The LXC container software comes to CentOS 8 with the EPEL 8 repository. LXC is a multiprocesses container, which offers to boot a Linux distribution under container isolation. It is very similar to systemd-nspawn and a bit different from docker containers. LXC containers are used when multiple processes are needed under one container only. In most cases, the LXC container is a fully-featured Linux distribution (systemd or SysV, i.e. init) booted under a Linux container.
There are several major differences between docker/podman containers and LXC:
- Multiprocesses.
- Easy configuration modification. Even hot-plugin supported.
- Unprivileged Linux containers.
- Complex network setups. Multiple network interfaces connected to different networks, for example.
- Live systemd, i.e. systemd or SysV init are booted as usual. Much of the software rellies on systemd/udev features and in many cases, it is really hard to run a software without a systemd or init process
Here are the steps to boot a CentOS 8 container under CentOS 8 host server:
STEP 1) Install EPEL repository.
EPEL CentOS 8 repository now includes LXC 3.0 software.
dnf install -y epel-release
STEP 2) Install LXC software and start LXC service.
At present, the LXC software version is 3.0.4. The package lxc-templates includes template scripts to create a Linux distribution environment like CentOS, Ubuntu, Debian, Gentoo, ArchLinux, Oracle, Alpine, and many others and it also includes the configuration templates to start these Linux distributions.
dnf install -y lxc lxc-templates dnf install -y wget tar
The wget and tar are required if LXC templates installation is going to be performed.
STEP 3) Create a CentOS 8 container with the help of LXC templates and run it.
Use the lxc-templates to prepare a CentOS 8 container environment. The currently available containers are listed here http://images.linuxcontainers.org/. Check out the URL and choose the right container. Here the CentOS 8 amd64 is used.
lxc-create --template download -n mycontainer -- --dist centos --release 8 --arch amd64 --keyserver hkp://keyserver.ubuntu.com
Quite often there are errors related to the GPG keys, so a working and trusted server “–keyserver hkp://keyserver.ubuntu.com” is used.
The lxc-create commands downloads the CentOS 8 x86_64 templates and it installs the CentOS 8 minimal files undex “/var/lib/lxc/mycontainer/rootfs”:
[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/ total 16 drwxr-xr-x. 18 root root 4096 Oct 11 07:22 rootfs -rw-r-----. 1 root root 765 Oct 11 11:49 config drwxrwx---. 3 root root 4096 Oct 11 11:49 . drwxr-xr-x. 4 root root 4096 Oct 11 11:53 .. [root@srv ~]# ls -altr /var/lib/lxc/mycontainer/rootfs/ total 72 drwxrwxrwt. 2 root root 4096 Nov 3 2020 tmp dr-xr-xr-x. 2 root root 4096 Nov 3 2020 sys drwxr-xr-x. 2 root root 4096 Nov 3 2020 srv lrwxrwxrwx. 1 root root 8 Nov 3 2020 sbin -> usr/sbin dr-xr-xr-x. 2 root root 4096 Nov 3 2020 proc drwxr-xr-x. 2 root root 4096 Nov 3 2020 opt drwxr-xr-x. 2 root root 4096 Nov 3 2020 mnt drwxr-xr-x. 2 root root 4096 Nov 3 2020 media lrwxrwxrwx. 1 root root 9 Nov 3 2020 lib64 -> usr/lib64 lrwxrwxrwx. 1 root root 7 Nov 3 2020 lib -> usr/lib drwxr-xr-x. 2 root root 4096 Nov 3 2020 home lrwxrwxrwx. 1 root root 7 Nov 3 2020 bin -> usr/bin drwxr-xr-x. 12 root root 4096 Oct 11 07:12 usr dr-xr-xr-x. 4 root root 4096 Oct 11 07:13 boot drwxr-xr-x. 19 root root 4096 Oct 11 07:13 var drwxr-xr-x. 12 root root 4096 Oct 11 07:13 run dr-xr-x---. 2 root root 4096 Oct 11 07:15 root drwxr-xr-x. 2 root root 4096 Oct 11 07:15 selinux drwxr-xr-x. 18 root root 4096 Oct 11 07:22 . drwxr-xr-x. 3 root root 4096 Oct 11 11:49 dev drwxr-xr-x. 66 root root 4096 Oct 11 11:49 etc drwxrwx---. 3 root root 4096 Oct 11 11:49 .. [root@srv ~]#
The create command installs a configuration file /var/lib/lxc/mycontainer/config with predefined parameters:
# Template used to create this container: /usr/share/lxc/templates/lxc-download # Parameters passed to the template: --dist centos --release 8 --arch amd64 --keyserver hkp://keyserver.ubuntu.com # For additional config options, please look at lxc.container.conf(5) # Uncomment the following line to support nesting containers: #lxc.include = /usr/share/lxc/config/nesting.conf # (Be aware this has security implications) # Distribution configuration lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 # Container specific configuration lxc.rootfs.path = dir:/var/lib/lxc/loganalyzer/rootfs lxc.uts.name = loganalyzer # Network configuration lxc.net.0.type = veth lxc.net.0.link = lxcbr0 lxc.net.0.flags = up lxc.net.0.hwaddr = 00:16:3e:e6:af:1e
Start and enable lxc service. It is responsible for the Autoload feature.
[root@srv ~]# systemctl start lxc [root@srv ~]# systemctl enable lxc Created symlink /etc/systemd/system/multi-user.target.wants/lxc.service → /usr/lib/systemd/system/lxc.service.
STEP 4) Additional host configuration.
To enable the autostart of the LXC container just add the following lines to the configuration:
# Autostart lxc.group = onboot lxc.start.auto = 1 lxc.start.delay = 10
The Autostart executes immediately after the lxc service is started.
To create a bridge device (just follow this article – Replace current interface configuration with a bridge device using nmcli (NetworkManager)).
Or use the following commands for just a bridged device of the internal network – multiple LXC containers will share an internal local network in the server. Internet could be routed to the bridge device with the firewall-cmd command
nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "10.10.10.1/24" nmcli connection up br0 firewall-cmd --permanent --add-masquerade firewall-cmd --reload
In this case, the bridge device is used only in the server and no MAC addresses (of the bridge device or the LXC containers) are visible in the network connected to the router network interface of the server (if any).
The LXC configuration file /var/lib/lxc/mycontainer/config will look like:
# Template used to create this container: /usr/share/lxc/templates/lxc-download # Parameters passed to the template: --dist centos --release 8 --arch amd64 --keyserver hkp://keyserver.ubuntu.com # For additional config options, please look at lxc.container.conf(5) # Uncomment the following line to support nesting containers: #lxc.include = /usr/share/lxc/config/nesting.conf # (Be aware this has security implications) # Distribution configuration lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 # Container specific configuration lxc.rootfs.path = dir:/var/lib/lxc/loganalyzer/rootfs lxc.uts.name = loganalyzer # Network configuration lxc.net.0.type = veth lxc.net.0.link = br0 lxc.net.0.flags = up lxc.net.0.hwaddr = 00:16:3e:e6:af:1e # Autostart lxc.group = onboot lxc.start.auto = 1 lxc.start.delay = 10
STEP 5) LXC network configuration.
By default a DHCP configuration is used when the LXC container boots. To set a static IP just edit the network configuration file of the LXC container /var/lib/lxc/mycontainer/rootfs/etc/sysconfig/network-scripts/ifcfg-eth0. By default the container’s network interface is with name eth0 and the NetworkManager is not used (when installing from the LXC templates!):
DEVICE=eth0 BOOTPROTO=none ONBOOT=yes HOSTNAME=mycontainer TYPE=Ethernet DEFROUTE=yes IPV4_FAILURE_FATAL=no NAME=eth0 UUID=09497bbf-da59-42b7-a72c-d69355760b36 IPADDR=10.10.10.2 PREFIX=24 GATEWAY=10.10.10.1 DNS1=8.8.8.8 DNS2=1.1.1.1
STEP 6) Start the LXC container.
Start the container with:
lxc-start -n mycontainer
Log in using the login console. Reset the container root password with chroot:
[root@srv ~]# chroot /var/lib/lxc/mycontainer/rootfs/ [root@srv /]# passwd Changing password for user root. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@srv /]# exit [root@srv ~]#
And login using the console:
[root@srv ~]# lxc-console -n mycontainer Connected to tty 1 Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself CentOS Linux 8 Kernel 4.18.0-338.el8.x86_64 on an x86_64 mycontainer login: root Password: [root@mycontainer ~]# ps axuf USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.1 0.5 101384 11112 ? Ss 01:44 0:00 /sbin/init root 403 0.0 0.4 100812 8304 ? Ss 01:44 0:00 /usr/lib/systemd/systemd-journald dbus 408 0.0 0.2 54052 4104 ? Ss 01:44 0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only root 409 0.0 0.4 92716 7924 ? Ss 01:44 0:00 /usr/lib/systemd/systemd-logind root 642 0.0 0.2 211596 4828 ? Ssl 01:44 0:00 /usr/sbin/rsyslogd -n root 646 0.0 0.1 219240 2168 pts/2 Ss+ 01:44 0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/2 115200,38400,9600 vt220 root 647 0.0 0.1 235584 3420 ? Ss 01:44 0:00 /usr/sbin/crond -n root 648 0.0 0.3 315816 5608 ? Ss 01:44 0:00 login -- root root 661 0.0 0.2 224772 3856 pts/0 Ss 01:46 0:00 \_ -bash root 680 0.0 0.2 257388 3840 pts/0 R+ 01:46 0:00 \_ ps axuf root 649 0.0 0.1 219240 2156 pts/1 Ss+ 01:44 0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/1 115200,38400,9600 vt220 root 650 0.0 0.1 219240 2212 pts/1 Ss+ 01:44 0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 vt220 root 651 0.0 0.1 219240 2156 pts/3 Ss+ 01:44 0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/3 115200,38400,9600 vt220 root 655 0.7 0.5 100696 9800 ? Ss 01:46 0:00 /usr/lib/systemd/systemd --user root 656 0.0 0.1 143480 2364 ? S 01:46 0:00 \_ (sd-pam) [root@mycontainer ~]#
Bonus 1) Start the LXC container in foreground to see the booting.
[root@srv ~]# lxc-start -F -n mycontainer
lxc-start: loganalyzer: start.c: proc_pidfd_open: 1607 Function not implemented - Failed to send signal through pidfd
systemd 239 (239-45.el8_4.3) running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=legacy)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to CentOS Linux 8!
Failed to install release agent, ignoring: No such file or directory
[ OK ] Created slice system-container\x2dgetty.slice.
[ OK ] Reached target Remote File Systems.
[ OK ] Created slice system-getty.slice.
[ OK ] Created slice User and Session Slice.
[ OK ] Reached target Slices.
[ OK ] Listening on Process Core Dump Socket.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Reached target Swap.
[ OK ] Listening on Journal Socket.
Starting Apply Kernel Variables...
Starting Journal Service...
Starting Remount Root and Kernel File Systems...
Starting Read and set NIS domainname from /etc/sysconfig/network...
Mounting POSIX Message Queue File System...
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Reached target Local Encrypted Volumes.
[ OK ] Started Apply Kernel Variables.
[ OK ] Started Read and set NIS domainname from /etc/sysconfig/network.
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Started Remount Root and Kernel File Systems.
[ OK ] Reached target Local File Systems (Pre).
[ OK ] Reached target Local File Systems.
Starting Restore /run/initramfs on shutdown...
[ OK ] Started Restore /run/initramfs on shutdown.
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage...
[ OK ] Started Flush Journal to Persistent Storage.
Starting Create Volatile Files and Directories...
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Started dnf makecache --timer.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting LSB: Bring up/down networking...
[ OK ] Started D-Bus System Message Bus.
Starting Login Service...
[ OK ] Started Login Service.
[ OK ] Started LSB: Bring up/down networking.
[ OK ] Reached target Network.
Starting Permit User Sessions...
[ OK ] Reached target Network is Online.
Starting System Logging Service...
[ OK ] Started System Logging Service.
[ OK ] Started Permit User Sessions.
[ OK ] Started Command Scheduler.
[ OK ] Started Container Getty on /dev/pts/2.
[ OK ] Started Container Getty on /dev/pts/3.
[ OK ] Started Console Getty.
[ OK ] Started Container Getty on /dev/pts/0.
[ OK ] Started Container Getty on /dev/pts/1.
[ OK ] Reached target Login Prompts.
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
CentOS Linux 8
Kernel 4.18.0-338.el8.x86_64 on an x86_64
mycontainer login: root
Password:
Last login: Sun Oct 11 11:53:52 on console
[root@mycontainer ~]# pstree
systemd─┬─4*[agetty]
├─crond
├─dbus-daemon
├─login───bash───pstree
├─rsyslogd───2*[{rsyslogd}]
├─systemd───(sd-pam)
├─systemd-journal
└─systemd-logind
[root@mycontainer ~]# poweroff
[ OK ] Stopped target Timers.
[ OK ] Stopped target Graphical Interface.
[ OK ] Stopped target Multi-User System.
Stopping D-Bus System Message Bus...
Stopping Command Scheduler...
[ OK ] Stopped target Login Prompts.
Stopping Container Getty on /dev/pts/0...
Stopping Container Getty on /dev/pts/1...
Stopping Restore /run/initramfs on shutdown...
Stopping Container Getty on /dev/pts/2...
Stopping User Manager for UID 0...
[ OK ] Removed slice system-getty.slice.
[ OK ] Stopped dnf makecache --timer.
Stopping Session 5 of user root.
Stopping Console Getty...
Stopping System Logging Service...
[ OK ] Stopped Daily Cleanup of Temporary Directories.
Stopping Container Getty on /dev/pts/3...
[ OK ] Stopped D-Bus System Message Bus.
[ OK ] Stopped Container Getty on /dev/pts/3.
[ OK ] Stopped Command Scheduler.
[ OK ] Stopped Container Getty on /dev/pts/2.
[ OK ] Stopped Container Getty on /dev/pts/1.
[ OK ] Stopped Container Getty on /dev/pts/0.
[ OK ] Stopped Restore /run/initramfs on shutdown.
[ OK ] Removed slice system-container\x2dgetty.slice.
[ OK ] Stopped Console Getty.
[ OK ] Stopped Session 5 of user root.
Stopping Login Service...
[ OK ] Stopped Login Service.
[ OK ] Stopped User Manager for UID 0.
Stopping /run/user/0 mount wrapper...
[ OK ] Removed slice User Slice of UID 0.
Stopping Permit User Sessions...
[ OK ] Unmounted /run/user/0.
[ OK ] Reached target Unmount All Filesystems.
[ OK ] Stopped Permit User Sessions.
[ OK ] Stopped target Remote File Systems.
[ OK ] Stopped /run/user/0 mount wrapper.
[ OK ] Removed slice system-user\x2druntime\x2ddir.slice.
[ OK ] Stopped System Logging Service.
[ OK ] Stopped target Network is Online.
[ OK ] Stopped target Network.
Stopping LSB: Bring up/down networking...
[ OK ] Stopped LSB: Bring up/down networking.
[ OK ] Stopped target Basic System.
[ OK ] Stopped target Paths.
[ OK ] Stopped target Sockets.
[ OK ] Closed D-Bus System Message Bus Socket.
[ OK ] Stopped target Slices.
[ OK ] Removed slice User and Session Slice.
[ OK ] Stopped target System Initialization.
[ OK ] Stopped Read and set NIS domainname from /etc/sysconfig/network.
Stopping Update UTMP about System Boot/Shutdown...
[ OK ] Stopped target Local Encrypted Volumes.
[ OK ] Stopped Forward Password Requests to Wall Directory Watch.
[ OK ] Stopped Dispatch Password Requests to Console Directory Watch.
[ OK ] Stopped target Swap.
[ OK ] Stopped Apply Kernel Variables.
[ OK ] Stopped Update UTMP about System Boot/Shutdown.
[ OK ] Stopped Create Volatile Files and Directories.
[ OK ] Stopped target Local File Systems.
[ OK ] Stopped target Local File Systems (Pre).
[ OK ] Stopped Remount Root and Kernel File Systems.
[ OK ] Reached target Shutdown.
[ OK ] Reached target Final Step.
Starting Power-Off...
Bonus 2) Processes on the host
[root@srv ~]# pstree
systemd-+-NetworkManager---2*[{NetworkManager}]
|-agetty
|-anacron
|-auditd---{auditd}
|-crond
|-dbus-daemon---{dbus-daemon}
|-firewalld---2*[{firewalld}]
|-irqbalance---{irqbalance}
|-login---bash---screen
|-login---bash
|-lxc-start---systemd-+-4*[agetty]
| |-crond
| |-dbus-daemon
| |-login---bash
| |-rsyslogd---2*[{rsyslogd}]
| |-systemd-journal
| `-systemd-logind
|-polkitd---5*[{polkitd}]
|-rsyslogd---2*[{rsyslogd}]
|-sshd-+-sshd---sshd---bash---screen---screen---bash
| `-sshd---sshd---bash---pstree
|-sssd-+-sssd_be
| `-sssd_nss
|-systemd---(sd-pam)
|-systemd-journal
|-systemd-logind
|-systemd-udevd
`-tuned---4*[{tuned}]
Bonus 3) Installation and Running a CentOS 8 LXC container – the complete output
[root@srv ~]# dnf install -y epel-release Last metadata expiration check: 0:00:59 ago on Mon Oct 11 11:43:18 2021. Dependencies resolved. ========================================================================================== Package Architecture Version Repository Size ========================================================================================== Installing: epel-release noarch 8-11.el8 extras 24 k Installing weak dependencies: epel-next-release noarch 8-11.el8 extras 11 k Transaction Summary ========================================================================================== Install 2 Packages Total download size: 35 k Installed size: 38 k Downloading Packages: (1/2): epel-next-release-8-11.el8.noarch.rpm 186 kB/s | 11 kB 00:00 (2/2): epel-release-8-11.el8.noarch.rpm 343 kB/s | 24 kB 00:00 ------------------------------------------------------------------------------------------ Total 64 kB/s | 35 kB 00:00 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : epel-release-8-11.el8.noarch 1/2 Installing : epel-next-release-8-11.el8.noarch 2/2 Running scriptlet: epel-next-release-8-11.el8.noarch 2/2 Verifying : epel-next-release-8-11.el8.noarch 1/2 Verifying : epel-release-8-11.el8.noarch 2/2 Installed: epel-next-release-8-11.el8.noarch epel-release-8-11.el8.noarch Complete! [root@srv ~]# dnf install -y lxc lxc-templates Extra Packages for Enterprise Linux 8 - x86_64 3.7 MB/s | 10 MB 00:02 Extra Packages for Enterprise Linux Modular 8 - x86_64 747 kB/s | 956 kB 00:01 Extra Packages for Enterprise Linux 8 - Next - x86_64 969 kB/s | 1.3 MB 00:01 Last metadata expiration check: 0:00:01 ago on Mon Oct 11 11:46:07 2021. Dependencies resolved. ========================================================================================== Package Architecture Version Repository Size ========================================================================================== Installing: lxc x86_64 3.0.4-2.el8 epel 327 k lxc-templates x86_64 3.0.4-2.el8 epel 28 k Installing dependencies: lxc-libs x86_64 3.0.4-2.el8 epel 463 k rsync x86_64 3.1.3-13.el8 baseos 405 k Transaction Summary ========================================================================================== Install 4 Packages Total download size: 1.2 M Installed size: 3.3 M Downloading Packages: (1/4): rsync-3.1.3-13.el8.x86_64.rpm 1.4 MB/s | 405 kB 00:00 (2/4): lxc-3.0.4-2.el8.x86_64.rpm 923 kB/s | 327 kB 00:00 (3/4): lxc-libs-3.0.4-2.el8.x86_64.rpm 1.1 MB/s | 463 kB 00:00 (4/4): lxc-templates-3.0.4-2.el8.x86_64.rpm 199 kB/s | 28 kB 00:00 ------------------------------------------------------------------------------------------ Total 650 kB/s | 1.2 MB 00:01 Extra Packages for Enterprise Linux 8 - x86_64 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x2F86D6A1: Userid : "Fedora EPEL (8) <epel@fedoraproject.org>" Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : rsync-3.1.3-13.el8.x86_64 1/4 Installing : lxc-libs-3.0.4-2.el8.x86_64 2/4 Running scriptlet: lxc-libs-3.0.4-2.el8.x86_64 2/4 Installing : lxc-3.0.4-2.el8.x86_64 3/4 Installing : lxc-templates-3.0.4-2.el8.x86_64 4/4 Running scriptlet: lxc-templates-3.0.4-2.el8.x86_64 4/4 Verifying : rsync-3.1.3-13.el8.x86_64 1/4 Verifying : lxc-3.0.4-2.el8.x86_64 2/4 Verifying : lxc-libs-3.0.4-2.el8.x86_64 3/4 Verifying : lxc-templates-3.0.4-2.el8.x86_64 4/4 Installed: lxc-3.0.4-2.el8.x86_64 lxc-libs-3.0.4-2.el8.x86_64 lxc-templates-3.0.4-2.el8.x86_64 rsync-3.1.3-13.el8.x86_64 Complete! [root@srv ~]# dnf install -y wget tar Last metadata expiration check: 0:05:36 ago on Mon Oct 11 11:46:07 2021. Dependencies resolved. ========================================================================================== Package Architecture Version Repository Size ========================================================================================== Installing: tar x86_64 2:1.30-5.el8 baseos 838 k wget x86_64 1.19.5-10.el8 appstream 734 k Installing dependencies: libmetalink x86_64 0.1.3-7.el8 baseos 32 k Transaction Summary ========================================================================================== Install 3 Packages Total download size: 1.6 M Installed size: 5.6 M Downloading Packages: (1/3): libmetalink-0.1.3-7.el8.x86_64.rpm 51 kB/s | 32 kB 00:00 (2/3): wget-1.19.5-10.el8.x86_64.rpm 961 kB/s | 734 kB 00:00 (3/3): tar-1.30-5.el8.x86_64.rpm 901 kB/s | 838 kB 00:00 ------------------------------------------------------------------------------------------ Total 1.0 MB/s | 1.6 MB 00:01 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Installing : libmetalink-0.1.3-7.el8.x86_64 1/3 Installing : wget-1.19.5-10.el8.x86_64 2/3 Running scriptlet: wget-1.19.5-10.el8.x86_64 2/3 Installing : tar-2:1.30-5.el8.x86_64 3/3 Running scriptlet: tar-2:1.30-5.el8.x86_64 3/3 Verifying : wget-1.19.5-10.el8.x86_64 1/3 Verifying : libmetalink-0.1.3-7.el8.x86_64 2/3 Verifying : tar-2:1.30-5.el8.x86_64 3/3 Installed: libmetalink-0.1.3-7.el8.x86_64 tar-2:1.30-5.el8.x86_64 wget-1.19.5-10.el8.x86_64 Complete! [root@srv ~]# systemctl start lxc [root@srv ~]# systemctl enable lxc Created symlink /etc/systemd/system/multi-user.target.wants/lxc.service → /usr/lib/systemd/system/lxc.service. [root@srv ~]# lxc-create --template download -n mycontainer -- --dist centos --release 8 --arch amd64 --keyserver hkp://keyserver.ubuntu.com Setting up the GPG keyring Downloading the image index Downloading the rootfs Downloading the metadata The image cache is now ready Unpacking the rootfs --- You just created a Centos 8 x86_64 (20211011_07:08) container. [root@srv ~]# chroot /var/lib/lxc/mycontainer/rootfs/ [root@srv /]# passwd Changing password for user root. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@srv ~]# nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "10.10.10.1/24" Connection 'br0' (7ea88895-141d-46b0-933d-c3da8c83d27b) successfully added. [root@srv ~]# nmcli connection up br0 Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3) [root@srv ~]# firewall-cmd --permanent --add-masquerade success [root@srv ~]# firewall-cmd --reload success [root@srv ~]##1. Edit the configuration settings as detailed in the article. 2. Add the network configuration [root@srv ~]# lxc-start -d -n mycontainer