Run LXC Ubuntu 22.04 LTS container with bridged network under CentOS Stream 9

Author:

In continuation of the previous article Run LXC CentOS Stream 9 container with bridged network under CentOS Stream 9, this time the LXC container will be Ubuntu 22.04 LTS Jammy Jellyfish.
To receive a better understanding why to use LXC or a much detailed information of some steps in this article it is better to visit the previously mention article and the original Run LXC CentOS 8 container with bridged network under CentOS 8.

STEP 1) Install the needed software EPEL repository and the LXC and its dependencies

To install LXC software the EPEL CentOS Stream 9 repository must be installed. At present, the LXC included in CentOS Stream 9 EPEL repository is 4.0.

dnf install -y epel-release
dnf install -y lxc lxc-templates container-selinux
dnf install -y wget tar

lxc-templates uses template “download” to download different Linux distribution images from http://images.linuxcontainers.org/, which now redirects to http://uk.lxd.images.canonical.com/ (an Ubuntu lxd images mirror).
The container-selinux should be installed only if the host, i.e. the CentOS Stream 9 install, is with enabled SELinux. The packages offers additional SELinux rules or for the LXC and LXC tools like lxc-attach and more.

STEP 2) Create a Ubuntu 22.04 LTS with the help of LXC templates

[root@srv ~]# lxc-create --template download -n mycontainer -- --dist centos --release 9-Stream --arch amd64

In addition, there is a “–variant” option along with “--dist” and “--release” to specify which variant to install – default, cloud, desktop or other. There is a variant column in the table on the images’ page mentioned above.

The lxc-create commands downloads the Ubuntu 22.04 LTS x86_64 default image and it unpack the image under “/var/lib/lxc/mycontainer/rootfs”:

[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/
total 16
drwxr-xr-x. 17 root root 4096 Sep 27 07:47 rootfs
drwxr-xr-x.  3 root root 4096 Sep 28 09:36 ..
-rw-r-----.  1 root root  808 Sep 28 09:37 config
drwxrwx---.  3 root root 4096 Sep 28 09:37 .
[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/rootfs/
total 68
drwxr-xr-x.  2 root root 4096 Apr 18 10:28 sys
drwxr-xr-x.  2 root root 4096 Apr 18 10:28 proc
drwxr-xr-x.  2 root root 4096 Apr 18 10:28 boot
lrwxrwxrwx.  1 root root    7 Sep 27 07:43 bin -> usr/bin
lrwxrwxrwx.  1 root root    8 Sep 27 07:43 sbin -> usr/sbin
lrwxrwxrwx.  1 root root    7 Sep 27 07:43 lib -> usr/lib
lrwxrwxrwx.  1 root root    9 Sep 27 07:43 lib32 -> usr/lib32
lrwxrwxrwx.  1 root root    9 Sep 27 07:43 lib64 -> usr/lib64
lrwxrwxrwx.  1 root root   10 Sep 27 07:43 libx32 -> usr/libx32
drwx------.  2 root root 4096 Sep 27 07:43 root
drwxr-xr-x.  2 root root 4096 Sep 27 07:43 srv
drwxr-xr-x.  2 root root 4096 Sep 27 07:43 mnt
drwxr-xr-x.  2 root root 4096 Sep 27 07:43 opt
drwxr-xr-x.  2 root root 4096 Sep 27 07:43 media
drwxr-xr-x. 14 root root 4096 Sep 27 07:43 usr
drwxrwxrwt.  2 root root 4096 Sep 27 07:44 tmp
drwxr-xr-x. 12 root root 4096 Sep 27 07:44 var
drwxr-xr-x.  3 root root 4096 Sep 27 07:44 home
drwxr-xr-x.  2 root root 4096 Sep 27 07:45 run
drwxr-xr-x. 17 root root 4096 Sep 27 07:47 .
drwxr-xr-x.  3 root root 4096 Sep 28 09:37 dev
drwxr-xr-x. 62 root root 4096 Sep 28 09:37 etc
drwxrwx---.  3 root root 4096 Sep 28 09:37 ..

There is a warning at the bottom that this image comes without OpenSSH server installed and there is no root password set, so the user is locked. In the bonus sections there is the whole output of the commands proposed in the article, where these warnings may be seen.
The create command installs a configuration file /var/lib/lxc/mycontainer/config with predefined parameters:

# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist ubuntu --release jammy --arch amd64
# Template script checksum (SHA-1): 47a9fc1ce184c958ecafc88dfd5f21c06f728288
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64

# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/mycontainer/rootfs
lxc.uts.name = mycontainer

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:43:99:37

STEP 3) Additional host configuration.

To enable the autostart of the LXC container just add the following lines to the configuration:

# Autostart
lxc.group = onboot
lxc.start.auto = 1
lxc.start.delay = 10

The Autostart executes immediately after the LXC service is started.
To create a bridge device (just follow this article – Replace current interface configuration with a bridge device using nmcli (NetworkManager)).
Or use the following commands for just a bridged device of the internal network – multiple LXC containers will share an internal local network in the server. Internet could be routed to the bridge device with the firewall-cmd command

nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "10.10.10.1/24"
nmcli connection up br0
firewall-cmd --permanent --add-masquerade
firewall-cmd --permanent --add-forward
firewall-cmd --reload

In this case, the bridge device is used only in the server and no MAC addresses (of the bridge device or the LXC containers) are visible in the network connected to the router network interface of the server (if any).
The LXC configuration file /var/lib/lxc/mycontainer/config will look like:

# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist ubuntu --release jammy --arch amd64
# Template script checksum (SHA-1): 47a9fc1ce184c958ecafc88dfd5f21c06f728288
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64

# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/mycontainer/rootfs
lxc.uts.name = mycontainer

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:43:99:37

# Autostart
lxc.group = onboot
lxc.start.auto = 1
lxc.start.delay = 10

The bridge name changed to br0, which is created above with nmcli and the section Autostart is added to start LXC container, when the LXC service is started.

STEP 4) LXC network configuration.

Ubuntu 22.04 LTS uses netplan to configure the network interfaces. By default a DHCP configuration is used when the LXC container boots. To set a static IP just edit the network configuration file of the LXC container /var/lib/lxc/mycontainer/rootfs/etc/netplan/10-lxc.yaml from your host (or the same path, but without the /var/lib/lxc/mycontainer/rootfs when in the container). By default the container’s network interface is with name eth0. Here is what to use to create a network connection with eth0 interface, which netplan will activate it on boot of the container.
Modify the following configuration in /var/lib/lxc/mycontainer/rootfs/etc/netplan/10-lxc.yaml:

network:
  version: 2
  ethernets:
    eth0:
      addresses:
      - 10.10.10.2/24
      nameservers:
        addresses:
        - 8.8.8.8
        - 1.1.1.1
      routes:
      - to: default
        via: 10.10.10.1

STEP 5) Start the Ubuntu 22.04 LTS LXC container.

Start the LXC container with:

lxc-start -n mycontainer

Use lxc-attach to get inside of the LXC container as if logging in the system.

[root@srv ~]# lxc-attach -n mycontainer
root@mycontainer:~# hostnamectl
 Static hostname: mycontainer
       Icon name: computer-container
         Chassis: container
      Machine ID: bf8ea5b8558c49498638af0b068fea40
         Boot ID: 5993a3e8c8b64f6abc42eee1124c4cdb
  Virtualization: lxc
Operating System: Ubuntu 22.04.1 LTS              
          Kernel: Linux 5.14.0-165.el9.x86_64
    Architecture: x86-64
root@mycontainer:~# ps axuf
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         132  0.0  0.1  10232  4292 pts/5    Ss   11:17   0:00 /bin/bash
root         142  0.0  0.0  12640  1584 pts/5    R+   11:17   0:00  \_ ps axuf
root           1  0.0  0.2  17724 10440 ?        Ss   09:47   0:00 /sbin/init
root          40  0.0  0.2  31264 11116 ?        S<s  09:47   0:00 /lib/systemd/systemd-journald
systemd+      58  0.0  0.1  16116  6536 ?        Ss   09:47   0:00 /lib/systemd/systemd-networkd
systemd+      70  0.0  0.3  25260 12588 ?        Ss   09:47   0:00 /lib/systemd/systemd-resolved
root          73  0.0  0.0   9492  2988 ?        Ss   09:47   0:00 /usr/sbin/cron -f -P
message+      74  0.0  0.1   8428  4820 ?        Ss   09:47   0:00 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root          76  0.0  0.5  34328 19268 ?        Ss   09:47   0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
syslog        77  0.0  0.1 222400  5228 ?        Ssl  09:47   0:00 /usr/sbin/rsyslogd -n -iNONE
root          78  0.0  0.1  14900  6480 ?        Ss   09:47   0:00 /lib/systemd/systemd-logind
root          82  0.0  0.0   8396  1120 pts/0    Ss+  09:47   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 vt220
root         140  0.0  0.1  14684  6400 ?        Ss   11:17   0:00 /lib/systemd/systemd-hostnamed
[root@mycontainer ~]# exit
exit
[root@srv ~]#

The password could be reset using chroot or lxc-attach. The Ubuntu 22.04 LTS does not set passwords to root or the user ubuntu, which has administrative privileges.

[root@srv ~]# lxc-attach -n mycontainer
root@mycontainer:~# passwd ubuntu
New password: 
Retype new password: 
passwd: password updated successfully
root@mycontainer:~# exit
exit

Bonus 1) Start the LXC container in foreground to see the booting.

[root@srv ~]# lxc-start -F -n mycontainer
systemd 249.11-0ubuntu3.6 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
Detected virtualization lxc.
Detected architecture x86-64.

Welcome to Ubuntu 22.04.1 LTS!

Queued start job for default target Graphical Interface.
[  OK  ] Created slice Slice /system/modprobe.
[  OK  ] Created slice User and Session Slice.
[  OK  ] Started Dispatch Password Requests to Console Directory Watch.
[  OK  ] Started Forward Password Requests to Wall Directory Watch.
[  OK  ] Reached target Local Encrypted Volumes.
[  OK  ] Reached target Path Units.
[  OK  ] Reached target Remote File Systems.
[  OK  ] Reached target Slice Units.
[  OK  ] Reached target Swaps.
[  OK  ] Reached target Local Verity Protected Volumes.
[  OK  ] Listening on Syslog Socket.
[  OK  ] Listening on initctl Compatibility Named Pipe.
[  OK  ] Listening on Journal Socket (/dev/log).
[  OK  ] Listening on Journal Socket.
[  OK  ] Listening on Network Service Netlink Socket.
[  OK  ] Reached target Socket Units.
         Mounting POSIX Message Queue File System...
         Starting Journal Service...
         Starting Set the console keyboard layout...
         Starting Generate network units from Kernel command line...
         Starting Remount Root and Kernel File Systems...
         Starting Apply Kernel Variables...
[  OK  ] Mounted POSIX Message Queue File System.
[  OK  ] Finished Apply Kernel Variables.
[  OK  ] Finished Remount Root and Kernel File Systems.
[  OK  ] Started Journal Service.
         Starting Flush Journal to Persistent Storage...
         Starting Create System Users...
[  OK  ] Finished Generate network units from Kernel command line.
[  OK  ] Reached target Preparation for Network.
[  OK  ] Finished Create System Users.
[  OK  ] Reached target System Time Set.
         Starting Create Static Device Nodes in /dev...
[  OK  ] Finished Create Static Device Nodes in /dev.
         Starting Network Configuration...
[  OK  ] Finished Set the console keyboard layout.
[  OK  ] Reached target Preparation for Local File Systems.
[  OK  ] Reached target Local File Systems.
         Starting Set console font and keymap...
[  OK  ] Finished Set console font and keymap.
[  OK  ] Started Network Configuration.
         Starting Network Name Resolution...
[  OK  ] Finished Flush Journal to Persistent Storage.
         Starting Create Volatile Files and Directories...
[  OK  ] Finished Create Volatile Files and Directories.
         Starting Record System Boot/Shutdown in UTMP...
[  OK  ] Finished Record System Boot/Shutdown in UTMP.
[  OK  ] Reached target System Initialization.
[  OK  ] Started Daily apt download activities.
[  OK  ] Started Daily apt upgrade and clean activities.
[  OK  ] Started Daily dpkg database backup timer.
[  OK  ] Started Periodic ext4 Online Metadata Check for All Filesystems.
[  OK  ] Started Daily rotation of log files.
[  OK  ] Started Message of the Day.
[  OK  ] Started Daily Cleanup of Temporary Directories.
[  OK  ] Started Ubuntu Advantage Timer for running repeated jobs.
[  OK  ] Reached target Basic System.
[  OK  ] Reached target Timer Units.
[  OK  ] Listening on D-Bus System Message Bus Socket.
[  OK  ] Started Regular background program processing daemon.
[  OK  ] Started D-Bus System Message Bus.
[  OK  ] Started Save initial kernel messages after boot.
         Starting Dispatcher daemon for systemd-networkd...
         Starting System Logging Service...
         Starting User Login Management...
[  OK  ] Started Network Name Resolution.
[  OK  ] Reached target Network.
[  OK  ] Reached target Host and Network Name Lookups.
         Starting Permit User Sessions...
[  OK  ] Started System Logging Service.
[  OK  ] Finished Permit User Sessions.
[  OK  ] Started Console Getty.
[  OK  ] Created slice Slice /system/getty.
[  OK  ] Reached target Login Prompts.
[  OK  ] Started User Login Management.
[  OK  ] Started Dispatcher daemon for systemd-networkd.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Record Runlevel Change in UTMP...
[  OK  ] Finished Record Runlevel Change in UTMP.

Ubuntu 22.04.1 LTS mycontainer console

mycontainer login: ubuntu
Password: 
Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.14.0-165.el9.x86_64 x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@mycontainer:~$ sudo su
root@mycontainer:/home/ubuntu# poweroff
         Stopping Session 4 of User ubuntu...

Session terminated, killing shell...[  OK  ] Removed slice Slice /system/getty.
[  OK  ] Removed slice Slice /system/modprobe.
[  OK  ] Stopped target Graphical Interface.
[  OK  ] Stopped target Multi-User System.
[  OK  ] Stopped target Login Prompts.
[  OK  ] Stopped target Host and Network Name Lookups.
[  OK  ] Stopped target Timer Units.
[  OK  ] Stopped Daily apt upgrade and clean activities.
[  OK  ] Stopped Daily apt download activities.
[  OK  ] Stopped Daily dpkg database backup timer.
[  OK  ] Stopped Periodic ext4 Online Metadata Check for All Filesystems.
[  OK  ] Stopped Daily rotation of log files.
[  OK  ] Stopped Message of the Day.
[  OK  ] Stopped Daily Cleanup of Temporary Directories.
[  OK  ] Stopped Ubuntu Advantage Timer for running repeated jobs.
[  OK  ] Stopped target System Time Set.
         Stopping Console Getty...
         Stopping Regular background program processing daemon...
         Stopping Dispatcher daemon for systemd-networkd...
         Stopping System Logging Service...
[  OK  ] Stopped Regular background program processing daemon.
[  OK  ] Stopped Dispatcher daemon for systemd-networkd.
[  OK  ] Stopped System Logging Service.
[  OK  ] Stopped Console Getty.
[  OK  ] Stopped Session 4 of User ubuntu.
         Stopping User Login Management...
         Stopping User Manager for UID 1000...
[  OK  ] Stopped User Manager for UID 1000.
[  OK  ] Stopped User Login Management.
         Stopping User Runtime Directory /run/user/1000...
[  OK  ] Unmounted /run/user/1000.
[  OK  ] Reached target Unmount All Filesystems.
[  OK  ] Stopped User Runtime Directory /run/user/1000.
[  OK  ] Removed slice User Slice of UID 1000.
         Stopping Permit User Sessions...
[  OK  ] Stopped Permit User Sessions.
[  OK  ] Stopped target Basic System.
[  OK  ] Stopped target Network.
[  OK  ] Stopped target Path Units.
[  OK  ] Stopped target Remote File Systems.
[  OK  ] Stopped target Slice Units.
[  OK  ] Removed slice User and Session Slice.
[  OK  ] Stopped target Socket Units.
[  OK  ] Stopped target System Initialization.
[  OK  ] Stopped target Local Encrypted Volumes.
[  OK  ] Stopped Dispatch Password Requests to Console Directory Watch.
[  OK  ] Stopped Forward Password Requests to Wall Directory Watch.
[  OK  ] Stopped target Swaps.
[  OK  ] Stopped target Local Verity Protected Volumes.
[  OK  ] Closed Syslog Socket.
         Stopping Network Name Resolution...
         Stopping Record System Boot/Shutdown in UTMP...
[  OK  ] Stopped Network Name Resolution.
         Stopping Network Configuration...
[  OK  ] Stopped Record System Boot/Shutdown in UTMP.
[  OK  ] Stopped Create Volatile Files and Directories.
[  OK  ] Stopped target Local File Systems.
[  OK  ] Stopped target Preparation for Local File Systems.
[  OK  ] Stopped Create Static Device Nodes in /dev.
[  OK  ] Stopped Network Configuration.
[  OK  ] Stopped target Preparation for Network.
[  OK  ] Closed Network Service Netlink Socket.
[  OK  ] Stopped Apply Kernel Variables.
[  OK  ] Stopped Create System Users.
[  OK  ] Stopped Remount Root and Kernel File Systems.
[  OK  ] Reached target System Shutdown.
[  OK  ] Reached target Late Shutdown Services.
[  OK  ] Finished System Power Off.
[  OK  ] Reached target System Power Off.
Sending SIGTERM to remaining processes...
Sending SIGKILL to remaining processes...
All filesystems, swaps, loop devices, MD devices and DM devices detached.
Powering off.

Bonus 2) Processes on the host

[root@srv ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
        ├─agetty
        ├─auditd─┬─sedispatch
        │        └─2*[{auditd}]
        ├─chronyd
        ├─crond
        ├─dbus-broker-lau───dbus-broker
        ├─firewalld───3*[{firewalld}]
        ├─irqbalance───{irqbalance}
        ├─lxc-start───systemd─┬─agetty
        │                     ├─cron
        │                     ├─dbus-daemon
        │                     ├─networkd-dispat
        │                     ├─rsyslogd───3*[{rsyslogd}]
        │                     ├─systemd-journal
        │                     ├─systemd-logind
        │                     ├─systemd-network
        │                     └─systemd-resolve
        ├─mcelog
        ├─mdadm
        ├─polkitd───5*[{polkitd}]
        ├─rsyslogd───2*[{rsyslogd}]
        ├─sshd─┬─sshd───sshd───bash───pstree
        │      └─sshd───sshd───bash
        ├─systemd───(sd-pam)
        ├─systemd-journal
        ├─systemd-logind
        └─systemd-udevd

Bonus 3) Installation and Running a Ubuntu 22.04 LTS LXC container – the complete output

[root@srv ~]# dnf install -y epel-release
Last metadata expiration check: 0:00:19 ago on Wed 28 Sep 2022 09:25:04 AM UTC.
Dependencies resolved.
=========================================================================================
 Package                   Architecture   Version            Repository             Size
=========================================================================================
Installing:
 epel-release              noarch         9-2.el9            extras-common          17 k
Installing weak dependencies:
 epel-next-release         noarch         9-2.el9            extras-common         8.1 k

Transaction Summary
=========================================================================================
Install  2 Packages

Total download size: 25 k
Installed size: 26 k
Downloading Packages:
(1/2): epel-next-release-9-2.el9.noarch.rpm               26 kB/s | 8.1 kB     00:00    
(2/2): epel-release-9-2.el9.noarch.rpm                    53 kB/s |  17 kB     00:00    
-----------------------------------------------------------------------------------------
Total                                                     16 kB/s |  25 kB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                 1/1 
  Installing       : epel-release-9-2.el9.noarch                                     1/2 
  Installing       : epel-next-release-9-2.el9.noarch                                2/2 
  Running scriptlet: epel-next-release-9-2.el9.noarch                                2/2 
  Verifying        : epel-next-release-9-2.el9.noarch                                1/2 
  Verifying        : epel-release-9-2.el9.noarch                                     2/2 

Installed:
  epel-next-release-9-2.el9.noarch              epel-release-9-2.el9.noarch             

Complete!
[root@srv ~]# dnf install -y lxc lxc-templates container-selinux
Last metadata expiration check: 0:00:29 ago on Wed 28 Sep 2022 09:25:04 AM UTC.
Dependencies resolved.
=========================================================================================
 Package                  Architecture  Version                   Repository        Size
=========================================================================================
Installing:
 container-selinux        noarch        3:2.189.0-1.el9           appstream         49 k
 lxc                      x86_64        4.0.12-1.el9              epel             334 k
 lxc-templates            x86_64        4.0.12-1.el9              epel              19 k
Installing dependencies:
 lxc-libs                 x86_64        4.0.12-1.el9              epel             535 k

Transaction Summary
=========================================================================================
Install  4 Packages

Total download size: 936 k
Installed size: 2.6 M
Downloading Packages:
(1/4): lxc-4.0.12-1.el9.x86_64.rpm                       1.4 MB/s | 334 kB     00:00    
(2/4): lxc-templates-4.0.12-1.el9.x86_64.rpm             191 kB/s |  19 kB     00:00    
(3/4): lxc-libs-4.0.12-1.el9.x86_64.rpm                  1.2 MB/s | 535 kB     00:00    
(4/4): container-selinux-2.189.0-1.el9.noarch.rpm         59 kB/s |  49 kB     00:00    
-----------------------------------------------------------------------------------------
Total                                                    372 kB/s | 936 kB     00:02     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                 1/1 
  Installing       : lxc-libs-4.0.12-1.el9.x86_64                                    1/4 
  Running scriptlet: lxc-libs-4.0.12-1.el9.x86_64                                    1/4 
  Installing       : lxc-4.0.12-1.el9.x86_64                                         2/4 
  Installing       : lxc-templates-4.0.12-1.el9.x86_64                               3/4 
  Running scriptlet: container-selinux-3:2.189.0-1.el9.noarch                        4/4 
  Installing       : container-selinux-3:2.189.0-1.el9.noarch                        4/4 
  Running scriptlet: container-selinux-3:2.189.0-1.el9.noarch                        4/4 
  Verifying        : container-selinux-3:2.189.0-1.el9.noarch                        1/4 
  Verifying        : lxc-4.0.12-1.el9.x86_64                                         2/4 
  Verifying        : lxc-libs-4.0.12-1.el9.x86_64                                    3/4 
  Verifying        : lxc-templates-4.0.12-1.el9.x86_64                               4/4 

Installed:
  container-selinux-3:2.189.0-1.el9.noarch       lxc-4.0.12-1.el9.x86_64                
  lxc-libs-4.0.12-1.el9.x86_64                   lxc-templates-4.0.12-1.el9.x86_64      

Complete!
[root@srv ~]# dnf install -y wget tar
Last metadata expiration check: 0:01:09 ago on Wed 28 Sep 2022 09:25:04 AM UTC.
Package wget-1.21.1-7.el9.x86_64 is already installed.
Dependencies resolved.
=========================================================================================
 Package         Architecture       Version                     Repository          Size
=========================================================================================
Installing:
 tar             x86_64             2:1.34-5.el9                baseos             886 k

Transaction Summary
=========================================================================================
Install  1 Package

Total download size: 886 k
Installed size: 3.0 M
Downloading Packages:
tar-1.34-5.el9.x86_64.rpm                                1.0 MB/s | 886 kB     00:00    
-----------------------------------------------------------------------------------------
Total                                                    500 kB/s | 886 kB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                 1/1 
  Installing       : tar-2:1.34-5.el9.x86_64                                         1/1 
  Running scriptlet: tar-2:1.34-5.el9.x86_64                                         1/1 
  Verifying        : tar-2:1.34-5.el9.x86_64                                         1/1 

Installed:
  tar-2:1.34-5.el9.x86_64                                                                

Complete!
[root@srv ~]# systemctl enable lxc
Created symlink /etc/systemd/system/multi-user.target.wants/lxc.service → /usr/lib/systemd/system/lxc.service.
[root@srv ~]# systemctl start lxc
[root@srv ~]# systemctl status lxc
● lxc.service - LXC Container Initialization and Autoboot Code
     Loaded: loaded (/usr/lib/systemd/system/lxc.service; enabled; vendor preset: disabled)
     Active: active (exited) since Wed 2022-09-28 09:29:19 UTC; 1h 59min ago
       Docs: man:lxc-autostart
             man:lxc
    Process: 2990 ExecStartPre=/usr/libexec/lxc/lxc-apparmor-load (code=exited, status=0/SUCCESS)
    Process: 2991 ExecStart=/usr/libexec/lxc/lxc-containers start (code=exited, status=0/SUCCESS)
   Main PID: 2991 (code=exited, status=0/SUCCESS)
        CPU: 71ms

Sep 28 09:28:48 srv systemd[1]: Starting LXC Container Initialization and Autoboot Code...
Sep 28 09:29:19 srv systemd[1]: Finished LXC Container Initialization and Autoboot Code.
[root@srv ~]# nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "10.10.10.1/24"
Connection 'br0' (78b79eb2-81d7-48c6-9b17-943a420cd102) successfully added.
[root@srv ~]# nmcli connection up br0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@srv ~]# firewall-cmd --permanent --add-masquerade
success
[root@srv ~]# firewall-cmd --reload
success
[root@srv ~]# lxc-create --template download -n mycontainer -- --dist ubuntu --release jammy --arch amd64
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs

---
You just created an Ubuntu jammy amd64 (20220927_07:42) container.

To enable SSH, run: apt install openssh-server
No default root or user password are set by LXC.
[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/
total 16
drwxr-xr-x. 17 root root 4096 Sep 27 07:47 rootfs
drwxr-xr-x.  3 root root 4096 Sep 28 09:36 ..
-rw-r-----.  1 root root  808 Sep 28 09:37 config
drwxrwx---.  3 root root 4096 Sep 28 09:37 .
[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/rootfs/
total 68
drwxr-xr-x.  2 root root 4096 Apr 18 10:28 sys
drwxr-xr-x.  2 root root 4096 Apr 18 10:28 proc
drwxr-xr-x.  2 root root 4096 Apr 18 10:28 boot
lrwxrwxrwx.  1 root root    7 Sep 27 07:43 bin -> usr/bin
lrwxrwxrwx.  1 root root    8 Sep 27 07:43 sbin -> usr/sbin
lrwxrwxrwx.  1 root root    7 Sep 27 07:43 lib -> usr/lib
lrwxrwxrwx.  1 root root    9 Sep 27 07:43 lib32 -> usr/lib32
lrwxrwxrwx.  1 root root    9 Sep 27 07:43 lib64 -> usr/lib64
lrwxrwxrwx.  1 root root   10 Sep 27 07:43 libx32 -> usr/libx32
drwx------.  2 root root 4096 Sep 27 07:43 root
drwxr-xr-x.  2 root root 4096 Sep 27 07:43 srv
drwxr-xr-x.  2 root root 4096 Sep 27 07:43 mnt
drwxr-xr-x.  2 root root 4096 Sep 27 07:43 opt
drwxr-xr-x.  2 root root 4096 Sep 27 07:43 media
drwxr-xr-x. 14 root root 4096 Sep 27 07:43 usr
drwxrwxrwt.  2 root root 4096 Sep 27 07:44 tmp
drwxr-xr-x. 12 root root 4096 Sep 27 07:44 var
drwxr-xr-x.  3 root root 4096 Sep 27 07:44 home
drwxr-xr-x.  2 root root 4096 Sep 27 07:45 run
drwxr-xr-x. 17 root root 4096 Sep 27 07:47 .
drwxr-xr-x.  3 root root 4096 Sep 28 09:37 dev
drwxr-xr-x. 62 root root 4096 Sep 28 09:37 etc
drwxrwx---.  3 root root 4096 Sep 28 09:37 ..
[root@srv ~]# cat /var/lib/lxc/mycontainer/config
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist ubuntu --release jammy --arch amd64
# Template script checksum (SHA-1): 47a9fc1ce184c958ecafc88dfd5f21c06f728288
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64

# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/mycontainer/rootfs
lxc.uts.name = mycontainer

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:43:99:37
[root@srv ~]# #edit the file to look like blow
[root@srv ~]# cat /var/lib/lxc/mycontainer/config
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist ubuntu --release jammy --arch amd64
# Template script checksum (SHA-1): 47a9fc1ce184c958ecafc88dfd5f21c06f728288
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)


# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64

# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/mycontainer/rootfs
lxc.uts.name = mycontainer

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:43:99:37

# Autostart
lxc.group = onboot
lxc.start.auto = 1
lxc.start.delay = 10
[root@srv ~]# cat /var/lib/lxc/mycontainer/rootfs/etc/netplan/10-lxc.yaml 
network:
  version: 2
  ethernets:
    eth0:
      dhcp4: true
      dhcp-identifier: mac
[root@srv ~]# #edit the file to look like blow
[root@srv ~]# cat /var/lib/lxc/mycontainer/rootfs/etc/netplan/10-lxc.yaml 
network:
  version: 2
  ethernets:
    eth0:
      addresses:
      - 10.10.10.2/24
      nameservers:
        addresses:
        - 8.8.8.8
        - 1.1.1.1
      routes:
      - to: default
        via: 10.10.10.1
[root@srv ~]# lxc-start -n mycontainer
[root@srv ~]# ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
From 10.10.10.1 icmp_seq=1 Destination Host Unreachable
From 10.10.10.1 icmp_seq=2 Destination Host Unreachable
From 10.10.10.1 icmp_seq=3 Destination Host Unreachable
From 10.10.10.1 icmp_seq=4 Destination Host Unreachable
From 10.10.10.1 icmp_seq=5 Destination Host Unreachable
From 10.10.10.1 icmp_seq=6 Destination Host Unreachable
From 10.10.10.1 icmp_seq=7 Destination Host Unreachable
From 10.10.10.1 icmp_seq=8 Destination Host Unreachable
From 10.10.10.1 icmp_seq=9 Destination Host Unreachable
From 10.10.10.1 icmp_seq=10 Destination Host Unreachable
From 10.10.10.1 icmp_seq=11 Destination Host Unreachable
From 10.10.10.1 icmp_seq=12 Destination Host Unreachable
From 10.10.10.1 icmp_seq=13 Destination Host Unreachable
From 10.10.10.1 icmp_seq=14 Destination Host Unreachable
From 10.10.10.1 icmp_seq=15 Destination Host Unreachable
From 10.10.10.1 icmp_seq=16 Destination Host Unreachable
From 10.10.10.1 icmp_seq=17 Destination Host Unreachable
From 10.10.10.1 icmp_seq=18 Destination Host Unreachable
From 10.10.10.1 icmp_seq=19 Destination Host Unreachable
From 10.10.10.1 icmp_seq=20 Destination Host Unreachable
From 10.10.10.1 icmp_seq=21 Destination Host Unreachable
64 bytes from 10.10.10.2: icmp_seq=22 ttl=64 time=1023 ms
64 bytes from 10.10.10.2: icmp_seq=23 ttl=64 time=0.135 ms
64 bytes from 10.10.10.2: icmp_seq=24 ttl=64 time=0.336 ms
64 bytes from 10.10.10.2: icmp_seq=25 ttl=64 time=0.095 ms
64 bytes from 10.10.10.2: icmp_seq=26 ttl=64 time=0.075 ms
64 bytes from 10.10.10.2: icmp_seq=27 ttl=64 time=0.074 ms
64 bytes from 10.10.10.2: icmp_seq=28 ttl=64 time=0.070 ms
64 bytes from 10.10.10.2: icmp_seq=29 ttl=64 time=0.061 ms
64 bytes from 10.10.10.2: icmp_seq=30 ttl=64 time=0.094 ms
64 bytes from 10.10.10.2: icmp_seq=31 ttl=64 time=0.066 ms
^C
--- 10.10.10.2 ping statistics ---
31 packets transmitted, 10 received, +21 errors, 67.7419% packet loss, time 30725ms
rtt min/avg/max/mdev = 0.061/102.427/1023.267/306.946 ms, pipe 3
[root@srv ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
        ├─agetty
        ├─auditd─┬─sedispatch
        │        └─2*[{auditd}]
        ├─chronyd
        ├─crond
        ├─dbus-broker-lau───dbus-broker
        ├─firewalld───3*[{firewalld}]
        ├─irqbalance───{irqbalance}
        ├─lxc-start───systemd─┬─agetty
        │                     ├─cron
        │                     ├─dbus-daemon
        │                     ├─networkd-dispat
        │                     ├─rsyslogd───3*[{rsyslogd}]
        │                     ├─systemd-journal
        │                     ├─systemd-logind
        │                     ├─systemd-network
        │                     └─systemd-resolve
        ├─mcelog
        ├─mdadm
        ├─polkitd───5*[{polkitd}]
        ├─rsyslogd───2*[{rsyslogd}]
        ├─sshd─┬─sshd───sshd───bash───pstree
        │      └─sshd───sshd───bash
        ├─systemd───(sd-pam)
        ├─systemd-journal
        ├─systemd-logind
        └─systemd-udevd
[root@srv ~]# lxc-attach -n mycontainer
root@mycontainer:~# ps axuf
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         101  0.0  0.1  10232  4232 pts/5    Ss   09:49   0:00 /bin/bash
root         109  0.0  0.0  12640  1564 pts/5    R+   09:50   0:00  \_ ps axuf
root           1  0.0  0.2  17724 10440 ?        Ss   09:47   0:00 /sbin/init
root          40  0.0  0.2  31264 10928 ?        S<s  09:47   0:00 /lib/systemd/systemd-journald
systemd+      58  0.0  0.1  16116  6536 ?        Ss   09:47   0:00 /lib/systemd/systemd-networkd
systemd+      70  0.0  0.3  25260 12588 ?        Ss   09:47   0:00 /lib/systemd/systemd-resolved
root          73  0.0  0.0   9492  1248 ?        Ss   09:47   0:00 /usr/sbin/cron -f -P
message+      74  0.0  0.1   8428  3956 ?        Ss   09:47   0:00 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root          76  0.0  0.5  34328 19268 ?        Ss   09:47   0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
syslog        77  0.0  0.1 222400  5228 ?        Ssl  09:47   0:00 /usr/sbin/rsyslogd -n -iNONE
root          78  0.0  0.1  14900  6480 ?        Ss   09:47   0:00 /lib/systemd/systemd-logind
root          82  0.0  0.0   8396  1120 pts/0    Ss+  09:47   0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 vt220
root@mycontainer:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:43:99:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.10.10.2/24 brd 10.10.10.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe43:9937/64 scope link 
       valid_lft forever preferred_lft forever
root@mycontainer:~# exit
exit
[root@srv ~]# 

Leave a Reply

Your email address will not be published. Required fields are marked *