meta data for this page
This is an old revision of the document!
LXC
- /var/lib/lxc default container place
- /var/cache/lxc download cache
Preparation
sudo apt-get install bridge-utils sudo apt-get install lxc lxc-templates cgmanager cgroup-lite sudo lxc-checkconfig
Make sure cgroup filesystem is mounted
- /etc/fstab
cgroup /sys/fs/cgroup cgroup defaults 0 0
Basic usage
lxc-create -n test-container -t ubuntu lxc-start -n test-container lxc-start -n test-container --daemon lxc-info -n test-container lxc-attach -n test-container lxc-console -n test-container lxc-stop -n test-container lxc-destroy -n test-container
Getting info
lxc-ls --fancy lxc-info -n test-container
Templates
Use template “ubuntu” and pass “-r trusty” argument to template:
lxc-create -n test-container -t ubuntu --dir/home/LXC/test-container -- -r trusty -a amd64
Every template can show own help:
lxc-create -t download --help
Pass “List images” parameter to “download” template
lxc-create -t download -n test-container -- -l
Available templates:
/usr/share/lxc/templates/lxc-gentoo /usr/share/lxc/templates/lxc-centos /usr/share/lxc/templates/lxc-oracle /usr/share/lxc/templates/lxc-alpine /usr/share/lxc/templates/lxc-fedora /usr/share/lxc/templates/lxc-sshd /usr/share/lxc/templates/lxc-altlinux /usr/share/lxc/templates/lxc-opensuse /usr/share/lxc/templates/lxc-download /usr/share/lxc/templates/lxc-busybox /usr/share/lxc/templates/lxc-ubuntu /usr/share/lxc/templates/lxc-ubuntu-cloud /usr/share/lxc/templates/lxc-openmandriva /usr/share/lxc/templates/lxc-cirros /usr/share/lxc/templates/lxc-plamo /usr/share/lxc/templates/lxc-archlinux /usr/share/lxc/templates/lxc-debian
Network
Direct bridge
On host: use br0 as main interface:
- /etc/network/interfaces
auto eth0 iface eth0 inet static address 0.0.0.0 auto br0 iface br0 inet dhcp bridge_ports eth0
Edit container configuration and set net bridge interface:
lxc.network.link = br0
Debug
lxc-start -n test-container lxc-start: start.c: lxc_init: 402 failed loading seccomp policy lxc-start: start.c: __lxc_start: 1086 failed to initialize the container lxc-start: lxc_start.c: main: 341 The container failed to start. lxc-start: lxc_start.c: main: 345 Additional information can be obtained by setting the --logfile and --logpriority options.
lxc-start -n test-container -l DEBUG -o debug.log
lxc-start 1460629578.157 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /var/lib/lxc/test-container/config lxc-start 1460629578.158 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1460629578.159 WARN lxc_cgmanager - cgmanager.c:cgm_get:985 - do_cgm_get exited with error lxc-start 1460629578.159 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1460629578.159 ERROR lxc_start - start.c:lxc_init:402 - failed loading seccomp policy lxc-start 1460629578.159 ERROR lxc_start - start.c:__lxc_start:1086 - failed to initialize the container lxc-start 1460629578.159 ERROR lxc_start_ui - lxc_start.c:main:341 - The container failed to start. lxc-start 1460629578.159 ERROR lxc_start_ui - lxc_start.c:main:345 - Additional information can be obtained by setting the --logfile and --logpriority options.
Errors
Failed to mount cgroup
Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied
Ubuntu 14.04 has LXC 1.0.7 which doesn't support running systemd inside the container.
You can install the LXC 1.1.4 backport available in trusty-backports which should fix that (enabled backports in /etc/apt/sources.list, then apt-get update, then apt-get -t trusty-backports install lxc) or use the stable LXC PPA at ppa:ubuntu-lxc/stable
failed to attach 'veth'...
Start container in foreground mode lxc-start -n container -F
lxc-start: conf.c: instantiate_veth: 2594 failed to attach 'veth7LY5W6' to the bridge 'lxcbr0': Operation not permitted lxc-start: conf.c: lxc_create_network: 2871 failed to create netdev lxc-start: start.c: lxc_spawn: 1066 failed to create the network lxc-start: start.c: __lxc_start: 1329 failed to spawn 'gitlab'
Start with debug logging:
... lxc-start 20160418064521.427 ERROR lxc_conf - conf.c:instantiate_veth:2594 - failed to attach 'vethSIJAS1' to the bridge 'lxcbr0': Operation not permitted lxc-start 20160418064521.456 ERROR lxc_conf - conf.c:lxc_create_network:2871 - failed to create netdev lxc-start 20160418064521.456 ERROR lxc_start - start.c:lxc_spawn:1066 - failed to create the network lxc-start 20160418064521.456 ERROR lxc_start - start.c:__lxc_start:1329 - failed to spawn 'gitlab' ...
From some reasons lxcbr0
doesn't exists. Check if lxc-net.service
works correctly:
journalctl -u lxc-net.service
systemd[1]: Starting LXC network bridge setup... lxc-net[1280]: dnsmasq: failed to create listening socket for 10.0.3.1: Address already in use lxc-net[1280]: Failed to setup lxc-net. grinnux2 systemd[1]: Started LXC network bridge setup.
Dnsmasq starts to spawn own DNS server on port :53 when on host system bind
daemon is running.
Dnsmasq wants to bind only to IP on lxcbr0 interface, so check if other process is listening on port :53
lsof -ni :53
Probably bind
daemon is listening on all interfaces. To change this, edit
- /etc/bind/named.conf.options
listen-on { 127.0.0.1; 192.168.0.231; }; listen-on-v6 { none; };
systemctl restart bind9 systemctl restart lxc-net