Run LXC CentOS 8 container with bridged network under CentOS 8

Author:

The LXC container software comes to CentOS 8 with the EPEL 8 repository. LXC is a multiprocesses container, which offers to boot a Linux distribution under container isolation. It is very similar to systemd-nspawn and a bit different from docker containers. LXC containers are used when multiple processes are needed under one container only. In most cases, the LXC container is a fully-featured Linux distribution (systemd or SysV, i.e. init) booted under a Linux container.
There are several major differences between docker/podman containers and LXC:

  • Multiprocesses.
  • Easy configuration modification. Even hot-plugin supported.
  • Unprivileged Linux containers.
  • Complex network setups. Multiple network interfaces connected to different networks, for example.
  • Live systemd, i.e. systemd or SysV init are booted as usual. Much of the software rellies on systemd/udev features and in many cases, it is really hard to run a software without a systemd or init process

Here are the steps to boot a CentOS 8 container under CentOS 8 host server:

STEP 1) Install EPEL repository.

EPEL CentOS 8 repository now includes LXC 3.0 software.

dnf install -y epel-release

STEP 2) Install LXC software and start LXC service.

At present, the LXC software version is 3.0.4. The package lxc-templates includes template scripts to create a Linux distribution environment like CentOS, Ubuntu, Debian, Gentoo, ArchLinux, Oracle, Alpine, and many others and it also includes the configuration templates to start these Linux distributions.

dnf install -y lxc lxc-templates
dnf install -y wget tar

The wget and tar are required if LXC templates installation is going to be performed.

STEP 3) Create a CentOS 8 container with the help of LXC templates and run it.

Use the lxc-templates to prepare a CentOS 8 container environment. The currently available containers are listed here http://images.linuxcontainers.org/. Check out the URL and choose the right container. Here the CentOS 8 amd64 is used.

lxc-create --template download -n mycontainer -- --dist centos --release 8 --arch amd64 --keyserver hkp://keyserver.ubuntu.com


Quite often there are errors related to the GPG keys, so a working and trusted server “–keyserver hkp://keyserver.ubuntu.com” is used.
The lxc-create commands downloads the CentOS 8 x86_64 templates and it installs the CentOS 8 minimal files undex “/var/lib/lxc/mycontainer/rootfs”:

[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/
total 16
drwxr-xr-x. 18 root root 4096 Oct 11 07:22 rootfs
-rw-r-----.  1 root root  765 Oct 11 11:49 config
drwxrwx---.  3 root root 4096 Oct 11 11:49 .
drwxr-xr-x.  4 root root 4096 Oct 11 11:53 ..
[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/rootfs/
total 72
drwxrwxrwt.  2 root root 4096 Nov  3  2020 tmp
dr-xr-xr-x.  2 root root 4096 Nov  3  2020 sys
drwxr-xr-x.  2 root root 4096 Nov  3  2020 srv
lrwxrwxrwx.  1 root root    8 Nov  3  2020 sbin -> usr/sbin
dr-xr-xr-x.  2 root root 4096 Nov  3  2020 proc
drwxr-xr-x.  2 root root 4096 Nov  3  2020 opt
drwxr-xr-x.  2 root root 4096 Nov  3  2020 mnt
drwxr-xr-x.  2 root root 4096 Nov  3  2020 media
lrwxrwxrwx.  1 root root    9 Nov  3  2020 lib64 -> usr/lib64
lrwxrwxrwx.  1 root root    7 Nov  3  2020 lib -> usr/lib
drwxr-xr-x.  2 root root 4096 Nov  3  2020 home
lrwxrwxrwx.  1 root root    7 Nov  3  2020 bin -> usr/bin
drwxr-xr-x. 12 root root 4096 Oct 11 07:12 usr
dr-xr-xr-x.  4 root root 4096 Oct 11 07:13 boot
drwxr-xr-x. 19 root root 4096 Oct 11 07:13 var
drwxr-xr-x. 12 root root 4096 Oct 11 07:13 run
dr-xr-x---.  2 root root 4096 Oct 11 07:15 root
drwxr-xr-x.  2 root root 4096 Oct 11 07:15 selinux
drwxr-xr-x. 18 root root 4096 Oct 11 07:22 .
drwxr-xr-x.  3 root root 4096 Oct 11 11:49 dev
drwxr-xr-x. 66 root root 4096 Oct 11 11:49 etc
drwxrwx---.  3 root root 4096 Oct 11 11:49 ..
[root@srv ~]#

The create command installs a configuration file /var/lib/lxc/mycontainer/config with predefined parameters:

# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist centos --release 8 --arch amd64 --keyserver hkp://keyserver.ubuntu.com
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = x86_64

# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/loganalyzer/rootfs
lxc.uts.name = loganalyzer

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:e6:af:1e

Start and enable lxc service. It is responsible for the Autoload feature.

[root@srv ~]# systemctl start lxc
[root@srv ~]# systemctl enable lxc
Created symlink /etc/systemd/system/multi-user.target.wants/lxc.service → /usr/lib/systemd/system/lxc.service.

STEP 4) Additional host configuration.

To enable the autostart of the LXC container just add the following lines to the configuration:

# Autostart
lxc.group = onboot
lxc.start.auto = 1
lxc.start.delay = 10

The Autostart executes immediately after the lxc service is started.
To create a bridge device (just follow this article – Replace current interface configuration with a bridge device using nmcli (NetworkManager)).
Or use the following commands for just a bridged device of the internal network – multiple LXC containers will share an internal local network in the server. Internet could be routed to the bridge device with the firewall-cmd command

nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "10.10.10.1/24"
nmcli connection up br0
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload

In this case, the bridge device is used only in the server and no MAC addresses (of the bridge device or the LXC containers) are visible in the network connected to the router network interface of the server (if any).
The LXC configuration file /var/lib/lxc/mycontainer/config will look like:

# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist centos --release 8 --arch amd64 --keyserver hkp://keyserver.ubuntu.com
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = x86_64

# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/loganalyzer/rootfs
lxc.uts.name = loganalyzer

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:e6:af:1e

# Autostart
lxc.group = onboot
lxc.start.auto = 1
lxc.start.delay = 10

STEP 5) LXC network configuration.

By default a DHCP configuration is used when the LXC container boots. To set a static IP just edit the network configuration file of the LXC container /var/lib/lxc/mycontainer/rootfs/etc/sysconfig/network-scripts/ifcfg-eth0. By default the container’s network interface is with name eth0 and the NetworkManager is not used (when installing from the LXC templates!):

DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HOSTNAME=mycontainer
TYPE=Ethernet
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
UUID=09497bbf-da59-42b7-a72c-d69355760b36
IPADDR=10.10.10.2
PREFIX=24
GATEWAY=10.10.10.1
DNS1=8.8.8.8
DNS2=1.1.1.1

STEP 6) Start the LXC container.

Start the container with:

lxc-start -n mycontainer

Log in using the login console. Reset the container root password with chroot:

[root@srv ~]# chroot /var/lib/lxc/mycontainer/rootfs/
[root@srv /]# passwd
Changing password for user root.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@srv /]# exit
[root@srv ~]# 

And login using the console:

[root@srv ~]# lxc-console -n mycontainer

Connected to tty 1
Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself

CentOS Linux 8
Kernel 4.18.0-338.el8.x86_64 on an x86_64

mycontainer login: root
Password: 
[root@mycontainer ~]# ps axuf
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.1  0.5 101384 11112 ?        Ss   01:44   0:00 /sbin/init
root         403  0.0  0.4 100812  8304 ?        Ss   01:44   0:00 /usr/lib/systemd/systemd-journald
dbus         408  0.0  0.2  54052  4104 ?        Ss   01:44   0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root         409  0.0  0.4  92716  7924 ?        Ss   01:44   0:00 /usr/lib/systemd/systemd-logind
root         642  0.0  0.2 211596  4828 ?        Ssl  01:44   0:00 /usr/sbin/rsyslogd -n
root         646  0.0  0.1 219240  2168 pts/2    Ss+  01:44   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/2 115200,38400,9600 vt220
root         647  0.0  0.1 235584  3420 ?        Ss   01:44   0:00 /usr/sbin/crond -n
root         648  0.0  0.3 315816  5608 ?        Ss   01:44   0:00 login -- root
root         661  0.0  0.2 224772  3856 pts/0    Ss   01:46   0:00  \_ -bash
root         680  0.0  0.2 257388  3840 pts/0    R+   01:46   0:00      \_ ps axuf
root         649  0.0  0.1 219240  2156 pts/1    Ss+  01:44   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/1 115200,38400,9600 vt220
root         650  0.0  0.1 219240  2212 pts/1    Ss+  01:44   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 vt220
root         651  0.0  0.1 219240  2156 pts/3    Ss+  01:44   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/3 115200,38400,9600 vt220
root         655  0.7  0.5 100696  9800 ?        Ss   01:46   0:00 /usr/lib/systemd/systemd --user
root         656  0.0  0.1 143480  2364 ?        S    01:46   0:00  \_ (sd-pam)
[root@mycontainer ~]#

Bonus 1) Start the LXC container in foreground to see the booting.

[root@srv ~]# lxc-start -F -n mycontainer
lxc-start: loganalyzer: start.c: proc_pidfd_open: 1607 Function not implemented - Failed to send signal through pidfd
                                                                                                                     systemd 239 (239-45.el8_4.3) running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to CentOS Linux 8!

Failed to install release agent, ignoring: No such file or directory
[  OK  ] Created slice system-container\x2dgetty.slice.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Created slice system-getty.slice.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Reached target Slices.
[  OK  ] Listening on Process Core Dump Socket.
[  OK  ] Listening on Journal Socket (/dev/log).
[  OK  ] Started Forward Password Requests to Wall Directory Watch.
[  OK  ] Reached target Swap.
[  OK  ] Listening on Journal Socket.
         Starting Apply Kernel Variables...
         Starting Journal Service...
         Starting Remount Root and Kernel File Systems...
         Starting Read and set NIS domainname from /etc/sysconfig/network...
         Mounting POSIX Message Queue File System...
[  OK  ] Listening on initctl Compatibility Named Pipe.
[  OK  ] Started Dispatch Password Requests to Console Directory Watch.
[  OK  ] Reached target Paths.
[  OK  ] Reached target Local Encrypted Volumes.
[  OK  ] Started Apply Kernel Variables.
[  OK  ] Started Read and set NIS domainname from /etc/sysconfig/network.
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Started Remount Root and Kernel File Systems.
[  OK  ] Reached target Local File Systems (Pre).
[  OK  ] Reached target Local File Systems.
         Starting Restore /run/initramfs on shutdown...
[  OK  ] Started Restore /run/initramfs on shutdown.
[  OK  ] Started Journal Service.
         Starting Flush Journal to Persistent Storage...
[  OK  ] Started Flush Journal to Persistent Storage.
         Starting Create Volatile Files and Directories...
[  OK  ] Started Create Volatile Files and Directories.
         Starting Update UTMP about System Boot/Shutdown...
[  OK  ] Started Update UTMP about System Boot/Shutdown.
[  OK  ] Reached target System Initialization.
[  OK  ] Started dnf makecache --timer.
[  OK  ] Started Daily Cleanup of Temporary Directories.
[  OK  ] Reached target Timers.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Reached target Sockets.
[  OK  ] Reached target Basic System.
         Starting LSB: Bring up/down networking...
[  OK  ] Started D-Bus System Message Bus.
         Starting Login Service...
[  OK  ] Started Login Service.
[  OK  ] Started LSB: Bring up/down networking.
[  OK  ] Reached target Network.
         Starting Permit User Sessions...
[  OK  ] Reached target Network is Online.
         Starting System Logging Service...
[  OK  ] Started System Logging Service.
[  OK  ] Started Permit User Sessions.
[  OK  ] Started Command Scheduler.
[  OK  ] Started Container Getty on /dev/pts/2.
[  OK  ] Started Container Getty on /dev/pts/3.
[  OK  ] Started Console Getty.
[  OK  ] Started Container Getty on /dev/pts/0.
[  OK  ] Started Container Getty on /dev/pts/1.
[  OK  ] Reached target Login Prompts.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...

CentOS Linux 8
Kernel 4.18.0-338.el8.x86_64 on an x86_64

mycontainer login: root
Password:
Last login: Sun Oct 11 11:53:52 on console
[root@mycontainer ~]# pstree
systemd─┬─4*[agetty]
        ├─crond
        ├─dbus-daemon
        ├─login───bash───pstree
        ├─rsyslogd───2*[{rsyslogd}]
        ├─systemd───(sd-pam)
        ├─systemd-journal
        └─systemd-logind
[root@mycontainer ~]# poweroff
[  OK  ] Stopped target Timers.
[  OK  ] Stopped target Graphical Interface.
[  OK  ] Stopped target Multi-User System.
         Stopping D-Bus System Message Bus...
         Stopping Command Scheduler...
[  OK  ] Stopped target Login Prompts.
         Stopping Container Getty on /dev/pts/0...
         Stopping Container Getty on /dev/pts/1...
         Stopping Restore /run/initramfs on shutdown...
         Stopping Container Getty on /dev/pts/2...
         Stopping User Manager for UID 0...
[  OK  ] Removed slice system-getty.slice.
[  OK  ] Stopped dnf makecache --timer.
         Stopping Session 5 of user root.
         Stopping Console Getty...
         Stopping System Logging Service...
[  OK  ] Stopped Daily Cleanup of Temporary Directories.
         Stopping Container Getty on /dev/pts/3...
[  OK  ] Stopped D-Bus System Message Bus.
[  OK  ] Stopped Container Getty on /dev/pts/3.
[  OK  ] Stopped Command Scheduler.
[  OK  ] Stopped Container Getty on /dev/pts/2.
[  OK  ] Stopped Container Getty on /dev/pts/1.
[  OK  ] Stopped Container Getty on /dev/pts/0.
[  OK  ] Stopped Restore /run/initramfs on shutdown.
[  OK  ] Removed slice system-container\x2dgetty.slice.
[  OK  ] Stopped Console Getty.
[  OK  ] Stopped Session 5 of user root.
         Stopping Login Service...
[  OK  ] Stopped Login Service.
[  OK  ] Stopped User Manager for UID 0.
         Stopping /run/user/0 mount wrapper...
[  OK  ] Removed slice User Slice of UID 0.
         Stopping Permit User Sessions...
[  OK  ] Unmounted /run/user/0.
[  OK  ] Reached target Unmount All Filesystems.
[  OK  ] Stopped Permit User Sessions.
[  OK  ] Stopped target Remote File Systems.
[  OK  ] Stopped /run/user/0 mount wrapper.
[  OK  ] Removed slice system-user\x2druntime\x2ddir.slice.
[  OK  ] Stopped System Logging Service.
[  OK  ] Stopped target Network is Online.
[  OK  ] Stopped target Network.
         Stopping LSB: Bring up/down networking...
[  OK  ] Stopped LSB: Bring up/down networking.
[  OK  ] Stopped target Basic System.
[  OK  ] Stopped target Paths.
[  OK  ] Stopped target Sockets.
[  OK  ] Closed D-Bus System Message Bus Socket.
[  OK  ] Stopped target Slices.
[  OK  ] Removed slice User and Session Slice.
[  OK  ] Stopped target System Initialization.
[  OK  ] Stopped Read and set NIS domainname from /etc/sysconfig/network.
         Stopping Update UTMP about System Boot/Shutdown...
[  OK  ] Stopped target Local Encrypted Volumes.
[  OK  ] Stopped Forward Password Requests to Wall Directory Watch.
[  OK  ] Stopped Dispatch Password Requests to Console Directory Watch.
[  OK  ] Stopped target Swap.
[  OK  ] Stopped Apply Kernel Variables.
[  OK  ] Stopped Update UTMP about System Boot/Shutdown.
[  OK  ] Stopped Create Volatile Files and Directories.
[  OK  ] Stopped target Local File Systems.
[  OK  ] Stopped target Local File Systems (Pre).
[  OK  ] Stopped Remount Root and Kernel File Systems.
[  OK  ] Reached target Shutdown.
[  OK  ] Reached target Final Step.
         Starting Power-Off...

Bonus 2) Processes on the host

[root@srv ~]# pstree
systemd-+-NetworkManager---2*[{NetworkManager}]
        |-agetty
        |-anacron
        |-auditd---{auditd}
        |-crond
        |-dbus-daemon---{dbus-daemon}
        |-firewalld---2*[{firewalld}]
        |-irqbalance---{irqbalance}
        |-login---bash---screen
        |-login---bash
        |-lxc-start---systemd-+-4*[agetty]
        |                     |-crond
        |                     |-dbus-daemon
        |                     |-login---bash
        |                     |-rsyslogd---2*[{rsyslogd}]
        |                     |-systemd-journal
        |                     `-systemd-logind
        |-polkitd---5*[{polkitd}]
        |-rsyslogd---2*[{rsyslogd}]
        |-sshd-+-sshd---sshd---bash---screen---screen---bash
        |      `-sshd---sshd---bash---pstree
        |-sssd-+-sssd_be
        |      `-sssd_nss
        |-systemd---(sd-pam)
        |-systemd-journal
        |-systemd-logind
        |-systemd-udevd
        `-tuned---4*[{tuned}]

Bonus 3) Installation and Running a CentOS 8 LXC container – the complete output

[root@srv ~]# dnf install -y epel-release
Last metadata expiration check: 0:00:59 ago on Mon Oct 11 11:43:18 2021.
Dependencies resolved.
==========================================================================================
 Package                     Architecture     Version              Repository        Size
==========================================================================================
Installing:
 epel-release                noarch           8-11.el8             extras            24 k
Installing weak dependencies:
 epel-next-release           noarch           8-11.el8             extras            11 k

Transaction Summary
==========================================================================================
Install  2 Packages

Total download size: 35 k
Installed size: 38 k
Downloading Packages:
(1/2): epel-next-release-8-11.el8.noarch.rpm              186 kB/s |  11 kB     00:00    
(2/2): epel-release-8-11.el8.noarch.rpm                   343 kB/s |  24 kB     00:00    
------------------------------------------------------------------------------------------
Total                                                      64 kB/s |  35 kB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                  1/1 
  Installing       : epel-release-8-11.el8.noarch                                     1/2 
  Installing       : epel-next-release-8-11.el8.noarch                                2/2 
  Running scriptlet: epel-next-release-8-11.el8.noarch                                2/2 
  Verifying        : epel-next-release-8-11.el8.noarch                                1/2 
  Verifying        : epel-release-8-11.el8.noarch                                     2/2 

Installed:
  epel-next-release-8-11.el8.noarch              epel-release-8-11.el8.noarch             

Complete!
[root@srv ~]# dnf install -y lxc lxc-templates
Extra Packages for Enterprise Linux 8 - x86_64            3.7 MB/s |  10 MB     00:02    
Extra Packages for Enterprise Linux Modular 8 - x86_64    747 kB/s | 956 kB     00:01    
Extra Packages for Enterprise Linux 8 - Next - x86_64     969 kB/s | 1.3 MB     00:01    
Last metadata expiration check: 0:00:01 ago on Mon Oct 11 11:46:07 2021.
Dependencies resolved.
==========================================================================================
 Package                 Architecture     Version                  Repository        Size
==========================================================================================
Installing:
 lxc                     x86_64           3.0.4-2.el8              epel             327 k
 lxc-templates           x86_64           3.0.4-2.el8              epel              28 k
Installing dependencies:
 lxc-libs                x86_64           3.0.4-2.el8              epel             463 k
 rsync                   x86_64           3.1.3-13.el8             baseos           405 k

Transaction Summary
==========================================================================================
Install  4 Packages

Total download size: 1.2 M
Installed size: 3.3 M
Downloading Packages:
(1/4): rsync-3.1.3-13.el8.x86_64.rpm                      1.4 MB/s | 405 kB     00:00    
(2/4): lxc-3.0.4-2.el8.x86_64.rpm                         923 kB/s | 327 kB     00:00    
(3/4): lxc-libs-3.0.4-2.el8.x86_64.rpm                    1.1 MB/s | 463 kB     00:00    
(4/4): lxc-templates-3.0.4-2.el8.x86_64.rpm               199 kB/s |  28 kB     00:00    
------------------------------------------------------------------------------------------
Total                                                     650 kB/s | 1.2 MB     00:01     
Extra Packages for Enterprise Linux 8 - x86_64            1.6 MB/s | 1.6 kB     00:00    
Importing GPG key 0x2F86D6A1:
 Userid     : "Fedora EPEL (8) <epel@fedoraproject.org>"
 Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                  1/1 
  Installing       : rsync-3.1.3-13.el8.x86_64                                        1/4 
  Installing       : lxc-libs-3.0.4-2.el8.x86_64                                      2/4 
  Running scriptlet: lxc-libs-3.0.4-2.el8.x86_64                                      2/4 
  Installing       : lxc-3.0.4-2.el8.x86_64                                           3/4 
  Installing       : lxc-templates-3.0.4-2.el8.x86_64                                 4/4 
  Running scriptlet: lxc-templates-3.0.4-2.el8.x86_64                                 4/4 
  Verifying        : rsync-3.1.3-13.el8.x86_64                                        1/4 
  Verifying        : lxc-3.0.4-2.el8.x86_64                                           2/4 
  Verifying        : lxc-libs-3.0.4-2.el8.x86_64                                      3/4 
  Verifying        : lxc-templates-3.0.4-2.el8.x86_64                                 4/4 

Installed:
  lxc-3.0.4-2.el8.x86_64    lxc-libs-3.0.4-2.el8.x86_64 lxc-templates-3.0.4-2.el8.x86_64
  rsync-3.1.3-13.el8.x86_64

Complete!
[root@srv ~]# dnf install -y wget tar
Last metadata expiration check: 0:05:36 ago on Mon Oct 11 11:46:07 2021.
Dependencies resolved.
==========================================================================================
 Package               Architecture     Version                 Repository           Size
==========================================================================================
Installing:
 tar                   x86_64           2:1.30-5.el8            baseos              838 k
 wget                  x86_64           1.19.5-10.el8           appstream           734 k
Installing dependencies:
 libmetalink           x86_64           0.1.3-7.el8             baseos               32 k

Transaction Summary
==========================================================================================
Install  3 Packages

Total download size: 1.6 M
Installed size: 5.6 M
Downloading Packages:
(1/3): libmetalink-0.1.3-7.el8.x86_64.rpm                  51 kB/s |  32 kB     00:00    
(2/3): wget-1.19.5-10.el8.x86_64.rpm                      961 kB/s | 734 kB     00:00    
(3/3): tar-1.30-5.el8.x86_64.rpm                          901 kB/s | 838 kB     00:00    
------------------------------------------------------------------------------------------
Total                                                     1.0 MB/s | 1.6 MB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                  1/1 
  Installing       : libmetalink-0.1.3-7.el8.x86_64                                   1/3 
  Installing       : wget-1.19.5-10.el8.x86_64                                        2/3 
  Running scriptlet: wget-1.19.5-10.el8.x86_64                                        2/3 
  Installing       : tar-2:1.30-5.el8.x86_64                                          3/3 
  Running scriptlet: tar-2:1.30-5.el8.x86_64                                          3/3 
  Verifying        : wget-1.19.5-10.el8.x86_64                                        1/3 
  Verifying        : libmetalink-0.1.3-7.el8.x86_64                                   2/3 
  Verifying        : tar-2:1.30-5.el8.x86_64                                          3/3 

Installed:
  libmetalink-0.1.3-7.el8.x86_64   tar-2:1.30-5.el8.x86_64   wget-1.19.5-10.el8.x86_64  

Complete!
[root@srv ~]# systemctl start lxc
[root@srv ~]# systemctl enable lxc
Created symlink /etc/systemd/system/multi-user.target.wants/lxc.service → /usr/lib/systemd/system/lxc.service.
[root@srv ~]# lxc-create --template download -n mycontainer -- --dist centos --release 8 --arch amd64 --keyserver hkp://keyserver.ubuntu.com
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs

---
You just created a Centos 8 x86_64 (20211011_07:08) container.
[root@srv ~]# chroot /var/lib/lxc/mycontainer/rootfs/
[root@srv /]# passwd
Changing password for user root.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@srv ~]# nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "10.10.10.1/24"
Connection 'br0' (7ea88895-141d-46b0-933d-c3da8c83d27b) successfully added.
[root@srv ~]# nmcli connection up br0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@srv ~]# firewall-cmd --permanent --add-masquerade
success
[root@srv ~]# firewall-cmd --reload
success
[root@srv ~]##1. Edit the configuration settings as detailed in the article. 2. Add the network configuration
[root@srv ~]# lxc-start -d -n mycontainer

Leave a Reply

Your email address will not be published. Required fields are marked *