lxc, or linux containers, is the new hotness, with companies such as Heroku and DotCloud using it (I hear MongoHQ is looking into them as well), although it’s been around for a while now.
lxc allows you create semi VM’s within a single system by using chroot and adding resource management on top of it through cgroups. As such it has way less overhead as opposed to running complete virtual machines.
Us mac users are unable to experience the joy of lxc out of the box but with some vagrant and tinkering we can get there. This tutorial is mostly based on @anotherjesse’s pastie and other howtos out there.
First create a vagrant vm (I’m using a natty box):
vagrant init natty64
vagrant up
vagrant ssh
Now that we are logged into our box, we install some packages:
sudo -s
apt-get install lxc vlan bridge-utils python-software-properties
screen debootstrap libvirt-bin apt-cacher-ng python-pip
git-core dnsmasq
pip install fabric
I’m installing python and fabric for provisioning and deployment alongside dnsmasq for DNS forwarding.
Next we configure the host to use apt-cacher-nog such that we can locally mirror the packages:
cp /etc/apt/sources.list /etc/apt/sources.list.nocache
sed -i 's/http:\/\//http:\/\/localhost:3142\//' /etc/apt/sources.list
in /etc/default/lxc:
dev=`netstat -nr | grep '^0.0.0.0' | awk '{ print $8 }'`
ip=`ifconfig ${dev} | grep 'inet addr' | awk -F: '{ print $2 '} | awk '{ print $1 '}`
echo 'MIRROR="http://${ip}:3142/us.archive.ubuntu.com/ubuntu"' >> /etc/apt/sources.list
The next step is to enable bridged networking by modifying /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp off
bridge_maxwait 0
post-up /usr/sbin/brctl setfd br0 0
And we restart the networking interfaces:
/etc/init.d/networking restart
We tell lxc to use this bridged networking configuration in /var/lib/lxc/net.conf
lxc.network.type=veth
lxc.network.link=br0
lxc.network.flags=up
Now we create and mount the cgroup filesystem. First:
mkdir -p /cgroup
mount none -t cgroup /cgroup
Then edit /etc/fstab:
none /cgroup cgroup defaults 0 0
Now we are ready to create our lxc container called natty1:
lxc-create -f /var/lib/lxc/net.conf -t natty -n natty1
We supplied the net.conf and tell lxc-create to use the natty template
At this point it is important to change the root password of your container:
chroot /var/lib/lxc/natty1/rootfs
passwd
exit
Finally we fire it up.
lxc-start -n natty1
And tadaaa you have a vm running inside your vm. Inception!
