[Lxc-users] Setting up server in lxc container for dummies

Leonid Isaev lisaev at umail.iu.edu
Thu Aug 1 16:00:40 UTC 2013 

On Wed, 31 Jul 2013 20:24:42 -0700
Dan Kegel <dank at kegel.com> wrote:

> Hi,
> I've been happily using ubuntu's stock lxc (originally
> in 12.04, now in 13.04), and finally have an occasion
> to run a server inside a container.  I'd like it to
> be visible from the outside.
> 
> There are plenty of web pages about this, but they seem to
> assume that you've created the lxc config file by hand.
> I have never done that; I just use whatever lxc-create creates.
> 
> What's the simplest way to get a container to look
> like just another host on the LAN, starting with
>    sudo apt-get install lxc
>    sudo lxc-create -t ubuntu -n foobar
> on ubuntu 13.04?

To keep things simple, let's for now distinguish the following 2 scenarios: (1)
LXC host is just another machine on the LAN, i.e. it can get IP from a DHCP
server or has a static IP, but is not a gateway for other real machines; (2)
LXC host is a gateway/router for the LAN.

Please note that I only used LXC on non-debian systemd-based distros, so I can
tell you in detail how to do the following using systemd services, but not
upstart. Also, I have no idea about ubuntu filesystem structure.

Scenario (1)
------------
Let's assume that the host interface is "eth_host". TL;DR: you have to turn
your host into a switch.

* Stop and disable all networking on the host, i.e. eth_host has no IP.
* Create a bridge on the host, e.g. "br0", add "eth_host" to it, and make
  sure that your LXC configuration is aware of this bridge (for a default
  configuration you should have lxc.network.type=veth and lxc.network.link=br0
  in the container config). This bridge has to be enabled on boot, so write an
  init (or upstart job) file (ubuntu probably has some templates for this).
* Enable networking on the bridge "br0", not "eth_host". This means that "br0"
  will get an IP in the same way "eth_host" did. Modify your networking files
  accordingly.
* Start containers and configure their networking. For example, if the host
  uses DHCP, use DHCP inside the containers as well.

Your host and containers will now look identical for other machines on the
LAN. For example in case of DHCP, they will all get IPs from the server. Make
sure that you protect the containers with a firewall.

Scenario (2)
------------
Let's assume that the gateway has 2 interfaces "eth_lan" and "eth_wan" for the
LAN and WAN respectively, and you want to run several containers on this
gateway. Typically there is a DHCP server listening on "eth_lan" which itself
has a static IP. Your goal is achieved using similar steps as in the previous
case: again create a bridge "br0", add "eth_lan" to it, give "br0" the static
IP that "eth_lan" had, and tell DHCP server to listen on "br0". Then, proceed
as in Scenario (1). Now containers will appear as real hosts on the LAN.

HTH,
Leonid.


> 
> Thanks,
> Dan
> 
> ------------------------------------------------------------------------------
> Get your SQL database under version control now!
> Version control is standard for application code, but databases havent 
> caught up. So what steps can you take to put your SQL databases under 
> version control? Why should you start doing it? Read more to find out.
> http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users



-- 
Leonid Isaev
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20130801/35b8f871/attachment.pgp>

More information about the lxc-users mailing list