Over the past year I have been working hard on learning my new role and getting up to speed on an assortment of different technologies. I've also been working on obtaining some IT certifications.
Last week I passed my CompTIA Security Plus and now I'm studying for the CompTIA Linux Plus. This is just the beginning though. Now that I have an employer willing to pay for my training and certifications, I have many reasons to pursue additional knowledge and understanding. For example, next year I plan to pursue my RHCSA and also work toward an MCSA in Windows Server 2016.
That's not all, I've also been teaching myself EMC networker and Netapp clustering too. To help with all that, I have a lab server running ESXi, setup with lots of VM's and the netapp simulator. As you can see, I've been quite busy.
Anyway, to help with the Linux Plus certification, I decided setup my Lenovo 11e with a dual boot configuration, running Centos 7 alongside Windows 10. And to help ensure I don't trash my Centos while I am learning my way around Linux, I have decided to setup Linux Containers and do my hacking within them.
Linux containers are the Linux analogue to BSD Jails and Solaris Zones. It's operating system level virtualization where the kernel is shared with the container and where the container file system and container processes are isolated from the host operating system. To access the container, you can ssh into it, or log directly onto the console. In any case, performing my work within the containers should help protect the parent CentOS operating system from any serious blunders on my part.
To dual boot CentOS 7, I first shrunk the main Windows (C:) partition, freeing up about 30GB of space where I would be installing Linux. Then I downloaded RUFUS and used it to write the Centos 7 installer DVD to my USB thumbdrive. When doing all this, I was careful to ensure RUFUS was configured to create a GPT partition for UEFI on the flash drive and to format with the FAT32 file system. This way, Linux would share the /boot/efi partition with Windows.
I also disabled secure boot within the UEFI BIOS on the laptop. I'm not sure this was really necessary for Centos 7, but I did it anyway.
When installing Centos, I chose the "I will configure partitioning" option and then clicked the little link to let the installer automatically assign the partitions using LVM.
I'll admit this part was rather frightening as the disk configuration aspect of the CentOS installer is horribly unintuitive. Furthermore, clicking help only produced an error basically stating there was no help available. Given how critical this step is, the installer should be making every effort to ensure the consequences of every action are abundantly clear. However, that's not the case at all.
Hopefully someday this situation improves but I am not holding my breath waiting for it.
Fortunately, my venture into the uncharted waters of dual boot partitioning worked out OK as the Centos bootloader sees and boots the Windows 10 installation just fine. As for the rest of the installation, I simply selected the GNOME desktop and a few extras. At least that part was a bit more intuitive.
Installing LXC was a bit more difficult as I ran into a few issues.
The first issue I encountered was the systemd-journald process was using up 100% of the CPU whenever a container was running. To solve that I had to add lxc.kmsg = 0 to the end of the file /usr/share/lxc/config/centos.common.conf. After that, the centos container ran normally. If using a different container template, then the file unique to that particular container template would need to be edited. I was using the centos LXC container template.
The 2nd issue I discovered was that LXC could not set the root password for any of the containers I created. To resolve that I had to turn off SELINUX by editing the /etc/selinux/config file and setting SELINUX=disabled. Setting it to permissive would also work. To make the change immediate, I typed the following:
setenforce 0
Then I checked it with:
getenforce
You can also use sestatus to check this.
Perhaps after installing LXC I could have performed an SELINUX relabeling of the file system and rebooted. Maybe that would have solved the problem without needing to disable SELINUX. In any case, I didn't think of that at the time, so I just disabled it.
To install LXC on Centos 7 (build 1708) , I executed the following commands:
yum install epel-release
This was followed by:
yum install lxc lxc-templates lxc-extra
To create my first container I typed:
lxc-create -n centos -t centos
Note: You can also have lxc download the template using the option -t download. This produces a list from which you can select the distribution, version, and architecture.
To start the container within the same terminal window, I typed:
lxc-start -n centos
To launch it as a detached daemon, the -d option would also be used.
To check the status of the container from another terminal window, type:
lxc-info -n centos
For containers running as detached daemons, this allows you to see the IP address so you can SSH into it.
To see the default password used by root account, type:
cat /var/lib/lxc/centos/tmp_root_pass
This may or may not work as not all containers provide a temporary password.
To change the root password prior to starting up the container, type:
chroot /var/lib/lxc/centos/rootfs passwd
Keep in mind the path will differ when using containers with a different name.
To change the root password on a running container, use lxc-attach. This command allows you to execute commands within the container, and launches an attached shell to do so.
lxc-attach -n centos passwd
If you want to list the names of all your containers, type:
lxc-ls
To display additional information about the containers, include the --fancy option.
lxc -ls --fancy
You can shut the container down by doing a poweroff or shutdown -h now from within the container, or you can stop it externally by typing:
lxc-stop -n centos
Well, that's pretty much it.
If you spot any errors, let me know, and I will add corrections as needed.
Update 11/20/2017: Some useful information about setting the password for the root user:
http://ask.xmodulo.com/reset-password-lxc-container.html
Also, containers are not just limited to Centos. The screenshot above is from Linux Mint 17.2 where I have installed a container running Centos 6.9. Do be aware though, because Mint 17.2 is based on Ubuntu 14.04, the version of lxc it uses, does not support running systemd within the container. So, for example you cannot run Centos 7 using this version of lxc. I suppose you could install a backport, but that's potentially a can of worms, so stick to older releases.
