LXC Configure Fedora Containers
In this post I will demonstrate how to use febootstrap to make a root file system (rootfs) for a LXC container using Fedora. This technique is working with Fedora 12 and rawhide. Rawhide is under development and will become Fedora 13, so use a rawhide container at your own risk.
Most of the commands in this tutorial are run as root. To obtain a root shell use:
su -
The working directory for this tutorial is /home/bodhi/lxc , so config.fedora and rootfs.fedora are both located in /home/bodhi/lxc
Note: Unless you are familiar with selinux, it may be helpful to disable selinux as you learn to use Linux Containers.
setenforce 0
Make a rootfs via febootstrap
# Fedora 12
febootstrap fedora-12 rootfs.fedora
# Rawhide
febootstrap rawhide rootfs.fedora
Configure the rootfs
Copy resolv.conf from host node to container
cp /etc/resolv.conf rootfs.fedora/etc
Fix devices
udev does not run in lxc containers, so you need to manually make the needed devices.
I use this script to configure the devices:
#!/bin/bash
# bodhi.zazen's lxc-config
# Makes default devices needed in lxc containers
# modified from http://lxc.teegra.net/
ROOT=$(pwd)
DEV=${ROOT}/dev
if [ $ROOT = '/' ]; then
printf "\033[22;35m\nDO NOT RUN ON THE HOST NODE\n\n"
tput sgr0
exit 1
fi
if [ ! -d $DEV ]; then
printf "\033[01;33m\nRun this script in rootfs\n\n"
tput sgr0
exit 1
fi
rm -rf ${DEV}
mkdir ${DEV}
mknod -m 666 ${DEV}/null c 1 3
mknod -m 666 ${DEV}/zero c 1 5
mknod -m 666 ${DEV}/random c 1 8
mknod -m 666 ${DEV}/urandom c 1 9
mkdir -m 755 ${DEV}/pts
mkdir -m 1777 ${DEV}/shm
mknod -m 666 ${DEV}/tty c 5 0
mknod -m 666 ${DEV}/tty0 c 4 0
mknod -m 666 ${DEV}/tty1 c 4 1
mknod -m 666 ${DEV}/tty2 c 4 2
mknod -m 666 ${DEV}/tty3 c 4 3
mknod -m 666 ${DEV}/tty4 c 4 4
mknod -m 600 ${DEV}/console c 5 1
mknod -m 666 ${DEV}/full c 1 7
mknod -m 600 ${DEV}/initctl p
mknod -m 666 ${DEV}/ptmx c 5 2
exit 0
The script is very slightly modified from This page and is saved in /usr/local/bin/lxc-config .
Make it executable :
chmod u+x /usr/local/bin/lxc-config
Run the script in rootfs.fedora
cd rootfs.fedora
/usr/local/bin/lxc-config # fix /dev
Generate a config file
I call it config.fedora . Make sure the following information is accurate:
container name (lxc.utsname)
network (lxc.network.ipv4)
rootfs (lxc.rootfs)
lxc.utsname = fedora
lxc.tty = 4
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.mtu = 1500
lxc.network.ipv4 = 192.168.0.0/24
lxc.rootfs = /home/bodhi/lxc/rootfs.fedora
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
# /dev/pts/* - pts namespaces are "coming soon"
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
Fix rootfs
touch rootfs.fedora/var/run/syslogd.pid
mkdir -p rootfs.fedora/var/lock/subsys
touch rootfs.fedora/var/lock/subsys/{atd,ip6tables,iptables,local,network,rsyslogd,sshd}
Disable udev
rm rootfs.fedora/etc/init.d/udev-post
edit rootfs.fedora/etc/rc.sysinit and comment out the start_udev line
# /sbin/start_udev
Set up fstab and mtab
touch rootfs.fedora/etc/{fstab,mtab}
echo "none /dev/pts devpts defaults 0 0" >> rootfs.fedora/etc/fstab
Configure networking
eth0
Using any editor, edit rootfs.fedora/etc/sysconfig/networking-scripts/ifcfg-eth0
set your ipaddress in this file, either via static or dhcp (I use static IP)
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HOSTNAME=fedora
TYPE=Ethernet
IPADDR=192.168.0.20
NETWORK=192.168.0.0
GATEWAY=192.168.0.1
BROADCAST=192.168.0.255
NETMASK=255.255.255.0
MTU=1500
DNS1=192.168.0.1
IPV6INIT=no
USERCTL=no
Using any editor, edit rootfs/etc/sysconfig/network
Add these two lines (adjust hostname):
NETWORKING=yes
HOSTNAME=fedora
Using any editor, edit rootfs/etc/rc.local
Add (was necessary to bring up the network in my Fedora containers).
service network restart
Remove tty5 and tty6
Fedora 12
cd rootfs.fedora/etc/event.d
rm tty{5,6}
Radhide: edit rootfs.fedora/etc/sysconfig/init
The very last line of the file reads "ACTIVE_CONSOLES=/dev/tty[1-6]" , change this to
ACTIVE_CONSOLES=/dev/tty[1-4]
Chroot and set a root password
chroot rootfs.fedora /bin/bash
passwd
Configure and start the container
lxc-create -f ~bodhi/lxc/config.fedora -n fedora
Disable selinux (on the host
setenforce 0
Start the container, watch for error messages
lxc-start -n fedora
Note: It takes some time for the container to boot ...
lxc-console or ssh in and set a locale
lxc-console -n fedora
In the container run:
yum -y reinstall glibc-common
#auditd is not woking, so turn it off
chkconfig auditd off
#sendmail is slow to start, so if you are not using it disable it
chkconfig sendmail off
Clean up container
From within the container
yum clean all
Stop the container
lxc-stop -n fedora
Optional : Clean unnecessary files
remove the febootstrap cache (if it exists). You may remove the shared doc and locales.
rm -rf rootfs/var/yum/cache/febootstrap
rm -rf rootfs/usr/share/locale/*
rm -rf rootfs/usr/share/doc/*
Posted in Linux
[...] Original post: Shadows of epiphany » Blog Archive » LXC Configure Fedora Containers [...]
Pingback by Shadows of epiphany » Blog Archive » LXC Configure Fedora Containers | Just linux! — February 5, 2010 @ 4:50 am
[...] LXC howto Jump to Comments KageSenshi’s HOWTO use Linux Containers (LXC) on Fedora 12 with libvirt is interesting. I discovered that they’re using febootstrap (see earlier postings) to build the Fedora root filesystem for the containers. [...]
Pingback by LXC howto « Richard WM Jones — March 3, 2010 @ 9:46 am