I'm going to dispel a few myths here.
This is just a bad idea. I'm sorry. – Jacob Mar 5 at 20:30
I don't see how this is a bad idea. It's really just a chroot inside a chroot. On one hand, it could possibly decrease performance in some negligible manner (nothing compared to running a VM inside a VM). On the other hand, it's likely to be more secure (e.g. more isolated from the root host system and it's constituents).
Do you actually have a real reason to do this? Please remember that questions here should be about actual problems that you face. – Zoredache Mar 5 at 21:52
I agree 100% with the poster's following comment. Furthermore, I think it's safe to assume that everybody who posts a question on here likely thinks that they have a real reason to do [ it ]..
I think, that lxc should be able to simplify VM migration(and backup+recovery too). But I'm not sure about cases, when there is no access to host OS(cheap vps for example). – Mikhail Mar 6 at 11:17
I actually came across this question back in June when I was first diving into LXC for PaaS/IaaS projects, and I was particularly interested in the ability to allow users to emulate cloud environments for development purposes.
LXCeption. We're too deep. – Tom O'Connor Mar 6 at 22:46
I laughed a little bit when I read this one, but that's not, at all, the case :)
Anyway, I eventually set up a VirtualBox environment with a stock install of Ubuntu 12.04 LTS Server Edition after reading all this, thinking that this was 100% possible. After installing LXC, I created a new container, and installed LXC inside the container with apt-get. Most of the installation progressed well, but resulted in error eventually due to a problem with the cgroup-lite package, whose upstart job failed to start after the package had been installed.
After a bit of searching, I came across this fine article at stgraber.org (the goodies are hiding under the "Container Nesting" section):
sudo apt-get install lxc
sudo lxc-create -t ubuntu -n my-host-container -t ubuntu
sudo wget https://www.stgraber.org/download/lxc-with-nesting -O /etc/apparmor.d/lxc/lxc-with-nesting
sudo /etc/init.d/apparmor reload
sudo sed -i "s/#lxc.aa_profile = unconfined/lxc.aa_profile = lxc-container-with-nesting/" /var/lib/lxc/my-host-container/config
sudo lxc-start -n my-host-container
(in my-host-container) sudo apt-get install lxc
(in my-host-container) sudo stop lxc
(in my-host-container) sudo sed -i "s/10.0.3/10.0.4/g" /etc/default/lxc
(in my-host-container) sudo start lxc
(in my-host-container) sudo lxc-create -n my-sub-container -t ubuntu
(in my-host-container) sudo lxc-start -n my-sub-container
Installing that AppArmor policy and restarting the daemon did the trick (don't forget to change the network ranges, though!). In fact, I thought that particular snippet was so important that I mirrored it @ http://pastebin.com/JDFp6cTB just in case the article ever goes offline.
After that, sudo /etc/init.d/cgroup-lite start
succeeded and it was smooth sailing.
So, yes, it is possible to start an LXC container inside of another LXC container :)
Without detailed explanation here is how you can do this.
- Create an archive of your LXC container.
- Create a Proxmox Container using that archive as a template.
First cd into your lxc container root directory:
cd /var/lib/lxc/debian8/rootfs/
(If you used an lvm volume as your containers storage, you need to mount it and cd into your mount point, which can be done by
mount /dev/mapper/<lvgroup-lvdisk> /var/lib/lxc/debian8/rootfs/
, and than cd into the mount point)
Create an archive:
tar -czvf /var/lib/vz/template/cache/my_debian8_template.tar.gz ./
Then create a new proxmox container out of that
pct create 100 /var/lib/vz/template/cache/my_debian8_template.tar.gz \
-description LXC -hostname pvecontainer01 -memory 1024 -nameserver 8.8.8.8 \
-net0 name=eth0,hwaddr=52:4A:5E:26:58:D8,ip=192.168.15.147/24,gw=192.168.15.1,bridge=vmbr0 \
-storage local -password changeme
(You can modify your options as you would like.)
For more information see - man pct
Best Answer
You probably figured it out already, but that seems to be a limitation of LXC containers, at least for now. From the pct man page :
If you truly want to shrink a container, I guess you'd have to perform a backup, then restore it with the
--rootfs local:<newsize>
option, like so :Of course, you can't perform this sort of resizing online, so I wouldn't call it a great solution, but it works if you have no other choice.
Good luck,