Linux Containers are lightweight virtualisation, similar to FreeBSD's Jails and Solaris's Zones. They require a few patches to the kernel and make use of new kernel features for process scheduling, isolation and network isolation between containers. They are flexible to the point where you can run a single process in one, or an entire virtual environment with a virtual root filesystem (obviously using the same kernel as the host).

Requirements

Ok so they are a little tricky to setup, you will need to patch or compile your own kernel (compiling your own is what I will document, using your existing config) and then compile lxc from source as the packages for ubuntu suck/aren't very stable (They should eventually be packaged, but seeing as they don't run on the stock kernel its a bit tricky atm, may as well wait till karmic)

Getting and Compiling a kernel with Container Support

First make sure you have git, move to a sane working dir, and get the source. I did the following as root because I'm lazy ;P. It gets the latest source from daveh's repository which I think is the mainline kernel with container support (all kernels after 2.6.26 support it but daveh's has a metaoption for all the namespaces they require), then copies your running kernels config to the new kernels source dir, then updates the config file (make oldconfig, just use the defaults for all settings), then you run make menuconfig and select "Container Support" from under "General Setup", then we build image & headers packages and install them (tested on jaunty 9.04 amd64).

sudo su
apt-get install git-core kernel-package fakeroot build-essential ncurses-dev
cd /usr/src/
git clone git://git.kernel.org/pub/scm/linux/kernel/git/daveh/linux-2.6-lxc.git
cd linux-2.6-lxc
cp /boot/config-`uname -r` .config
make oldconfig
make menuconfig
make-kpkg clean
fakeroot make-kpkg --initrd --append-to-version=-custom kernel_image kernel_headers
cd ..
dpkg -i linux*.deb

Getting and Compiling lxc

This is a fair bit easier, feel free to work in your home dir as a normal user and only escalate to root for the install. I would have used checkinstall to create a deb but it fails due to a newline?

sudo apt-get install libcap2-dev docbook autoconf libtool
git clone git://lxc.git.sourceforge.net/gitroot/lxc
cd lxc
./autogen.sh
./configure
make
sudo make install
sudo ldd /usr/local/libexec/lxc-init

Using Linux Containers

Yay now its installed we can do stuff!

http://www.ibm.com/developerworks/linux/library/l-lxc-containers/

Has a few good examples (where I based most of this tutorial from)

TODO: figure out lots of awesome stuff about using libvirt and virsh for management, as well as how to run iscsi enterprise target + sshd in a container, so you can have a single server with several secure storage blocks all authenticated with pam and encrypted with ssh.


CategoryDocumentation

LinuxContainers (last edited 2009-06-14 07:17:41 by adon-metcalfe-gmail)