Hardware? LXC (Linux containers)

Hi,

Today we are going to talk about Linux containers. Why? There are several services that will run in, may be, several computers. We want to make the development and, above everything, the tests as similar to the real machines. We don’t want to have several computers in order to develop and test. That would mean we have to buy, set up and maintain a whole bunch of boxes: at least three for developer! Here it comes the help: LXC.

With LXC we may create a container for each virtual machine inside each developer computer. That means each developer can have a database server, web server, application server, etc. As they may need. No limits. Why not a “real” virtual machine? To put it simply, LXC doesn’t needs to virtualize anything, so it is cheaper in terms of resources than a VirtualBox or QEmu virtual machine.

Get on with it.

Due to my computer being too old, I can’t install a Debian 9 OS in the development machine. That means I’m going to have an LXC to mimic the production machines inside my Ubuntu Xenial box.

We have to install LXC, that’s pretty easy:

sudo apt-get install lxc

Once installed, we need to create our first Debian container. That’s pretty easy also. We may create a variety of Linux distros. We can choose in /usr/share/lxc/templates. There you will find a list of names, prefixed with lxc like this:

manuel@sobremesa:~/projects/develox$ l /usr/share/lxc/templates/
total 404K
-rwxr-xr-x 1 root root  13K jun 14 22:15 lxc-alpine
-rwxr-xr-x 1 root root  14K jun 14 22:15 lxc-altlinux
-rwxr-xr-x 1 root root  11K jun 14 22:15 lxc-archlinux
-rwxr-xr-x 1 root root  12K jun 14 22:15 lxc-busybox
-rwxr-xr-x 1 root root  30K jun 14 22:15 lxc-centos
-rwxr-xr-x 1 root root  11K jun 14 22:15 lxc-cirros
-rwxr-xr-x 1 root root  20K jun 14 22:15 lxc-debian
-rwxr-xr-x 1 root root  18K jun 14 22:15 lxc-download
-rwxr-xr-x 1 root root  49K jun 14 22:15 lxc-fedora
-rwxr-xr-x 1 root root  28K jun 14 22:15 lxc-gentoo
-rwxr-xr-x 1 root root  14K jun 14 22:15 lxc-openmandriva
-rwxr-xr-x 1 root root  16K jun 14 22:15 lxc-opensuse
-rwxr-xr-x 1 root root  41K jun 14 22:15 lxc-oracle
-rwxr-xr-x 1 root root  12K jun 14 22:15 lxc-plamo
-rwxr-xr-x 1 root root  19K jun 14 22:15 lxc-slackware
-rwxr-xr-x 1 root root  27K jun 14 22:15 lxc-sparclinux
-rwxr-xr-x 1 root root 6,7K jun 14 22:15 lxc-sshd
-rwxr-xr-x 1 root root  26K jun 14 22:15 lxc-ubuntu
-rwxr-xr-x 1 root root  12K jun 14 22:15 lxc-ubuntu-cloud

As you can see there are already a bunch of them!

We said we are going to use a Debian box. So to create the Debian we have to run this command:

sudo lxc-create -t download -n devel -- -d debian --arch amd64

We’ll be asked for the release. We select the stable release: “stretch.”
“devel” is the container name we will use to refer and access.

manuel@sobremesa:~/projects/develox$ sudo lxc-create -t download -n devel -- -d debian --arch amd64
Setting up the GPG keyring
Downloading the image index

---
DIST	RELEASE	ARCH	VARIANT	BUILD
---
debian	buster	amd64	default	20171130_22:42
debian	jessie	amd64	default	20171201_02:41
debian	sid	amd64	default	20171130_22:42
debian	stretch	amd64	default	20171201_02:41
debian	wheezy	amd64	default	20171201_07:45
---

Release: 

We type “stretch” and the container creation will begin.
If you have a system in normal operation, there shouldn’t be any errors until this point.

Now lxc gives you some instructions:

Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs

---
You just created a Debian container (release=stretch, arch=amd64, variant=default)

To enable sshd, run: apt-get install openssh-server

For security reason, container images ship without user accounts
and without a root password.

Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.

We have our first container!
We are going to make a lot of things to this container and we, potentially, may mess up the thing, so the first task we are going to do is to make a clone. When we make a clone, we can make changes to the container, if we mess up the container, we can restore it from the clone.

I’m not going into too much detail with this but you can learn a lot here.

sudo lxc-copy -s -B overlayfs -n devel -N devel1

We have our “backup” clone in devel1. We can continue to work on devel.

We may see our containers with:

manuel@sobremesa:~/projects/develox$ sudo lxc-ls --fancy
NAME   STATE   AUTOSTART GROUPS IPV4 IPV6 
devel  STOPPED 0         -      -    -    
devel1 STOPPED 0         -      -    -    

We see our countainers. First, start the one.

manuel@sobremesa:~/projects/develox$ sudo lxc-start -n devel
manuel@sobremesa:~/projects/develox$ sudo lxc-ls --fancy
NAME   STATE   AUTOSTART GROUPS IPV4      IPV6 
devel  RUNNING 0         -      10.0.3.35 -    
devel1 STOPPED 0         -      -         -    

It is running and with an IP address. This may take a few seconds. I mean, if you run lxc-ls immediately after the start, you won’t see the IP, just wait a few seconds and it will appear.

Now we can attach to the container, create users, accounts and begin to install software.

manuel@sobremesa:~/projects/develox$ sudo lxc-attach -n devel
root@devel:/# 

Easy! You are God now.

We have to change root password:

root@devel:/# passwd

Create a user:

root@devel:/# adduser manuel

This will ask some questions, just respond and it is done.

Remember we have received some instructions when we created the container? “To enable sshd, run: apt-get install openssh-server.”
Do it.

apt-get install openssh-server

Now you may access devel with sshd:

manuel@sobremesa:~/projects/develox$ ssh 10.0.3.35
manuel@10.0.3.35's password: 
Linux devel 4.10.0-40-generic #44~16.04.1-Ubuntu SMP Thu Nov 9 15:37:44 UTC 2017 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Dec  1 12:27:48 2017 from 10.0.3.1

If we don’t want to type the password each time we access the container, we have to put our public key into it. (How to create keys is explained here.)

manuel@sobremesa:~/projects/develox$ ssh 10.0.3.35
manuel@10.0.3.35's password: 
Linux devel 4.10.0-40-generic #44~16.04.1-Ubuntu SMP Thu Nov 9 15:37:44 UTC 2017 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Dec  2 09:53:43 2017 from 10.0.3.1
manuel@devel:~$ mkdir .ssh
manuel@devel:~$ logout
manuel@sobremesa:~/projects/develox$ scp /home/manuel/.ssh/id_rsa.pub 10.0.3.35:~/.ssh/authorized_keys
manuel@10.0.3.35's password: 
id_rsa.pub                                                                           100%  403     0.4KB/s   00:00    

From now on, we can install software needed to compile and so on. But remember to create snapshots to have a working copy of the container.
First stop the container and make a copy.

manuel@sobremesa:~/projects/develox$ sudo lxc-stop -n devel
manuel@sobremesa:~/projects/develox$ sudo lxc-copy -s -B overlayfs -n devel -N devel2

Now we know how to create a container. We are going to create several to develop, test and make nightly builds.

See you next post.