meta data for this page
  •  
Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

This is an old revision of the document!

LXC

  • /var/lib/lxc default container place
  • /var/cache/lxc download cache

Preparation

sudo apt-get install bridge-utils
sudo apt-get install lxc lxc-templates cgmanager cgroup-lite
sudo lxc-checkconfig

Make sure cgroup filesystem is mounted

/etc/fstab
cgroup	/sys/fs/cgroup	cgroup	defaults	0	0

Basic usage

lxc-create -n test-container -t ubuntu
lxc-start -n test-container
lxc-start -n test-container --daemon
lxc-info -n test-container
lxc-attach -n test-container
lxc-console -n test-container
lxc-stop -n  test-container
lxc-destroy -n test-container

Getting info

lxc-ls --fancy
lxc-info -n test-container

Templates

Use template “ubuntu” and pass “-r trusty” argument to template: 

lxc-create -n test-container -t ubuntu --dir/home/LXC/test-container -- -r trusty -a amd64

Every template can show own help: 

lxc-create -t download --help

Pass “List images” parameter to “download” template 

lxc-create -t download -n test-container -- -l

Available templates: 

/usr/share/lxc/templates/lxc-gentoo
/usr/share/lxc/templates/lxc-centos
/usr/share/lxc/templates/lxc-oracle
/usr/share/lxc/templates/lxc-alpine
/usr/share/lxc/templates/lxc-fedora
/usr/share/lxc/templates/lxc-sshd
/usr/share/lxc/templates/lxc-altlinux
/usr/share/lxc/templates/lxc-opensuse
/usr/share/lxc/templates/lxc-download
/usr/share/lxc/templates/lxc-busybox
/usr/share/lxc/templates/lxc-ubuntu
/usr/share/lxc/templates/lxc-ubuntu-cloud
/usr/share/lxc/templates/lxc-openmandriva
/usr/share/lxc/templates/lxc-cirros
/usr/share/lxc/templates/lxc-plamo
/usr/share/lxc/templates/lxc-archlinux
/usr/share/lxc/templates/lxc-debian

Network

/etc/network/interfaces
auto eth0
iface eth0 inet static
    address 0.0.0.0

auto br0
iface br0 inet dhcp
    bridge_ports eth0

Debug

lxc-start -n test-container
lxc-start: start.c: lxc_init: 402 failed loading seccomp policy
lxc-start: start.c: __lxc_start: 1086 failed to initialize the container
lxc-start: lxc_start.c: main: 341 The container failed to start.
lxc-start: lxc_start.c: main: 345 Additional information can be obtained by setting the --logfile and --logpriority options.
lxc-start -n test-container -l DEBUG -o debug.log
lxc-start 1460629578.157 INFO     lxc_start_ui - lxc_start.c:main:264 - using rcfile /var/lib/lxc/test-container/config
lxc-start 1460629578.158 WARN     lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized
lxc-start 1460629578.159 WARN     lxc_cgmanager - cgmanager.c:cgm_get:985 - do_cgm_get exited with error
lxc-start 1460629578.159 INFO     lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
lxc-start 1460629578.159 ERROR    lxc_start - start.c:lxc_init:402 - failed loading seccomp policy
lxc-start 1460629578.159 ERROR    lxc_start - start.c:__lxc_start:1086 - failed to initialize the container
lxc-start 1460629578.159 ERROR    lxc_start_ui - lxc_start.c:main:341 - The container failed to start.
lxc-start 1460629578.159 ERROR    lxc_start_ui - lxc_start.c:main:345 - Additional information can be obtained by setting the --logfile and --logpriority options.

Errors

Failed to mount cgroup

Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied

Ubuntu 14.04 has LXC 1.0.7 which doesn't support running systemd inside the container.

You can install the LXC 1.1.4 backport available in trusty-backports which should fix that (enabled backports in /etc/apt/sources.list, then apt-get update, then apt-get -t trusty-backports install lxc) or use the stable LXC PPA at ppa:ubuntu-lxc/stable

failed to attach 'veth'...

Start container in foreground mode lxc-start -n container -F 

lxc-start: conf.c: instantiate_veth: 2594 failed to attach 'veth7LY5W6' to the bridge 'lxcbr0': Operation not permitted
lxc-start: conf.c: lxc_create_network: 2871 failed to create netdev
lxc-start: start.c: lxc_spawn: 1066 failed to create the network
lxc-start: start.c: __lxc_start: 1329 failed to spawn 'gitlab'

Start with debug logging: 

...
lxc-start 20160418064521.427 ERROR    lxc_conf - conf.c:instantiate_veth:2594 - failed to attach 'vethSIJAS1' to the bridge 'lxcbr0': Operation not permitted
lxc-start 20160418064521.456 ERROR    lxc_conf - conf.c:lxc_create_network:2871 - failed to create netdev
lxc-start 20160418064521.456 ERROR    lxc_start - start.c:lxc_spawn:1066 - failed to create the network
lxc-start 20160418064521.456 ERROR    lxc_start - start.c:__lxc_start:1329 - failed to spawn 'gitlab'
...

From some reasons lxcbr0 doesn't exists. Check if lxc-net.service works correctly: 

journalctl -u lxc-net.service
systemd[1]: Starting LXC network bridge setup...
lxc-net[1280]: dnsmasq: failed to create listening socket for 10.0.3.1: Address already in use
lxc-net[1280]: Failed to setup lxc-net.
grinnux2 systemd[1]: Started LXC network bridge setup.

Dnsmasq starts to spawn own DNS server on port :53 when on host system bind daemon is running. Dnsmasq wants to bind only to IP on lxcbr0 interface, so check if other process is listening on port :53 

lsof -ni :53

Probably bind daemon is listening on all interfaces. To change this, edit

/etc/bind/named.conf.options
listen-on { 127.0.0.1; 192.168.0.231; };
listen-on-v6 { none; };
systemctl restart bind9
systemctl restart lxc-net