All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Flockport LXC tutorial
For those who don't know LXC is a container technology that is identical to OpenVZ that many would be familiar with, only LXC is supported in the vanilla Linux kernel. LXC is an open source project currently supported by Ubuntu.
What we are doing at Flockport is using LXC to provided ready to use containers of popular web apps to make it easy for end users to launch and use apps without needing to install and configure web stacks and applications. We also have tons of documentation to get you started.
Conceptually think of containers as lightweight VMs, however unlike virtualization containers operate at near bare metal speeds and don't have the performance overhead of virtualization.
Containers also decouple your applications from the host OS making them portable and give users tremendous flexibility in moving apps across systems, backup, cloning and deploying apps.
Linux containers (LXC) has been under the radar and had its first stable release 1.0 in February 2014. It is stable and robust and now works well in all Linux distributions. However the documentation beyond Ubuntu is lacking as are updated LXC packages.
In the past LXC was pretty tough to set up, especially the networking and a lot of information online is outdated or in many case misleading. The Flockport and Ubuntu LXC packages make make it easy to install and use LXC.
Please note Linux kernel 3.8 onwards is highly recommended for the smoothest experience. Though kernel 3.2 onwards also works.
In Ubuntu installing LXC is as simple as an apt-get install. The LXC Debian Wheezy packages however are badly outdated. Since it's our favourite server OS, Flockport provides updated LXC packages that work out of the box in Wheezy.
In this guide we are going to cover how to install LXC in Ubuntu and Debian. For other distributions that don't have updated LXC packages we will cover compiling and basic set up of LXC.
We are also going to link to some video tutorials on how to use LXC and Flockport containers.
Debian Wheezy
Here is a video guide of this process
Add the Flockport LXC repo
wget http://repo.flockport.com/flockport.gpg.key apt-key add flockport.gpg.key
Add the repo to your sources.list
nano /etc/apt/sources.lists deb http://repo.flockport.com/debian wheezy main
Install LXC
apt-get update apt-get install LXC
This will install LXC-1.0.1 and set it up properly with all features working out of the box!
You can also install the Flockport utility instead which will automatically install and setup LXC for you.
The Flockport utility - currently Debian only - lets you view and download Flockport containers directly to your system.
apt-get install flockport
Here is a video guide on using the Flockport utility
That's it! Here is a video walk through of basic LXC functions
Ubuntu
Add the LXC Ubuntu repo
sudo add-apt-repository ppa:ubuntu-lxc/stable
Install LXC
sudo apt-get update sudo apt-get install lxc
For other Linux distributions
If your distribution does not provide updated LXC packages > 1.0, you will need to compile it. Fortunately compiling LXC is a breeze and takes a minute or so with no hair pulling errors!
wget https://linuxcontainers.org/downloads/lxc-1.0.3.tar.gz tar -xcvf lxc-1.0.3.tar.gz mv lxc-1.0.3 /usr/src
Prepare LXC environment
apt-get install debootstrap bridge-utils build-essential rsync libcap2-dev python3 python3-dev
Build LXC
./configure --sysconfdir=/etc --localstatedir=/var --with-distro=debian --enable-python=yes
If the configure script complains about Python missing in Debian, use this:
./configure --sysconfdir=/etc --localstatedir=/var --with-distro=debian --enable-python PYTHONDEV_CFLAGS=-I/usr/include/python-3.2mu PYTHONDEV_LIBS=-l/usr/include/python-3.2mu/
Build and install
make make install
Check if LXC is installed properly
lxc-checkconfig
Incase you run into a python path bug, here is a workaround for the Python path issue in Debian Wheezy. Go to:
cd /usr/local/lib/python3.2/dist-packages/</code.
With your favourite text editor create and save a new file usrlocal.pth here with the line below
/usr/local/lib/python3/dist-packages
Reload libraries
ldconfig
Ah this point LXC is installed successfully. But before you can use it you need to configure the environment, and this is the involved bit that the Flockport and Ubuntu LXC packages make easy.
Add this to your /etc/fstab
nano /etc/fstab
cgroup /sys/fs/cgroup cgroup defaults 0 0
Now mount cgroups. You may need to reboot, but it usually works without a reboot
mount /sys/fs/cgroup
Now we need to enable cgroup memory support in the Linux kernel, and this needs us to pass the flag to grub. Edit /etc/default/grub and add the line below
nano /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet cgroup_enable=memory swapaccount=1"
Update Grub and reboot to enable cgroups memory support for LXC
update-grub
LXC may work without a reboot as long as you are not using cgroup memory settings in any containers.
Let's configure LXC networking. LXC supports a number of network modes. By default LXC uses a 'lxcbr0' NAT bridge, that works out of the box in Ubuntu but needs to be configured to work properly in other distributions.
You can also configure direct bridge mode and not use NAT to have containers in the same network as your host. For this guide we will configure LXC's default lxcbr0 bridge.
To learn more about LXC networking and advanced configuration please visit the Flockport LXC networking guide and Flockport advanced networking guide
Download the Flockport lxc-net Debian init script. You also need the lxc init script to enable container autostart to work. Download it here
Both scripts have been customised the script to fix bugs, enable a few features including container autostart to work out of the box.
Copy both scripts to your /etc/init.d/ folder and enable them
chmod +x lxc-net lxc update-rc.d lxc-net defaults update-rc.d lxc defaults service lxc-net start service lxc start
Add a file named lxc to /etc/default/ with the line below
nano /etc/default/lxc
USE_LXC_BRIDGE="true"
Now we just need a DHCP server to assign IPs to containers.
Install Dnsmasq-base
apt-get install dnsmasq-base
With Dnsmasq base it’s a good idea to add a dnsmasq user.
adduser --system --home /var/lib/misc --gecos "dnsmasq" --no-create-home --disabled-password --quiet dnsmasq
Incase you already have Dnsmasq installed (you could have it as it’s used by a lot of apps)
Create a lxc config file in /etc/dnsmasq.d/ with nano or your favourite text editor
nano /etc/dnsmasq.d/lxc
Add the lines below to the lxc file
bind-interfaces except-interface=lxcbr0
And restart dnsmasq
service dnsmasq restart
The above configuration is only needed if your Dnsmasq installation is not configured to bind to a specific interface. If Dnsmasq binds to all interfaces the lxcbr0 bridge will fail to come up.
Security tip for prior Dnsmasq users. It’s a good idea to ensure you bind dnsmasq to a specific interface so you are not running an open DNS relay. This can even be a fake interface like 'abc' for instance.
Congratulations! The lxcbr0 bridge is now enabled on reboot. You are ready to use LXC.
Now that you have LXC installed, you can go through this Flockport LXC walk through
Flockport containers are ready to use containers of popular web apps based on LXC.
Here is a video guide illustrating how simple it is to use the Flockport Wordpress container
Comments
Thx! What does LXC Not have that OpenVZ does? In other words, in which scenario would OpenVZ be appropriate and in which will LXC be more appropriate?
The main difference is you don't need a special kernel for LXC. LXC is supported in the vanilla Linux kernel so is widely available across distributions and kernels (Linux kernel 3.8 onwards recommended). In practical terms this means there is no need to compile, patch or get a special kernel. This of course makes it easier to use.
LXC just had its 1.0 release, and is not yet as feature rich and mature as OpenVZ. Disk quotas for instance is supported by OpenVZ but not yet in LXC. To use disk quotas in LXC you need to use LVM, Btrfs or a file system that supports quotas.
OpenVZ also has better isolation than LXC currently. LXC only recently started supporting unprivileged containers, but it is still work in progress.
@raul: is LXC available and does it run on 32-bit Ubuntu distros?
Yup, its available for 32 bit, but it sort of limits your options. With 64 bit hosts you can run both 32 bit and 64 bit containers. Our repo for Debian is for the 64 bit version of LXC only, for containers we have both 64 bit and 32 bit variants.
If you are on Ubuntu you can easily install >1.0 32 bit LXC from the official Ubuntu repos. For other distros you mileage may vary, and if they don't have updated packages for your distro its best to compile.
Can someone provide a tl;dr of this compared to Docker?
Thanks, @raul, I'm sure to check this out. I have been looking into Docker, but it runs on 64-bit distros only, which pretty much limits its use to high RAM boxes only.
@godong lucky guy! we have exactly what you asked for
Understanding the key differences between LXC and Docker
Statelessness and the Swiss engineer
LXC is a container technology which gives you lightweight Linux containers and Docker is a single application virtualization engine based on Linux containers.
Docker is a use case of LXC containers to build single 'frozen in state' apps using layers of file systems (using aufs/devicemapper), storing data outside the container and a container OS template that can only run one application at a time.
Docker encourages you to build loosely coupled 'frozen in state' apps and 'thinking of a container as an app' and the Docker base OS template and tools is designed to support this scenario.
Why is Docker doing this? Because this makes a lot of sense for public PAAS type scenarios to roll out multiple instances of apps like mysql or apache to users.
But needless to say this introduces constraints and complexity to containers and if your use case is not a public PAAS or frozen apps, can become a real pain to deal with. LXC containers behave like lightweight virtual machines with a normal 'unrestricted' container OS that users are used to, and are far simpler and straight forward to use.
The only way to really find out is to use both and see what suits you better.
Thanks, @raul, very nice, clear summary of LXC vs. Docker
One thing I believe you neglected to mention is that the latest Docker build is no longer using LXC as its backend, but rather their own prioprietary containers.
@aglodek, thanks! and true.
Docker was based on LXC untill a couple of months ago and now have their own implementation called libcontainer that directly uses Linux kernel cgroups and namespaces support to build containers, instead of using LXC. But I don't think they are proprietary containers.