====== LXC - Linux Containers ======
===== Basic setup to get started =====
  - Install requirements and templates \\ ''apt install lxc libvirt0 libpam-cgfs bridge-utils uidmap lxc-templates debootstrap apparmor dnsmasq''
  - Configure cgroups and set up ranges in ''/etc/subuid'' and ''/etc/subgid'': \\ <code>MYUSERNAME:296608:65536
root:362144:65536</code>
  - Edit ''/etc/lxc/lxc-usernet'', e.g.: \\ <code>MYUSERNAME   veth    virbr0  10</code>
  - Edit ''/etc/default/lxc-net'', e.g.: \\ <code ini>USE_LXC_BRIDGE="true"
LXC_BRIDGE="virbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
LXC_DHCP_CONFILE=""
LXC_DOMAIN=""</code>
  - Edit ''/etc/lxc/default.conf'': \\ <code ini>lxc.net.0.type = veth
lxc.net.0.link = virbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 362144 65536
lxc.idmap = g 0 362144 65536
lxc.apparmor.profile = lxc-container-default</code> \\ Note: //use the user's subuid/subguid range as above// \\ Note: //in the MAC address line, you can leave the x's as is; maybe change the first 6 digits//
  - ''systemctl stop dnsmasq''
  - ''systemctl disable dnsmasq''
  - ''systemctl enable lxc-net''
  - ''systemctl restart lxc-net''

==== User specific configuration ====
If you want another user to create and run (unprivileged) containers, copy ''/etc/lxc/default.conf'' to 
''$HOME/.config/lxc/default.conf'' and set the subuid/subgid range accordingly.

==== Change where containers will be stored ====
One way to do this is replace ''/var/lib/lxc'' with a symbolic link to the intended storage location. There is probably a smarter way to do this with an option, but it works.

===== Creating a container =====
==== Example ====
  * ''lxc-create -t download -n somecontainer'' \\ There will be a selection of distros and releases to choose from.

===== Example projects =====
  * [[lxcopenvpntransmission|Creating a Transmission instance behind a VPN in an LXC container]]
  * [[muninserver|Setting up a Munin server and nodes]]

===== Troubleshooting =====
| ERROR: Unable to fetch GPG key from keyserver | Use a different keyserver, e.g.: \\ ''DOWNLOAD_KEYSERVER=keyserver.ubuntu.com lxc-create -t download -n sowieso'' \\ alternatively, skip verification (noooot recommended): \\ ''%%lxc-create -n container1 -t download -- --no-validate%%'' |
| ''lxc-create: maps: conf.c: chown_mapped_root: 3250 lxc-usernsexec failed: No such file or directory
Failed to open ttyNo such file or directory
Failed to open ttyOperation not permitted
Failed to unshare mount and user namespac
lxc-create: maps: tools/lxc_create.c: main: 327 Failed to create container maps'' | 1. unprivileged users can't work with subuid 100000-165536 \\ 2. ''sysctl kernel.unprivileged_userns_clone=1'' \\ ''echo "kernel.unprivileged_userns_clone = 1" >> /etc/sysctl.d/lxc-unprivileged_userns.conf'' |
===== Links =====
  * [[https://linuxcontainers.org/lxc/getting-started/|linuxcontainers.org - Getting Started]]
  * [[https://wiki.debian.org/LXC|Debian Wiki - LXC]]
  * [[https://pve.proxmox.com/wiki/Unprivileged_LXC_containers|Unprivileged LXC containers]]