- 1 Introduction
- 2 System requirements
- 3 Features
- 4 Supported OS
- 5 Manage containers
- 6 Migrate container from OpenVZ to Linux container
- 7 References
Linux Containers (LXC) is an operating-system-level virtualization environment for running multiple isolated Linux systems on a single Linux control host (Wikipedia LXC). It can be also defined as a lightweight VM but extremely fast and easy to deploy.
There is not much overhead and therefore it's the perfect solution for effective use of resources.
No extra kernel boot is necessary on startup resulting in a super fast boot.
Linux Containers (LXC) are introduced in Proxmox VE 4.0 and support the Proxmox Storage Model.
LXC vs LXD vs Docker
A nice comparison is available as an Infographic.
LXC is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers. LXD specializes in deploying (Linux) Virtual Machines.
Docker is a container system making use of LXC containers to Build, Ship, and Run Any App, Anywhere and is supported by Docker, Inc. Docker specializes in deploying apps.
LXD isn't a rewrite of LXC, in fact it's building on top of LXC to provide a new, better user experience. Under the hood, LXD uses LXC through liblxc and its Go binding to create and manage the containers. It's basically an alternative to LXC's tools and distribution template system with the added features that come from being controllable over the network. Incidentally, LXD is installed using the command lxc.
LXD and Docker are not needed for ProxMox VE as the latter manages all it's LXC instances from within itself. Information from Docker scripts can be used to build LXC.
- Proxmox VE 4.0 or higher
- Support of local directories(NOTE:not on ZFS use instead ZFSPoolPlugin), NFS, ZFS, LVM, Ceph and DRBD9 (other will/can follow)
- manipulate disk size
- snapshot, rollback, clone, linked clone (all these features need storage support)
- Kernel namespaces (ipc, uts, mount, pid, network and user)
- Apparmor profiles
- Seccomp policies
- Chroots (using pivot_root)
- Kernel capabilities
- CGroups (control groups)
- Backup and restore
- Integrated firewall
- Network support for VLAN, IPv4, IPv6
- Debian 4, 5, 6, 7, 8
- CentOS 6, 7
- Ubuntu 12.04, 14.04, 15.04, 15.10, 16.04
- Alpine Linux (tested >=3.1)
- Fedora 22
- OpenSUSE 13.1 13.2
Other OS are following step by step.
Management can be done either via the web gui, or via command line tools
Get a container templateAll templates can be downloaded at the GUI.
NOTE: Only the supported OS work
If the containers are not yet visible use the following pve command to update the list.
After you have downloaded a template, you can create a container based on it.
A GUI wizard will guide you through the creation process.
It is also possible to create a container with the pct command line tool. More details see manpages
pct create 104 /var/lib/vz/template/cache/debian-8.0-standard_8.0-1_amd64.tar.gz \ -description LXC -rootfs 4 -hostname pvecontainer01 -memory 1024 -nameserver 126.96.36.199 \ -net0 name=eth0,hwaddr=52:4A:5E:26:58:D8,ip=192.168.15.147/24,gw=192.168.15.1,bridge=vmbr0 \ -storage local -password
There are two possibilities to start a container:either on the GUI or on the command line
pct start 100
Stopping a container can be done in a similar way like starting a container.
pct stop 100
The backup can be done in three different modes: snapshot, suspend and stopped. This mode options have only an effect if the container is running.
Snapshot mode: this feature depends on the filesystem and so it must support snapshots. If snapshot mode is chosen but it's not supported by the filesystem the backup will be done in suspend mode.
Suspend mode: the container will be frozen during the time the backup is running. NOTE: Container is not running untill backup is done!
Stopped mode: the container will be turned off and restarted after backup.
The command line tool backing up Linux container is vzdump. For more information read vzdump manpage.
vzdump 100 -compress lzo -dumpdir /var/lib/vz/dump/ -mode snapshot -remove 0
It is easy and fast to restore a container.
On the GUI it was only possible to restore a container with the same VMID and if there is no VM with this VMID. In Proxmox VE 3+ it can be restored to any available VMID.
If you need to change the VMID or override a VM you can use the command line tool pct.
For more information read the man page of pct.
pct restore 101 /var/lib/vz/dump/vzdump-lxc-100-2015_06_22-11_12_40.tar.lzo
LXC Containers use an AppArmor profile to provide ressource isolation in the container. This works by blocking system calls like 'mount' who are denied being executed in the container. You can trace the AppArmor activity with:
dmesg | grep apparmor
If you want to disable AppArmor for a container, you can add the stanza
lxc.aa_profile = unconfined
at the end of the configuration file ( located in /etc/pve/lxc/CTID.conf ) Note that this is not a recommended setup for production.
Migrate container from OpenVZ to Linux container
Follow this howto: