MAX="253"
 LXC_DHCP_CONFILE=""
 LXC_DHCP_PING="true"
 LXC_DOMAIN=""
 LXC_IPV6_ADDR=""
 LXC_IPV6_MASK=""
 LXC_IPV6_NETWORK=""
 LXC_IPV6_NAT="false"

4. The bridge and dnsmasq instance are managed via lxc-net.service. To create and persist the bridge, run:

# systemctl enable --now lxc-net.service

Use custom network bridge

If you want to use a network bridge managed independently or if you changed the bridge name in LXC_BRIDGE above, make sure to set the appropriate bridge name in /etc/lxc/default.conf.

For example when using the default bridge manged by libvirt, you must change it to:

   lxc.network.type = veth
   lxc.network.link = virbr0
   lxc.network.flags = up
   lxc.network.hwaddr = 00:16:3e:xx:xx:xx

SELinux

SELinux currently prevents lxc to start containers, the issue has been reported at #1227071

A possible workaround is to set SELinux to permissive mode.

Create a container

   # lxc-create -n container1 -t ubuntu -- -r xenial
   # lxc-start -n container1
   # lxc-attach -n container1