For those who don't know LXC is a container technology that is identical to OpenVZ that many would be familiar with, only LXC is supported in the vanilla Linux kernel. LXC is an open source project currently supported by Ubuntu.
What we are doing at Flockport is using LXC to provided ready to use containers of popular web apps to make it easy for end users to launch and use apps without needing to install and configure web stacks and applications. We also have tons of documentation to get you started.
Conceptually think of containers as lightweight VMs, however unlike virtualization containers operate at near bare metal speeds and don't have the performance overhead of virtualization.
Containers also decouple your applications from the host OS making them portable and give users tremendous flexibility in moving apps across systems, backup, cloning and deploying apps.
Linux containers (LXC) has been under the radar and had its first stable release 1.0 in February 2014. It is stable and robust and now works well in all Linux distributions. However the documentation beyond Ubuntu is lacking as are updated LXC packages.
In the past LXC was pretty tough to set up, especially the networking and a lot of information online is outdated or in many case misleading. The Flockport and Ubuntu LXC packages make make it easy to install and use LXC.
In Ubuntu installing LXC is as simple as an apt-get install. The LXC Debian packages are badly outdated. Since its our favourite server OS, Flockport provides updated LXC packages that work out of the box.
In this guide we are going to cover how to install LXC in Ubuntu and Debian. For other distributions that don't have updated LXC packages we will provide a compile and basic LXC set up guide.
The compile guide should give you an idea of just how easy the Flockport package makes it for Debian users. We are also going to link to some video tutorials on how to use LXC and Flockport containers.
Debian Wheezy
Here is a video guide of this process
Add the Flockport LXC repo
wget http://ift.tt/1rSl2yb apt-key add flockport.gpg.key
Add the repo to your sources.list
nano /etc/apt/sources.lists deb http://ift.tt/1s5gO8b wheezy main
Install LXC
apt-get update apt-get install LXC
This will install LXC-1.0.1 and set it up properly with all features working out of the box! You can also install the Flockport utility instead which will automatically install and setup LXC for you.
The Flockport utility - currently Debian only - lets you view and download Flockport containers directly to your system.
apt-get install flockport
Here is a video guide on using the Flockport utility
That's it! Here is a video walk through of basic LXC functions
Ubuntu
Add the LXC Ubuntu repo
sudo add-apt-repository ppa:ubuntu-lxc/stable
Install LXC
sudo apt-get update sudo apt-get install lxc
For other Linux distributions
If your distribution does not provide updated LXC packages > 1.0, you will need to compile it. Fortunately compiling LXC is a breeze and takes a minute or so with no hair pulling errors.
tar -xcvf lxc-1.0.3.tar.gz
mv lxc-1.0.3 /usr/src
Prepare LXC environment
apt-get install debootstrap bridge-utils build-essential rsync libcap2-dev python3 python3-dev
Build LXC
./configure --sysconfdir=/etc --localstatedir=/var --with-distro=debian --enable-python=yes
If the configure script complains about Python missing in Debian, use this:
./configure --sysconfdir=/etc --localstatedir=/var --with-distro=debian --enable-python PYTHONDEV_CFLAGS=-I/usr/include/python-3.2mu PYTHONDEV_LIBS=-l/usr/include/python-3.2mu/
Build and install make make install
Check if LXC is installed properly
lxc-checkconfig
Incase you run into a python path bug, here is a workaround for the Python path issue in Debian Wheezy. Go to:
cd /usr/local/lib/python3.2/dist-packages/</code.
With your favourite text editor create and save a new file usrlocal.pth here with the line below
/usr/local/lib/python3/dist-packages
Reload libraries
ldconfig
Ah this point LXC is installed successfully. But before you can use it you need to configure the environment.
Add this to your /etc/fstab nano /etc/fstab cgroup /sys/fs/cgroup cgroup defaults 0 0
Now mount cgroups. You may need to reboot, but it usually works without a reboot mount /sys/fs/cgroup
Now we need to enable cgroup memory support in the Linux kernel, and this need to pass the flag to grub. Edit /etc/default/grub and add the line below
nano /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="quiet cgroup_enable=memory swapaccount=1"
Update Grub and reboot to enable cgroups memory support for LXC
update-grub
LXC may work without a reboot as long as you are not using cgroup memory settings in any containers.
Let's configure LXC networking. LXC supports a number of network modes. By default LXC uses a 'lxcbr0' NAT bridge, that works out of the box in Ubuntu but needs to be configured to work properly in other distributions.
You can also configure direct bridge mode and not use NAT to have containers in the same network as your host. For this guide we will configure LXC's default lxcbr0 bridge.
To learn more about LXC networking and advanced configuration please visit the Flockport LXC networking guide and Flockport advanced networking guide
Download the Flockport lxc-net Debian init script. You also need a LXC init script to enable container autostart to work. Download it here
Both scripts have been customised the script to fix bugs, enable a few features including container autostart to work out of the box.
Copy both scripts to your /etc/init.d/ folder and enable them
chmod +x lxc-net lxc update-rc.d lxc-net defaults update-rc.d lxc defaults service lxc-net start service lxc start
Add a file named lxc to /etc/default/ with the line below
nano /etc/default/lxc USE_LXC_BRIDGE="true"
Now we just need a DHCP server to assign IPs to containers.
Install Dnsmasq-base
apt-get install dnsmasq-base
With Dnsmasq base it’s a good idea to add a dnsmasq user.
adduser --system --home /var/lib/misc --gecos "dnsmasq" --no-create-home --disabled-password --quiet dnsmasq
Incase you already have Dnsmasq installed (you could have it as it’s used by a lot of apps)
Create a lxc config file in /etc/dnsmasq.d/ with nano or your favourite text editor
nano /etc/dnsmasq.d/lxc
Add the lines below to the lxc file
bind-interfaces except-interface=lxcbr0
And restart dnsmasq
service dnsmasq restart
The above configuration is only needed if your Dnsmasq installation is not configured to bind to a specific interface. If Dnsmasq binds to all interfaces the lxcbr0 bridge will fail to come up.
Security tip for prior Dnsmasq users. It’s a good idea to ensure you bind dnsmasq to a specific interface so you are not running an open DNS relay. This can even be a fake interface like 'abc' for instance.
Congratulations! The lxcbr0 bridge is now enabled on reboot. You are ready to use LXC.
Now that you have LXC installed, you can go through this Flockport LXC walk through
Flockport containers are ready to use containers of popular web apps based on LXC.
Here is a video guide on using the Flockport Wordpress container
http://ift.tt/1dvHQ0Z
0 comments:
Post a Comment