Skip to main content
HashnodeDigital Tech Labs

Command Palette

Search for a command to run...

Proxmox Virtual Environment Create LXC Containers-Part 04

Updated
4 min read
Proxmox Virtual Environment Create LXC Containers-Part 04
R
Rony Hanna

Results-oriented IT professional in various fields of IT, including Systems, Networking, File Systems, Security, Programming Languages, Virtualization, Storage, and Backups.

Part of seriesProxmox Tutorials

In this lesson we will create and launch Linux container inside Proxmox.

Definition

Linux Containers (LXC) is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel.

The Linux kernel provides the cgroups functionality that allows limitation and prioritization of resources (CPU, memory, block I/O, network, etc.) without the need for starting any virtual machines, and also the namespace isolation functionality that allows complete isolation of an application’s view of the operating environment, including process trees, networking, user IDs and mountedfile systems.

LXC combines the kernel’s cgroups and support for isolated namespaces to provide an isolated environment for applications.

https://en.wikipedia.org/wiki/LXC

https://pve.proxmox.com/wiki/Linux_Container

Architecture

Download and Prepare

First of all we need to download container images (templates). Proxmox VE itself provides a variety of basic templates for the most common Linux distributions.

Update container template database

  • Access the Proxmox VE web interface from browser by entering the server’s IP address in a web browser.

  • Select on node (PVE-04) from the resource tree on the left side.

  • Select on Shell from the content panel to access shell.

  • type “pveam update**”** command to update available templates.

# pveam update
  • To view the list of available images run:
# pveam available

Download template

We can download the templates either from command-line interface of Proxmox or GUI.

To download templates simply, we have to list the available images and get the name of the image from the list and use the local named storage or any other configured storages.

# pveam download local debian-11-standard_11.7-1_amd64.tar.zst
  • We are ready to create containers using that image, and we can list all downloaded images on the local storage with:
# pveam list local

local:vztmpl/debian-11-standard_11.7-1_amd64.tar.zst 116.58MB
  • pct uses them to create a new container, for example:
# pct create 999 /var/lib/vz/template/cache/debian-11-standard_11.7-1_amd64.tar.zst -storage datastore-lvm

To download template from GUI

  • Select on local (PVE) storage from the resource tree on the left side.

  • Select on CT Templates from content panel of the local storage.

  • Select on Templates to download container templates from Proxmox.

  • New list for templates will pop up.

  • We can search or select a template.

  • for this demo we will download debian-11-standard.

  • Select on debian-11-standard.

  • Hit Download.

  • Task viewer for the download of the template.

  • Download is just finished.

Create a container

  • Select “Create CT”.

  • New “Create: LXC Container” pane will pop up.

  • Add Hostname, Password add SSH keys if available.

  • Select Next.

  • Expand Template and select the template that we’ve just downloaded.

  • Select Next.

  • Set the disk size minimum 8GB.

  • Select Next.

  • For this demo 1 core is enough.

  • Select Next.

  • Set the memory size.

  • By default, 512 MB are allocated.

  • 1024 MB is enough.

  • Select Next.

  • Untick Firewall to disable .

  • Select the appropriate Bridge and virtual switch.

  • In this demo vmbr0 is selected.

  • Configure IP address as static or DHCP.

  • In this demo DHCP will be selected.

  • Select Next.

  • Leave DNS as the host settings.

  • Select Next.

  • Check the configuration for any modification.

  • Press Finish.

  • Container has been created successfully.

Privileged vs Unprivileged container

Definition

These kind of containers use a new kernel feature called user namespaces. All of the UIDs (user id) and GIDs (group id) are mapped to a different number range than on the host machine, usually root (uid 0) became uid 100000, 1 will be 100001 and so on. This means that most security issues (container escape, resource abuse, …) in those containers will affect a random unprivileged user, even if the container itself would do it as root user, and so would be a generic kernel security bug rather than an LXC issue. The LXC team thinks unprivileged containers are safe by design.

https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

Starting Container

  • From the resource tree on the left select the newly created container.

  • Click on the start button form the top bar on the left.

  • Wait for the CT to boot.

  • From the console terminal enter the login user and password that we’ve added during the creation of the container.

  • Update the container.

References

https://pve.proxmox.com/wiki/Linux_Container

https://pve.proxmox.com/pve-docs/

#proxmox#linux#lxc#containers#apparmor#cgroups#selinux
79 views

Comments

Join the discussion

No comments yet. Be the first to comment.

Proxmox Tutorials

Part 4 of 7

In this series, we will cover Proxmox topics and tutorials.

Up next

Proxmox Virtual Environment Cloning VMs and Creating Templates-Part 05

In this lesson we will clone created virtual machine and create template inside Proxmox using “Windows10_22H2_x64v1" guest machine. Introduction The benefit of using templates is that we can deploy fully pre-configured operating system images without...

More from this blog

Digital Tech Labs

7 posts