In continuation of the previous article Run LXC CentOS Stream 9 container with bridged network under CentOS Stream 9, this time the LXC container will be Ubuntu 22.04 LTS Jammy Jellyfish.
To receive a better understanding why to use LXC or a much detailed information of some steps in this article it is better to visit the previously mention article and the original Run LXC CentOS 8 container with bridged network under CentOS 8.
STEP 1) Install the needed software EPEL repository and the LXC and its dependencies
To install LXC software the EPEL CentOS Stream 9 repository must be installed. At present, the LXC included in CentOS Stream 9 EPEL repository is 4.0.
dnf install -y epel-release dnf install -y lxc lxc-templates container-selinux dnf install -y wget tar
lxc-templates uses template “download” to download different Linux distribution images from http://images.linuxcontainers.org/, which now redirects to http://uk.lxd.images.canonical.com/ (an Ubuntu lxd images mirror).
The container-selinux should be installed only if the host, i.e. the CentOS Stream 9 install, is with enabled SELinux. The packages offers additional SELinux rules or for the LXC and LXC tools like lxc-attach and more.
STEP 2) Create a Ubuntu 22.04 LTS with the help of LXC templates
[root@srv ~]# lxc-create --template download -n mycontainer -- --dist centos --release 9-Stream --arch amd64
In addition, there is a “–variant” option along with “--dist” and “--release” to specify which variant to install – default, cloud, desktop or other. There is a variant column in the table on the images’ page mentioned above.
The lxc-create commands downloads the Ubuntu 22.04 LTS x86_64 default image and it unpack the image under “/var/lib/lxc/mycontainer/rootfs”:
[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/ total 16 drwxr-xr-x. 17 root root 4096 Sep 27 07:47 rootfs drwxr-xr-x. 3 root root 4096 Sep 28 09:36 .. -rw-r-----. 1 root root 808 Sep 28 09:37 config drwxrwx---. 3 root root 4096 Sep 28 09:37 . [root@srv ~]# ls -altr /var/lib/lxc/mycontainer/rootfs/ total 68 drwxr-xr-x. 2 root root 4096 Apr 18 10:28 sys drwxr-xr-x. 2 root root 4096 Apr 18 10:28 proc drwxr-xr-x. 2 root root 4096 Apr 18 10:28 boot lrwxrwxrwx. 1 root root 7 Sep 27 07:43 bin -> usr/bin lrwxrwxrwx. 1 root root 8 Sep 27 07:43 sbin -> usr/sbin lrwxrwxrwx. 1 root root 7 Sep 27 07:43 lib -> usr/lib lrwxrwxrwx. 1 root root 9 Sep 27 07:43 lib32 -> usr/lib32 lrwxrwxrwx. 1 root root 9 Sep 27 07:43 lib64 -> usr/lib64 lrwxrwxrwx. 1 root root 10 Sep 27 07:43 libx32 -> usr/libx32 drwx------. 2 root root 4096 Sep 27 07:43 root drwxr-xr-x. 2 root root 4096 Sep 27 07:43 srv drwxr-xr-x. 2 root root 4096 Sep 27 07:43 mnt drwxr-xr-x. 2 root root 4096 Sep 27 07:43 opt drwxr-xr-x. 2 root root 4096 Sep 27 07:43 media drwxr-xr-x. 14 root root 4096 Sep 27 07:43 usr drwxrwxrwt. 2 root root 4096 Sep 27 07:44 tmp drwxr-xr-x. 12 root root 4096 Sep 27 07:44 var drwxr-xr-x. 3 root root 4096 Sep 27 07:44 home drwxr-xr-x. 2 root root 4096 Sep 27 07:45 run drwxr-xr-x. 17 root root 4096 Sep 27 07:47 . drwxr-xr-x. 3 root root 4096 Sep 28 09:37 dev drwxr-xr-x. 62 root root 4096 Sep 28 09:37 etc drwxrwx---. 3 root root 4096 Sep 28 09:37 ..
There is a warning at the bottom that this image comes without OpenSSH server installed and there is no root password set, so the user is locked. In the bonus sections there is the whole output of the commands proposed in the article, where these warnings may be seen.
The create command installs a configuration file /var/lib/lxc/mycontainer/config with predefined parameters:
# Template used to create this container: /usr/share/lxc/templates/lxc-download # Parameters passed to the template: --dist ubuntu --release jammy --arch amd64 # Template script checksum (SHA-1): 47a9fc1ce184c958ecafc88dfd5f21c06f728288 # For additional config options, please look at lxc.container.conf(5) # Uncomment the following line to support nesting containers: #lxc.include = /usr/share/lxc/config/nesting.conf # (Be aware this has security implications) # Distribution configuration lxc.include = /usr/share/lxc/config/common.conf lxc.arch = linux64 # Container specific configuration lxc.rootfs.path = dir:/var/lib/lxc/mycontainer/rootfs lxc.uts.name = mycontainer # Network configuration lxc.net.0.type = veth lxc.net.0.link = lxcbr0 lxc.net.0.flags = up lxc.net.0.hwaddr = 00:16:3e:43:99:37
STEP 3) Additional host configuration.
To enable the autostart of the LXC container just add the following lines to the configuration:
# Autostart lxc.group = onboot lxc.start.auto = 1 lxc.start.delay = 10
The Autostart executes immediately after the LXC service is started.
To create a bridge device (just follow this article – Replace current interface configuration with a bridge device using nmcli (NetworkManager)).
Or use the following commands for just a bridged device of the internal network – multiple LXC containers will share an internal local network in the server. Internet could be routed to the bridge device with the firewall-cmd command
nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "10.10.10.1/24" nmcli connection up br0 firewall-cmd --permanent --add-masquerade firewall-cmd --permanent --add-forward firewall-cmd --reload
In this case, the bridge device is used only in the server and no MAC addresses (of the bridge device or the LXC containers) are visible in the network connected to the router network interface of the server (if any).
The LXC configuration file /var/lib/lxc/mycontainer/config will look like:
# Template used to create this container: /usr/share/lxc/templates/lxc-download # Parameters passed to the template: --dist ubuntu --release jammy --arch amd64 # Template script checksum (SHA-1): 47a9fc1ce184c958ecafc88dfd5f21c06f728288 # For additional config options, please look at lxc.container.conf(5) # Uncomment the following line to support nesting containers: #lxc.include = /usr/share/lxc/config/nesting.conf # (Be aware this has security implications) # Distribution configuration lxc.include = /usr/share/lxc/config/common.conf lxc.arch = linux64 # Container specific configuration lxc.rootfs.path = dir:/var/lib/lxc/mycontainer/rootfs lxc.uts.name = mycontainer # Network configuration lxc.net.0.type = veth lxc.net.0.link = br0 lxc.net.0.flags = up lxc.net.0.hwaddr = 00:16:3e:43:99:37 # Autostart lxc.group = onboot lxc.start.auto = 1 lxc.start.delay = 10
The bridge name changed to br0, which is created above with nmcli and the section Autostart is added to start LXC container, when the LXC service is started.
STEP 4) LXC network configuration.
Ubuntu 22.04 LTS uses netplan to configure the network interfaces. By default a DHCP configuration is used when the LXC container boots. To set a static IP just edit the network configuration file of the LXC container /var/lib/lxc/mycontainer/rootfs/etc/netplan/10-lxc.yaml from your host (or the same path, but without the /var/lib/lxc/mycontainer/rootfs when in the container). By default the container’s network interface is with name eth0. Here is what to use to create a network connection with eth0 interface, which netplan will activate it on boot of the container.
Modify the following configuration in /var/lib/lxc/mycontainer/rootfs/etc/netplan/10-lxc.yaml:
network:
version: 2
ethernets:
eth0:
addresses:
- 10.10.10.2/24
nameservers:
addresses:
- 8.8.8.8
- 1.1.1.1
routes:
- to: default
via: 10.10.10.1
STEP 5) Start the Ubuntu 22.04 LTS LXC container.
Start the LXC container with:
lxc-start -n mycontainer
Use lxc-attach to get inside of the LXC container as if logging in the system.
[root@srv ~]# lxc-attach -n mycontainer
root@mycontainer:~# hostnamectl
Static hostname: mycontainer
Icon name: computer-container
Chassis: container
Machine ID: bf8ea5b8558c49498638af0b068fea40
Boot ID: 5993a3e8c8b64f6abc42eee1124c4cdb
Virtualization: lxc
Operating System: Ubuntu 22.04.1 LTS
Kernel: Linux 5.14.0-165.el9.x86_64
Architecture: x86-64
root@mycontainer:~# ps axuf
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 132 0.0 0.1 10232 4292 pts/5 Ss 11:17 0:00 /bin/bash
root 142 0.0 0.0 12640 1584 pts/5 R+ 11:17 0:00 \_ ps axuf
root 1 0.0 0.2 17724 10440 ? Ss 09:47 0:00 /sbin/init
root 40 0.0 0.2 31264 11116 ? S<s 09:47 0:00 /lib/systemd/systemd-journald
systemd+ 58 0.0 0.1 16116 6536 ? Ss 09:47 0:00 /lib/systemd/systemd-networkd
systemd+ 70 0.0 0.3 25260 12588 ? Ss 09:47 0:00 /lib/systemd/systemd-resolved
root 73 0.0 0.0 9492 2988 ? Ss 09:47 0:00 /usr/sbin/cron -f -P
message+ 74 0.0 0.1 8428 4820 ? Ss 09:47 0:00 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 76 0.0 0.5 34328 19268 ? Ss 09:47 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
syslog 77 0.0 0.1 222400 5228 ? Ssl 09:47 0:00 /usr/sbin/rsyslogd -n -iNONE
root 78 0.0 0.1 14900 6480 ? Ss 09:47 0:00 /lib/systemd/systemd-logind
root 82 0.0 0.0 8396 1120 pts/0 Ss+ 09:47 0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 vt220
root 140 0.0 0.1 14684 6400 ? Ss 11:17 0:00 /lib/systemd/systemd-hostnamed
[root@mycontainer ~]# exit
exit
[root@srv ~]#
The password could be reset using chroot or lxc-attach. The Ubuntu 22.04 LTS does not set passwords to root or the user ubuntu, which has administrative privileges.
[root@srv ~]# lxc-attach -n mycontainer root@mycontainer:~# passwd ubuntu New password: Retype new password: passwd: password updated successfully root@mycontainer:~# exit exit
Bonus 1) Start the LXC container in foreground to see the booting.
[root@srv ~]# lxc-start -F -n mycontainer
systemd 249.11-0ubuntu3.6 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to Ubuntu 22.04.1 LTS!
Queued start job for default target Graphical Interface.
[ OK ] Created slice Slice /system/modprobe.
[ OK ] Created slice User and Session Slice.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Reached target Local Encrypted Volumes.
[ OK ] Reached target Path Units.
[ OK ] Reached target Remote File Systems.
[ OK ] Reached target Slice Units.
[ OK ] Reached target Swaps.
[ OK ] Reached target Local Verity Protected Volumes.
[ OK ] Listening on Syslog Socket.
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Listening on Journal Socket.
[ OK ] Listening on Network Service Netlink Socket.
[ OK ] Reached target Socket Units.
Mounting POSIX Message Queue File System...
Starting Journal Service...
Starting Set the console keyboard layout...
Starting Generate network units from Kernel command line...
Starting Remount Root and Kernel File Systems...
Starting Apply Kernel Variables...
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Finished Apply Kernel Variables.
[ OK ] Finished Remount Root and Kernel File Systems.
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage...
Starting Create System Users...
[ OK ] Finished Generate network units from Kernel command line.
[ OK ] Reached target Preparation for Network.
[ OK ] Finished Create System Users.
[ OK ] Reached target System Time Set.
Starting Create Static Device Nodes in /dev...
[ OK ] Finished Create Static Device Nodes in /dev.
Starting Network Configuration...
[ OK ] Finished Set the console keyboard layout.
[ OK ] Reached target Preparation for Local File Systems.
[ OK ] Reached target Local File Systems.
Starting Set console font and keymap...
[ OK ] Finished Set console font and keymap.
[ OK ] Started Network Configuration.
Starting Network Name Resolution...
[ OK ] Finished Flush Journal to Persistent Storage.
Starting Create Volatile Files and Directories...
[ OK ] Finished Create Volatile Files and Directories.
Starting Record System Boot/Shutdown in UTMP...
[ OK ] Finished Record System Boot/Shutdown in UTMP.
[ OK ] Reached target System Initialization.
[ OK ] Started Daily apt download activities.
[ OK ] Started Daily apt upgrade and clean activities.
[ OK ] Started Daily dpkg database backup timer.
[ OK ] Started Periodic ext4 Online Metadata Check for All Filesystems.
[ OK ] Started Daily rotation of log files.
[ OK ] Started Message of the Day.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Started Ubuntu Advantage Timer for running repeated jobs.
[ OK ] Reached target Basic System.
[ OK ] Reached target Timer Units.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Started Regular background program processing daemon.
[ OK ] Started D-Bus System Message Bus.
[ OK ] Started Save initial kernel messages after boot.
Starting Dispatcher daemon for systemd-networkd...
Starting System Logging Service...
Starting User Login Management...
[ OK ] Started Network Name Resolution.
[ OK ] Reached target Network.
[ OK ] Reached target Host and Network Name Lookups.
Starting Permit User Sessions...
[ OK ] Started System Logging Service.
[ OK ] Finished Permit User Sessions.
[ OK ] Started Console Getty.
[ OK ] Created slice Slice /system/getty.
[ OK ] Reached target Login Prompts.
[ OK ] Started User Login Management.
[ OK ] Started Dispatcher daemon for systemd-networkd.
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.
Starting Record Runlevel Change in UTMP...
[ OK ] Finished Record Runlevel Change in UTMP.
Ubuntu 22.04.1 LTS mycontainer console
mycontainer login: ubuntu
Password:
Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.14.0-165.el9.x86_64 x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@mycontainer:~$ sudo su
root@mycontainer:/home/ubuntu# poweroff
Stopping Session 4 of User ubuntu...
Session terminated, killing shell...[ OK ] Removed slice Slice /system/getty.
[ OK ] Removed slice Slice /system/modprobe.
[ OK ] Stopped target Graphical Interface.
[ OK ] Stopped target Multi-User System.
[ OK ] Stopped target Login Prompts.
[ OK ] Stopped target Host and Network Name Lookups.
[ OK ] Stopped target Timer Units.
[ OK ] Stopped Daily apt upgrade and clean activities.
[ OK ] Stopped Daily apt download activities.
[ OK ] Stopped Daily dpkg database backup timer.
[ OK ] Stopped Periodic ext4 Online Metadata Check for All Filesystems.
[ OK ] Stopped Daily rotation of log files.
[ OK ] Stopped Message of the Day.
[ OK ] Stopped Daily Cleanup of Temporary Directories.
[ OK ] Stopped Ubuntu Advantage Timer for running repeated jobs.
[ OK ] Stopped target System Time Set.
Stopping Console Getty...
Stopping Regular background program processing daemon...
Stopping Dispatcher daemon for systemd-networkd...
Stopping System Logging Service...
[ OK ] Stopped Regular background program processing daemon.
[ OK ] Stopped Dispatcher daemon for systemd-networkd.
[ OK ] Stopped System Logging Service.
[ OK ] Stopped Console Getty.
[ OK ] Stopped Session 4 of User ubuntu.
Stopping User Login Management...
Stopping User Manager for UID 1000...
[ OK ] Stopped User Manager for UID 1000.
[ OK ] Stopped User Login Management.
Stopping User Runtime Directory /run/user/1000...
[ OK ] Unmounted /run/user/1000.
[ OK ] Reached target Unmount All Filesystems.
[ OK ] Stopped User Runtime Directory /run/user/1000.
[ OK ] Removed slice User Slice of UID 1000.
Stopping Permit User Sessions...
[ OK ] Stopped Permit User Sessions.
[ OK ] Stopped target Basic System.
[ OK ] Stopped target Network.
[ OK ] Stopped target Path Units.
[ OK ] Stopped target Remote File Systems.
[ OK ] Stopped target Slice Units.
[ OK ] Removed slice User and Session Slice.
[ OK ] Stopped target Socket Units.
[ OK ] Stopped target System Initialization.
[ OK ] Stopped target Local Encrypted Volumes.
[ OK ] Stopped Dispatch Password Requests to Console Directory Watch.
[ OK ] Stopped Forward Password Requests to Wall Directory Watch.
[ OK ] Stopped target Swaps.
[ OK ] Stopped target Local Verity Protected Volumes.
[ OK ] Closed Syslog Socket.
Stopping Network Name Resolution...
Stopping Record System Boot/Shutdown in UTMP...
[ OK ] Stopped Network Name Resolution.
Stopping Network Configuration...
[ OK ] Stopped Record System Boot/Shutdown in UTMP.
[ OK ] Stopped Create Volatile Files and Directories.
[ OK ] Stopped target Local File Systems.
[ OK ] Stopped target Preparation for Local File Systems.
[ OK ] Stopped Create Static Device Nodes in /dev.
[ OK ] Stopped Network Configuration.
[ OK ] Stopped target Preparation for Network.
[ OK ] Closed Network Service Netlink Socket.
[ OK ] Stopped Apply Kernel Variables.
[ OK ] Stopped Create System Users.
[ OK ] Stopped Remount Root and Kernel File Systems.
[ OK ] Reached target System Shutdown.
[ OK ] Reached target Late Shutdown Services.
[ OK ] Finished System Power Off.
[ OK ] Reached target System Power Off.
Sending SIGTERM to remaining processes...
Sending SIGKILL to remaining processes...
All filesystems, swaps, loop devices, MD devices and DM devices detached.
Powering off.
Bonus 2) Processes on the host
[root@srv ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─agetty
├─auditd─┬─sedispatch
│ └─2*[{auditd}]
├─chronyd
├─crond
├─dbus-broker-lau───dbus-broker
├─firewalld───3*[{firewalld}]
├─irqbalance───{irqbalance}
├─lxc-start───systemd─┬─agetty
│ ├─cron
│ ├─dbus-daemon
│ ├─networkd-dispat
│ ├─rsyslogd───3*[{rsyslogd}]
│ ├─systemd-journal
│ ├─systemd-logind
│ ├─systemd-network
│ └─systemd-resolve
├─mcelog
├─mdadm
├─polkitd───5*[{polkitd}]
├─rsyslogd───2*[{rsyslogd}]
├─sshd─┬─sshd───sshd───bash───pstree
│ └─sshd───sshd───bash
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
└─systemd-udevd
Bonus 3) Installation and Running a Ubuntu 22.04 LTS LXC container – the complete output
[root@srv ~]# dnf install -y epel-release
Last metadata expiration check: 0:00:19 ago on Wed 28 Sep 2022 09:25:04 AM UTC.
Dependencies resolved.
=========================================================================================
Package Architecture Version Repository Size
=========================================================================================
Installing:
epel-release noarch 9-2.el9 extras-common 17 k
Installing weak dependencies:
epel-next-release noarch 9-2.el9 extras-common 8.1 k
Transaction Summary
=========================================================================================
Install 2 Packages
Total download size: 25 k
Installed size: 26 k
Downloading Packages:
(1/2): epel-next-release-9-2.el9.noarch.rpm 26 kB/s | 8.1 kB 00:00
(2/2): epel-release-9-2.el9.noarch.rpm 53 kB/s | 17 kB 00:00
-----------------------------------------------------------------------------------------
Total 16 kB/s | 25 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : epel-release-9-2.el9.noarch 1/2
Installing : epel-next-release-9-2.el9.noarch 2/2
Running scriptlet: epel-next-release-9-2.el9.noarch 2/2
Verifying : epel-next-release-9-2.el9.noarch 1/2
Verifying : epel-release-9-2.el9.noarch 2/2
Installed:
epel-next-release-9-2.el9.noarch epel-release-9-2.el9.noarch
Complete!
[root@srv ~]# dnf install -y lxc lxc-templates container-selinux
Last metadata expiration check: 0:00:29 ago on Wed 28 Sep 2022 09:25:04 AM UTC.
Dependencies resolved.
=========================================================================================
Package Architecture Version Repository Size
=========================================================================================
Installing:
container-selinux noarch 3:2.189.0-1.el9 appstream 49 k
lxc x86_64 4.0.12-1.el9 epel 334 k
lxc-templates x86_64 4.0.12-1.el9 epel 19 k
Installing dependencies:
lxc-libs x86_64 4.0.12-1.el9 epel 535 k
Transaction Summary
=========================================================================================
Install 4 Packages
Total download size: 936 k
Installed size: 2.6 M
Downloading Packages:
(1/4): lxc-4.0.12-1.el9.x86_64.rpm 1.4 MB/s | 334 kB 00:00
(2/4): lxc-templates-4.0.12-1.el9.x86_64.rpm 191 kB/s | 19 kB 00:00
(3/4): lxc-libs-4.0.12-1.el9.x86_64.rpm 1.2 MB/s | 535 kB 00:00
(4/4): container-selinux-2.189.0-1.el9.noarch.rpm 59 kB/s | 49 kB 00:00
-----------------------------------------------------------------------------------------
Total 372 kB/s | 936 kB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : lxc-libs-4.0.12-1.el9.x86_64 1/4
Running scriptlet: lxc-libs-4.0.12-1.el9.x86_64 1/4
Installing : lxc-4.0.12-1.el9.x86_64 2/4
Installing : lxc-templates-4.0.12-1.el9.x86_64 3/4
Running scriptlet: container-selinux-3:2.189.0-1.el9.noarch 4/4
Installing : container-selinux-3:2.189.0-1.el9.noarch 4/4
Running scriptlet: container-selinux-3:2.189.0-1.el9.noarch 4/4
Verifying : container-selinux-3:2.189.0-1.el9.noarch 1/4
Verifying : lxc-4.0.12-1.el9.x86_64 2/4
Verifying : lxc-libs-4.0.12-1.el9.x86_64 3/4
Verifying : lxc-templates-4.0.12-1.el9.x86_64 4/4
Installed:
container-selinux-3:2.189.0-1.el9.noarch lxc-4.0.12-1.el9.x86_64
lxc-libs-4.0.12-1.el9.x86_64 lxc-templates-4.0.12-1.el9.x86_64
Complete!
[root@srv ~]# dnf install -y wget tar
Last metadata expiration check: 0:01:09 ago on Wed 28 Sep 2022 09:25:04 AM UTC.
Package wget-1.21.1-7.el9.x86_64 is already installed.
Dependencies resolved.
=========================================================================================
Package Architecture Version Repository Size
=========================================================================================
Installing:
tar x86_64 2:1.34-5.el9 baseos 886 k
Transaction Summary
=========================================================================================
Install 1 Package
Total download size: 886 k
Installed size: 3.0 M
Downloading Packages:
tar-1.34-5.el9.x86_64.rpm 1.0 MB/s | 886 kB 00:00
-----------------------------------------------------------------------------------------
Total 500 kB/s | 886 kB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : tar-2:1.34-5.el9.x86_64 1/1
Running scriptlet: tar-2:1.34-5.el9.x86_64 1/1
Verifying : tar-2:1.34-5.el9.x86_64 1/1
Installed:
tar-2:1.34-5.el9.x86_64
Complete!
[root@srv ~]# systemctl enable lxc
Created symlink /etc/systemd/system/multi-user.target.wants/lxc.service → /usr/lib/systemd/system/lxc.service.
[root@srv ~]# systemctl start lxc
[root@srv ~]# systemctl status lxc
● lxc.service - LXC Container Initialization and Autoboot Code
Loaded: loaded (/usr/lib/systemd/system/lxc.service; enabled; vendor preset: disabled)
Active: active (exited) since Wed 2022-09-28 09:29:19 UTC; 1h 59min ago
Docs: man:lxc-autostart
man:lxc
Process: 2990 ExecStartPre=/usr/libexec/lxc/lxc-apparmor-load (code=exited, status=0/SUCCESS)
Process: 2991 ExecStart=/usr/libexec/lxc/lxc-containers start (code=exited, status=0/SUCCESS)
Main PID: 2991 (code=exited, status=0/SUCCESS)
CPU: 71ms
Sep 28 09:28:48 srv systemd[1]: Starting LXC Container Initialization and Autoboot Code...
Sep 28 09:29:19 srv systemd[1]: Finished LXC Container Initialization and Autoboot Code.
[root@srv ~]# nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "10.10.10.1/24"
Connection 'br0' (78b79eb2-81d7-48c6-9b17-943a420cd102) successfully added.
[root@srv ~]# nmcli connection up br0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@srv ~]# firewall-cmd --permanent --add-masquerade
success
[root@srv ~]# firewall-cmd --reload
success
[root@srv ~]# lxc-create --template download -n mycontainer -- --dist ubuntu --release jammy --arch amd64
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
---
You just created an Ubuntu jammy amd64 (20220927_07:42) container.
To enable SSH, run: apt install openssh-server
No default root or user password are set by LXC.
[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/
total 16
drwxr-xr-x. 17 root root 4096 Sep 27 07:47 rootfs
drwxr-xr-x. 3 root root 4096 Sep 28 09:36 ..
-rw-r-----. 1 root root 808 Sep 28 09:37 config
drwxrwx---. 3 root root 4096 Sep 28 09:37 .
[root@srv ~]# ls -altr /var/lib/lxc/mycontainer/rootfs/
total 68
drwxr-xr-x. 2 root root 4096 Apr 18 10:28 sys
drwxr-xr-x. 2 root root 4096 Apr 18 10:28 proc
drwxr-xr-x. 2 root root 4096 Apr 18 10:28 boot
lrwxrwxrwx. 1 root root 7 Sep 27 07:43 bin -> usr/bin
lrwxrwxrwx. 1 root root 8 Sep 27 07:43 sbin -> usr/sbin
lrwxrwxrwx. 1 root root 7 Sep 27 07:43 lib -> usr/lib
lrwxrwxrwx. 1 root root 9 Sep 27 07:43 lib32 -> usr/lib32
lrwxrwxrwx. 1 root root 9 Sep 27 07:43 lib64 -> usr/lib64
lrwxrwxrwx. 1 root root 10 Sep 27 07:43 libx32 -> usr/libx32
drwx------. 2 root root 4096 Sep 27 07:43 root
drwxr-xr-x. 2 root root 4096 Sep 27 07:43 srv
drwxr-xr-x. 2 root root 4096 Sep 27 07:43 mnt
drwxr-xr-x. 2 root root 4096 Sep 27 07:43 opt
drwxr-xr-x. 2 root root 4096 Sep 27 07:43 media
drwxr-xr-x. 14 root root 4096 Sep 27 07:43 usr
drwxrwxrwt. 2 root root 4096 Sep 27 07:44 tmp
drwxr-xr-x. 12 root root 4096 Sep 27 07:44 var
drwxr-xr-x. 3 root root 4096 Sep 27 07:44 home
drwxr-xr-x. 2 root root 4096 Sep 27 07:45 run
drwxr-xr-x. 17 root root 4096 Sep 27 07:47 .
drwxr-xr-x. 3 root root 4096 Sep 28 09:37 dev
drwxr-xr-x. 62 root root 4096 Sep 28 09:37 etc
drwxrwx---. 3 root root 4096 Sep 28 09:37 ..
[root@srv ~]# cat /var/lib/lxc/mycontainer/config
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist ubuntu --release jammy --arch amd64
# Template script checksum (SHA-1): 47a9fc1ce184c958ecafc88dfd5f21c06f728288
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64
# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/mycontainer/rootfs
lxc.uts.name = mycontainer
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:43:99:37
[root@srv ~]# #edit the file to look like blow
[root@srv ~]# cat /var/lib/lxc/mycontainer/config
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist ubuntu --release jammy --arch amd64
# Template script checksum (SHA-1): 47a9fc1ce184c958ecafc88dfd5f21c06f728288
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64
# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/mycontainer/rootfs
lxc.uts.name = mycontainer
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:43:99:37
# Autostart
lxc.group = onboot
lxc.start.auto = 1
lxc.start.delay = 10
[root@srv ~]# cat /var/lib/lxc/mycontainer/rootfs/etc/netplan/10-lxc.yaml
network:
version: 2
ethernets:
eth0:
dhcp4: true
dhcp-identifier: mac
[root@srv ~]# #edit the file to look like blow
[root@srv ~]# cat /var/lib/lxc/mycontainer/rootfs/etc/netplan/10-lxc.yaml
network:
version: 2
ethernets:
eth0:
addresses:
- 10.10.10.2/24
nameservers:
addresses:
- 8.8.8.8
- 1.1.1.1
routes:
- to: default
via: 10.10.10.1
[root@srv ~]# lxc-start -n mycontainer
[root@srv ~]# ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
From 10.10.10.1 icmp_seq=1 Destination Host Unreachable
From 10.10.10.1 icmp_seq=2 Destination Host Unreachable
From 10.10.10.1 icmp_seq=3 Destination Host Unreachable
From 10.10.10.1 icmp_seq=4 Destination Host Unreachable
From 10.10.10.1 icmp_seq=5 Destination Host Unreachable
From 10.10.10.1 icmp_seq=6 Destination Host Unreachable
From 10.10.10.1 icmp_seq=7 Destination Host Unreachable
From 10.10.10.1 icmp_seq=8 Destination Host Unreachable
From 10.10.10.1 icmp_seq=9 Destination Host Unreachable
From 10.10.10.1 icmp_seq=10 Destination Host Unreachable
From 10.10.10.1 icmp_seq=11 Destination Host Unreachable
From 10.10.10.1 icmp_seq=12 Destination Host Unreachable
From 10.10.10.1 icmp_seq=13 Destination Host Unreachable
From 10.10.10.1 icmp_seq=14 Destination Host Unreachable
From 10.10.10.1 icmp_seq=15 Destination Host Unreachable
From 10.10.10.1 icmp_seq=16 Destination Host Unreachable
From 10.10.10.1 icmp_seq=17 Destination Host Unreachable
From 10.10.10.1 icmp_seq=18 Destination Host Unreachable
From 10.10.10.1 icmp_seq=19 Destination Host Unreachable
From 10.10.10.1 icmp_seq=20 Destination Host Unreachable
From 10.10.10.1 icmp_seq=21 Destination Host Unreachable
64 bytes from 10.10.10.2: icmp_seq=22 ttl=64 time=1023 ms
64 bytes from 10.10.10.2: icmp_seq=23 ttl=64 time=0.135 ms
64 bytes from 10.10.10.2: icmp_seq=24 ttl=64 time=0.336 ms
64 bytes from 10.10.10.2: icmp_seq=25 ttl=64 time=0.095 ms
64 bytes from 10.10.10.2: icmp_seq=26 ttl=64 time=0.075 ms
64 bytes from 10.10.10.2: icmp_seq=27 ttl=64 time=0.074 ms
64 bytes from 10.10.10.2: icmp_seq=28 ttl=64 time=0.070 ms
64 bytes from 10.10.10.2: icmp_seq=29 ttl=64 time=0.061 ms
64 bytes from 10.10.10.2: icmp_seq=30 ttl=64 time=0.094 ms
64 bytes from 10.10.10.2: icmp_seq=31 ttl=64 time=0.066 ms
^C
--- 10.10.10.2 ping statistics ---
31 packets transmitted, 10 received, +21 errors, 67.7419% packet loss, time 30725ms
rtt min/avg/max/mdev = 0.061/102.427/1023.267/306.946 ms, pipe 3
[root@srv ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─agetty
├─auditd─┬─sedispatch
│ └─2*[{auditd}]
├─chronyd
├─crond
├─dbus-broker-lau───dbus-broker
├─firewalld───3*[{firewalld}]
├─irqbalance───{irqbalance}
├─lxc-start───systemd─┬─agetty
│ ├─cron
│ ├─dbus-daemon
│ ├─networkd-dispat
│ ├─rsyslogd───3*[{rsyslogd}]
│ ├─systemd-journal
│ ├─systemd-logind
│ ├─systemd-network
│ └─systemd-resolve
├─mcelog
├─mdadm
├─polkitd───5*[{polkitd}]
├─rsyslogd───2*[{rsyslogd}]
├─sshd─┬─sshd───sshd───bash───pstree
│ └─sshd───sshd───bash
├─systemd───(sd-pam)
├─systemd-journal
├─systemd-logind
└─systemd-udevd
[root@srv ~]# lxc-attach -n mycontainer
root@mycontainer:~# ps axuf
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 101 0.0 0.1 10232 4232 pts/5 Ss 09:49 0:00 /bin/bash
root 109 0.0 0.0 12640 1564 pts/5 R+ 09:50 0:00 \_ ps axuf
root 1 0.0 0.2 17724 10440 ? Ss 09:47 0:00 /sbin/init
root 40 0.0 0.2 31264 10928 ? S<s 09:47 0:00 /lib/systemd/systemd-journald
systemd+ 58 0.0 0.1 16116 6536 ? Ss 09:47 0:00 /lib/systemd/systemd-networkd
systemd+ 70 0.0 0.3 25260 12588 ? Ss 09:47 0:00 /lib/systemd/systemd-resolved
root 73 0.0 0.0 9492 1248 ? Ss 09:47 0:00 /usr/sbin/cron -f -P
message+ 74 0.0 0.1 8428 3956 ? Ss 09:47 0:00 @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
root 76 0.0 0.5 34328 19268 ? Ss 09:47 0:00 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
syslog 77 0.0 0.1 222400 5228 ? Ssl 09:47 0:00 /usr/sbin/rsyslogd -n -iNONE
root 78 0.0 0.1 14900 6480 ? Ss 09:47 0:00 /lib/systemd/systemd-logind
root 82 0.0 0.0 8396 1120 pts/0 Ss+ 09:47 0:00 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 vt220
root@mycontainer:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:43:99:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.10.10.2/24 brd 10.10.10.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe43:9937/64 scope link
valid_lft forever preferred_lft forever
root@mycontainer:~# exit
exit
[root@srv ~]#