Skip to content
This repository has been archived by the owner on Nov 24, 2022. It is now read-only.

Usage on debian hosts

Zsolt Takács edited this page Aug 25, 2013 · 12 revisions

This guide assumes you are running wheezy.

Installing lxc

You have to install lxc from jessie, to do this create /etc/sources.list.d/jessie.list with the contents:

deb http://http.debian.net/debian jessie main
deb-src http://http.debian.net/debian jessie main

To pin the lxc package to jesse, create /etc/apt/preference.d/lxc_jessie_pin.pref:

Package: *
Pin: release n=jessie
Pin-Priority: 100

Package: lxc
Pin: release n=jessie
Pin-Priority: 600

Now you can install the packages:

sudo apt-get update
sudo apt-get install -y lxc redir bridge-utils

You have to add cgroups to /etc/fstab:

none        /sys/fs/cgroup        cgroup        defaults    0    0

The mount it:

sudo mount /sys/fs/cgroup

Network configuration

There are two ways to set this up depending on whether you want you containers on the same network as the host machine or on a private NAT'ed network.

Bridging to your host LAN/WAN

Refer to the Debian wiki, substituting lxcbr0 for br0.

If you have a dhcp server on the interface you added to the bridge you are good to go.

NAT

This setup copies Ubuntu's convenvience wrappers added to their lxc package over debian's configuration.

Install dnsmasq:

sudo apt-get install -y dnsmasq

Configure dnsmasq to disable listening on lxc bridge, add the following contents to /etc/dnsmasq.d/lxc:

bind-interfaces
except-interface=lxcbr0
sudo /etc/init.d/dnsmasq restart

Create an init script to configure lxc network in /etc/init.d/lxc-net with the contents:

#!/bin/sh

### BEGIN INIT INFO
# Provides:             lxc-net
# Required-Start:       $syslog $remote_fs lxc
# Required-Stop:        $syslog $remote_fs lxc
# Should-Start:
# Should-Stop:
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Linux Containers Network Configuration
# Description:          Linux Containers Network Configuration
# X-Start-Before:
# X-Stop-After:
# X-Interactive:        true
### END INIT INFO

# Taken from ubuntu's lxc-net upstart config and adopted to init script
# original author: Serge Hallyn <[email protected]>

USE_LXC_BRIDGE="false"
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
LXC_DHCP_CONFILE=""
varrun="/var/run/lxc"
LXC_DOMAIN=""

. /lib/lsb/init-functions

start() {
	[ -f /etc/default/lxc ] && . /etc/default/lxc

	[ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; }

	if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
		if [ ! -f ${varrun}/network_up ]; then
			# bridge exists, but we didn't start it
			exit 0;
		fi
		exit 0;
	fi

	cleanup() {
		# dnsmasq failed to start, clean up the bridge
		iptables -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
		ifconfig ${LXC_BRIDGE} down || true
		brctl delbr ${LXC_BRIDGE} || true
	}

	# set up the lxc network
	brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; exit 0; }
	echo 1 > /proc/sys/net/ipv4/ip_forward
	mkdir -p ${varrun}
	ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
	iptables -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE

	LXC_DOMAIN_ARG=""
	if [ -n "$LXC_DOMAIN" ]; then
		LXC_DOMAIN_ARG="-s $LXC_DOMAIN"
	fi
	dnsmasq $LXC_DOMAIN_ARG -u dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
	touch ${varrun}/network_up
}

stop() {
	[ -f /etc/default/lxc ] && . /etc/default/lxc
	[ -f "${varrun}/network_up" ] || exit 0;
	# if $LXC_BRIDGE has attached interfaces, don't shut it down
	ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;

	if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
		ifconfig ${LXC_BRIDGE} down
		iptables -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
		pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
		rm -f ${varrun}/dnsmasq.pid
		brctl delbr ${LXC_BRIDGE}
	fi
	rm -f ${varrun}/network_up
}

case "${1}" in
	start)
		log_daemon_msg "Starting Linux Containers"

		start
		;;

	stop)
		log_daemon_msg "Stopping Linux Containers"

		stop
		;;

	restart|force-reload)
		log_daemon_msg "Restarting Linux Containers"

		stop
		start
		;;
esac

Add USE_LXC_BRIDGE="true" to /etc/default/lxc

sudo chmod +x /etc/init.d/lxc-net
sudo update-rc.d lxc-net start
sudo /etc/init.d/lxc-net start

Now you should be good to go, the init script creates the bridge, configures NAT on it and starts dnsmasq as the dhcp server (listening only on the bridge interface).

Clone this wiki locally