94 lines
3.2 KiB
Plaintext
94 lines
3.2 KiB
Plaintext
First, your kernel needs to be configured correctly to be able to use LXC.
|
|
Enable the following options in your kernel config:
|
|
CONFIG_NAMESPACES
|
|
CONFIG_UTS_NS
|
|
CONFIG_IPC_NS
|
|
CONFIG_PID_NS
|
|
CONFIG_USER_NS
|
|
CONFIG_NET_NS
|
|
CONFIG_CGROUPS
|
|
CONFIG_CGROUP_NS
|
|
CONFIG_CGROUP_DEVICE
|
|
CONFIG_CGROUP_SCHED
|
|
CONFIG_CGROUP_CPUACCT
|
|
CONFIG_CGROUP_FREEZER
|
|
CONFIG_CGROUP_RDMA
|
|
CONFIG_CGROUP_PIDS
|
|
CONFIG_BLK_CGROUP
|
|
CONFIG_MEMCG
|
|
CONFIG_MEMCG_SWAP
|
|
CONFIG_CPUSETS
|
|
CONFIG_VETH
|
|
CONFIG_BRIDGE
|
|
CONFIG_MACVLAN
|
|
CONFIG_VLAN_8021Q
|
|
CONFIG_NETFILTER_ADVANCED
|
|
CONFIG_NF_NAT_IPV4
|
|
CONFIG_NF_NAT_IPV6
|
|
CONFIG_IP_NF_TARGET_MASQUERADE
|
|
CONFIG_IP6_NF_TARGET_MASQUERADE
|
|
CONFIG_NETFILTER_XT_TARGET_CHECKSUM
|
|
CONFIG_NETFILTER_XT_MATCH_COMMENT
|
|
CONFIG_FUSE_FS
|
|
CONFIG_CHECKPOINT_RESTORE
|
|
CONFIG_FHANDLE
|
|
CONFIG_EVENTFD
|
|
CONFIG_EPOLL
|
|
CONFIG_UNIX_DIAG
|
|
CONFIG_INET_DIAG
|
|
CONFIG_PACKET_DIAG
|
|
CONFIG_NETLINK_DIAG
|
|
|
|
Second, you need to edit /etc/lxc/default.conf to suite your desired
|
|
container setup. The default network configuration is designed to use
|
|
the default LXC managed bridge which relies on NAT to provide access
|
|
to any external networks. Be sure to modify this if you wish to do
|
|
something different. Also, if unprivileged containers are desired,
|
|
then be sure to uncomment the uidmap configuration.
|
|
|
|
Third, you need to edit /etc/rc.conf to enable any desired LXC services.
|
|
First, the lxc-cgroups service needs to be enabled and placed before any
|
|
other LXC services for LXC to function correctly. Next, the lxc-net
|
|
service should be enabled and placed before lxc if you are wanting LXC to
|
|
manage your container networking. Last, the lxc service should be enabled
|
|
and placed after any other LXC services if you are wanting LXC to manage
|
|
the startup of your containers.
|
|
|
|
Fourth, if you are wanting to allow unprivileged users to use LXC containers,
|
|
then you will need to do some setup. First, be sure that you have enabled LXC
|
|
unprivileged containers as is documented above. Second, you need to edit
|
|
/etc/lxc/lxc-usernet and add any users that you wish to have access to LXC
|
|
unprivileged containers. The comments in the file will show how to do this.
|
|
Third, you need to run the following command to setup each user, which will
|
|
create the subuids, create the subgids, setup their BASH profile for LXC,
|
|
and create their initial LXC configuration file: lxc-users-setup
|
|
Please note that you will also need to reboot or restart the lxc-cgroups
|
|
service for the new user cgroups to be available for use. Last, if you are
|
|
wanting LXC to manage the startup of your user containers, be sure to place
|
|
the lxc-users service after lxc in the /etc/rc.conf file.
|
|
|
|
Fifth, you need to add the following line to /etc/pam.d/common-session:
|
|
session optional pam_cgfs.so -c all
|
|
|
|
Now you are ready to start using LXC. See below for some examples of basic
|
|
usage of LXC.
|
|
|
|
You can create a container using lxc-create:
|
|
lxc-create -t download -- alpine -d alpine -r 3.8 -a amd64
|
|
|
|
You can start this container using lxc-start:
|
|
lxc-start -n alpine
|
|
|
|
You can get a shell in this container using lxc-attach:
|
|
lxc-attach -n alpine
|
|
|
|
You can run arbitrary commands in this container using lxc-attach:
|
|
lxc-attach -n alpine -- echo Hello World!
|
|
|
|
You can stop this container using lxc-stop:
|
|
lxc-stop -n alpine
|
|
|
|
You can start LXC containers at boot by adding this line to your
|
|
container configuration:
|
|
lxc.start.auto = 1
|