LXC containers on a OpenVZ VPS

Question

I am trying to run LXC on a VPN that is hosted in OpenVZ, I have tried doing this with multiple image flavours, ubuntu. centos, debian... with no luck. LXC installs correctly but containers fail to start due to networking, it seems this is to do with the bridging of interfaces!

Has anyone had any issues similar to this? Does anyone know if this is a limitation of OpenVZ?

Starting from a fresh ubuntu 14.04 install:

sudo apt-get update 
sudo apt-get install lxc
sudo lxc-create -n p1 -t ubuntu 
sudo lxc-start -n p1 --logfile log.txt
cat log.txt
    lxc-start 1434379565.265 ERROR    lxc_conf - conf.c:instantiate_veth:2949 - failed to create veth pair (vethP4LPC8 and vethO6MP73): Operation not supported
    lxc-start 1434379565.265 ERROR    lxc_conf - conf.c:lxc_create_network:3261 - failed to create netdev
    lxc-start 1434379565.265 ERROR    lxc_start - start.c:lxc_spawn:826 - failed to create the network
    lxc-start 1434379565.265 ERROR    lxc_start - start.c:__lxc_start:1080 - failed to spawn 'p1'
    lxc-start 1434379565.265 ERROR    lxc_start_ui - lxc_start.c:main:342 - The container failed to start.
    lxc-start 1434379565.265 ERROR    lxc_start_ui - lxc_start.c:main:346 - Additional information can be obtained by setting the --logfile and --logpriority options.

And trying:

sudo brctl addbr lxcbr0
  add bridge failed: Invalid argument

@MichaelHampton Is there any way to use LXC from within a OpenVZ container? — RichyHBM, Jun 15 '15 at 15:19

Yonsy Solis · Accepted Answer · 2015-09-06T11:17:17.660

2

OpenVZ is an operating system virtualization technology, just like LXC and Docker but based in various kernel patches, and many never integrate with the mainstream kernel.

OpenVZ was based in old kernels (2.6.x) that don't have many things needed to manage containers now (cgroups mainly). Unfortunely, you can't run LXC Containers inside a OpenVZ virtual environment.

edited Sep 06 '15 at 11:17

answered Sep 03 '15 at 17:07

Yonsy Solis

284
1
9

grin · Answer 2 · 2016-01-19T12:28:27.737

Not to diminish the other answers (since they state correctly that OpenVZ containers are containers) but see this interesting link: Docker in OVZ CT ("Since OpenVZ kernel 042stab105.4 it is possible to run Docker inside containers. This article describes how.")

It may or may not offer some solutions to your problem but in theory it is possible to use cgroups in a CT (on newer kernels than 042stab105.4 and by using a rather new vzctl). Basicaly you'll need:

check your kernel config: try lxc-checkconfig under the given kernel, or use CONFIG=/boot/config-2.6.32-openvz-042stab108.2-amd64 lxc-checkconfig for any kernel installed.

If it seems to be okay you may go forward, and:

vzctl set $veid --save --features bridge:on --netif_add eth0 --netfilter full --devnodes net/tun:rw

And mount custom cgroups in the CT:

mount -t tmpfs tmpfs /sys/fs/cgroup
mkdir /sys/fs/cgroup/freezer,devices
mount -t cgroup cgroup /sys/fs/cgroup/freezer,devices -o freezer,devices
mkdir /sys/fs/cgroup/cpu,cpuacct,cpuset
mount -t cgroup cgroup /sys/fs/cgroup/cpu,cpuacct,cpuset/ -o cpu,cpuacct,cpuset

It is a funny construct indeed but ovz controls and cgroups are not inherently incompatible (many cgroup features are empty stub functions, eg. does nothing but doesn't spew out error messages).

Disclaimer: I haven't tried it yet (my kernel is missing cgroup namespace).

Another useful link is this Docker issue tracker comment about how to compile your OVZ kernel with the required features.

LXC containers on a OpenVZ VPS

2 Answers2