In this article, I’ll show you how to setup and run a Linux Container using LXC.
Brief Introduction to Linux Containers
Containers are light-weight alternatives to Virtual Machines (VM). Containers are light-weight because they share the same kernel with other containers running in the same machine. The primary difference between a VM and a container is that a VM has its own Kernel Space but a container shares the Kernel Space with other containers running in the Host/Guest OS. However, each VM and container has its own “unshared” User Space. As a result, if a VM’s kernel crashes, only that VM reboots. However, if a container’s shared kernel crashes all the other containers running in the system will go for a toss. The implication of this is that, VM’s are naturally more secure than containers.
With this brief introduction about containers, let’s jump straight into the lab session to bring up and play with a container.
Linux Container Lab 101
First you need to install LXC package on your Linux system. LXC provides the drivers and tools required to jump start a container. I used Ubuntu version 14.04 LTS for this lab. The commands may slightly vary if you are using a different distribution or version of Linux.
sudo apt-get install lxc
Please make sure that you have internet connection and a sudo permission to execute the above installation command which will look into the Ubuntu Linux Distribution Package repository in the web to download the LXC package.
Now you can try to create the LXC container using the following command.
sudo lxc-create -t download -n test-container
The “-t download” option will list you all the available distribution, version and architectures to choose from. For eg. I chose the following when it prompted.
$ sudo lxc-create -t download -n test-container Setting up the GPG keyring Downloading the image index --- DIST RELEASE ARCH VARIANT BUILD --- centos 6 amd64 default 20161105_02:16 centos 6 i386 default 20161105_02:16 centos 7 amd64 default 20161105_02:16 ... ubuntu trusty amd64 default 20161105_03:49 ubuntu trusty arm64 default 20161105_03:49 ubuntu trusty armhf default 20161105_03:49 ubuntu trusty i386 default 20161105_03:49 ubuntu trusty powerpc default 20161105_03:49 ubuntu trusty ppc64el default 20161105_03:49 ubuntu xenial amd64 default 20161105_03:49 ... ubuntu zesty ppc64el default 20161105_03:49 ubuntu zesty s390x default 20161105_03:49 --- Distribution: ubuntu Release: trusty Architecture: amd64 Downloading the image index Downloading the rootfs ...
Now that you have created a container, you should kickstart it using the following command.
$ sudo lxc-start -n test-container -d
The “-d” option in the above command starts the container as a daemon. Check if the container is running.
$ sudo lxc-ls -f NAME STATE IPV4 IPV6 AUTOSTART --------------------------------------------------- test-container RUNNING 10.0.3.21 - NO
$ sudo lxc-info -n test-container Name: test-container State: RUNNING PID: 2399 IP: 10.0.3.21 CPU use: 1.28 seconds BlkIO use: 21.27 MiB Memory use: 27.55 MiB KMem use: 0 bytes Link: veth5MGOCI TX bytes: 4.15 KiB RX bytes: 7.81 KiB Total bytes: 11.96 KiB $
You can login to the container running as a daemon by attaching to its console using the following command. The default login/password is: ubuntu/ubuntu
$ sudo lxc-console -n test-container Ubuntu 14.04.5 LTS test-container tty1 test-container login: ubuntu Password: ... ubuntu@test-container:~$ ls -l total 0 ubuntu@test-container:~$ pwd /home/ubuntu ubuntu@test-container:~$
As you can see, a container gets its own User Space and you can execute any command you would normally execute on a bash shell. To exit from the console of a container, press Ctrl+A and Q.
If you want to shutdown the container, you can stop it using the following command.
$ sudo lxc-stop -n test-container $ sudo lxc-ls -f NAME STATE IPV4 IPV6 AUTOSTART ---------------------------------------------- test-container STOPPED - - NO $
And when you are finally done with the container and want to delete it, you can issue the following command.
$ sudo lxc-destroy -n test-container
Check to see if the container still exists.
$ sudo lxc-info -n test-container test-container doesn't exist
Kudos ! You have persisted and graduated the Container Lab 101 session. Hope that was easy to follow and understand.
The intention of this article is to get you started on the Linux Container using LXC. More advanced topics will be covered in the future articles.