LXC Debian

This document shows how to install LXC environment and start first container with Debian 8 Jessie.

Installation

Packages

apt-get -y install lxc bridge-utils

# for authomatic IP to containers
apt-get -y install dnsmasq

# for fixed iptables masquerade, and no other firewall software
apt-get -y install iptables-persistent

Network /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
pre-up sleep 2

# The bridge interface to plug containers
auto lxc-br0
iface lxc-br0 inet static
      address 192.168.100.1
      netmask 255.255.255.0
      network 192.168.100.0
      broadcast 192.168.100.255
      pre-up modprobe dummy
      bridge_fd 0
      bridge_ports dummy0

/etc/sysctl.cfg

enable:

net.ipv4.ip_forward=1

Enable MASQUERADE

This is the iptables-persistent configuration.

Not required if other firewall software will be used

# Generated by iptables-save v1.4.21 on Sun Apr  3 03:22:59 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sun Apr  3 03:22:59 2016
# Generated by iptables-save v1.4.21 on Sun Apr  3 03:22:59 2016
*mangle
:PREROUTING ACCEPT [13931:11933813]
:INPUT ACCEPT [553:50885]
:FORWARD ACCEPT [13378:11882928]
:OUTPUT ACCEPT [419:36183]
:POSTROUTING ACCEPT [13797:11919111]
-A POSTROUTING -o lxc-br0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Sun Apr  3 03:22:59 2016
# Generated by iptables-save v1.4.21 on Sun Apr  3 03:22:59 2016
*nat
:PREROUTING ACCEPT [15:3003]
:INPUT ACCEPT [13:2883]
:OUTPUT ACCEPT [610:40283]
:POSTROUTING ACCEPT [610:40283]
-A POSTROUTING -s 192.168.100.0/0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Apr  3 03:22:59 2016

dnsmasq

For authomatic IP assignment to containers configure /etc/dnsmasq.conf to containers environment:

interface=lxc-br0
dhcp-range=192.168.100.101,192.168.100.125,12h

Configuration LXC

Test LXC capabilities

# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.16.0-4-amd64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

LXC default config

Configure /etc/lxc/default.cfg with default environment to containers:

lxc.network.type=veth
lxc.network.link=lxc-br0
lxc.network.ipv4 = 0.0.0.0/24
lxc.network.flags=up
lxc.network.mtu=1500

Create container

First containers

lxc-create -n "test"  -t debian -- -r jessie

Opt: Disable dhcp

This is for FIX IP address containers only (without dnsmasq configuration)

Edit /var/lib/lxc/CONTAINER_NAME/rootfs/etc/network/interfaces and delete:

auto eth0
iface eth0 inet dhcp

Opt: Change root password

chroot /var/lib/lxc/CONTAINER_NAME/rootfs/
echo root:password | chpasswd
exit

Opt: Fix IP configuration

Add this configuration to /var/lib/lxc/CONTAINER_NAME/config file:

# Network host side
lxc.network.veth.pair = veth101

# Network container side
lxc.network.name = eth0
lxc.network.ipv4 = 192.168.100.101/24
lxc.network.ipv4.gateway = 192.168.100.1

## Autostart
#lxc.start.auto = 1
#lxc.start.delay = 5