Wondering how to setup Ansible create LXC container? Our ServerManagement Support team is here to lend a hand with your queries and issues.
Ansible create LXC container
Today, let us see how our support techs setup LXC container.
Host setup
You need a few packages and config files on the host.
In addition to the lxc package, we need lxc-dev and the lxc-python2 python package to manage the containers from Ansible:
- hosts: localhost
connection: local
become: true
vars:
- interface: lxcbr0
tasks:
- name: apt lxc packages are installed on host
apt: name={{ item }}
with_items:
- lxc
- lxc-dev
- python-pip
- copy:
dest: /etc/default/lxc-net
content: |
USE_LXC_BRIDGE="true"
- copy:
dest: /etc/lxc/default.conf
content: |
lxc.network.type = veth
lxc.network.link = {{ interface }}
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
- service:
name: lxc-net
state: started
- name: pip lxc packages are installed on host
pip:
name: "{{ item }}"
with_items:
- lxc-python2
run_once: true
This can be executed with this command:
ansible-playbook setup.yml --ask-become-pass --diff
Container creation
Add a file called inventory to specify the containers to use.
These are two IP addresses in the range of the LXC network.
deb1 ansible_host=10.0.3.100
deb2 ansible_host=10.0.3.101
For local work, I find it easier to set an IP address with Ansible and use the /etc/hosts file, which is why IP addresses are include here.
Without it, you need to wait for each container to boot, then detect its IP address before you can log in.
Add this to setup.yml
- hosts: all
connection: local
become: true
vars:
- interface: lxcbr0
tasks:
- name: Load in local SSH key path
set_fact:
my_ssh_key: "{{ lookup('env','HOME') }}/.ssh/id_rsa.pub"
- name: interface device exists
command: ip addr show {{ interface }}
changed_when: false
run_once: true
- name: Local user has an SSH key
command: stat {{ my_ssh_key }}
changed_when: false
run_once: true
- name: containers exist and have local SSH key
delegate_to: localhost
lxc_container:
name: "{{ inventory_hostname }}"
container_log: true
template: debian
state: started
template_options: --release stretch
container_config:
- "lxc.network.type = veth"
- "lxc.network.flags = up"
- "lxc.network.link = {{ interface }}"
- "lxc.network.ipv4 = {{ ansible_host }}/24"
- "lxc.network.ipv4.gateway = auto"
container_command: |
if [ ! -d ~/.ssh ]; then
mkdir ~/.ssh
echo "{{ lookup('file', my_ssh_key) }}" | tee -a ~/.ssh/authorized_keys
sed -i 's/dhcp/manual/' /etc/network/interfaces && systemctl restart network
fi
Then, in the next block of setup.yml, use keyscan to get the SSH keys of each machine as it becomes available.
- hosts: all
connection: local
become: false
serial: 1
tasks:
- wait_for: host={{ ansible_host }} port=22
- name: container key is up-to-date locally
shell: ssh-keygen -R {{ ansible_host }}; (ssh-keyscan {{ ansible_host }} >> ~/.ssh/known_hosts)
Lastly, jump in via SSH and install python. This is required for any follow-up configuration that uses Ansible.
- hosts: all
gather_facts: no
vars:
- ansible_user: root
tasks:
- name: install python on target machines
raw: which python || (apt-get -y update && apt-get install -y python)
Next, you can execute the whole script to create the two containers.
ansible-playbook setup.yml --ask-become-pass --diff
Scaling to hundreds of containers
Now that you have created two containers, it is easy enough to see how you would make 20 containers by adding a new inventory:
for i in {1..20}; do echo deb$(printf "%03d" $i).example.com ansible_host=10.0.3.$((i+1)); done | tee inventory
deb001.example.com ansible_host=10.0.3.2
deb002.example.com ansible_host=10.0.3.3
deb003.example.com ansible_host=10.0.3.4
...
And then run the script again:
ansible-playbook -i inventory setup.yml --ask-become-pass
This produces 20 machines after a few minutes.
The processes running during this setup were mostly rync, plus the network waiting to retrieve python many times.
If you need to optimise to frequent container spin-ups, LXC supports storage back-ends that have copy-on-write, and you can cache package installs with a local webserver, or build some packages into the template.
Running these 20 containers plus a Debian desktop, we found that our computer was using just 2.9GB of RAM, so we figured I would test 200 empty containers at once.
for i in {1..200}; do echo deb$(printf "%03d" $i).example.com ansible_host=10.0.3.$((i+1)); done > inventory
ansible -i inventory setup.yml
It took truly a very long time to add Python to each install, but the result is as you would expect:
$ sudo lxc-ls --fancy
NAME STATE AUTOSTART GROUPS IPV4 IPV6
deb001.example.com RUNNING 0 - 10.0.3.2 -
deb002.example.com RUNNING 0 - 10.0.3.3 -
deb003.example.com RUNNING 0 - 10.0.3.4 -
...
deb198.example.com RUNNING 0 - 10.0.3.199 -
deb199.example.com RUNNING 0 - 10.0.3.200 -
deb200.example.com RUNNING 0 - 10.0.3.201 -
The base resource usage of an idle container is absolutely tiny, around 13 megabytes.
The system moved from 2.9GB to 5.4GB of RAM used when we added 180 containers.
Containers clearly have a lower overhead than VM’s, since no RAM has been reserved here.
Software updates
The containers are updated just like regular VM’s-
apt-get update
apt-get dist-upgradeBackups
In this setup, the container’s contents is stored under /var/lib/lxc/. As long as the container is stopped, you get at it safely with tar or rsync to make a full copy:
$ sudo tar -czf deb001.20180209.tar.gz /var/lib/lxc/deb001.example.com/
$ rsync -avz /var/lib/lxc/deb001.example.com/ remote-computer@example.com:/backups/deb001.example.com/
Full-machine snapshots are also available on the Ceph or LVM back-ends, if you use those.
Teardown
The same Ansible module can be used to delete all of these machines in a few seconds.
- hosts: all
connection: local
become: true
tasks:
- name: Containers do not exist
delegate_to: localhost
lxc_container:
name: "{{ inventory_hostname }}"
state: absent
ansible-playbook -i inventory teardown.yml --ask-become-pass
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
To sum up, our Support Engineers demonstrated how to setup Ansible create LXC container.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
0 Comments