[lxc-users] Advice for running LXC on a Debian host

Sat Mar 14 08:29:34 UTC 2015

Hi,

I am not as categorical as Fajar and using LXC with Debian is widely 
feasable. I admit that the LXC version that comes with Debian Stable is 
not enough up to date. But I have installed Debian Jessie and I use the 
Debian's package that give LXC with version 1.0.6.

Of course, if you need all the last functionalities easily available, 
you will have to follow the advices of Fajar and dealing with Ubuntu is 
certainly easier. If you don't need that, Debian Jessie and LXC work 
(quite) like a charm and it suits all my needs.

Xavier

Le 14/03/2015 06:55, Fajar A. Nugraha a écrit :
> On Fri, Mar 13, 2015 at 8:34 PM, Rory Campbell-Lange
> <rory at campbell-lange.net> wrote:
>> Dear LXC List
>>
>> I'm looking for advice on running LXC on Debian.
>>
>> I did quite a lot of work on trialling lxc about two years ago but then
>> left it there because of a lack of time and some troublesome issues with
>> Debian stable at the time.
>
> Short suggestion: don't.
>
> It's MUCH easier to use ubuntu LTS + lxc (either from bundled version,
> or from daily ppa to get latest lxc version) as the host. You'd likely
> get problems with debian's bundled version, as reported on this list
> recently (search the archives). And building your own lxc version (or
> rebuilding ubuntu's source) might not be as straightforward as it
> seems.
>
> You could then run whatever you want on the containers, including debian.
>
>>
>> We are considering using LXC again for a spare server to take over a
>> couple of small production server images where the hardware is reaching
>> end-of-life. Also we wish to be able to quickly setup clones/variants of
>> our web application stack (postgresql + php/python + apache) for testing
>> purposes.
>>
>> The machine we have available has 6GB of RAM, a system (hw raid 1) 200G
>> drive and a storage drive (hw raid 5) of 1TB. The board is a TYAN
>> Tempest with 8 x Intel E5420 @ 2.50GHz. We have been trialling btrfs for
>> some years now and are happy to take the risks of running the storage
>> drive on btrfs.
>>
>
> I'd suggest zfs, but if you're comfortable with btrfs, then lxc has
> support for it as well (e.g. container snapshot/clone)
>
>
>> Presently the Debian LXC wiki page at https://wiki.debian.org/LXC states
>> "LXC may not provide sufficient isolation at this time".
>
> Part of the lxc isolation/security in ubuntu is provided thru
> apparmor, which AFAIK is not enabled by default on debian.
>
> The other part is thru the use of unprivileged containers (where
> container's root uid is just another non-root uid in the host).
>
>>
>> I would be grateful for comments about whether a version of Debian is
>> suitable for these intended uses, what Debian distro version is
>> recommended (if any), what kernel version to run and recommendations
>> about using btrfs.
>
>
> I'd go with ubuntu 14.04, lxc-1.1 from daily ppa, and add zfsonlinux.
>
> If you still want to use debian anyway, then probably debian stable
> plus lxc-1.1 built manually from source.
> Use whatever kernel version that you've tested to work well with for
> btrfs (I lost track of which versions, but there were some newer
> kernels which caused btrfs regression).
> Then, if you care about security, find out how you can enable apparmor
> and integrate it with your lxc buid.
>