We have a reasonable methodology for setting up and running Linux Containers (LXC) on Slackware®. Now we need to prepare the container itself. It doesn't need a kernel, nor kernel modules since the host system's kernel is used. We need just a filesystem including whatever libraries and applications are deemed necessary or desirable. Our use case at UQVislab requires considerable flexibility in terms of container functionality and, therefore, contents. We would typically use a small version of Slackware® with only a subset of the A and N package sets. We pack the result into a tarball which we can reuse for different purposes as often as we like by simply unpacking the tarball somewhere and instantiating the new container. The rationale is that from such a small system, which is relatively fast to instantiate, additional functionality for specific tasks can be added as required at runtime with packages downloaded from the network.
The steps we used previously for creating a container are described here.
Now (since 13.37) we use lxc-create command from the standard lxc package in conjunction with a template, as first described for Slackware by Matteo Bernardini, which incorporates many of the steps from our earlier container creation method. We can also use a template which has been modified to specific local needs. Any container generated in this way can (as before) be saved as a tarball and later unpacked, renamed and used again.
Method
Install the lxc package from Slackware 13.37 (in the ap "disk set" directory).
Now, create a template - download and edit, or use as it is, Matteo Berdardini's template and place it in /usr/lib64/lxc/templates (this directory should already exist and contain templates for other distributions if the lxc package has been installed). Of course many different templates could be kept if necessary - just give them different names.
While the default template might be perfectly adequate for many purposes, one reason to change it might be to specify fewer or more packages to be included by default in the base installation. For instance, if we later wanted to use slapt-get for adding/managing software, some additional packages from the Slackware distribution will be required at run time. These packages can be added to the existing list in the template file as:
n/cyrus-sasl-2.1.23-$arch-1.txz
n/gpgme-1.3.0-$arch-1.txz
n/libassuan-2.0.1-$arch-1.txz
n/libgpg-error-1.9-$arch-1.txz
n/gpgme-1.3.0-$arch-1.txz
n/libassuan-2.0.1-$arch-1.txz
n/libgpg-error-1.9-$arch-1.txz
An additional file with locally required configuration entries can also be used e.g. for network entries in a particular instance.
| lxc.utsname = generic_1337 lxc.mount = /var/lib/lxc/generic_1337/rootfs/etc/fstab lxc.rootfs = /var/lib/lxc/generic_1337/rootfs lxc.tty = 6 lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.hwaddr = 00:aa:11:bb:22:cc lxc.network.ipv4 = 0.0.0.0 lxc.network.name = eth0 |
- the rootfs entry points to the root file system of the container (within host filesystem). At UQVislab, we run multiple containers such that each exists in a directory named after it under /var/lib/lxc Therefore, in this example, the filesystem for the container named generic_1337 has its root at /var/lib/lxc/generic_1337/rootfs (the rootfs entry); that container's /etc/fstab is at /var/cache/lxc/generic_1337/rootfs/etc/fstab
- hwaddr can be anything really - you'll probably want unique entries if using them to obtain ip addresses with dhcp, also different from the host system.
- ipv4 is the address to be used by the container e.g. 192.168.11.22/24 for the bridge network case described above, or 192.168.100.27/24 for the NAT case. The container will still need its network configured as usual in its /etc/rc.d/rc.inet1.conf
file. An entry of 0.0.0.0 denotes that dhcp will be used to obtain an ip address when the container is started up (and assumes a dhcp server is running somewhere that can provide the ip address).
The basic containter can then be created (as root) with a command like:
lxc-create -n generic_1337 -f /home/chris/lxc-generic_1337 -t lxc-slackware
where
- generic_1337 is the name (-n option) of the new container
- /home/chris/lxc-generic_1337
is the file with local configuration options (-f option)
- lxc-slackware is the
name of the template (-t option) to be found in /usr/lib64/lxc/templates
sudo PATH=/sbin:/usr/sbin:$PATH lxc-create -n generic_1337 -f /home/chris/lxc-generic_1337 -t slackware
Running that command will download the minimal set of packages to be used into a cache-$distversion-$arch directory and then build the minimal distribution into a temporary rootfs-$distversion-$arch (both of these in /var/cache/lxc/slackware or as specified in the template file). When complete, the temporary rootfs is copied into the directory /var/lib/lxc/generic_1337 along with a config file containing the container's lxc configuration options. These configuration options should be checked and adjusted, if necessary, before starting the container. Similarly, anything to be set up in the container's file system could be accessed via /var/lib/lxc/generic_1337/rootfs although remember that at the moment we're just creating a very generic container to be tarballed and reused, possibly multiple times, later i.e. avoid setting anything too specifically.
At this point, a tarball of the container could be created as follows:
cd /var/lib/lxc
tar zcvf generic_1337.tar.gz generic_1337
tar zcvf generic_1337.tar.gz generic_1337
Now, after saving generic_1337.tar.gz somewhere safe and completely removing the existing generic_1337 directory, the generic_1337.tar.gz tarball can be unpacked at any time in /var/lib/lxc and run with lxc-start (probably after changing the unpacked container's name) e.g.
cd /var/lib/lxc
tar xvf /tmp/generic_1337.tar.gz
tar xvf /tmp/generic_1337.tar.gz
mv generic_1337 container_XYZ
Now edit /var/lib/lxc/container_XYZ/config to specify options specific to how this particular container instance will run e.g. network options and, especially, the lxc.utsname entry (container_XYZ in this case). Now is also a good time to set anything required inside the container itself e.g. /var/lib/lxc/container_XYZ/etc/rc.d/rc.inet1.conf although remember that many such changes may be possible from inside the soon to be running container itself.
Now start the container with:
sudo
lxc-start -n container_XYZ
Issues
Feature
xyz is not included - how can it be added
- first look for clues in the template file where there may be a similar construct you can modify. Otherwise, look for clues in our original recipe for creating a Slackware container which has a more stepwise approach and explanations, from which a new feature derived and added to the template.
- first look for clues in the template file where there may be a similar construct you can modify. Otherwise, look for clues in our original recipe for creating a Slackware container which has a more stepwise approach and explanations, from which a new feature derived and added to the template.
References
Original container creation recipe (UQVislab)
Container creation from template (Matteo Bernardini's Pimp my Slack)
LXC HOWTO (Dwight Schauer)
Contact
Please send any questions, comments,
advice etc., to Chris Willing <c.willing _at_ uq.edu.au>
Slackware® is a registered trademark of Slackware Linux.