Fast and Easy LXC Deployment 2

Posted by JD 10/21/2014 at 22:02

LXC is getting easier and easier to use.
Flockport seems to be the easiest way to stay mostly standard, yet still be LXC-based.

It doesn’t seem to be as flexible or complex as Canonical’s Juju’s or Docker’s highly advertised stuff. Docker is great at advertising, just sayin’.

Flockport seems to be exactly what I needed – mostly standard, easy to use, LXC deployments for development and testing. Not planning to use any for internet-facing needs. Just too new with LXC to be comfortable trusting the security and my skill to know about the unpublished issues (security and others) with containers. For spinning up a quick internal web-app instance … perfect.

Quick LXC on Ubuntu

There is good news. With Ubuntu 14.04, getting lxc to work is fairly painless. My prior attempts to get lxc working always failed. Seems the current defaults address those issues, for Ubuntu at least.

sudo add-apt-repository ppa:ubuntu-lxc/stable
sudo apt-get update sudo apt-get install lxc 
lxc-checkconfig

Edit /etc/default/grub; add or append this (be careful, screwing this line can prevent booting):

GRUB_CMDLINE_LINUX_DEFAULT="quiet cgroup_enable=memory swapaccount=1"

Don’t forget to reboot!

update-grub
lxc-ls -f
sudo lxc-create -n lxc-test -t ubuntu
sudo lxc-start -n lxc-test -d

The templates will work with common distros and it is possible to specify a release (-r) too.

Now just connect to the lxc-test container and treat it like a base, minimal Ubuntu. Default userid/password is: ubuntu:ubuntu – so change those immediately. Ubuntu lxc will create a NAT subnet 10.×.×.x for us automatically (lxcbr0).

Want a different bridge, perhaps a manually made br0? Bring down the container, then modify the /var/lib/lxc/lxc-test/config – lxc.network.link is the option.

How much storage?

# du -sh /var/lib/lxc/*
524M    /var/lib/lxc/lxc-test
4.0K    /var/lib/lxc/ubuntu

Under 600M for a minimal Ubuntu OS – nice. It does cut back on some expected packages, however. I installed aptitude, so the size is slightly higher (more dependencies than I expected were added).

Unlike other VMs, the root file system is just normal files under /var/lib/lxc/lxc-test/rootfs/ . That means resizing storage isn’t complex. However, it does mean that /var will fill up much more quickly. Normally for stuff like this, I’ll relocate the larger parts to a different partition and use symlinks to leave things in teh default locations. Haven’t tried it with lxc, but expect it will work.

Using LXC? Juju? Docker? Flockport?
What for? Everything? Any limitations?
Completely comfortable with the security?

  1. JD 10/22/2014 at 16:43

    So – tried to get this working yesterday. It all seemed so easy on their website and in the youtube videos.

    Stuck.

    Cannot create a new container.

    $ sudo lxc-create -n lxc-test
lxc_container: Error creating container lxc-test

    Ok -solve this by providing a -t option. See the updated stuff above.

  2. JD 10/23/2014 at 16:53
    You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can’t write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.

    source

    Just sayin’.

    A few more pages concerning security of container technology:

    I suspect the press for Docker is why most of the articles are about Docker. I don’t see any reason why Docker and LXC and any other Linux x86 container technology wouldn’t have the exact same considerations.