Linux containers (LXC) is a new virtualization method based on system level. Each container is an isolated Linux system running with others on the same machine.

Installation

Install required rpm

Install “libvirt” :

[root@localhost ~]# yum install -y libvirt-daemon-driver-lxc.x86_64
...
...
...
Installed:
 libvirt-daemon-driver-lxc.x86_64 0:1.2.8-16.el7_1.5

Dependency Installed:
 autogen-libopts.x86_64 0:5.18-5.el7      cyrus-sasl.x86_64 0:2.1.26-17.el7        cyrus-sasl-md5.x86_64 0:2.1.26-17.el7
 fuse-libs.x86_64 0:2.9.2-5.el7           gnutls-dane.x86_64 0:3.3.8-12.el7_1.1    gnutls-utils.x86_64 0:3.3.8-12.el7_1.1
 ldns.x86_64 0:1.6.16-7.el7               libcgroup.x86_64 0:0.41-8.el7            libevent.x86_64 0:2.0.21-4.el7
 libvirt-client.x86_64 0:1.2.8-16.el7_1.5 libvirt-daemon.x86_64 0:1.2.8-16.el7_1.5 libvirt-daemon-driver-network.x86_64 0:1.2.8-16.el7_1.5
 nmap-ncat.x86_64 2:6.40-4.el7            numad.x86_64 0:0.5-14.20140620git.el7    radvd.x86_64 0:1.9.2-7.el7
 unbound-libs.x86_64 0:1.4.20-19.el7      yajl.x86_64 0:2.0.4-4.el7

Then :

[root@localhost ~]# yum install -y virt-install
...
...
...
Installed:
 virt-install.noarch 0:1.1.0-12.el7
Dependency Installed:
 libosinfo.x86_64 0:0.2.11-4.el7 libvirt-python.x86_64 0:1.2.8-7.el7_1.1 libxml2-python.x86_64 0:2.9.1-5.el7_1.2
 libxslt.x86_64 0:1.1.28-5.el7   python-ipaddr.noarch 0:2.1.9-5.el7      virt-manager-common.noarch 0:1.1.0-12.el7

Start “libvirtd”

[root@localhost ~]# systemctl start libvirtd.service

I’m facing to this issue :

[root@localhost ~]# systemctl status libvirtd.service
 libvirtd.service - Virtualization daemon
    Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled)
    Active: active (running) since Thu 2015-12-03 16:32:57 CET; 18min ago
      Docs: man:libvirtd(8)
            http://libvirt.org
 Main PID: 1205 (libvirtd)
      CGroup: /system.slice/libvirtd.service
              └─1205 /usr/sbin/libvirtd

Dec 03 16:32:57 localhost.localdomain libvirtd[1205]: libvirt version: 1.2.8, package: 16.el7_1.5 (CentOS BuildSystem <http://bugs....s.org)
 Dec 03 16:32:57 localhost.localdomain libvirtd[1205]: Module /usr/lib64/libvirt/connection-driver/libvirt_driver_interface.so not accessible
 Dec 03 16:32:57 localhost.localdomain libvirtd[1205]: Module /usr/lib64/libvirt/connection-driver/libvirt_driver_storage.so not accessible
 Dec 03 16:32:57 localhost.localdomain libvirtd[1205]: Module /usr/lib64/libvirt/connection-driver/libvirt_driver_nodedev.so not accessible
 Dec 03 16:32:57 localhost.localdomain libvirtd[1205]: Module /usr/lib64/libvirt/connection-driver/libvirt_driver_secret.so not accessible
 Dec 03 16:32:57 localhost.localdomain libvirtd[1205]: Module /usr/lib64/libvirt/connection-driver/libvirt_driver_nwfilter.so not accessible
 Dec 03 16:32:57 localhost.localdomain libvirtd[1205]: Module /usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so not accessible
 Dec 03 16:32:57 localhost.localdomain systemd[1]: Started Virtualization daemon.
 Hint: Some lines were ellipsized, use -l to show in full.

In fact, missing software is required :

[root@localhost ~]# yum install -y libvirt-daemon-driver-storage

 

[root@localhost ~]# yum install -y libvirt-daemon-driver-secret

 

[root@localhost ~]# yum install -y libvirt-daemon-driver-qemu

 

[root@localhost ~]# yum install -y libvirt-daemon-driver-nwfilter

 

[root@pc60 ~]# yum install -y libvirt-daemon-driver-interface

 

[root@pc60 ~]# yum install -y libvirt-daemon-driver-nodedev

Now, it looks much better :

[root@localhost ~]# systemctl status libvirtd.service
libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled)
   Active: active (running) since Thu 2015-12-03 17:52:19 CET; 1min 8s ago
     Docs: man:libvirtd(8)
           http://libvirt.org
   Main PID: 1200 (libvirtd)
   CGroup: /system.slice/libvirtd.service
           └─1200 /usr/sbin/libvirtd

Dec 03 17:52:19 localhost.localdomain systemd[1]: Started Virtualization daemon.

Install “lxc” :

[root@localhost ~]# yum install -y https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

 

[root@localhost ~]# yum install -y lxc lxc-libs lxc-templates bridge-utils libcgroup

Verify :

[root@localhost ~]# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-229.20.1.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Here are default templates :

[root@localhost ~]# ls -1 /usr/share/lxc/templates
lxc-alpine
lxc-altlinux
lxc-archlinux
lxc-busybox
lxc-centos
lxc-cirros
lxc-debian
lxc-download
lxc-fedora
lxc-gentoo
lxc-openmandriva
lxc-opensuse
lxc-oracle
lxc-plamo
lxc-sshd
lxc-ubuntu
lxc-ubuntu-cloud

Create your first container

We will create a basic Linux CentOS container

[root@localhost ~]# lxc-create -t centos -n basic_container
...
...
...
Complete!
Download complete.
Copy /var/cache/lxc/centos/x86_64/7/rootfs to /var/lib/lxc/basic_container/rootfs ...
Copying rootfs to /var/lib/lxc/basic_container/rootfs ...
sed: can't read /etc/init/tty.conf: No such file or directory
Storing root password in '/var/lib/lxc/basic_container/tmp_root_pass'
Expiring password for user root.
passwd: Success
sed: can't read /var/lib/lxc/basic_container/rootfs/etc/rc.sysinit: No such file or directory
sed: can't read /var/lib/lxc/basic_container/rootfs/etc/rc.d/rc.sysinit: No such file or directory

Container rootfs and config have been created.
Edit the config file to check/enable networking setup.

The temporary root password is stored in:

        '/var/lib/lxc/basic_container/tmp_root_pass'


The root password is set up as expired and will require it to be changed
at first login, which you should do as soon as possible. If you lose the
root password or wish to change it without starting the container, you
can change it from the host by running the following command (which will
also reset the expired flag):

        chroot /var/lib/lxc/basic_container/rootfs passwd

Currently, we only have this container :

[root@localhost ~]# lxc-ls
basic_container

Which is not running :

[root@localhost ~]# lxc-info --name basic_container
Name: basic_container
State: STOPPED

To start the container, open a new session (it will become the container terminal), and launch this command within this new session :

[root@localhost ~]# lxc-start --foreground -n basic_container
lxc-start: conf.c: instantiate_veth: 2980 failed to attach 'vethJP5JDN' to the bridge 'virbr0': No such device
lxc-start: conf.c: lxc_create_network: 3263 failed to create netdev
lxc-start: start.c: lxc_spawn: 826 failed to create the network
lxc-start: start.c: __lxc_start: 1080 failed to spawn 'basic_container'
lxc-start: lxc_start.c: main: 342 The container failed to start.
lxc-start: lxc_start.c: main: 346 Additional information can be obtained by setting the --logfile and --logpriority options.

Oups ! We forgot to create the bridge …

Is there any bridge ?

[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces

No one !

Create missiong “virbr0” bridge :

[root@localhost ~]# brctl addbr virbr0

OK, now we have this bridge :

[root@localhost ~]# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.000000000000 no

Restart the container (it takes a while, have a look on following lines) :

[root@localhost ~]# lxc-start --foreground -n basic_container
systemd 208 running in system mode. (+PAM +LIBWRAP +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ)
Detected virtualization 'lxc'.

Welcome to CentOS Linux 7 (Core)!

Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Listening on Delayed Shutdown Socket.
[  OK  ] Listening on /dev/initctl Compatibility Named Pipe.
[  OK  ] Listening on Journal Socket.
         Starting Journal Service...
[  OK  ] Started Journal Service.
         Mounting Debug File System...
         Mounting Configuration File System...
         Starting Create static device nodes in /dev...
         Mounting POSIX Message Queue File System...

         Mounting Huge Pages File System...
[  OK  ] Reached target Encrypted Volumes.
[  OK  ] Reached target Swap.
         Starting Remount Root and Kernel File Systems...
[  OK  ] Created slice Root Slice.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Created slice System Slice.
[  OK  ] Reached target Slices.
[  OK  ] Created slice system-getty.slice.
[  OK  ] Mounted Debug File System.
[  OK  ] Mounted Configuration File System.
[  OK  ] Started Create static device nodes in /dev.
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Mounted Huge Pages File System.
[  OK  ] Started Remount Root and Kernel File Systems.
         Starting Load/Save Random Seed...
         Starting Configure read-only root support...
[  OK  ] Reached target Local File Systems (Pre).
[  OK  ] Stopped Trigger Flushing of Journal to Persistent Storage.
         Stopping Journal Service...
[  OK  ] Stopped Journal Service.
         Starting Journal Service...
[  OK  ] Started Journal Service.
[  OK  ] Started Load/Save Random Seed.
[  OK  ] Started Configure read-only root support.
[  OK  ] Reached target Local File Systems.
         Starting Trigger Flushing of Journal to Persistent Storage...
         Starting Mark the need to relabel after reboot...
         Starting Create Volatile Files and Directories...
         Stopping Journal Service...
[  OK  ] Stopped Journal Service.
         Starting Journal Service...
[  OK  ] Started Journal Service.
[  OK  ] Started Mark the need to relabel after reboot.
[  OK  ] Started Create Volatile Files and Directories.
[FAILED] Failed to start Trigger Flushing of Journal to Persistent Storage.
See 'systemctl status systemd-journal-flush.service' for details.
         Starting Update UTMP about System Reboot/Shutdown...
[  OK  ] Stopped Trigger Flushing of Journal to Persistent Storage.
         Stopping Journal Service...
[  OK  ] Stopped Journal Service.
         Starting Journal Service...
[  OK  ] Started Journal Service.
         Starting Trigger Flushing of Journal to Persistent Storage...
[* ] (1 of 2) A start job is running for Update UTMP about System Reboot/Shutdown<27>systemd-update-utmp[27]: Failed to get D-Bus connection: Failed to authenticate in time.
[FAILED] Failed to start Update UTMP about System Reboot/Shutdown.
See 'systemctl status systemd-update-utmp.service' for details.
[DEPEND] Dependency failed for Update UTMP about System Runlevel Changes.
[FAILED] Failed to start Trigger Flushing of Journal to Persistent Storage.
See 'systemctl status systemd-journal-flush.service' for details.
[  OK  ] Reached target System Initialization.
[  OK  ] Reached target Timers.
[  OK  ] Reached target Paths.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
         Starting Dump dmesg to /var/log/dmesg...
         Starting System Logging Service...
         Starting OpenSSH Server Key Generation...
         Starting D-Bus System Message Bus...
[  OK  ] Started D-Bus System Message Bus.
         Starting Login Service...
         Starting Permit User Sessions...
         Starting LSB: Bring up/down networking...
[  OK  ] Stopped Trigger Flushing of Journal to Persistent Storage.
         Stopping Journal Service...
[  OK  ] Stopped Journal Service.
         Starting Journal Service...
[  OK  ] Started Journal Service.
         Starting Trigger Flushing of Journal to Persistent Storage...
<28>systemd-sysctl[66]: Failed to write '4294967295' to '/proc/sys/kernel/shmmax': Read-only file system
         Starting Cleanup of Temporary Directories...
[  OK  ] Started Dump dmesg to /var/log/dmesg.
<28>systemd-sysctl[66]: Failed to write '268435456' to '/proc/sys/kernel/shmall': Read-only file system
[  OK  ] Started OpenSSH Server Key Generation.
<28>systemd-sysctl[66]: Failed to write '16' to '/proc/sys/kernel/sysrq': Read-only file system
<28>systemd-sysctl[66]: Failed to write '1' to '/proc/sys/kernel/core_uses_pid': Read-only file system
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
<28>systemd-sysctl[66]: Failed to write '1' to '/proc/sys/net/ipv4/conf/default/rp_filter': Read-only file system
<28>systemd-sysctl[66]: Failed to write '0' to '/proc/sys/net/ipv4/conf/default/accept_source_route': Read-only file system
[  OK  ] Started Permit User Sessions.
<28>systemd-sysctl[66]: Failed to write '1' to '/proc/sys/fs/protected_hardlinks': Read-only file system
<28>systemd-sysctl[66]: Failed to write '1' to '/proc/sys/fs/protected_symlinks': Read-only file system
[FAILED] Failed to start Trigger Flushing of Journal to Persistent Storage.
See 'systemctl status systemd-journal-flush.service' for details.
[  OK  ] Started Cleanup of Temporary Directories.
         Starting Console Getty...
[  OK  ] Started Console Getty.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started System Logging Service.
         Stopping Login Service...
[  OK  ] Stopped Login Service.
         Starting Login Service...
[  OK  ] Stopped Trigger Flushing of Journal to Persistent Storage.
         Stopping Journal Service...
[  OK  ] Stopped Journal Service.
         Starting Journal Service...
[  OK  ] Started Journal Service.
<28>systemd-sysctl[194]: Failed to write '4294967295' to '/proc/sys/kernel/shmmax': Read-only file system

CentOS Linux 7 (Core)
Kernel 3.10.0-229.20.1.el7.x86_64 on an x86_64

basic_container login: Starting Trigger Flushing of Journal to Persistent Storage...
[FAILED] Failed to start LSB: Bring up/down networking.
See 'systemctl status network.service' for details.
<28>systemd-sysctl[194]: Failed to write '16' to '/proc/sys/kernel/sysrq': Read-only file system
<28>systemd-sysctl[194]: Failed to write '1' to '/proc/sys/kernel/core_uses_pid': Read-only file system
[FAILED] Failed to start Login Service.
See 'systemctl status systemd-logind.service' for details.
<28>systemd-sysctl[194]: Failed to write '1' to '/proc/sys/net/ipv4/conf/default/rp_filter': Read-only file system
<28>systemd-sysctl[194]: Failed to write '0' to '/proc/sys/net/ipv4/conf/default/accept_source_route': Read-only file system
<28>systemd-sysctl[194]: Failed to write '1' to '/proc/sys/fs/protected_hardlinks': Read-only file system
<28>systemd-sysctl[194]: Failed to write '1' to '/proc/sys/fs/protected_symlinks': Read-only file system
[FAILED] Failed to start Trigger Flushing of Journal to Persistent Storage.
See 'systemctl status systemd-journal-flush.service' for details.
[  OK  ] Reached target Network.
         Starting OpenSSH server daemon...
[  OK  ] Started OpenSSH server daemon.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.

CentOS Linux 7 (Core)
Kernel 3.10.0-229.20.1.el7.x86_64 on an x86_64
basic_container login: root
Password:

On an other session, set “root” password :

[root@localhost ~]# chroot /var/lib/lxc/basic_container/rootfs passwd
Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Stop the container :

[root@localhost ~]# lxc-stop -n basic_container

 

 

PDF24    Send article as PDF   

Leave a Reply

Your email address will not be published. Required fields are marked *


*