Flockport containers will work in any default LXC environment.

Please Note: If you haven't already set up LXC please visit the Get Started page to get an overview of how to install LXC in your specific Linux distribution. The Flockport repo provides easy to install LXC packages for Debian Wheezy. Ubuntu already has updated and well supported packages for LXC by default that work perfectly out of the box.

Here is a quick video guide on how to use the Flockport WordPress container

You can browse and download Flockport containers from the container section.

Every Flockport container download page has 2 container downloads:

• A 64 bit Debian Wheezy container
• A 32 bit Ubuntu Precise container

A 64 bit host can use either, but a 32 bit host can only use 32 bit containers.

The default password for the Debian 64 bit containers

user : root
password : debian

The default password for Ubuntu 32 bit containers

user : ubuntu
password : ubuntu

FLockport containers ship in the xz format.

To see how let's use the WordPress container for this example.

Download and move the container to the LXC container folder.

mv containername /var/lib/lxc

Decompress Flockport container

tar -xvJf 'containername' --numeric-owner

Please note the capital J and --numeric-owner options.

The LXC container configuration options are set in the container name/config file. Please see the LXC Advanced guide in our News section to learn more.

The big moment! Launch the container with the following command.

lxc-start -n containername -d

See if container is running and get its IP with the command below

lxc-ls -f

If you followed our Getting started guide, it should work without a hiccup.

The Flockport container is configured to be available the mywordpress.org URL. You can change this in the Nginx webserver settings as desired but let's leave that for later.

Edit your /etc/hosts to point mywordpress.org to the container IP from the lxc-ls command.

nano /etc/hosts

10.0.3.175 mywordpress.org

Now the application will be available at mywordpress.org in your browser. Container details and application passwords are in the flockport.readme and appname.pass files in the container's root folder.

You can use 'lxc-attach -n container name' or ssh into the container to access the container file system.

Browse below to our LXC basics and LXC networking guide. Visit the Flockport News section for more guides on configuring and optimizing Flockport and LXC containers.

Accessing Flockport containers on cloud or remote hosts
The above method won't work on a remote system or a cloud KVM with the container in an internal NAT network behind a remote public IP.

Containers are configured to have access to the internet but if you need to make any services on the container available to the world you need to configure port forwarding from the host to the container.

For instance to forward port 80 from the host public IP 1.2.3.4 to a container with NAT IP 10.0.3.165 you can use the iptables rule below.

iptables -t nat -I PREROUTING -i eth0 -p TCP -d 1.1.1.1/32 --dport 80 -j DNAT --to-destination 10.0.3.165:80

This will make for instance an Nginx web server on port 80 of the container available on port 80 of the host.

Now to access the Flockport app in your browser simply add the remote public IP to your local /etc/hosts file.

1.2.3.4 mywordpress.org

This is just an example, change the remote IP and container IP in the above to match your remote system IP and container IP. Of course when you want to use the app in production you will need to make the appropriate changes in your domain or service providers DNS settings.

Flockport containers are preconfigured webstacks and applications designed to get you started quickly. We already host some of some of the most popular web apps and look forward to the community augmenting this.

There are a number of moving parts in Flockport containers with inherent complexity and all choices have been made keeping a simple user experience in mind.

At the same time we do not want generic containers that are just pasted together.

Scalability, reliability and robustness is important. And we ideally do not want users struggling with LXC or Flockport containers in any way.

Containers should be well documented, consistently reliable and be easy to use and deploy.

Flockport containers follow a few conventions.

• For Debian containers the root password is debian. As a convention root passwords of Flockport containers will be the distribution name. Please change this with the passwd command on first login.
• For Ubuntu containers the user is ubuntu and password is ubuntu
• Flockport containers are shipped in the tar xz format.
• There is a flockport.readme and appname.readme file in the root folder with application and database details.
• Flockport Containers are configured to use the default lxcbr0 bridge. The interface will be setup and enabled properly if LXC is installed from the Flockport or Ubuntu repo, with container IP being managed by Dnsmasq DHCP.
• Applications are configured in Nginx to be available at the myappname.org URL for instance if you download Discourse the app is available is mydiscourse.org.
• To access the application first get the container IP with the lxc-ls command and configure your /etc/hosts to access the Flockport application at myappname.org
• To keep container size to a minimum APT archives are deleted before containers are packaged.
• All application and stacks are installed from official repositories and configured for defaults. Flockport containers are built with official installation guides wherever possible and efforts made to stick to standards, so users have a base environment as it would be if they built it themselves. Optimization and customizations is left to user discretion. Any exceptions are documented in the containers.

The Flockport utility is alpha and is available in the Flockport LXC repo for Debian Wheezy. The Flockport utility was mainly designed for automating Flockport container deployments and it was felt it could be useful to end users.

It's only been tested on Debian Wheezy and functions as a simple utility to list containers available and download and make them available for use on your system from the terminal. You need tar, curl and xz-tools available on your system.

See the Flockport utility in action

The Flockport utility lets you view and download Flockport containers directly to your systems.

flockport help

This gives you a list of options to use the utility

flockport list

This lists Flockport containers available for download

flockport login

This prompts you for your credentials and logs you in to enable downloads of Flockport containers. Username and Password are your flockport.com credentials, and the login is typically valid for 14 days, so you don't need to login to download for subsequent downloads

flockport check

This checks your login status

flockport get containername

This downloads the selected container and makes it available for use in your system

flockport get md5
flockport get sha

This will download the md5/shasum of flockport containers to your LXC folder

flockport version

This gives you the Flockport utility and LXC version currently installed on you system

The utility is fairly straight forward. Errors if any will be related to invalid or expired login credentials or erroneous container names. Please check these carefully if you get errors.

LXC once installed is very simple to use. The first step is creating a container.

Here is a video walkthrough of basic LXC functions.

The LXC project provides OS templates for popular Linux distributions, Debian, Ubuntu, Centos etc. These templates are customised to operate in a container environment.

To create a container

lxc-create -n mycontainer -t debian -- a amd64

n - container name - any name you want
t - template for the container OS ie debian, ubuntu etc
a - architecture eg amd64 or i386

Once you enter the command LXC will download the template, setup the container and give you the default login credentials. This typically takes 5 minutes or less depending on your internet connection speed.

Once downloaded, templates are cached locally for reuse use so the next time you create a container it will not be downloaded again.

So now that you have a shiny new container its time to start it.

lxc-start -n mycontainer -d

The -d option starts the container as a daemon and returns you to the shell.

Without the -d option you can see the container boot in the terminal and eventually give you a login screen.
You can't exit this mode without powering off the container at which point you will be dropped back to your terminal so the -d option is the preferred way to start containers.

If you installed LXC from the Flockport or Ubuntu repo networking should be be enabled automatically and you can get the container IP by running

lxc-ls -f

Lxc-ls gives your information about containers -f option stands for 'fancy' and gives you additional details.

Now you can either access your container over ssh or by using the LXC tools.

lxc-attach -n mycontainer

-n - containername

This will drop you into the container root shell

ssh user@containerip will do the same

You can also use lxc-console tool to log in to the container.

lxc-console -n containername

Now that you are in the container it's just like being in another OS. You can install apps etc. To exit the container and return to your shell just type exit. To poweroff the container type poweroff or halt.

Here is a list of the LXC commands available

                  
lxc-attach           lxc-destroy       lxc-start
lxc-autostart        lxc-device        lxc-ephemeral
lxc-cgroup           lxc-execute       lxc-stop
lxc-checkconfig      lxc-freeze        lxc-unfreeze
lxc-clone            lxc-info          lxc-unshare
lxc-config           lxc-ls            lxc-usernsexec
lxc-console          lxc-monitor       lxc-wait
lxc-create           lxc-snapshot

To learn more please see Part 1 and II of our Getting started with LXC Guide

Flockport wants to make LXC accesible to a wider audience and make it simple to use. The LXC support in Ubuntu is great, but broken in Debian Wheezy.

The Debian wheezy LXC package is outdated (badly) and even compiling it from source will leave many essential functions non-operational.

To make LXC work as well in Debian as Ubuntu requires one to not only compile LXC but have a substantial understanding of all the components of LXC and networking for virtual machines, limiting it to experts. A lot of guides online are outdated, vague or simple erroneous.

This is not a good situation for one of the largest server OS bases.

The Flockport LXC package takes away this complexity and makes it as easy and seamless to use LXC in debian as Ubuntu. The package has all the features of LXC working out of the box in Debian and is a simple apt-get install

The Flockport repo hosts the Flockport utility to view and download containers directly from your system and a fully configured LXC 1.0.1 for Debian Wheezy.

Installing the Flockport utility will automatically install and configure LXC. You can install LXC on its own too.

If you would still like to get your hands dirty here is the guide to compile LXC.

Fortunately unlike some packages compiling LXC is a breeze.

Download LXC
wget https://linuxcontainers.org/downloads/lxc-1.0.3.tar.gz

tar -xcvf lxc-1.0.3.tar.gz

mv lxc-1.0.3 /usr/src

Prepare LXC environment
apt-get install debootstrap bridge-utils build-essential rsync libcap2-dev python3 python3-dev

Build LXC

./configure --sysconfdir=/etc --localstatedir=/var --with-distro=debian --enable-python=yes

If the configure script complains about Python missing in Debian, use this:

./configure --sysconfdir=/etc --localstatedir=/var --with-distro=debian --enable-python PYTHONDEV_CFLAGS=-I/usr/include/python-3.2mu PYTHONDEV_LIBS=-l/usr/include/python-3.2mu/

make

make install

Check if LXC is installed properly

lxc-checkconfig

Workaround Python path issue in Debian Wheezy. Go to:

cd /usr/local/lib/python3.2/dist-packages/

With your favourite text editor create and save a new file usrlocal.pth here with the line below

/usr/local/lib/python3/dist-packages

Reload libraries

ldconfig

Note: While LXC works with the Debian Wheezy stock 3.2 kernel, the newest Wheezy kernel in backports 3.13/3.14 is recommended. LXC is developing fast and a lot of features were added kernel 3.8 onwards. For the stock kernel ignore the Python related build instructions.

Note:To enable selinux, apparmor or seccomp in LXC you need to install the respective dev packages before compiling LXC.

This bridges containers/VMs to your host network so they appear as other physical machines on your network.

They have all the network capabilities of the host ie can connect directly to the internet, connect and be reached from other machines on the network, and if assigned public IPs can be reached directly from the internet.

For instance if you are a home user and have a wifi router that assigns IPs to your devices with a host bridged network, containers will get their IPs directly from the router.

Edit the /etc/network/interfaces file and make sure it looks like below

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0

In many cases a user may have little control of network DHCP, so getting IPs assigned automatically will be impossible.

In this case using a NAT bridge is the best option. It has other functions but let's leave that for later.

A NAT bridge basically creates a private network within the host computer with the containers/VMs getting private IPs.

These IPs are not directly accessible from the outside world. The containers need to use NAT (network address translation) to access the internet.

LXC ships with a NAT bridge by default called lxcbr0.

The Flockport LXC and the Ubuntu package enable container networking by default so nothing needs to be done. The next section is meant to help those on other Linux distributions or compiling LXC from source.

Download the Flockport lxc-net Debian init script. We have customised the script to fix bugs, enable a few features and enable autostart to work in Debian out of the box.

Copy it to your /etc/init.d/ folder and enable it.

chmod +x lxc-net
update-rc.d lxc-net defaults
service lxc-net start

Add a file named lxc to /etc/default/ with the line below

nano /etc/default/lxc
USE_LXC_BRIDGE="true"

Now we just need a DHCP server to assign IPs to containers/VMs.

Install Dnsmasq-base

apt-get install dnsmasq-base

With Dnsmasq base it's a good idea to add a dnsmasq user.

adduser --system --home /var/lib/misc --gecos "dnsmasq" --no-create-home --disabled-password --quiet dnsmasq

Incase you already have Dnsmasq installed (you could have it as it's used by a lot of apps)

Create a lxc config file in /etc/dnsmasq.d/ with nano or your favourite text editor

nano /etc/dnsmasq.d/lxc

Add the lines below to the lxc file

bind-interfaces
except-interface=lxcbr0

And restart dnsmasq

service dnsmasq restart

The above configuration is only needed if your Dnsmasq installation is not configured to bind to a specific interface. If Dnsmasq binds to all interfaces the lxcbr0 bridge will fail to come up.

Security tip for prior Dnsmasq users. It's a good idea to ensure you bind dnsmasq to a specific interface so you are not running an open DNS relay. This can even be a fake interface like abc for instance.

Move the lxc-net scipt to /etc/init.d/ and enable it.

update-rc.d lxc-net defaults

Start the lxc-net service

update-rc.d lxc-net start

Congratulations! The lxcbr0 bridge with Nat is now enabled on reboot.

In a cloud KVM the average user may not have access to the network DHCP or enough public IPs, so a NAT Bridge is often the only option.

To set up a NAT bridge for your containers see the NAT bridge tab.

The containers will have access to the internet but if you need to make any services on the container available to the world you need to configure port forwarding from the host to the container.

For instance to forward port 80 from the host ip 1.1.1.1 to a container with ip 10.0.3.165 you can use the iptables rule below.

iptables -t nat -I PREROUTING -i eth0 -p TCP -d 1.1.1.1/32 --dport 80 -j DNAT --to-destination 10.0.3.165:80

This will make for instance an Nginx web server on port 80 of the container available on port 80 of the host.

For advanced users who do have access and would prefer to use a bridged network and public IPs for containers, follow the instructions in the Host bridge tab.

If you already have a bridge, you can connect LXC containers to your current bridge by specifying it in the LXC container config file.

You can use Nginx reverse proxy to deploy multiple containers in a NAT from the same host public IP. See our Deploying containers with Nginx reverse proxy guide.

LXC containers have MAC addresses. To assign a static IP create a dnsmasq.conf file in /etc/lxc/ and add the line below to assign a specific static IP to a container name.

dhcp-host=containername,10.0.3.21

For those not using Dnsmasq DHCP you can assign an LXC container MAC address to a specific IP in your router or DHCP app configuration.

You can also assign static IPs to containers by configuring the network settings within the container OS. For example for Debian based containers the configuration file would be /etc/network/interfaces in the container.

LXC has the capability to start single or groups of containers automatically on boot. Important for servers hosting services.

The Flockport LXC and the Ubuntu package enable container networking by default so nothing needs to be done. The next section is meant to help those on other Linux distributions or compiling LXC from source.

The lxc init script is responsible for autostarting containers.

Download the Flockport LXC Debian init script, move it to /etc/init.d/ and enable it.

mv lxc /etc/init.d/
chmod +x lxc
update-rc.d lxc defaults
update-rc.d lxc start

Add a default.conf file to /etc/lxc/ and add the lines below. Change lxcbr0 line if you are using another bridge.

lxc.network.type = veth
lxc.network.link = lxcbr0

You can now configure containers to autostart on boot.

To configure a container to autostart on reboot, add the following line to the container's config file at containername/config

lxc.start.auto = 1

You can also group containers and autostart groups of containers.

lxc.group = groupname

You also also stagger container starts. Please see our LXC advanced guide for more details.