diff options
Diffstat (limited to 'lxc/README')
-rw-r--r-- | lxc/README | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/lxc/README b/lxc/README new file mode 100644 index 000000000..a9e191232 --- /dev/null +++ b/lxc/README @@ -0,0 +1,93 @@ +First, your kernel needs to be configured correctly to be able to use LXC. +Enable the following options in your kernel config: +CONFIG_NAMESPACES +CONFIG_UTS_NS +CONFIG_IPC_NS +CONFIG_PID_NS +CONFIG_USER_NS +CONFIG_NET_NS +CONFIG_CGROUPS +CONFIG_CGROUP_NS +CONFIG_CGROUP_DEVICE +CONFIG_CGROUP_SCHED +CONFIG_CGROUP_CPUACCT +CONFIG_CGROUP_FREEZER +CONFIG_CGROUP_RDMA +CONFIG_CGROUP_PIDS +CONFIG_BLK_CGROUP +CONFIG_MEMCG +CONFIG_MEMCG_SWAP +CONFIG_CPUSETS +CONFIG_VETH +CONFIG_BRIDGE +CONFIG_MACVLAN +CONFIG_VLAN_8021Q +CONFIG_NETFILTER_ADVANCED +CONFIG_NF_NAT_IPV4 +CONFIG_NF_NAT_IPV6 +CONFIG_IP_NF_TARGET_MASQUERADE +CONFIG_IP6_NF_TARGET_MASQUERADE +CONFIG_NETFILTER_XT_TARGET_CHECKSUM +CONFIG_NETFILTER_XT_MATCH_COMMENT +CONFIG_FUSE_FS +CONFIG_CHECKPOINT_RESTORE +CONFIG_FHANDLE +CONFIG_EVENTFD +CONFIG_EPOLL +CONFIG_UNIX_DIAG +CONFIG_INET_DIAG +CONFIG_PACKET_DIAG +CONFIG_NETLINK_DIAG + +Second, you need to edit /etc/lxc/default.conf to suite your desired +container setup. The default network configuration is designed to use +the default LXC managed bridge which relies on NAT to provide access +to any external networks. Be sure to modify this if you wish to do +something different. Also, if unprivileged containers are desired, +then be sure to uncomment the uidmap configuration. + +Third, you need to edit /etc/rc.conf to enable any desired LXC services. +First, the lxc-cgroups service needs to be enabled and placed before any +other LXC services for LXC to function correctly. Next, the lxc-net +service should be enabled and placed before lxc if you are wanting LXC to +manage your container networking. Last, the lxc service should be enabled +and placed after any other LXC services if you are wanting LXC to manage +the startup of your containers. + +Fourth, if you are wanting to allow unprivileged users to use LXC containers, +then you will need to do some setup. First, be sure that you have enabled LXC +unprivileged containers as is documented above. Second, you need to edit +/etc/lxc/lxc-usernet and add any users that you wish to have access to LXC +unprivileged containers. The comments in the file will show how to do this. +Third, you need to run the following command to setup each user, which will +create the subuids, create the subgids, setup their BASH profile for LXC, +and create their initial LXC configuration file: lxc-users-setup +Please note that you will also need to reboot or restart the lxc-cgroups +service for the new user cgroups to be available for use. Last, if you are +wanting LXC to manage the startup of your user containers, be sure to place +the lxc-users service after lxc in the /etc/rc.conf file. + +Fifth, you need to add the following line to /etc/pam.d/common-session: +session optional pam_cgfs.so -c all + +Now you are ready to start using LXC. See below for some examples of basic +usage of LXC. + +You can create a container using lxc-create: +lxc-create -t download -- alpine -d alpine -r 3.8 -a amd64 + +You can start this container using lxc-start: +lxc-start -n alpine + +You can get a shell in this container using lxc-attach: +lxc-attach -n alpine + +You can run arbitrary commands in this container using lxc-attach: +lxc-attach -n alpine -- echo Hello World! + +You can stop this container using lxc-stop: +lxc-stop -n alpine + +You can start LXC containers at boot by adding this line to your +container configuration: +lxc.start.auto = 1 |