Boot2lxc Minimal VM based on Alpine
-
- Offline
- 1 year 9 months ago
- 2014-10-29
Hi All,
We just made available a boot2lxc minimal vm based on Alpine. How minimal? It's is a mere 65 MB download.
LXC is of course supported in the Linux kernel and you do not need a VM to run it. That is counterproductive given containers are a bare metal alternatives to virtualization. The rationale is to give Windows and OSX users an easy way to try the Flockport App Store and LXC .
We were looking for a minimal OS and Ubuntu supports LXC best. But some initial efforts and the lowest we could get the Vivid image download was around 250MB. Surely we could do better.
Docker it appears users Tinycore for their boot2docker image, but Tinycore is too minimalist and missing things like bridge-utils and a lot of other packages and functions you need for a properly functioning LXC environment.
We had recently used Alpine for our micro containers and Alpine seemed perfect both as a container and host OS. So Alpine made the most sense. We did run into a couple of issues with LXC in Alpine though
1. LXC networking is not available out of the box,
2. cgroups memory is not supported in the Alpine kernel
3. Alpine LXC does not have Python 3 support
4. GRSEC
For a lot of users networking is the first thing that gets them down so we needed to fix that first. We repurposed the lxc-net Debian script for Alpine so LXC networking works out of the box. Its a quick hack and needs to be fine tuned properly for OpenRC.
What this does basically is set up a standalone lxcbr0 bridge, enable dnsmasq DHCP on the subnet and some iptables rules for outward access for containers.
I tracked the cgroup memory issue in Alpine and it is supposed to be fixed in 3.14.37 but it wasn't working in my initial tests on release 3.14 , or even 3.2 rc3. We have to check the docs on this futrher
Grsec does not play well with LXC containers, chroot and namespaces. Since this is designed for relatively new users we went with the vanilla Alpine kernel.
Python3 support is missing in the Alpine LXC package so a number of 'decorative' functions like 'lxc-ls -f' do not work.
This boot2lxc image gives you a lightweight LXC environment along with the Flockport utility that lets users view and download containers directly to their system from the Flockport App Store .
Cheers!
I generally avoid compiling kernels and packages for maintainability reasons. It's so much easier to just grab a release. However I would like to have python3 support for LXC in our boot2lxc VM and also cgroups memory support. The first involves recompiling LXC and the latter the kernel.
I just recompiled the vanilla kernel with just the extra cgroups memory option enabled. And LXC with Python3 support. We will now put it through some testing. So the new version of boot2lxc will have both cgroup memory support and the LXC package python3 support. Yay!
I am hoping the next Alpine version has these are enabled out of box, for both the grsec and vanilla kernel. At some point I am going to take a closer look at running LXC properly with GRSEC and how that pans for normal users who may not be aware of GRSEC for day to day LXC use. In the interim vanilla it is.
I have added a number of features to the boox2lxc VM. . It's now called Flockbox.
1. Cgroups memory support - this required kernel 3.18.14 vanilla recompile
2. Python3 and Lua support for LXC 1.1.2 - LXC recompiled
3. Multiple overlayfs layers support - this required update to kernel 4.0.4
4. LXC Unprivileged container support - for root users. There is a bug for unprivileged containers in kernel 4.0.X. This required an update to kernel 4.1-rc7
5. LVM Thin Provisioning. - Added LVM2 and Thin Provisioning tools from Alpine testing repo.
This is a pretty easy way to try LXC now with a near complete feature set. And thanks to Alpine the VM is a mere 78MB download. Images are available for Virtualbox, VMWare and KVM. The KVM image should work in Xen too.
The VM images are available here