HOWTO: Configure a LXC Linux Container CentOS 6

Introduction to LXC

LXC isn't a real Virtualization technique, but is more like a chroot environment, but on "steroids". More information about LXC here : http://lxc.sourceforge.net

Install libvirt stack

yum install libvirt libvirt-client python-virtinst 

Configuring a LXC container

Suppose you want to create a full container, similar to a minimal CentOS 6 setup.

On your machine, please be sure that libvirtd is started (service libvirtd start).

We'll initialize a CentOS 6 x86_64 container, assuming

on your machine filesystem

mkdir /var/lib/libvirt/lxc/centos-6-x86_64/etc/yum.repos.d/ -p  
cat /etc/yum.repos.d/CentOS-Base.repo |sed s/'$releasever'/6/g > /var/lib/libvirt/lxc/centos-6-x86_64/etc/yum.repos.d/CentOS-Base.repo
yum groupinstall core --installroot=/var/lib/libvirt/lxc/centos-6-x86_64/ --nogpgcheck -y
yum install plymouth libselinux-python --installroot=/var/lib/libvirt/lxc/centos-6-x86_64/ --nogpgcheck -y

Selinux note : You have to create a selinux policy to allow virtd_lxc_t to use dbus :

module lxc 1.0; 

require {
        type hald_t;
        type virtd_lxc_t;
        class dbus send_msg;
}

#============= hald_t ==============
allow hald_t virtd_lxc_t:dbus send_msg;

See the excellent http://wiki.centos.org/HowTos/SELinux guide/wiki page to know how to accomplish that step

Note that you can't use LXC with SELinux disabled, instead try to set it to permissive (see https://bugzilla.redhat.com/show_bug.cgi?id=995897)

in the chroot'ed filesystem

All the following steps will be done in the chroot'ed environment :

chroot /var/lib/libvirt/lxc/centos-6-x86_64/ 

echo MYROOTPASS |passwd root --stdin

#Fix root login on console

echo "pts/0" >>/etc/securetty

sed -i s/"session    required     pam_selinux.so close"/"#session    required     pam_selinux.so close"/g /etc/pam.d/login

sed -i s/"session    required     pam_selinux.so open"/"#session    required     pam_selinux.so open"/g /etc/pam.d/login

sed -i s/"session    required     pam_loginuid.so"/"#session    required     pam_loginuid.so"/g /etc/pam.d/login

#Configuring basic networking

cat > /etc/sysconfig/network << EOF

NETWORKING=yes

HOSTNAME=lxc1.test.centos.org

EOF

cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF

DEVICE=eth0

BOOTPROTO=dhcp

ONBOOT=yes

EOF

#Enabling sshd

chkconfig sshd on

# Fixing root login for sshd

sed -i s/"session    required     pam_selinux.so close"/"#session    required     pam_selinux.so close"/g /etc/pam.d/sshd

sed -i s/"session    required     pam_loginuid.so"/"#session    required     pam_loginuid.so"/g /etc/pam.d/sshd

sed -i s/"session    required     pam_selinux.so open env_params"/"#session    required     pam_selinux.so open env_params"/g /etc/pam.d/sshd

# Leaving the chroot'ed filesystem

exit 

back on your machine

# now creating the LXC container from that filesystem

virt-install --connect lxc:/// --name test --ram 512 --vcpu 1 --filesystem /var/lib/libvirt/lxc/centos-6-x86_64/,/ --noautoconsole 

You can access to the LXC container by using:

virsh console test   

OR

ssh -l root CONTAINER_IP 

To get IP address of the LXC container, look for mac address (can be found in /etc/libvirt/lxc/test.xml) in dhcp leases /var/lib/libvirt/dnsmasq/default.leases

Note on using LXC inside KVM VM with default network

When using LXC inside KVM VM (both using libvirt), the default network is 192.168.122.0/24 which will create a conflict when you try to start LXC container, to fix this you should change IP range in the guest VM's libvirtd (the one that runs containers).

service libvirtd stop
sed -i 's/"192\.168\.122\./"192.168.120./' /etc/libvirt/qemu/networks/default.xml
service libvirtd start

HowTos/LXC-on-CentOS6 (last edited 2014-02-28 17:42:53 by AthmaneMadjoudj)