Virtualization using LXC: Difference between revisions

From The Opensource Knowledgebase
Jump to navigation Jump to search
← Older edit
mNo edit summary
mNo edit summary
 
(11 intermediate revisions by the same user not shown)
Line 19: Line 19:
Text editors: gedit, sublime-text
Text editors: gedit, sublime-text


<strongUser PC Details</strong>
User PC Details
PC type: Desktop
PC type: Desktop
OS: Ubuntu Desktop
OS: Ubuntu Desktop
Line 32: Line 32:
=Preparing lxc Host=
=Preparing lxc Host=
*ssh from local machine to the lxc host
*ssh from local machine to the lxc host
; <code> ssh kedar@172.16.149.176 </code>
: <code> ssh kedar@172.16.149.176 </code>
*Ensure infrabase1 (host server) is updated with latest patches and updates
*Ensure infrabase1 (host server) is updated with latest patches and updates
; <code> sudo apt update && sudo apt upgrade -y </code>
: <code> sudo apt update && sudo apt upgrade -y </code>
*Remove unwanted software
*Remove unwanted software
; <code> sudo apt autoremove </code>
: <code> sudo apt autoremove </code>
* Restart the host server
* Restart the host server
; <code> sudo init 6 </code>
: <code> sudo init 6 </code>


<youtube width="470" height="240">h2Yt-3GkgkY</youtube>
<youtube width="470" height="240">h2Yt-3GkgkY</youtube>
Line 44: Line 44:
=Installing lxc=
=Installing lxc=
*Install lxc using the ubuntu repositories
*Install lxc using the ubuntu repositories
; <code> sudo apt install lxc </code>
: <code> sudo apt install lxc </code>


<youtube width="470" height="240">rOmLldPI-A0</youtube>
<youtube width="470" height="240">rOmLldPI-A0</youtube>
Line 50: Line 50:
=Creating Containers=
=Creating Containers=
* Create a container called as apache. This container will be used as a webserver and apache will be installed as a webserver. You can name the container as you like.
* Create a container called as apache. This container will be used as a webserver and apache will be installed as a webserver. You can name the container as you like.
; <code> sudo lxc-create -t download -n apache -- -d ubuntu -r bionic -a amd64 </code>
: <code> sudo lxc-create -t download -n apache -- -d ubuntu -r bionic -a amd64 </code>


<youtube width="470" height="240">pr_l_e4ZLEY</youtube>  
<youtube width="470" height="240">pr_l_e4ZLEY</youtube>  
Line 56: Line 56:
=Useful commands=
=Useful commands=
==Container status modification==
==Container status modification==
* <code> sudo lxc-start -n apache </code>
<pre>
* <code> sudo lxc-stop -n apache </code>
sudo lxc-start -n apache
* <code> sudo lxc-destroy -n apache </code> This will work only if the container is in stopped state.
sudo lxc-stop -n apache  
* <code> sudo lxc-ls --fancy </code> to get te IP addresses of the running containers.
sudo lxc-destroy -n apache
 
sudo lxc-ls --fancy
</pre>
==Logging into the container==
==Logging into the container==
* <code> sudo lxc-start -n apache </code> This will start the container
* <code> sudo lxc-start -n apache </code> This will start the container
Line 66: Line 67:
* Important to note that only root user is enabled in the container. You will have to create a user if you like
* Important to note that only root user is enabled in the container. You will have to create a user if you like
* Creating a user while logged into the container. Run the below commands as root in the container
* Creating a user while logged into the container. Run the below commands as root in the container
<code> adduser kedar </code> It will ask you many questions, Generally keep the default
: <code> adduser kedar </code> It will ask you many questions, Generally keep the default
*Add the user in sudoer group
*Add the user in sudoer group
<code> usermod -aG sudo kedar </code>
: <code> usermod -aG sudo kedar </code>
*Install necessary software like openssh server so that you can ssh into the container
*Install necessary software like openssh server so that you can ssh into the container
<code> apt install openssh-server </code>
<pre>
<Code> systemctl status shhd </code>  
apt install openssh-server
systemctl status sshd
</pre>
=LXC containers on network=
*By default lxc containers have a private IP and are not accessible to the outside network. The containers are accessible only through the host, however the containers can communicate with each other.
*To make the containers available on the network, we have to bridge the network. Add the below content as follows
<pre>
sudo nano /etc/netplan/50-cloud-init.yaml
</pre>
* You must make necessary changes at your end
<pre>
network:
  version: 2
  renderer: networkd
 
  ethernets:
    enp4s0:
      dhcp4: false
      dhcp6: false
  bridges:
    br0:
      interfaces: [enp4s0]
      addresses: [172.16.149.176/25]
      gateway4: 172.16.176.129
      mtu: 1500
      nameservers:
        addresses: [8.8.8.8]
      parameters:
        stp: true
        forward-delay: 4
      dhcp4: no
      dhcp6: no
</pre>
*Save & exit
*Restart netplan
<pre>
sudo netplan restart
</pre>
* Change the interface in /etc/default/lxc-net
<pre>
.
.
.
USE_LXC_BRIDGE="true"
.
.
.
LXC_BRIDGE="br0"
.
.
.
</pre>
* Restart the lxc-net service
<pre>
sudo systemctl restart lxc-net
</pre>
=Specific IP Address to containers=
*By default containers get IP from dhcp. You can allocate specific IP addresses of your choice to a container by creating a file in lxc folder and adding hosts with corresponding ipaddress of your choice.
<pre>
sudo nano /etc/lxc/dhcp.conf
</pre>
*Add the hosts in the dhcp.conf
<pre>
dhcp-host=webserver,17.16.149.144
dhcp-host=db1,172.16.149.150
dhcp-host=db2,172.16.149.151
dhcp-host=haproxy,172.16.149.153
</pre>
*Mention the name of the file in /etc/default/lxc-net
<pre>
.
.
USE_LXC_BRIDGE="true"
LXC_DHCP_CONFILE=/etc/lxc/dhcp.conf
LXC_BRIDGE="br0"
</pre>
*Restrt lxc-net
<pre>
sudo systemctl restart lxc-net
</pre>
*Ensure the existing containers are re started for the new ipaddress to be reflected in the containers
*Everytime a change happens in dhcp.conf file, restart lxc-net service
 
=Conclusion=
=Conclusion=
*Lxc is a great way to understand containers and should be a starting point for users who are interested in container based virtualization
*Lxc is a great way to understand containers and should be a starting point for users who are interested in container based virtualization

Latest revision as of 05:54, 9 June 2020

LXC Host Details 
hostname: infrabase1
Network: 172.16.149.128/25
IP Address : 172.16.149.176
Subnet Mask: 255.255.255.128
Gateway: 172.16.176.129
DNS: 8.8.8.8

Server OS: Ubuntu 18.04
Edition: LTS, server 
sudo user: kedar

FTP Client: Filezilla
ssh client: terminal, reminna
Text editors: gedit, sublime-text

User PC Details
PC type: Desktop
OS: Ubuntu Desktop
IP Address: 172.16.162.65
sudo user:kedar

Introduction

LXC (Linux Containers) is an operating system level virtualization method for running several isolated Linux systems (containers) on a host running a linux operating system. The containers use the kernel of the host operating system and hence lxc does not have to virtualize the entire hardware of the host. Containers are relatively low on resource requirement and a singe host has the ability to run a very dense container environment, running several containers as opposed to a conventional KVM based virtualization. More information is available on here.

Preparing lxc Host

  • ssh from local machine to the lxc host
ssh kedar@172.16.149.176
  • Ensure infrabase1 (host server) is updated with latest patches and updates
sudo apt update && sudo apt upgrade -y
  • Remove unwanted software
sudo apt autoremove
  • Restart the host server
sudo init 6

Installing lxc

  • Install lxc using the ubuntu repositories
sudo apt install lxc

Creating Containers

  • Create a container called as apache. This container will be used as a webserver and apache will be installed as a webserver. You can name the container as you like.
sudo lxc-create -t download -n apache -- -d ubuntu -r bionic -a amd64

Useful commands

Container status modification

sudo lxc-start -n apache
sudo lxc-stop -n apache 
sudo lxc-destroy -n apache
sudo lxc-ls --fancy

Logging into the container

  • sudo lxc-start -n apache This will start the container
  • sudo lxc-attach -n apache This will log you in the container as root
  • Important to note that only root user is enabled in the container. You will have to create a user if you like
  • Creating a user while logged into the container. Run the below commands as root in the container
adduser kedar It will ask you many questions, Generally keep the default
  • Add the user in sudoer group
usermod -aG sudo kedar
  • Install necessary software like openssh server so that you can ssh into the container
apt install openssh-server
systemctl status sshd

LXC containers on network

  • By default lxc containers have a private IP and are not accessible to the outside network. The containers are accessible only through the host, however the containers can communicate with each other.
  • To make the containers available on the network, we have to bridge the network. Add the below content as follows
sudo nano /etc/netplan/50-cloud-init.yaml
  • You must make necessary changes at your end
network:
  version: 2
  renderer: networkd

  ethernets:
    enp4s0:
      dhcp4: false
      dhcp6: false
  bridges:
    br0:
      interfaces: [enp4s0]
      addresses: [172.16.149.176/25]
      gateway4: 172.16.176.129
      mtu: 1500
      nameservers:
        addresses: [8.8.8.8]
      parameters:
        stp: true
        forward-delay: 4
      dhcp4: no
      dhcp6: no
  • Save & exit
  • Restart netplan
sudo netplan restart
  • Change the interface in /etc/default/lxc-net
.
.
.
USE_LXC_BRIDGE="true"
.
.
.
LXC_BRIDGE="br0"
.
.
.
  • Restart the lxc-net service
sudo systemctl restart lxc-net

Specific IP Address to containers

  • By default containers get IP from dhcp. You can allocate specific IP addresses of your choice to a container by creating a file in lxc folder and adding hosts with corresponding ipaddress of your choice.
sudo nano /etc/lxc/dhcp.conf
  • Add the hosts in the dhcp.conf
dhcp-host=webserver,17.16.149.144
dhcp-host=db1,172.16.149.150
dhcp-host=db2,172.16.149.151
dhcp-host=haproxy,172.16.149.153
  • Mention the name of the file in /etc/default/lxc-net
.
.
USE_LXC_BRIDGE="true"
LXC_DHCP_CONFILE=/etc/lxc/dhcp.conf
LXC_BRIDGE="br0"
  • Restrt lxc-net
sudo systemctl restart lxc-net
  • Ensure the existing containers are re started for the new ipaddress to be reflected in the containers
  • Everytime a change happens in dhcp.conf file, restart lxc-net service

Conclusion

  • Lxc is a great way to understand containers and should be a starting point for users who are interested in container based virtualization
  • There are several advantages of using Lxc but it is by design and default that the containers are not accessible from outside the host. To enable that there are two options.
    • Create a network bride
    • Using iptables forward ports to the containers
  • Explore Lxc and have fun !

Experimental

  • For those who do not want to use terminal for creating and managing containers, there is a web panel that allows you manage containers, networks through the browser.
  • You can check it out [here]
Retrieved from "https://infrastructure-advisory.org/index.php?title=Virtualization_using_LXC&oldid=208"