How to Install, Create and Manage LXC (Linux Containers) in RHEL/CentOS 7

LXC, acronym for Linux Containers, is a lightweight Linux kernel based virtualization solution, which practically runs on top of the Operating System, allowing you to run multiple isolated distributions the same time.

The difference between LXC and KVM virtualization is that LXC doesn’t emulates hardware, but shares the same kernel namespace, similar to chroot applications.

Install LXC Linux Container in CentOS

Install and Manage LXC Linux Container in Linux

This makes LXC a very fast virtualization solution compared to other virtualization solutions, such as KVM, XEN or VMware.

This article will guide you on how you can install, deploy and run LXC containers on a CentOS/RHEL and Fedora distributions.

Requirements

A working Linux operating system with minimal installation:

  1. Installation of CentOS 7 Linux
  2. Installation of RHEL 7
  3. Installation of Fedora 23 Server

Step 1: Installing LXC Virtualization in Linux

1. LXC virtualization is provided through Epel repositories. In order to use this repo, open a terminal and install Epel repositories in your system by issuing the following command:

# yum install epel-release

2. Before continuing with LXC installation process, assure that Perl language interpreter, and debootstrap packages are installed by issuing the below commands.

# yum install debootstrap perl libvirt

3. Finally install LXC virtualization solution with the following command.

# yum install lxc lxc-templates

4. After LXC service has been installed, verify if LXC and libvirt daemon is running.

# systemctl status lxc.service
# systemctl start lxc.service
# systemctl start libvirtd 
# systemctl status lxc.service
Sample Output
Check LXC Daemon Status
[[email protected] ~]# systemctl status lxc.service
lxc.service - LXC Container Initialization and Autoboot Code
   Loaded: loaded (/usr/lib/systemd/system/lxc.service; disabled)
   Active: inactive (dead)

[[email protected] ~]# systemctl start lxc.service
[[email protected] ~]# systemctl status lxc.service
lxc.service - LXC Container Initialization and Autoboot Code
   Loaded: loaded (/usr/lib/systemd/system/lxc.service; disabled)
   Active: active (exited) since Fri 2016-04-01 02:33:36 EDT; 1min 37s ago
  Process: 2250 ExecStart=/usr/libexec/lxc/lxc-autostart-helper start (code=exited, status=0/SUCCESS)
  Process: 2244 ExecStartPre=/usr/libexec/lxc/lxc-devsetup (code=exited, status=0/SUCCESS)
 Main PID: 2250 (code=exited, status=0/SUCCESS)

Apr 01 02:33:06 mail systemd[1]: Starting LXC Container Initialization and Autoboot Code...
Apr 01 02:33:06 mail lxc-devsetup[2244]: Creating /dev/.lxc
Apr 01 02:33:06 mail lxc-devsetup[2244]: /dev is devtmpfs
Apr 01 02:33:06 mail lxc-devsetup[2244]: Creating /dev/.lxc/user
Apr 01 02:33:36 mail lxc-autostart-helper[2250]: Starting LXC autoboot containers:  [  OK  ]
Apr 01 02:33:36 mail systemd[1]: Started LXC Container Initialization and Autoboot Code.

and check LXC kernel virtualization status by issuing the below command.

# lxc-checkconfig
Sample Output
Check LXC Kernel Virtualization Configuration
[[email protected] ~]# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.10.0-229.el7.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Step 2: Create and Manage LXC Containers in Linux

5. To list available LXC templates containers already installed on your system issue the below command.

# ls -alh /usr/share/lxc/templates/
List LXC Templates Containers
total 344K
drwxr-xr-x. 2 root root 4.0K Apr  1 02:32 .
drwxr-xr-x. 6 root root  100 Apr  1 02:32 ..
-rwxr-xr-x. 1 root root  11K Nov 15 10:19 lxc-alpine
-rwxr-xr-x. 1 root root  14K Nov 15 10:19 lxc-altlinux
-rwxr-xr-x. 1 root root  11K Nov 15 10:19 lxc-archlinux
-rwxr-xr-x. 1 root root 9.7K Nov 15 10:19 lxc-busybox
-rwxr-xr-x. 1 root root  29K Nov 15 10:19 lxc-centos
-rwxr-xr-x. 1 root root  11K Nov 15 10:19 lxc-cirros
-rwxr-xr-x. 1 root root  17K Nov 15 10:19 lxc-debian
-rwxr-xr-x. 1 root root  18K Nov 15 10:19 lxc-download
-rwxr-xr-x. 1 root root  49K Nov 15 10:19 lxc-fedora
-rwxr-xr-x. 1 root root  28K Nov 15 10:19 lxc-gentoo
-rwxr-xr-x. 1 root root  14K Nov 15 10:19 lxc-openmandriva
-rwxr-xr-x. 1 root root  14K Nov 15 10:19 lxc-opensuse
-rwxr-xr-x. 1 root root  35K Nov 15 10:19 lxc-oracle
-rwxr-xr-x. 1 root root  12K Nov 15 10:19 lxc-plamo
-rwxr-xr-x. 1 root root 6.7K Nov 15 10:19 lxc-sshd
-rwxr-xr-x. 1 root root  23K Nov 15 10:19 lxc-ubuntu
-rwxr-xr-x. 1 root root  12K Nov 15 10:19 lxc-ubuntu-cloud

6. The process of creating a LXC container is very simple. The command syntax to create a new container is explained below.

# lxc-create -n container_name -t container_template

In the below excerpt we’ll create a new container named mydeb based on a debian template that will be pulled off from LXC repositories.

Creating LXC Container
[[email protected] ~]# lxc-create -n mydcb -t debian
debootstrap is /usr/sbin/debootstrap
Checking cache download in /var/cache/lxc/debian/rootfs-jessie-amd64 ... 
Downloading debian minimal ...
W: Cannot check Release signature; keyring file not available /usr/share/keyrings/debian-archive-keyring.gpg
I: Retrieving Release 
I: Retrieving Packages 
I: Validating Packages 
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
...
...

7. After a series of base dependencies and packages that will be downloaded and installed in your system the container will be created. When the process finishes a message will display your default root account password. Change this password once you start and login to the container console in order to be safe.

are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
Failed to read /proc/cmdline. Ignoring: No such file or directory
invoke-rc.d: policy-rc.d denied execution of start.
Timezone in container is not configured. Adjust it manually.
Root password is 'root', please change !
Generating locales (this might take a while)...
  en_IN.en_IN...character map file `en_IN' not found: No such file or directory
/usr/share/i18n/locales/en_IN:55: LC_MONETARY: unknown character in field `currency_symbol'
 done
Generation complete.

8. Now, you can use lxc-ls to list your containers and lxc-info to obtain information about a running/stopped container.

In order to start the newly created container in background (will run as a daemon by specifying the -d option) issue the following command:

# lxc-start -n mydeb -d

9. After the container has been started you can list running containers using the lxc-ls --active command and get detailed information about the running container.

# lxc-ls --active

10. In order to login to the container console issue the lxc-console command against a running container name. Login with the user root and the password generated by default by lxc supervisor.

Once logged in the container you can run several commands in order to verify the distribution by displaying the /etc/issue.net file content, change the root password by issuing passwd command or view details about network interfaces with ifconfig.

# lxc-console -n mydeb
# cat /etc/issue.net
# ifconfig
# passwd
Sample Output
Connect to LXC Container
[[email protected]~]# lxc-console -n mydcb

Connected to tty 1
Type &ltCtrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself

Debian GNU/Linux 8 mydcb tty1

mydcb login: root
Password: 
Last login: Fri Apr  1 07:39:08 UTC 2016 on console
Linux mydcb 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
[email protected]:~# cat /etc/issue.net
Debian GNU/Linux 8
[email protected]:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3e:d9:21:d7  
          inet6 addr: fe80::216:3eff:fed9:21d7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:107 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5796 (5.6 KiB)  TX bytes:648 (648.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

[email protected]:~# passwd root
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

11. To detach from the container console and go back to your host console, leaving the container in active state, hit Ctrl+a then q on the keyboard.

To stop the a running container issue the following command.

# lxc-stop -n mydcb

12. In order to create a LXC container based on an Ubuntu template, enter /usr/sbin/ directory and create the following debootstrap symlink.

# cd /usr/sbin
# ln -s debootstrap qemu-debootstrap

13. Edit qemu-debootstrap file with Vi editor and replace the following two MIRROR lines as follows:

DEF_MIRROR=”http://mirrors.kernel.org/ubuntu”
DEF_HTTPS_MIRROR=”https://mirrors.kernel.org/ubuntu”

For reference, see the following content and place the above two lines as stated:

....
MAKE_TARBALL=""
EXTRACTOR_OVERRIDE=""
UNPACK_TARBALL=""
ADDITIONAL=""
EXCLUDE=""
VERBOSE=""
CERTIFICATE=""
CHECKCERTIF=""
PRIVATEKEY=""

DEF_MIRROR=”http://mirrors.kernel.org/ubuntu”
DEF_HTTPS_MIRROR=”https://mirrors.kernel.org/ubuntu”

14. Finally create a new LXC container based on Ubuntu template issuing the same lxc-create command.

Once the process of generating the Ubuntu container finishes a message will display your container default login credentials as illustrated on the below screenshot.

# lxc-create -n myubuntu -t ubuntu
Sample Output
Create LXC Ubuntu Container
Checking cache download in /var/cache/lxc/precise/rootfs-amd64 ... 
Installing packages in template: ssh,vim,language-pack-en
Downloading ubuntu precise minimal ...

15. In order to create a specific container based on local template use the following syntax:

# lxc-create -n container_name -t container_template -- -r distro_release -a distro_architercture 

Here is an excerpt of creating a debian wheezy container with an amd64 system architecture.

# lxc-create -n mywheezy -t debian -- -r wheezy -a amd64
Sample Output
Create LXC Container Based on Distro Architecture
debootstrap is /sbin/debootstrap
Checking cache download in /var/cache/lxc/debian/rootfs-wheezy-amd64 ... 
Downloading debian minimal ...
W: Cannot check Release signature; keyring file not available /usr/share/keyrings/debian-archive-keyring.gpg
I: Retrieving Release 
I: Retrieving Packages 
I: Validating Packages 
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional required dependencies: insserv libbz2-1.0 libdb5.1 libsemanage-common libsemanage1 libslang2 libustr-1.0-1 
I: Found additional base dependencies: adduser debian-archive-keyring gnupg gpgv isc-dhcp-common libapt-pkg4.12 libbsd0 libclass-isa-perl libedit2 libgdbm3 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libncursesw5 libprocps0 libreadline6 libssl1.0.0 libstdc++6 libswitch-perl libusb-0.1-4 libwrap0 openssh-client perl perl-modules procps readline-common 
I: Checking component main on http://http.debian.net/debian...
I: Retrieving libacl1 2.2.51-8
I: Validating libacl1 2.2.51-8
I: Retrieving adduser 3.113+nmu3
I: Validating adduser 3.113+nmu3
I: Retrieving apt 0.9.7.9+deb7u7
I: Validating apt 0.9.7.9+deb7u7
I: Retrieving libapt-pkg4.12 0.9.7.9+deb7u7
I: Validating libapt-pkg4.12 0.9.7.9+deb7u7
I: Retrieving libattr1 1:2.4.46-8
I: Validating libattr1 1:2.4.46-8
I: Retrieving base-files 7.1wheezy9
I: Validating base-files 7.1wheezy9
I: Retrieving base-passwd 3.5.26
...

16. For instance, specific containers for different distro releases and architectures can be also created from a generic template which will be downloaded from LXC repositories as illustrated in the below example.

# lxc-create -n mycentos6 -t download -- -d centos -r 6 -a i386

Here is the list of lxc-create command line switches:

-n = name 
-t = template
-d = distibution
-a = arch
-r = release

17. Containers can be deleted from your host with the lxc-destroy command issued against a container name.

# lxc-destroy -n mywheezy

18. A container can be cloned from an existing container by issuing lxc-clone command:

# lxc-clone mydeb mydeb-clone

19. And finally, all created containers reside in /var/lib/lxc/ directory. If for some reason you need to manually adjust container settings you must edit the config file from each container directory.

# ls /var/lib/lxc

This are just the basic things you need to know in order to work your way around LXC.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Matei Cezar

I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

20 Responses

  1. Robert M. Koretsky says:

    Actually, I checked, and I did have to install lxc-extra in order to get everything shown in this tutorial to work!

  2. Robert M. Koretsky says:

    I cannot address Ales’s comment. But the dependencies between Linux software is highly complex, if they are easy for you to untangle, the more power to you. As far as Alberto’s comment goes, I might have installed lxc-extra but I don’t recall.

    Certainly it couldn’t hurt to do so. Maybe some day in the near future for CentOS, lxd will be as easy to install as lxc is, as shown in this article. As I say in mt previous comment, on Debian family, lxd is a very simple installation, and useful too in order to sandbox machines.

  3. Ales Drtik says:

    For what is libvirt installed when you use lxc-* commands only?

  4. Alberto Fernandez says:

    Hi Matei Cezar,

    Your Information was Great, so thanks for sharing it with us; but I have some issues on Red Hat 7.4 distribution with the lxc-ls command, when I try to perform the command it display: command not found… it seems the distribution that I use need to install a extra package to solve this; so it will be helpful that you can recommend to users to add the package: sudo yum install -y lxc-extra since this use python3.

    Regards.

  5. Robert M. Koretsky says:

    Excellent article! Much thanks! At this time, 12/5/2017, installation of lxd on CentOS 7.4 is not reliably achievable by an ordinary Linux user. But lxc is, exactly as shown so well here by Mr. Cezar.

    Personally, I’m not too sure what lxd gets you anyway, above and beyond lxc. I have lxd installed on Linux Mint 18.2, and there is a pretty easy path to installation on Debian-family systems. Not so on the RHEL-family.

    I cannot speak towards installing either lxc/lxd on the Slackware/OpenSuse family.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.