How to Install LXC Linux Containers on CentOS / RHEL / Ubuntu

Linux containers are light-weight “virtualization” methods that runs multiple virtual units simultaneously on a single control host on a single Linux kernel.

The Linux kernel contains cgroups for resource isolation (CPU, memory, block I/O, network, etc, ), which does not require starting any virtual machines.

LXC stands for Linux Containers. LXC is open source software and licensed under GNU LGPLv2.1+ license.

 

Cgroups also provides namespace isolation to completely isolate application view of the operating environment, including process trees, networks, userids and mounted filesystems.

Containers actually make use of kernel features called namespaces, cgroups, and chroots, to carve off a contained area.

So, the end result of LXC looks much like a virtual machine, but without any hypervisor.

1. Pre-req for LXC Install

Before you install LXC, make sure your system is up-to-date using yum update as shown below.

# yum update

LXC is dependent on two libraries; libpcap and libcgroup. This also requires busybox and bridge utilities.

Install the following required packages for our LXC install.

# yum install libcap-devel libcgroup busybox wget bridge-utils

Let us make sure we got all the compilers and related development tools that are required to compile and install any software from source code.

# yum groupinstall "Development tools"

For more information about yum groups, refer to our yum commands article.

2. Download LXC Linux Containers

Download the latest version of the LXC from Linux Containers Project. Use wget to download the tar ball of the latest stable version of LXC to your machine as shown below.

# cd /# wget http://linuxcontainers.org/downloads/lxc-1.1.5.tar.gz

If you get a certificate related error message while using the above wget, then use the no-check-certificate option as shown below.

# wget --no-check-certificate https://linuxcontainers.org/downloads/lxc-1.1.5.tar.gz

Alternatively, if you prefer, you can also use git clone to download the latest development version or stable version as shown below.

git clone git://github.com/lxc/lxc -b {branch}

In the above command, the {branch} can either be “master” for the current development branch, or “stable-1.0” for the stable update branch of the 1.0 version.

3. Configure Bridged Adapter

Next, create a bridged adapter and configure the static IP on the bridged adapter as shown in the following ifcfg-eth0 example. Ensure your physical adapter points to this bridged adapter in ifcfg-eth0.

Replace all the “xxx” in the above file with the values that matches your ip-address and networkmask. For example, change the IPADDR value in the above file to the ip-address of your machine.

# cd /etc/sysconfig/network-scripts# vi ifcfg-br0DEVICE="br0"BOOTPROTO="static"IPADDR="xxx.xxx.xxx.xxx"NETMASK="255.255.255.xxx"ONBOOT="yes"TYPE="Bridge"NM_CONTROLLED="no"

4. Install LXC Linux Container

Next, untar the LXC tar ball, that we downloaded earlier, execute the ./configure, and do make and make install, to install the LXC on your system as shown below.

By default, this will install all the lxc binaries under /usr/local/bin directory.

# cd /# tar xvfz lxc-1.1.5.tar.gz# cd lxc-1.1.5/# ./configure# make && make install

The following are few of the last few lines from the output for the above ./configure command.

# ./configure......config.status: creating src/python-lxc/setup.pyconfig.status: creating src/lua-lxc/Makefileconfig.status: executing depfiles commandsconfig.status: executing default commands----------------------------Environment: - compiler: gcc - distribution: centos - init script type(s): sysvinit - rpath: no - GnuTLS: no - Bash integration: yesSecurity features: - Apparmor: no - Linux capabilities: yes - seccomp: no - SELinux: no - cgmanager: noBindings: - lua: no - python3: noDocumentation: - examples: yes - API documentation: yes - user documentation: noDebugging: - tests: no - mutex debugging: noPaths: - Logs in configpath: no

The following are the last few lines from the output for the above make command.

# make...Building full member lists recursively...Adding members to member groups....Generating style sheet...Generating index page...Generating page index...Generating example documentation...Generating file sources...Generating code for file /usr/save/lxc-1.1.5/src/lxc/attach_options.h...Generating code for file /usr/save/lxc-1.1.5/src/lxc/lxccontainer.h...Generating code for file /usr/save/lxc-1.1.5/src/lxc/lxclock.h...Generating file documentation...Generating docs for file /usr/save/lxc-1.1.5/src/lxc/attach_options.h......Generating file member index...make[2]: Leaving directory `/usr/save/lxc-1.1.5/doc/api'make[2]: Entering directory `/usr/save/lxc-1.1.5/doc'...Making all in hooksmake[1]: Entering directory `/usr/save/lxc-1.1.5/hooks'make[1]: Nothing to be done for `all'....

The following are the last few lines from the output for the above make install command.

# make install...Making install in hooksmake[1]: Entering directory `/usr/save/lxc-1.1.5/hooks' /bin/mkdir -p '/usr/local/share/lxc/hooks' /usr/bin/install -c clonehostname mountecryptfsroot ubuntu-cloud-prep squid-deb-proxy-client '/usr/local/share/lxc/hooks'.../bin/mkdir -p /usr/local/var/lib/lxc/bin/mkdir -p /usr/local/var/cache/lxc /bin/mkdir -p '/usr/local/lib/pkgconfig' /usr/bin/install -c -m 644 lxc.pc '/usr/local/lib/pkgconfig'...

5. Create Soft Link for LXC Shared Libraries

We just want to make sure this command is not throwing any shared library related errors.

Execute lxc-info to verify that the LXC is installed successfully. If everything is installed properly, we’ll see a message saying that the give container name (for example, test) doesn’t exist. We have not created any container at this stage.

# lxc-info --name testtest doesn't exist

Depending on how things on configured on your system, you might also get the following liblxc.so.1 library related error message.

# lxc-info --name testlxc-info: error while loading shared libraries: liblxc.so.1: cannot open shared object file: No such file or directory

In this case, to fix it, create a link called libxc.so.1 as shown below, which will point to the correct version of the liblxc.so.x.x.x file.

# ln -s /usr/local/lib/liblxc.so.1.1.5 /lib64/liblxc.so.1# ls -l /lib64/liblxc.so.1lrwxrwxrwx. 1 root root 30 Jan 20 09:17 /lib64/liblxc.so.1 -> /usr/local/lib/liblxc.so.1.1.5

6. Verify LXC Setup and Configuration

Next, you can also execute the lxc-checkconfig to verify that your lxc environment is setup correctly.

The following will have output in four different sections: 1) Namespaces, 2) Control Groups 3) Misc and 4) Checkpoint/Restore. Partial output is shown below.

# lxc-checkconfigKernel configuration not found at /proc/config.gz; searching...Kernel configuration found at /boot/config-2.6.32-431.el6.x86_64--- Namespaces ---Namespaces: enabledUtsname namespace: enabledIpc namespace: enabledPid namespace: enabledUser namespace: enabledNetwork namespace: enabledMultiple /dev/pts instances: enabled--- Control groups ---Cgroup: enabledCgroup namespace: enabledCgroup device: enabledCgroup sched: enabledCgroup cpu account: enabled..--- Misc ---Veth pair device: enabledMacvlan: enabledVlan: enabledBridges: enabledAdvanced netfilter: enabled..--- Checkpoint/Restore ---CONFIG_EVENTFD: enabledCONFIG_EPOLL: enabled..Note : Before booting a new kernel, you can check its configurationusage : CONFIG=/path/to/config /usr/local/bin/lxc-checkconfig

If everything is configured properly on your system, in the above output, all of the options in the above groups should say “enabled”.

Tomorrow, in the next part of the LXC series of articles, we’ll explain how to create, start, and use lxc linux containers using various lxc commands.

>