This is an old revision of the document!
LXC is a tool to create and manage containers. It contains a full featured container with the isolation / virtualization of the pids, the ipc, the utsname, the mount points, /proc, /sys, the network and it takes into account the control groups. It is very light, flexible, and provides a set of tools around the container like the monitoring with asynchronous events notification, or the freeze of the container. This package is useful to create Virtual Private Server, or to run isolated applications like bash or sshd.
Resources
Build the guest container.
# lxc-create -n test lxc-create: No config file specified, using the default config /etc/lxc/default.conf 'test' created # lxc-ls --fancy NAME STATE IPV4 IPV6 ----------------------------------- test STOPPED -
this just creates $LXC_ROOT/test
directory with config
copied from /etc/lxc/default.conf
inside.
create guest with default config using pld template:
# lxc-create -n test -t pld
NOTYET:
There are two versions of PLD available for guest systems:
You may choose one using -R
option:
# lxc-create -t pld-test -p pld -f network-configuration-file -- -R th
!!! WARNING: pld template for LXC is yet to be written !!!
When in Vserver, guest processes are not visible in host, then in LXC all guest processes are visible. Beware when running killall(1)
commands on host.
Also, unfortunately /proc/PID/root
points to /
for LXC guests as well, so rc-scripts
filter_chroot()
can't differentiate between host and guest processes.
Commands:
Vserver | LXC | Notes |
---|---|---|
vserver test enter | lxc-attach -n test -e | Use -e option with care, especially when restarting processes |
vserver test start | lxc-start -n test -d | |
vserver test stop | lxc-stop -n test | |
vserver-stat | lxc-ls --fancy --running | you need python3-lxc installed for this tool |
static networking, set VSERVER=yes
and VSERVER_ISOLATION_NET=yes
in guest /etc/sysconfig/system
to disable all network configuration by guest.
macvlan
first boot with hwaddr
line disabled, look what the random address was assigned, set it in config.
also you may use some generation techniques like these (assuming the ip is 192.168.2.160
):
$ printf "02:00:%x:%x:%x:%x" 192 168 2 160 02:00:c0:a8:2:a0
lxc.network.type = macvlan lxc.network.flags = up #lxc.network.hwaddr = 00:16:c0:a8:3:34 lxc.network.link = eth0 lxc.network.macvlan.mode = bridge lxc.network.name = eth0 lxc.network.ipv4 = 192.168.2.160/23 lxc.network.ipv4.gateway = 192.168.2.1