LXC Containers Server with Gentoo, NetworkManager and Systemd

Posted on 28 July 2016

Why LXC?

Some things in below list is just my imho and don’t take it very serious

Why Gentoo?

Simply because of maximum level of comfort and flexibility, another system I can suggest there is CoreOS (which is also based on Gentoo) however being Gentoo dev my choice is obvious.

Most of tutorials shows bridge configuration based on openrc’s /etc/conf.d/net services but it’s not any harder and even simpler with nmcli

basically (example from freedesktop.org):

$ nmcli con add type bridge con-name TowerBridge ifname TowerBridge
$ nmcli con add type ethernet con-name br-slave-1 ifname ens3 master TowerBridge
$ nmcli con add type ethernet con-name br-slave-2 ifname ens4 master TowerBridge
$ nmcli con modify TowerBridge bridge.stp no

Anything LXC specific could be done via Gentoo Wiki Tutorial

Some basic container config with own network will look alike this:

lxc.network.type = veth
lxc.network.link = lxbridge
lxc.network.flags = up
lxc.network.ipv4 = 192.168.3.146/24
lxc.network.ipv4.gateway = 192.168.3.254

lxc.group = onboot
lxc.start.auto = 1
lxc.start.delay = 5

lxc.rootfs = /srv/C
lxc.rootfs.backend = dir
### lxc-gentoo template stuff starts here
# sets container architecture
# If desired architecture != amd64 or x86, then we leave it unset as
# LXC does not oficially support anything other than x86 or amd64.
lxc.arch = amd64

# set the hostname
lxc.utsname = Cloyster
lxc.tty = 1

#container set with shared portage
lxc.mount.entry=/usr/portage usr/portage none ro,bind 0 0
lxc.mount.entry=/usr/portage/distfiles usr/portage/distfiles none rw,bind 0 0
#If you use eix, you should uncomment this
#lxc.mount.entry=/var/cache/eix var/cache/eix none ro,bind 0 0

lxc.include = /usr/share/lxc/config/gentoo.common.conf

working with containers using on-host lxc commands is pretty simple

lxc-start -n C
lxc-console -n C

default gentoo container password is toor

inside basic Gentoo lxc container there is OpenRC so very basic veth config will follow:

rc_keyword="-stop"

#config_eth0="dhcp"
config_eth0="192.168.3.146 netmask 255.255.255.0 brd 192.168.0.254"
routes_eth0="default via 192.168.3.254"
dns_servers_eth0="192.168.3.254 192.168.3..."

don’t forget to set it on autostart

rc-config add net.eth0

I had problems with running it on system start so I was forced to write some systemd service to automate it

[Unit]
Description=LXCAutostart
After=network.target
After=dbus.service
After=iscsid.service
After=apparmor.service
After=local-fs.target
After=remote-fs.target
After=lxc.service
After=lxcfs.service
After=NetworkManager.service
After=dnsmasq.service
After=nfs-client.target

[Service]
Type=simple
RemainAfterExit=yes
ExecStart=/usr/bin/lxc-autostart -g onboot
TimeoutStopSec=1

[Install]
WantedBy=multi-user.target

put it into /etc/systemd/system and systemctl enable it

There the basic setup is done.

Very handy web interface for LXC could be LXC Web Panel

it’s very tiny and only wants few python packages to run, prettty easy could be automated alike LXCAutostart service you only need specify WorkingDirectory for service and ExecStart=/usr/bin/python lwp.py. Also RemainAfterExit=yes and TimeoutStopSec=1 obviously not needed there because it’s real service :)

100% working containers are Debian and sure Gentoo

I’m using Gentoo openrc containers for some XLess services and Debian for virtual desktops

To share virtual desktop from container without phisical monitor it’s very handy to use X2Go

there instructions for debian: http://wiki.x2go.org/doku.php/wiki:repositories:debian

and on client you just need x2go client (works almost everywhere)

Interesting article to Run Accelerated GUI apps in LXC containers