Containers

For this exercise, you’ll be working in your normal groups of 2 or 3 people, on your assigned group’s node (e.g. group 12 = node 12 in cluster 1)

One person in the group performs the actions, while the others watch and assist.

Proxmox containers (CT)

As well as virtual machines, Proxmox also supports lxc system containers.

Log in to the web interface on your cluster. (You can connect to the web UI on any node - for example, nodeX1 is fine - but make sure you create your container on the correct node for your group)

Click the blue “Create CT” button at the top.

• Tab “General”
  • Node: select your group’s node (nodeX2 to nodeX5)
  • CT ID: leave alone
  • Hostname: enter any hostname like “groupXY-ct” (make sure your group number is part of the hostname)
  • Choose a root password that you can remember, and enter it under “Password” and “Confirm password”
  • Leave the other settings as defaults, then click Next
• Tab “Template”
  • Storage: select “shared”
  • Template: select one of the templates which has been already downloaded
• Tab “Disks”
  • Storage: select “local”. This is where your container will be stored (actually, linstor-thin or vmpool should also work)
  • Leave disk size as 8GB. (Unlike many container systems, Proxmox doesn’t use the host filesystem directly, but creates a block device and builds a filesystem inside it. This allows container images to be handled the same as VM images)
• Tab “CPU”, “Memory”: leave as defaults
• Tab “Network”
  • IPv4: change from “Static” to “DHCP”
• Tab “DNS”: leave as defaults
• Confirm and finish

You should see some text as your container is created, ending with “TASK OK”. Close the dialog box with (X).

Now click on your container in the left-hand menu, click Console in the second column, then click Start at the top. After a few seconds you should get a login prompt.

Ubuntu 24.04 LTS group12-ct tty1

group12-ct login:

Login as “root” and the password you gave before. It should work just like a VM, for example you can type

ip address list     # or "ip a l" for short

to see what IP address it has picked up from the network.

Type pstree and you should see a tree of processes, something like this (where “parent” processes are to the left of “child” processes)

root@group12-ct:~# pstree
systemd-+-2*[agetty]
        |-cron
        |-dbus-daemon
        |-login---bash---pstree
        |-master-+-pickup
        |        `-qmgr
        |-networkd-dispat
        |-rsyslogd---2*[{rsyslogd}]
        |-sshd
        |-systemd-journal
        |-systemd-logind
        |-systemd-network
        `-systemd-resolve

How can we demonstrate this is a container? At the container’s command line, type sleep 1234 and hit Enter. This starts a long-running process. The command will appear to hang - that’s fine. You’ve told it to sleep for 1,234 seconds.

Now get a command line on the proxmox node where this container is running by clicking nodeXY in the left, and then >_ Shell in the second column.

At the node’s shell command line, type ps auxwww | grep sleep

You should see some output like this:

root@node12:~# ps auxwww | grep sleep
100000      5649  0.0  0.0   2788  1536 pts/1    S+   20:48   0:00 sleep 1234
root        5965  0.0  0.0   6332  2048 pts/0    S+   20:49   0:00 grep sleep

The “sleep” process is just a process on your Proxmox node, with an unusual user ID (uid 0 inside the container is mapped to uid 100000 on the host, so that the container is not really running as root)

Now type pstree, which shows all the processes running on your node. You may need to scroll through the output, but within it you should find something like this:

        ├─lxc-start───systemd─┬─2*[agetty]
        │                     ├─cron
        │                     ├─dbus-daemon
        │                     ├─login───bash───sleep
        │                     ├─master─┬─pickup
        │                     │        └─qmgr
        │                     ├─networkd-dispat
        │                     ├─rsyslogd───2*[{rsyslogd}]
        │                     ├─sshd
        │                     ├─systemd-journal
        │                     ├─systemd-logind
        │                     ├─systemd-network
        │                     └─systemd-resolve

lxc-start is the process that starts a LinuX Container. A child of that is the systemd process which is managing the container (pid 1 inside the container), and below that are the child processes inside the container. And if you look carefully, you’ll find a “login” process, with a child “bash” shell, with a child “sleep” which is the command you ran inside the container.

Go back to the container, and press Ctrl-C to stop the sleep command.

Go back to the node shell, and repeat ps auxwww | grep sleep. The “sleep 1234” process should no longer be visible.

root@node12:~# ps auxwww | grep sleep
root        5993  0.0  0.0   6332  2048 pts/0    S+   20:51   0:00 grep sleep

Question: when might you choose to deploy a container instead of a VM? And when might a VM be the better choice?