Categories

How to Create a LXC CentOS Template

Download CentOS 5.5 (or other version if You want) netinstall (or full if You want). Choose i386 or x86_64 (x86_64 works only if the guest OS is x86_64).

Install CentOS to a physical or virtual PC as You like (minimal, typical or anyhow You like).

I installed to virtual KVM PC. Some screenshots of that process follows.

Choose a Local Mirror

When the CentOS is set up we need to tar the contents of the file system. But not everything. So create a temporary file (/tmp/exclude) on the newly installed system:

.bash_history
lost+found
/dev/*
/mnt/*
/tmp/*
/proc/*
/sys/*
/usr/src/*

And then run:

[root@localhost ~]# tar --numeric-owner -czvf /tmp/centos-5.5-x86_64-image.tgz -X /tmp/exclude /

(If You don’t like installing CentOS You can use a OpenVZ template as described here)

Copy centos-5.5-x86_64-image.tgz to Your LXC host system. Untar:

root@servukas:~# mkdir -p /var/lxc/centos
root@servukas:~# cd /var/lxc/centos
root@servukas:/var/lxc/centos# tar -zxvf /root/centos-5.5-x86_64-image.tgz

Put a “#” in etc/inittab file at the beginning of the lines that respawn /sbin/mingetty on tty1 through tty6:

# Run gettys in standard runlevels
#1:2345:respawn:/sbin/mingetty tty1
#2:2345:respawn:/sbin/mingetty tty2
#3:2345:respawn:/sbin/mingetty tty3
#4:2345:respawn:/sbin/mingetty tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty6

Remove everything from etc/fstab except the line that mounts /dev/pts.

Comment the line

#/sbin/start_udev

in file etc/rc.d/rc.sysinit.

Disable ipv6. Add two lines to etc/modprobe.d/blacklist:

blacklist ipv6
blacklist net-pf-10

and edit etc/sysconfig/network line NETWORKING_IPV6 to:

NETWORKING_IPV6=no

To fix iptables modify two lines on etc/sysconfig/iptables-config file

IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="no"

Create a file /var/lxc/fix_dev.sh:

#!/bin/bash
# Makes default devices needed in lxc containers
# modified from http://lxc.teegra.net/
ROOT=$(pwd)
DEV=${ROOT}/dev
if [ $ROOT = '/' ]; then
printf "\033[22;35m\nDO NOT RUN ON THE HOST NODE\n\n"
tput sgr0
exit 1
fi
if [ ! -d $DEV ]; then
printf "\033[01;33m\nRun this script in rootfs\n\n"
tput sgr0
exit 1
fi
rm -rf ${DEV}
mkdir ${DEV}
mknod -m 666 ${DEV}/null c 1 3
mknod -m 666 ${DEV}/zero c 1 5
mknod -m 666 ${DEV}/random c 1 8
mknod -m 666 ${DEV}/urandom c 1 9
mkdir -m 755 ${DEV}/pts
mkdir -m 1777 ${DEV}/shm
mknod -m 666 ${DEV}/tty c 5 0
mknod -m 666 ${DEV}/tty0 c 4 0
mknod -m 666 ${DEV}/tty1 c 4 1
mknod -m 666 ${DEV}/tty2 c 4 2
mknod -m 666 ${DEV}/tty3 c 4 3
mknod -m 666 ${DEV}/tty4 c 4 4
mknod -m 600 ${DEV}/console c 5 1
mknod -m 666 ${DEV}/full c 1 7
mknod -m 600 ${DEV}/initctl p
mknod -m 666 ${DEV}/ptmx c 5 2
exit 0

And run it:

root@servukas:/var/lxc/centos# sh ../fix_dev.sh

Disable unnecessary services:

root@servukas:/var/lxc# chroot /var/lxc/centos
bash-3.2# chkconfig --levels 2345 acpid off
bash-3.2# chkconfig --levels 2345 kudzu off
bash-3.2# chkconfig --levels 2345 microcode_ctl off

I also disabled these services because they failed starting up with my hosts kernel and I don’t need them either:

bash-3.2# chkconfig --levels 2345 autofs off
bash-3.2# chkconfig --levels 2345 hidd off
bash-3.2# chkconfig --levels 2345 auditd off
bash-3.2# chkconfig --levels 2345 ip6tables off

Some more services to disable (leave them if You need):

bash-3.2# chkconfig --levels 2345 isdn off
bash-3.2# chkconfig --levels 2345 gpm off
bash-3.2# chkconfig --levels 2345 cups off
bash-3.2# chkconfig --levels 2345 sendmail off
bash-3.2# chkconfig --levels 2345 rpcidmapd off
bash-3.2# chkconfig --levels 2345 rpcgssd off
bash-3.2# chkconfig --levels 2345 netfs off
bash-3.2# chkconfig --levels 2345 nfslock off
bash-3.2# chkconfig --levels 2345 portmap off
bash-3.2# exit

As You may noticed I used chroot. There is a full file system of CentOS so it works flawlessly.

This is it. The template is finished. Tar it and keep for future usage.

Well and… let’s test it!

Create centos.conf file:

lxc.utsname = centos
lxc.tty = 4
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.mtu = 1500
lxc.network.hwaddr = 00:16:36:2F:8D:DA
lxc.network.ipv4 = 0.0.0.0/24
lxc.rootfs = /var/lxc/centos
lxc.mount = /var/lxc/centos.fstab
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
# /dev/pts/* - pts namespaces are "coming soon"
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

The lxc.network.hwaddr is not necessary, but if You want allways the same MAC address, it is a good idea to put it here. The MAC address was taken from CentOS etc/sysconfig/network-scripts/ifcfg-eth0 file.

The lxc.network.ipv4 = 0.0.0.0/24 means “use DHCP” (previously mentioned ifcfg-eth0 file by default uses DHCP).

Create centos.fstab file:

none /var/lxc/centos/dev/pts    devpts defaults 0 0
none /var/lxc/centos/proc    proc    defaults 0 0
none /var/lxc/centos/sys    sysfs    defaults 0 0

Let’s make a Linux Container:

root@servukas:/var/lxc# lxc-create -f /var/lxc/centos.conf -n centos-test

And start it (it is a good idea to use screen here):

root@servukas:/var/lxc# lxc-start -n centos-test
INIT: version 2.86 booting
Welcome to  CentOS release 5.5 (Final)
Press 'I' to enter interactive startup.
Cannot access the Hardware Clock via any known method.
Use the --debug option to see the details of our search for an access method.
Setting clock  (utc): Fri May 28 16:56:58 EEST 2010        [  OK  ]
Loading default keymap (us):                               [  OK  ]
Setting hostname localhost.localdomain:                    [  OK  ]
raidautorun: unable to autocreate /dev/md0
Checking filesystems
[  OK  ]
mount: can't find / in /etc/fstab or /etc/mtab
Mounting local filesystems:                                [  OK  ]
Enabling local filesystem quotas:                          [  OK  ]
Enabling /etc/fstab swaps:                                 [  OK  ]
INIT: Entering runlevel: 3
Entering non-interactive startup
Starting background readahead:                             [  OK  ]
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: nat filter                [  OK  ]
Applying iptables firewall rules:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:
Determining IP information for eth0... done.
[  OK  ]
Starting system logger:                                    [  OK  ]
Starting kernel logger:                                    [  OK  ]
Enabling ondemand cpu frequency scaling:                   [  OK  ]
Starting irqbalance:                                       [  OK  ]
Starting system message bus:                               [  OK  ]
Can't open RFCOMM control socket: Address family not supported by protocol

Starting PC/SC smart card daemon (pcscd):                  [  OK  ]
Starting HAL daemon:                                       [  OK  ]
Starting sshd:                                             [  OK  ]
Starting crond:                                            [  OK  ]
Starting anacron:                                          [  OK  ]
Starting atd:                                              [  OK  ]
Starting yum-updatesd:                                     [  OK  ]
Starting Avahi daemon...                                   [  OK  ]
Starting smartd:                                           [  OK  ]
INIT: no more processes left in this runlevel

If Your DHCP server is configured properly now is the time to ssh to Your new Linux Container.

My CentOS Container runs on Ubuntu 10.04 Lucid Lynx host.

6 comments to How to Create a LXC CentOS Template

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>