How-to install LXC and OpenQuake LXC on RHEL/CentOS 6

As root user:

1) Add the EPEL repo to your RHEL/CentOS 6 server

$ rpm -ivh http://mirror.nl.leaseweb.net/epel/6/i386/epel-release-6-8.noarch.rpm

2) Install LXC 1.0.6 from epel and some other stuff needed

$ yum install lxc lxc-libs lxc-templates bridge-utils libcgroup

3) Enable the cgroups

$ service cgconfig start
$ service cgred start
$ chkconfig --level 345 cgconfig on
$ chkconfig --level 345 cgred on

4) Setup the network:

the easiest way is to create an internal network, so you do not need to expose the LXC to the bare-metal server network.

a) Create the bridge

$ brctl addbr lxcbr0

b) Make the bridge persistent on reboot

create /etc/sysconfig/network-scripts/ifcfg-lxcbr0 and add
DEVICE="lxcbr0"
TYPE="Bridge"
BOOTPROTO="static"
IPADDR="10.0.3.1"
NETMASK="255.255.255.0"

c) Start the bridge interface

$ ifup lxcbr0

5) Configure the firewall

to allow outgoing traffic from the container: edit /etc/sysconfig/iptables and

a) Comment or remove

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

b) Add at the end of file

*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

c) Restart the firewall

$ service iptables restart

6) Enable IPv4 forwarding

edit /etc/sysctl.conf and change net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1, then apply the new parameters with
$ sysctl –p

7) Download OpenQuake LXC

$ cd /tmp && wget http://ftp.openquake.org/oq-master/lxc/Ubuntu_lxc_12.04_64_oq_master_nightly-141020.tar.bz2

8) Extract the OpenQuake LXC

$ tar --numeric-owner -C /var/lib/lxc -xpsjf /tmp/Ubuntu_lxc_12.04_64_oq_master_nightly-141020.tar.bz2

9) Check if the LXC is installed and ready

with the command lxc-ls you should see
$ lxc-ls
openquake-nightly-141020

10) Setup the OpenQuake LXC ip address

open /var/lib/lxc/openquake/rootfs/etc/network/interfaces and change iface eth0 inet dhcp to
iface eth0 inet static
address 10.0.3.2
netmask 255.255.255.0
gateway 10.0.3.1
dns-nameservers 8.8.8.8

11) Start the OpenQuake LXC

$ lxc-start –d –n openquake

12) Login into the running OpenQuake LXC

$ lxc-console –n openquake
(to detach press ctrl-a + q)
You can also login using SSH from the host server:
$ ssh openquake@10.0.3.2
User: openquake
Password: openquake

Please note:

  • This how-to is intended for a fresh, standard installation of RHEL/CentOS 6 (and is tested on 6.4). It may need some adjustments for customized installations.
  • On 5. the firewall could be already customized by the sysadmin, please be careful when edit it. For more details please ask to your network and/or system administrator.
  • On 5. section b. -A POSTROUTING -o eth0 -j MASQUERADE "eth0" is the name of the host server main interface. It can differ in your configuration (see the used interface with ifconfig).
  • On 8. the --numeric-owner is mandatory.
  • On 10. the 8.8.8.8 DNS is the one provided by Google. It’s better to use your internal DNS, so change that IP address with the one associated to your DNS server. For more details please ask to your network and/or system administrator.
  • On certain installations the rsyslogd process inside the container can eat lots of CPU cycles. To fix it run, within the container, these commands (not required on containers prepared by us):
service rsyslog stop
sed -i -e 's/^\$ModLoad imklog/#\$ModLoad imklog/g' /etc/rsyslog.conf
service rsyslog start

Comments

Post a Comment

Popular posts from this blog

WMI Static Port configuration

Step one:  Set the DCOM config to use a static port.... Basically, run "dcomcnfg" from command prompt. Navigate the tree to My Computer > DCOM Config > Windows Management and Instrumentation, select properties of that folder. Go to the Endpoints tab Select Properties button for Connection-oriented TCP/IP Use static endpoint, set the port. Step 2:  Configure WMI to use a fixed port http://msdn.microsoft.com/en-us/library/bb219447(v=VS.85).aspx At the command prompt, type  winmgmt -standalonehost Stop the WMI service by typing the command  net stop "Windows Management Instrumentation" Restart the WMI service again in a new service host by typing  net start "Windows Management Instrumentation" Establish a new port number for the WMI service by typing  netsh firewall add portopening TCP 24158 WMIFixedPort Still testing this myself, so not 100% certain it works. Another way, use the Component Services Manager to set the ra...
Read more

Optimizing your JVM for Best Performance

The better your JVM performs, the better your installation of Tomcat will perform. It's as simple as that. Getting the most out of your JVM is a matter of configuring its settings to match your real-world performance needs as closely as possible. Update your JVM to the latest version, establish some accurate benchmarks so you have a way of quantifying any changes you make, and then get down to business. Effective Memory Management The main thing to consider when tuning your JVM for Tomcat performance is how to avoid wasting  memory  and draining your server's power to process requests. Certain automatic JVM processes, such as garbage collection and memory reallocation, can chew through memory if they occur more frequently than necessary. You can make sure these processes only occur when they need to by using the JAVA_OPTS -Xmx and -Xms switches to control how JVM handles its heap memory. If your JVM is invoking garbage collection too frequently, use the -Xmx switch to ...
Read more

Exploring LXC Networking

Recently I’ve been finding myself in various conversations about  Docker  and  Linux Containers (LXC) . Most of the time the conversations eventually end up with one and the same question and that is whether we should run containers in production. Initially this post had a few paragraphs where I philosophised about readiness of the technology, but I’ve deleted those paragraphs now as the attention dedicated to containers in past year has been nothing short of amazing and more and more companies are running their Infrastructures in the containers or at least big parts of them. I’m sure this trend will continue to high degree in the future, so I’ve now removed these paragraphs and kept the technical content only. One of the (many) things which were not entirely clear to me and to the people I speak with about the topic of containers almost on daily basis is how the networking can be done and configured when using LXC. Hopefully the first blog post on this topic is going...
Read more