[lxc-users] Creating a Linux container that is just a sandbox of my actual installation

Sun May 31 00:29:31 UTC 2015

On Sun, May 31, 2015 at 6:58 AM, james harvey <jamespharvey20 at gmail.com> wrote:
> I want to create a container that starts out being identical to my
> top-level no-container installation.  I want any changes performed
> within the container to be kept in the container.  I want anything
> added to my top-level no-container installation to automatically show
> up in already made containers.
>
> It looks like I want to use an overlayfs.  I'm not having success.

overlayfs won't be able to do exactly what you want. For example:
- a container is created using overlay of the host
- you change root password inside the container, thus making the
container has its own copy of some files (e.g /etc/passwd,
/etc/shadow)
- you install new package on the host, which also creates a new user

The new user will not be available inside the container, thus possibly
making the newly-installed package broken inside the container.

>
> $ sudo dnf install lxc
> $ sudo lxc-create -n test -t none
> lxc-create: lxc_create.c: main: 274 Error creating container test

> I think I need -t none though, since I don't want new packages to be
> installed inside my container.

I don't think "-t none" works.

An easier way would be to copy config file created by the download
template (-t download) for the same distro, and then modify it.

>
> If I create a container and I "touch hello.message", I basically want
> the entire container to be taking up only a few bytes for the extra
> filehandle -- plus whatever "overhead" lxc has -- but without
> basically duplicating a full install.

In practice, it will be MUCH more than "a few bytes". Anything the
container writes to (e.g. /var/log/messages, /var/lib/mysql/*) will be
copied and disconnected from the original.

What is your primary goal?

If it's space saving, then IMHO the best option would be to use
zfs/btrfs for your host, with compression enabled, and then clone it
for the container's fs. The space savings thru clone will be visible
as long as you do NOT upgrade packages on the host or container. The
savings thru compression will always be visible.

If it's "installing/upgrading a package on the host will also install
it on the container", then your best choice would probably be to use
read-only bind mounts. By bind-mounting only /usr, /bin, and /sbin,
most package install/upgrade on the host should be usable on the
container as well, as long as you also take necessary steps to
manually sync non-bind directories (e.g. /etc) and run the necssary
post-install steps (e.g. create users). Personally I find this too
much of a hassle, so I just use zfs + compression + clone.

-- 
Fajar