This chapter explains the installation steps for LXC and LXD in Ubuntu GNU/Linux. If you have already installed LXC and LXD and have a working setup, then you can safely skip this chapter.
LXC is supported by all modern GNU/Linux distributions, and there should already be an LXC package available from the standard package repositories for your distro.
The installation, illustrations, and examples throughout this book demonstrate version 2.0.7 of the LXC userspace tools and version 2.12 of LXD. These are the default versions available in the Ubuntu Zesty Zapus (17.04) release, as of this writing. The host operating system used here is Ubuntu Zesty Zapus (17.04) unless otherwise specified.
LXC Installation
LXC installation involves the installation of userspace tools to deploy containers using the underlying kernel features. The following components are installed in a typical LXC installation:
Set of userspace tools
Templates
Libraries
Language bindings
There are two versions of the LXC userspace tools currently supported by upstream:
LXC 1.0 (supported until June 1, 2019)
LXC 2.0 (supported until June 1, 2021)
Installing LXC on Ubuntu
As in any Ubuntu-based system that is rich with packages from a default package repository, the installation of LXC involves the following command to install LXC userspace tools:
Note
Ubuntu is a Debian-based distro. The same installation method applies for any Debian-based GNU/Linux distro. In case of a non-Debian-based distro, look for the method of installing LXC through its respective package manager.
$ sudo apt install lxcReading package lists... DoneBuilding dependency treeReading state information... DoneThe following additional packages will be installed:bridge-utils cloud-image-utils debootstrap distro-info dns-root-datadnsmasq-base libaio1 libboost-random1.62.0 libiscsi7 liblxc1 libpam-cgfslibrados2 librbd1 lxc-common lxc-templates lxc1 lxcfs python3-lxcqemu-block-extra qemu-utils sharutils uidmapSuggested packages:cloud-utils-euca shunit2 qemu-user-static btrfs-tools lvm2 lxctlsharutils-doc bsd-mailx | mailxThe following NEW packages will be installed:bridge-utils cloud-image-utils debootstrap distro-info dns-root-datadnsmasq-base libaio1 libboost-random1.62.0 libiscsi7 liblxc1 libpam-cgfslibrados2 librbd1 lxc lxc-common lxc-templates lxc1 lxcfs python3-lxcqemu-block-extra qemu-utils sharutils uidmap0 upgraded, 23 newly installed, 0 to remove and 0 not upgraded.Need to get 6,255 kB of archives.After this operation, 25.6 MB of additional disk space will be used.Do you want to continue? [Y/n] yGet:1 http://in.archive.ubuntu.com/ubuntu zesty/main amd64 bridge-utils amd64 1.5-9ubuntu2 [29.2 kB]----------OUTPUT TRUNCATED----------Setting up librbd1 (10.2.7-0ubuntu0.17.04.1) ...Setting up qemu-block-extra:amd64 (1:2.8+dfsg-3ubuntu2.2) ...Setting up qemu-utils (1:2.8+dfsg-3ubuntu2.2) ...Setting up cloud-image-utils (0.30-0ubuntu2) ...Setting up liblxc1 (2.0.7-0ubuntu2) ...Setting up python3-lxc (2.0.7-0ubuntu2) ...Setting up lxc-common (2.0.7-0ubuntu2) ...Setting up lxc1 (2.0.7-0ubuntu2) ...Created symlink /etc/systemd/system/multi-user.target.wants/lxc-net.service → /lib/systemd/system/lxc-net.service.Created symlink /etc/systemd/system/multi-user.target.wants/lxc.service → /lib/systemd/system/lxc.service.Setting up lxc dnsmasq configuration.Setting up lxc (2.0.7-0ubuntu2) ...Setting up lxc-templates (2.0.7-0ubuntu2) ...Processing triggers for libc-bin (2.24-9ubuntu2) ...Processing triggers for systemd (232-21ubuntu3) ...Processing triggers for ureadahead (0.100.0-19) ...$
Note
It is recommended to apt update and apt upgrade the Ubuntu Zesty host system before installing LXC packages to get the latest version of packages that LXC depends on directly or indirectly.
After installing LXC as just shown, the following commands will be available in the host system:
lxc-attach lxc-create lxc-snapshotlxc-autostart lxc-destroy lxc-startlxc-cgroup lxc-device lxc-start-ephemerallxc-checkconfig lxc-execute lxc-stoplxc-checkpoint lxc-freeze lxc-toplxc-clone lxcfs lxc-unfreezelxc-config lxc-info lxc-unsharelxc-console lxc-ls lxc-usernsexeclxc-copy lxc-monitor lxc-wait
Each of the preceding commands has its own dedicated manual (man) page, which provides a handy reference for the usage of, available options for, and additional information about the command.
For LXC userspace tools to work properly in the host operating system, you must ensure that all the kernel features required for LXC support are enabled in the running host kernel. This can be verified using lxc-checkconfig, provided by the LXC package that you just installed. Everything listed in the lxc-checkconfig command output should have the status enabled; otherwise, try restarting the system. Sample output of the lxc-checkconfig command is as follows:
$ lxc-checkconfigKernel configuration not found at /proc/config.gz; searching...Kernel configuration found at /boot/config-4.10.0-22-generic--- Namespaces ---Namespaces: enabledUtsname namespace: enabledIpc namespace: enabledPid namespace: enabledUser namespace: enabledNetwork namespace: enabled--- Control groups ---Cgroup: enabledCgroup clone_children flag: enabledCgroup device: enabledCgroup sched: enabledCgroup cpu account: enabledCgroup memory controller: enabledCgroup cpuset: enabled--- Misc ---Veth pair device: enabledMacvlan: enabledVlan: enabledBridges: enabledAdvanced netfilter: enabledCONFIG_NF_NAT_IPV4: enabledCONFIG_NF_NAT_IPV6: enabledCONFIG_IP_NF_TARGET_MASQUERADE: enabledCONFIG_IP6_NF_TARGET_MASQUERADE: enabledCONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabledFUSE (for use with lxcfs): enabled--- Checkpoint/Restore ---checkpoint restore: enabledCONFIG_FHANDLE: enabledCONFIG_EVENTFD: enabledCONFIG_EPOLL: enabledCONFIG_UNIX_DIAG: enabledCONFIG_INET_DIAG: enabledCONFIG_PACKET_DIAG: enabledCONFIG_NETLINK_DIAG: enabledFile capabilities: enabledNote : Before booting a new kernel, you can check its configurationusage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig$
Note
The host system where the LXC package is installed in the preceding example runs the “Linux 4.10.0-22-generic #24-Ubuntu SMP Mon May 22 17:43:20 UTC 2017 x86_64 GNU/Linux” Linux kernel version available as the default from Ubuntu Zesty Zapus installation without any modifications to the Linux kernel or the host system.
LXC Default Configuration
/etc/lxc/default.conf is the default configuration file for LXC installed using the standard Ubuntu packages. This configuration file supplies the default configuration for all containers created on the host system. Container-specific overrides can be configured in an individual container’s configuration file, typically found in /var/lib/lxc/{container-name}/config.
The default configuration file /etc/lxc/default.conf contains the following lines after installation:
$ cat /etc/lxc/default.conflxc.network.type = vethlxc.network.link = lxcbr0lxc.network.flags = uplxc.network.hwaddr = 00:16:3e:xx:xx:xx$
The networking will be set up as a virtual Ethernet connection type—that is, veth from the network bridge lxcbr0 for each container that will get created.
Networking Setup for LXC
By default, a container runs an isolated operating system environment. If the operating system should communicate with systems outside the container, you will need to configure networking for it. Ubuntu Zesty’s LXC package includes a default networking setup for LXC using a bridge.
If your operating system does not include a default networking setup, then the following sections will be useful. There is more than one way of setting up the network for LXC depending upon your networking needs. Let’s look at a couple of easy methods to do this.
Using a Bridge
The latest LXC package has some default networking scripts that get enabled to set up bridge networking for LXC containers. This could be configured by creating a configuration file /etc/default/lxc-net containing the following settings:
Note
Install bridge-utils (if it is not already installed) by using the following command. The bridge-utils package provides related tools to establish a bridge network.
$ sudo apt install bridge-utilsUSE_LXC_BRIDGE="true"
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.0.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.0.0/24"
LXC_DHCP_RANGE="10.0.0.2,10.0.0.254"
LXC_DHCP_MAX="253"
LXC_DHCP_CONFILE=""
LXC_DOMAIN=""With these settings , a default bridged network will be created for every container that is created in the host system with the help of the script /usr/lib/x86_64-linux-gnu/lxc/lxc-net.
Note
The file /etc/default/lxc-net is not available after installation of the LXC package and it should be created by the user.
Alternatively, edit the file /etc/lxc/default.conf and replace the following content
lxc.network.type = emptywith
lxc.network.type = vethlxc.network.link = lxcbr0lxc.network.flags = uplxc.network.hwaddr = 00:18:5e:xx:xx:xx
These settings will cause each newly created container to use networking based on the lxc-net service.
With either of the preceding configurations in place, start or restart the lxc-net service as follows:
$ sudo service lxc-net restartThis will ensure networking is available for each container that gets created on the host system.
Using the libvirt Default Network
This method is recommended over setting up network using a bridge. Using a bridged network can get complicated at times, especially if you are testing using a laptop and you need to bridge the Wi-Fi network interface (if one is available). Bridging a Wi-Fi network interface is a tedious process and involves a lot of configuration, where libvirt can simplify network setup significantly, particularly in difficult situations like this.
Install the required packages and start the virtual bridge:
$ sudo apt install libvirt-clients libvirt-daemon-system ebtables dnsmasq$ sudo virsh net-start default$ /sbin/ifconfig -a
There should be a new virtual bridge seen as follows:
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:ad:2c:7a txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Link all your containers to the new virtual bridge by editing /etc/lxc/default.conf to read:
$ sudo cat /etc/lxc/default.conflxc.network.type = vethlxc.network.flags = uplxc.network.link = virbr0
Next, make the default virtual network bridge interface automatically start when the host boots:
$ sudo virsh net-autostart default$ sudo virsh net-info defaultName: defaultUUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxActive: yesPersistent: yesAutostart: yesBridge: virbr0
Other Resources
The following other useful resources may help you set up networking for LXC in Debian-based operating systems :
Network setup: https://wiki.debian.org/LXC#network_setup
Simple bridge: https://wiki.debian.org/LXC/SimpleBridge
Masqueraded bridge: https://wiki.debian.org/LXC/MasqueradedBridge
VLAN networking: https://wiki.debian.org/LXC/VlanNetworking
LXD Installation
LXD provides a new and better user experience to LXC by building on top of LXC. LXD uses liblxc and its Go language bindings to create and manage containers.
LXD is made of three components:
A system-wide daemon (lxd)
A command-line client (lxc)
An OpenStack Nova plugin (nova-compute-lxd)
LXD is supported very well in Ubuntu-based distributions, but it is not packaged for Debian yet. The latest available version of the LXD package in Ubuntu Zesty Zapus (17.04) is 2.12.
LXC Requirements for LXD
LXD 2.x requires LXC 2.0.0 or higher with the following build options:
apparmor (if using LXD’s apparmor support)
seccomp
To run the recent version of various distributions, including Ubuntu, LXCFS should also be installed.
Installing LXD on Ubuntu
On a Ubuntu system with a large repository of packages, the installation of LXD involves the following command. This installation uses an Ubuntu Zesty Zapus (17.04) host; the latest available version of LXD there is 2.12.
$ sudo apt install lxdReading package lists... DoneBuilding dependency treeReading state information... DoneThe following additional packages will be installed:ebtables libgolang-1.7-std1 libgolang-github-gorilla-context1libgolang-github-gorilla-mux1 libgolang-github-gorilla-websocket1libgolang-github-gosexy-gettext1 libgolang-github-mattn-go-colorable1libgolang-github-mattn-go-sqlite3-1 libgolang-github-olekukonko-tablewriter1libgolang-github-pborman-uuid1 libgolang-gocapability1libgolang-golang-x-crypto1 libgolang-golang-x-net1 libgolang-golang-x-text1libgolang-gopkg-flosch-pongo2.v3-1libgolang-gopkg-inconshreveable-log15.v2-1 libgolang-gopkg-lxc-go-lxc.v2-1libgolang-gopkg-tomb.v2-1 libgolang-gopkg-yaml.v2-1 libgolang-goprotobuf1libgolang-petname1 lxd-clientSuggested packages:criu lxd-toolsThe following NEW packages will be installed:ebtables libgolang-1.7-std1 libgolang-github-gorilla-context1libgolang-github-gorilla-mux1 libgolang-github-gorilla-websocket1libgolang-github-gosexy-gettext1 libgolang-github-mattn-go-colorable1libgolang-github-mattn-go-sqlite3-1 libgolang-github-olekukonko-tablewriter1libgolang-github-pborman-uuid1 libgolang-gocapability1libgolang-golang-x-crypto1 libgolang-golang-x-net1 libgolang-golang-x-text1libgolang-gopkg-flosch-pongo2.v3-1libgolang-gopkg-inconshreveable-log15.v2-1 libgolang-gopkg-lxc-go-lxc.v2-1libgolang-gopkg-tomb.v2-1 libgolang-gopkg-yaml.v2-1 libgolang-goprotobuf1libgolang-petname1 lxd lxd-client0 upgraded, 23 newly installed, 0 to remove and 0 not upgraded.Need to get 11.7 MB of archives.After this operation, 56.6 MB of additional disk space will be used.Do you want to continue? [Y/n] yGet:1 http://in.archive.ubuntu.com/ubuntu zesty/main amd64 ebtables amd64 2.0.10.4-3.5ubuntu1 [80.1 kB]----------OUTPUT TRUNCATED----------Unpacking libgolang-goprotobuf1 (0.0∼git20161116.0.224aaba-3ubuntu1) ...Selecting previously unselected package lxd.Preparing to unpack .../22-lxd_2.12-0ubuntu3_amd64.deb ...Adding system user `lxd' (UID 126) ...Adding new user `lxd' (UID 126) with group `nogroup' ...Creating home directory `/var/lib/lxd/' ...Adding group `lxd' (GID 133) ...Done.Unpacking lxd (2.12-0ubuntu3) ...Processing triggers for ureadahead (0.100.0-19) ...Setting up libgolang-1.7-std1 (1.7.4-2ubuntu1) ...Setting up libgolang-gopkg-flosch-pongo2.v3-1 (3.0+git20141028.0.5e81b81-0ubuntu7) ...Setting up libgolang-github-mattn-go-sqlite3-1 (1.1.0∼dfsg1-2ubuntu4) ...Processing triggers for libc-bin (2.24-9ubuntu2) ...Setting up libgolang-gopkg-lxc-go-lxc.v2-1 (0.0∼git20161126.1.82a07a6-0ubuntu3) ...Processing triggers for systemd (232-21ubuntu3) ...Setting up ebtables (2.0.10.4-3.5ubuntu1) ...Created symlink /etc/systemd/system/multi-user.target.wants/ebtables.service → /lib/systemd/system/ebtables.service.----------OUTPUT TRUNCATED----------Setting up lxd (2.12-0ubuntu3) ...Created symlink /etc/systemd/system/multi-user.target.wants/ → lxd-containers.service/lib/systemd/system/lxd-containers.service.Created symlink /etc/systemd/system/sockets.target.wants/lxd.socket → /lib/systemd/system/lxd.socket.Setting up lxd dnsmasq configuration.To go through the initial LXD configuration, run: lxd initProcessing triggers for libc-bin (2.24-9ubuntu2) ...Processing triggers for systemd (232-21ubuntu3) ...Processing triggers for ureadahead (0.100.0-19) ...$
Note
It is recommended to apt update and apt upgrade the Ubuntu host system before installing LXD packages in order to get the latest version of packages that LXD depends on directly or indirectly.
A new lxd group is created by the package, to control access to the lxd service. All the users in the admin and sudoers groups on your host system will be automatically added to this group, for convenience. If you need to grant lxd access to any other users, add them to the lxd group too.
To continue interaction with lxd from your current shell session, use the following command:
$ groupsstylesen adm cdrom sudo dip plugdev lpadmin sambashare$ newgrp lxd$ groupslxd adm cdrom sudo dip plugdev lpadmin sambashare stylesen$
Otherwise, you must close the current shell session and start a new one that has the correct group membership applied as it starts.
As the package installation stated, run the lxd init command to go through initial configuration of LXD. If you are satisfied with the default values, just press Enter to accept them and start the lxd service. The following output is a sample initial configuration run for lxd:
$ sudo lxd initDo you want to configure a new storage pool (yes/no) [default=yes]?Name of the new storage pool [default=default]:Name of the storage backend to use (dir) [default=dir]:Would you like LXD to be available over the network (yes/no) [default=no]? yesAddress to bind LXD to (not including port) [default=all]:Port to bind LXD to [default=8443]:Trust password for new clients:Again:Would you like stale cached images to be updated automatically (yes/no) [default=yes]?Would you like to create a new network bridge (yes/no) [default=yes]?What should the new bridge be called [default=lxdbr0]?What IPv4 address should be used (CIDR subnet notation, "auto" or "none") [default=auto]?What IPv6 address should be used (CIDR subnet notation, "auto" or "none") [default=auto]?LXD has been successfully configured.$
Remember the trust password you previously supplied, which will be used by clients to contact this LXD server. If at a later time you have forgotten the trust password that you set during lxd init, you can run the following command from the LXD server to set a new password, where secret-password will be your new password:
$ sudo lxc config set core.trust_password secret-passwordSummary
It is very easy to install LXC and LXD in any Ubuntu- or Debian-based distribution using the package repositories of these distributions. It should be similarly easy to install and configure LXC and LXD in other common distributions too.