Install LXC on Ubuntu

Linux Containers (“LXC”) is an operating-system-level virtualization method for running multiple isolated Linux systems on a control host using a single Linux kernel. LXC is the well known set of tools, templates, library and language bindings. It’s pretty low level, very flexible and covers just about every containment feature supported by the upstream kernel. LXC is production ready with LXC 1.0 getting 5 years of security updates and bugfixes (until April 2019).  LXC used to the underlying technology that made Docker and CoreOS.

LXC can exist on it’s own, while LXD is an extension of LXC.  This article focuses on LXC. How I came to know LXC is simple. While playing with Ansible scripts, I discovered a video at Udemy that taught some of the basics, and the lab that was used was based on LXC. While script testing was useful in this environment, I eventually had to move on from it to actual virtual machines as the LXC environments didn’t permit testing of SELinux and other Kernel related features as they do not exist in such environments. With that said, LXC has it’s use cases and will likely use them again.

Since LXC is Canonical supported, I found it easier to setup in Ubuntu than CentOS.  So this installation is on an Ubuntu system.  To support CentOS, I had to install yum. Further, note that LXC has support commands for CentOS 6, but I wanted to install CentOS 7.  It took some time, but I found a one liner, as found in the script to create CentOS 7 containers without having to go through a wizard.

# ubuntu
apt-get install openssh-server sshpass
#PermitRootLogin prohibit-password
PermitRootLogin yes

apt-get update
apt-get install lxc
# needed for centos templates
apt-get install yum
# bonus
#acl lxd lxd-client squashfs-tools
apt-get install lxd

#default ubuntu/ubuntu
#lxc-create -n db1 -t ubuntu

# Centos 6 (default)
# '/var/lib/lxc/web1/tmp_root_pass'
# chroot /var/lib/lxc/web1/rootfs passwd
#lxc-create -n web2 -t centos

# Centos 7
#lxc-create -n web3 -t download
#Distribution: centos
#Release: 7
#Architecture: amd64

lxc-create -n db1 -t centos -- --release=7
lxc-create -n web1 -t centos -- --release=7
lxc-create -n web2 -t centos -- --release=7

#? lxc-create -n {db1,web1,web2} -t centos -- --release=7

chroot /var/lib/lxc/db1/rootfs passwd

lxc-start -n db1 -d
lxc-start -n web1 -d
lxc-start -n web2 -d

lxc-attach -n db1 -- sed '/^#PermitRootLogin/ s/#//g' /etc/ssh/sshd_config -i
lxc-attach -n db1 -- systemctl restart sshd

lxc-attach -n web1 -- sed '/^#PermitRootLogin/ s/#//g' /etc/ssh/sshd_config -i
lxc-attach -n web1 -- systemctl restart sshd

lxc-attach -n web2 -- sed '/^#PermitRootLogin/ s/#//g' /etc/ssh/sshd_config -i
lxc-attach -n web2 -- systemctl restart sshd

echo -e | ssh-keygen
#ssh-copy-id -i .ssh/ root@remotehost
echo "password" > password.txt
sshpass -f password.txt ssh-copy-id -f
sshpass -f password.txt ssh-copy-id -f
sshpass -f password.txt ssh-copy-id -f

root@arm-20100513-vf:~# lxc-ls -f -F IPV4 | tail -n+2

lxc-stop -n db1
lxc-stop -n web1
lxc-stop -n web2