1 First, your kernel needs to be configured correctly to be able to use LXC.
2 Enable the following options in your kernel config:
3 CONFIG_NAMESPACES
4 CONFIG_UTS_NS
5 CONFIG_IPC_NS
6 CONFIG_PID_NS
7 CONFIG_USER_NS
8 CONFIG_NET_NS
9 CONFIG_CGROUPS
10 CONFIG_CGROUP_NS
11 CONFIG_CGROUP_DEVICE
12 CONFIG_CGROUP_SCHED
13 CONFIG_CGROUP_CPUACCT
14 CONFIG_CGROUP_FREEZER
15 CONFIG_CGROUP_RDMA
16 CONFIG_CGROUP_PIDS
17 CONFIG_BLK_CGROUP
18 CONFIG_MEMCG
19 CONFIG_MEMCG_SWAP
20 CONFIG_CPUSETS
21 CONFIG_VETH
22 CONFIG_BRIDGE
23 CONFIG_MACVLAN
24 CONFIG_VLAN_8021Q
25 CONFIG_NETFILTER_ADVANCED
26 CONFIG_NF_NAT_IPV4
27 CONFIG_NF_NAT_IPV6
28 CONFIG_IP_NF_TARGET_MASQUERADE
29 CONFIG_IP6_NF_TARGET_MASQUERADE
30 CONFIG_NETFILTER_XT_TARGET_CHECKSUM
31 CONFIG_NETFILTER_XT_MATCH_COMMENT
32 CONFIG_FUSE_FS
33 CONFIG_CHECKPOINT_RESTORE
34 CONFIG_FHANDLE
35 CONFIG_EVENTFD
36 CONFIG_EPOLL
37 CONFIG_UNIX_DIAG
38 CONFIG_INET_DIAG
39 CONFIG_PACKET_DIAG
40 CONFIG_NETLINK_DIAG
41
42 Second, you need to edit /etc/lxc/default.conf to suite your desired
43 container setup. The default network configuration is designed to use
44 the default LXC managed bridge which relies on NAT to provide access
45 to any external networks. Be sure to modify this if you wish to do
46 something different. Also, if unprivileged containers are desired,
47 then be sure to uncomment the uidmap configuration.
48
49 Third, you need to edit /etc/rc.conf to enable any desired LXC services.
50 First, the lxc-cgroups service needs to be enabled and placed before any
51 other LXC services for LXC to function correctly. Next, the lxc-net
52 service should be enabled and placed before lxc if you are wanting LXC to
53 manage your container networking. Last, the lxc service should be enabled
54 and placed after any other LXC services if you are wanting LXC to manage
55 the startup of your containers.
56
57 Fourth, if you are wanting to allow unprivileged users to use LXC containers,
58 then you will need to do some setup. First, be sure that you have enabled LXC
59 unprivileged containers as is documented above. Second, you need to edit
60 /etc/lxc/lxc-usernet and add any users that you wish to have access to LXC
61 unprivileged containers. The comments in the file will show how to do this.
62 Third, you need to run the following command to setup each user, which will
63 create the subuids, create the subgids, setup their BASH profile for LXC,
64 and create their initial LXC configuration file: lxc-users-setup
65 Please note that you will also need to reboot or restart the lxc-cgroups
66 service for the new user cgroups to be available for use. Last, if you are
67 wanting LXC to manage the startup of your user containers, be sure to place
68 the lxc-users service after lxc in the /etc/rc.conf file.
69
70 Fifth, you need to add the following line to /etc/pam.d/common-session:
71 session optional pam_cgfs.so -c all
72
73 Now you are ready to start using LXC. See below for some examples of basic
74 usage of LXC.
75
76 You can create a container using lxc-create:
77 lxc-create -t download -- alpine -d alpine -r 3.8 -a amd64
78
79 You can start this container using lxc-start:
80 lxc-start -n alpine
81
82 You can get a shell in this container using lxc-attach:
83 lxc-attach -n alpine
84
85 You can run arbitrary commands in this container using lxc-attach:
86 lxc-attach -n alpine -- echo Hello World!
87
88 You can stop this container using lxc-stop:
89 lxc-stop -n alpine
90
91 You can start LXC containers at boot by adding this line to your
92 container configuration:
93 lxc.start.auto = 1
|
