====== LXC Debian Wheezy at DigitalOcean ======

===== Installation =====

  apt-get install -y lxc libvirt-bin

Mount the //cgroup//:

  vim /etc/fstab
  cgroup  /sys/fs/cgroup  cgroup  defaults  0   0
  mount /sys/fs/cgroup

Make available //live-debconfig// package to taken by Debian Wheezy containers:

  echo "deb http://ftp.de.debian.org/debian unstable main contrib non-free" > /etc/apt/sources.list.d/live-debconfig.list  
  apt-get update
  cd /usr/share/lxc/packages
  apt-get download live-debconfig
  rm /etc/apt/sources.list.d/live-debconfig.list 
  apt-get update

Mark default Network to autostart: 

  virsh net-autostart default

and start it:

  virsh net-start default


===== Check installation =====

Run these commands and read output:

  mount
  cgroup on /sys/fs/cgroup type cgroup (rw,relatime,perf_event,blkio,net_cls,freezer,devices,cpuacct,cpu,cpuset)

  virsh net-info default
  
  ip addr show virbr0

  lxc-checkconfig

====== A Container ======

===== Create =====

Command:

  lxc-create -n nombrecontainer -t debian

  - Ingresa a una interfaz que pide datos varios (enter... enter...)
  - demora bastante, ya que descarga todo debian utilizando //debootstrap//
  - deja instalado un debian SUPER básico


===== Network at container =====

Add to ''/var/lib/lxc/nombrecontainer/config''

  ## Network
  lxc.network.type = veth
  lxc.network.flags = up
  
  # Network host side
  lxc.network.link = virbr0
  
  # MUST BE UNIQUE FOR EACH CONTAINER
  lxc.network.veth.pair = veth0
  lxc.network.hwaddr = 00:FF:AA:00:00:01
  
  # Network container side
  lxc.network.name = eth0
  lxc.network.ipv4 = 0.0.0.0/24


===== Start container =====

  lxc-start -n nombrecontainer -d

===== Attach to console =====

  lxc-console -n nombrecontainer

**Type <Ctrl+a q> to exit the console**


====== Access services into Container ======


===== Configure static IP =====

At ''/var/lib/libvirt/network/default.xml'' configure fix IP address to each container's MAC address:

  <dhcp>
    <range start="192.168.122.201" end="192.168.122.254" />
    <host mac="00:FF:AA:00:00:01" name="foo.example.com" ip="192.168.122.101" />
    <host mac="00:FF:AA:00:00:02" name="bar.example.com" ip="192.168.122.102" />
  </dhcp>

los pasos siguientes hace que los contenedores pierdan la red

  virsh net-destroy default

  virsh net-start default


===== Port forwarding =====

All services are access by just one IP address then same service into different container requires different public port

==== ssh into each container ====

  iptables -t nat -A PREROUTING -p tcp --dport 1022 -j DNAT --to 192.168.122.101:22

==== http into just one container ====

  iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.122.102