Tag Archives: lxc

CentOS 7 LXC container slow boot

After you have installed a CentOS 7 LXC template on a systemd supprted distro (Fedora 21/22, CentOS 7 with LXC 1.0.7), you can experience a ultra slow container boot (more than 5 minutes!). A small change can fix this issue.

In the container config (i.e. /var/lib/lxc/centos7/config) replace:

lxc.include = /usr/share/lxc/config/centos.common.conf


lxc.include = /usr/share/lxc/config/fedora.common.conf

This will make the container boot fast as it should be.

centos.common.conf is fine for CentOS 6 but not for CentOS 7: CentOS 7 is based on Fedora 19 and uses systemd, thus fedora.common.conf is the right config file to use.

Fedora 22 / CentOS 7 LXC fix systemd-journald process at 100%

Running a Fedora 21, Fedora 22 or a RHEL/CentOS 7 LXC container created by the lxc-create Fedora template can result in a 100% cpu loop for the systemd-journald process.

To fix this issue you must add lxc.kmsg = 0 to the container configuration. This can be done easily for all the Fedora templates in one shot:

echo "lxc.kmsg = 0" >> /usr/share/lxc/config/fedora.common.conf

See also:

OpenShift Cookbook by Packt Publishing

Author: Shekhar Gulati
Publisher: Packt Pubblications
URL: https://www.packtpub.com/virtualization-and-cloud/openshift-cookbook
GitHub: https://github.com/OpenShift-Cookbook

On Amazon: http://www.amazon.com/OpenShift-Cookbook-Shekhar-Gulati/dp/1783981202/

This great book lets you, with a very little effort, to understand the OpenShift technology. You don’t need a strong background on virtualization and container technologies, but at the same time it does not get bored a skilled user.

The overview on the OpenShift technology and its utilities (rhc) is very clear and easy to follow, also thanks to the OpenShift free profile which allows you to test and play with the rhc command while you go through with the book reading. More complex tasks like backups, snapshots, rollbacks are addressed and explained. Also the security aspects are taken into account.

Several real-world examples, with end-to-end receipts, are showed in the book: MySQL, PostgreSQL, MongoDB for database apps, Python, Java, Node.js for web oriented development.

A chapter is dedicated on how to use Jenkins CI as a Continuous Integration system for OpenShift apps; this is an aspect which is most of the times not took into account, but it’s very important nowadays.

I would consider as the “core” of the book the chapter on scaling OpenShift applications, which is a salient characteristic of OpenShift and it is not always an easy task to solve.

In conclusion a must have book if you want to start and play with OpenShift, even if you are a beginner or if you are not but you don’t have familiarity with complex and scalable application deployment.

All the code mentioned in the book is available on their GitHub repo: https://github.com/OpenShift-Cookbook.

Create a new Fedora LXC container using yum

In this tutorial we are going to install an LXC container with Fedora 21 to be run on a Fedora 21 host with libvirt. This can be used to create containers to be managed by my WebVirtMgr web panel.

Install the new filesystem

yum -y --installroot=/var/lib/libvirt/filesystems/fedora21 --releasever=21 --nogpg install systemd passwd yum fedora-release vim openssh-server procps-ng iproute net-tools dhclient less

Create the libvirt domain

virt-install --connect lxc:/// --name fedora21 --ram 512 --filesystem /var/lib/libvirt/filesystems/fedora21/,/

This command will also start the domain. Now it’s time to stop it and do some post install configurations.

Post-installation setup

Press Ctrl + ] to detach from the domain console. Than stop it:

virsh -c lxc:/// shutdown fedora21

Change root password

chroot /var/lib/libvirt/filesystems/fedora21 /bin/passwd root

Setup the hostname

echo "mynewlxc" > /var/lib/libvirt/filesystems/fedora21/etc/hostname

Setup the network

cat << EOF > /var/lib/libvirt/filesystems/fedora21/etc/sysconfig/network
cat << EOF > /var/lib/libvirt/filesystems/fedora21/etc/sysconfig/network-scripts/ifcfg-eth0

Setup SSH

chroot /var/lib/libvirt/filesystems/fedora21/
ln -s /usr/lib/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/

Start the container

virsh -c lxc:/// start fedora21

Or, if you are using my WebVirtMgr web panel fork you can start / stop the domain using it.

The Fedora 21 LX

The Fedora 21 LXC


Thanks to major.io for his original article. It contains also some important considerations about security.

WebVirtMgr with LXC support

This is the connections page backported from WebVirtMgr 4.8.7


WebVirtMgr (by retspen) is a simple but great libvirt frontend written in python with Django. It currently supports only KVM as hypervisor. However libvirt can be already used to manage other hypervisors (like XEN) and it also supports LXC containers.

Using the container libvirt feature I extended WebVirtMgr, creating a fork, which adds LXC support and other minor improvements (see https://github.com/daniviga/webvirtmgr/commits/master)

LXC support currently has some limitations:

  • The LXC container filesystem must be created manually (this is a libvirt limitation)
  • Even the LXC domain creation isn’t supported right now (you need to create the XML and define the domain manually, virt-install can be used)
  • Web remote console is under development and not yet ready (some work has been made using butterfly)
  • LXC domain deletion doesn’t remove its filesystem
  • Snapshotting is not supported (another libvirt limitation, it can be done manually with LVM or Btrfs)

But basic functions works well:

  • Management of remote hosts (via TCP, SSH, TLS, socket)
  • Start, stop, shutdown, pause
  • Autostart
  • CPU and RAM limits assignment
  • Network interfaces management
  • Clone (only the domain, filesystem must be copied manually)

My WebVirtMgr fork contains also some minor differences and improvements compared to the original:

  • The old connections list page (with a table instead of boxes) has been kept
  • It supports a very basic ACLs system (for both KVM and LXC). With this feature non-admin users can be created (using the django-admin interface) that can only have specific access to a pre-defined set of VMs/LXCs. This means that user “foo“, for example, can only start/stop/shutdown or access the remote console of the VM “my_vm

The installation procedure remains the same as the original project.


This is the connections page backported from WebVirtMgr 4.8.7

This is the connections page backported from WebVirtMgr 4.8.7

KVM instances

The KVM instances view

The LXC instances view

The LXC instances view

An example of a running LXC container

An example of a running LXC container

An LXC domain can be cloned, and a random MAC address can be generated

An LXC domain can be cloned, and a random MAC address can be generated

An example of an LXC deletion

An example of an LXC deletion

Instance admin interface: you can assign users

Instance admin interface: you can assign users


Creare un bridge per OpenVZ

Brevemente, ecco la procedura per utilizzare OpenVZ attraverso un Bridge Ethernet al posto del NAT standard.

Per prima cosa creiamo il bridge (es. ‘br0‘). Per dettagli sulla procedura vi rimando a Google. Un esempio: su CentOS è necessario creare il file ifcfg-br0 in /etc/sysconfig/.

Successivamente creiamo il file vznet in /etc/vz/:

vim /etc/vz/vznet.conf

e inseriamo


Infine è necessario aggiungere il container (già creato, o in fase di creazione) al bridge con il comando:

vzctl set 101 --netif_add eth0,,,,br0 --save

(101 è l’id del container, eth0 è il nome della scheda all’interno del container, br0 è il bridge dell’host)



LXC containers 01

Cominciamo con questo breve articolo una serie dedicata a LXC.

LXC: http://lxc.sourceforge.net/

LXC is the userspace control package for Linux Containers, a lightweight virtual system mechanism sometimes described as “chroot on steroids”.
LXC builds up from chroot to implement complete virtual systems, adding resource management and isolation mechanisms to Linux’s existing process management infrastructure.

In pratica LXC sono un set di tools userspace per la creazione e la gestione di containers che permettono la creazione di un sistema di virtualizzazione leggero ed efficiente. Questo è reso possibile grazie ai “Control Groups” – cgroups implementati nella mainline del kernel dal 2.6.24. Ovviamente le VM non sono altro che dei processi isolati tra loro, ma che utilizzano fisicamente lo stesso kernel (che è pure lo stesso dell’host); è quindi ovvio che solo sistemi con kernel Linux potranno essere virtualizzati. Il vantaggio è nella mancata perdita di prestazioni rispetto ai sistemi di virtualizzazione completa (kvm, xen), poiché i processi sono eseguiti direttamente sulla sistema bare-metal.
Altri sistemi silimili sono le Jails di FreeBSD e OpenVZ. Il vantaggio di LXC rispetto a OpenVZ è il disporre di tutto il necessario già all’interno del kernel, quindi senza necessità di patch al kernel vanilla.

Va premesso che LXC è una tecnologia recente e quindi ancora in fase di pesante sviluppo. E’ tuttavia pienamente usabile.

In questo primo articolo creeremo un container con Debian Squeeze su di una Fedora 14 (64bit).

Per prima cosa occore installare i tool necessari all’operazione:

yum install -y lxc debootstrap

A questo punto occore, se già non sono presenti, montare i cgroup: in Fedora 14 essi sono gestiti dallo script /etc/init.d/cgconfig con una precisa struttura gerarchica. Allo stato attuale LXC non supporta tale struttura e quindi procederemo al montaggio di /cgroup in maniera classica. Dopo aver disattivato gli script di avvio (tramite ntsysv o chkconfig) si procede a montare /cgroup manualmente e ad inserirlo nell’fstab:

mount -t cgroup cgroup /cgroup
echo "cgroup /cgroup cgroup rw 0 0" >> /etc/fstab

Creiamo anche le impostazioni base per la rete dei container. Esistendo già il bridge di rete br0 per kvm basterà creare il file /etc/lxc/container.conf (il path è arbitrario):

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.ipv4 =

Ora recuperiamo il template di installazione per Debian dal pacchetto sorgente di LXC poiché nella versione RPM di Fedora 14 essi non sono distribuiti. Per comodità è possibile scaricare i template pronti per Fedora 14 a 64bit (lxc-templates-0.7.4.tar.gz). Essi vanno scompattati in  /usr/lib64/lxc/templates/.

Passiamo alla creazione del container con il comando lxc-create -n [nome_container] -t  [template] -f  [config_base_rete]

lxc-create -n debian01 -t debian -f /etc/lxc/container.conf
debootstrap is /usr/sbin/debootstrap
Checking cache download in /var/cache/lxc/debian/rootfs-squeeze-amd64 ...
Downloading debian minimal ...
I: Retrieving Release
W: Cannot check Release signature; keyring file not available /usr/share/keyrings/debian-archive-keyring.gpg
I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional required dependencies: insserv libbz2-1.0 libdb4.8 libslang2
I: Found additional base dependencies: adduser debian-archive-keyring gnupg gpgv isc-dhcp-client isc-dhcp-common libbsd0 libdb4.7 libedit2 libgdbm3 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libncursesw5 libreadline6 libssl0.9.8 libusb-0.1-4 libwrap0 openssh-blacklist openssh-client perl perl-modules procps readline-common
I: Checking component main on http://cdn.debian.net/debian...
I: Retrieving libacl1
I: Validating libacl1
I: Retrieving adduser
I: Validating adduser
I: Retrieving apt
I: Validating apt
I: Retrieving libattr1
I: Validating libattr1
I: Retrieving base-files
I: Validating base-files
I: Retrieving base-passwd
I: Validating base-passwd

Al termine della creazione sarà sufficiente avviare la VM

lxc-start -n debian01 -d

E connettersi via console al container appena creato

lxc-console -n debian01

(per fare il detach della console premere ctrl-q a)

— Fine prima parte —