Proxmox LXC - How To Guide - Better Than A VM?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody welcome back to Jim's Garage in this video I'm going to show you how to create lxc those are Linux containers within prox boox we'll talk a little bit about what a Linux container is why you might want to use them and importantly why you might not want to use them I'll also cross reference them with things like Docker containers and explain the differences then we'll jump into deployment mode and hopefully we should get this up and running pretty quickly I'll also add an example of something like pie hole at the end so that you can see that this behaves just like a standard virtual machine but in a containerized environment so let's start off by discussing what an lxc is now this is a lightweight container it's similar to what a Docker container is but there's a fundamental difference Docker and things like podman are all about containerizing applications lxc those Linux containers the clues in the title this is about containerizing in Linux operating systems and that's an important point you won't be able to do things like Windows in an Alexy it has to be a Linux operating system that means you can't do things like FreeBSD as well but for this instance we're going to be using Debian in my demonstration and we know that under the hood proxmox uses Debian 12 certainly on its latest version so that shouldn't be an issue one of the key advantages of lxc are they are really lightweight that's because the lxc is going to share most of the file structure and files in the host's operating system now you might be thinking hm this is sharing the host's infrastructure that doesn't sound too secure and back in the day that was probably the case it relied on things like app armor to secure itself as it shares the host's kernel more recently with unprivileged lxs some of those concerns have gone away so you get things like its own name space now so that it operates as a non-root user on the host that has a number of benefits as if it was compromised it wouldn't have root privileges on the host that's not to say that it isn't a concern it absolutely is but it's less of a concern than compromising a privileged user now it's important to note that depending on what you're going to do things like Hardware pass through Etc or maybe some exotic setup you might need to run a privileged container and thus those risks would be reintroduced now it's important to stress as well although I'm going to demonstrate this using proxmox lxc are not a proxmox specific thing as I've already said proxmox is a wrapper that sits within ad Debian distribution and makes it simple to interact with the KVM the kernel virtual machine but you can apply lxc to basically any Linux distribution now the reason I like to do it in proxmox is a because I'm using it and B the web guey makes it super simple it gives us a nice handy wizard to set things up and with that we can set up some really useful features like we can put our SSH keys in there for example we can Define all the systems requirements memory CPU storage space Etc and we can even specify which operating system we want to deploy all without having to go into the command line on top of that we've obviously got the command line if we want to through the web interface orbe it if a going to supply our own Keys usernames and passwords you can use your favorite SSH terminal to get into this as well just like a regular virtual machine now if you're wondering if I use them yes I have one that runs my backup pie hole and that's just because of the advantages I stressed earlier it's super lightweight I know that my lxc for py hole is never going to be exposed externally so if we're looking at it from an attack surface and a Threat Vector perspective it's very unlikely that this would ever be compromised if you're going to be doing things like exposing services to the web then an lxc might not be the best choice certainly not a privileged one I recommend you to use a virtual machine because that has a totally it has its own kernel that isn't ring on the host's Kernel so from a security perspective you should be able to contain any breach to just that virtual machine other uses for lxc is you might want to use them if you've only got Limited Hardware because like I say they're super lightweight and you can even do things like spin up your k3s cluster using just lxc it gets a little bit more complicated because the networking and pass through for example isn't the same as a virtual machine and you'll need to learn that I do plan to come back to lxc in the future where we'll do some more advanced configuration with Hardware pass through so things like a jelly fin container for example you would be able to use the integrated GPU on that machine machine so enough waffling how do we get this going well I've jumped into proxmox as I said this is not proxmox specific you can do this on any Linux distribution but the first thing we need to do is go to our node obviously I've got two nodes as I've discussed before but you simply need to click on either of your nodes or your only node and you need to go down to your either default storage option in this case is my local lvm which is what you should have by default so that's this one here or you can choose any of your custom storage that you've created provided that is enabled to have CT templates because those are what we're going to be using container templates and you'll have seen in the top right here create CT before in my videos we've only ever done the create VM so what do we do well before we can create a CT like if we click here we can't click next and go to template because we don't have any templates so we need to either download from a URL I.E you can customize your spe or specify your own or we can click on templates and thankfully proxmox certainly 8.1.3 comes with a list of its own so to make this super simple I'm going to use the latest version of Debian that's just because I know that my proxmox is up to date and it will also be using the latest version of Debian in this case Debian 12 so that should give us all the benefits of minimalization because the two should effectively match do take note that you can also install things like TurnKey and I know that a lot of people have been asking about gitia and that's also down here and you can select that and install this as an lxc I'll come on to that later and all about what TurnKey is it's a great proposition for a home laab but anyway scrolling back to the top I'm going to click here Debian 12 standard and behind my lovely face is the download button so I'm going to click that and download it now this shouldn't take too long because if you remember what I've said before it's not going to be a full image it should only need to download the files that are different from your underlying host OS so as you know my internet's terrible and that downloaded in just a few seconds and that's going to give us a full Debian 12 experience so now if I close this dialogue down you can see here that I've got that one that we just downloaded available so let's go ahead and let's create our first lxc so we're going to hit create CT now I'm going to just call this one test and if you remember from my start I'm going to leave this as an unprivileged container this means that on the host I.E proxmox itself it's going to be using a non-root user so hopefully if ever this was compromised it would compromise a non-root user on the host and that would minimize the damage now you have to give it a password so I'm just going to give it in a super secure 1 2 3 4 5 6 and we can also specify some SSH Keys here so this will allow us to do an SSH connection using pre-generated keys now as you've seen in my videos before I'm just going to use the SSH keys that are generated by default when I spun up proxmox so I'm going to click load SSH keys I'm going to select those keys and then I'm going to hit open so now I've added that key and now it's asking us whether we want this to be nested now nesting is useful because it allows us to access and C files on the host but in an unprivileged mode and you'll notice I've got that ticked here so again that means it's using different permission sets to actually make that available to The Container without all of the security concerns that come with it that's oversimplified and I'll link the documentation if you want to actually go and find out how it's achieving this so now we've got this done and you'll notice that I've got Advance ticked here so you might need to enable that the first time that you do this we're going to click next and it's going to ask us for a template now this is defaulted to my tras storage but as you know it's not on that it's going to be on my local on my Dell proxmox so I'm going to click local here and then hopefully the template should show yep we've got that debie in 12 so I can select that and then I'm going to click next to go to diss now much like a virtual machine it's going to say where do we want to store this well I don't want to store this on my Nas because it's over the network and it's going to be slow so I'm going to put this on my Zippy mvme drives and I'm just going to leave this as 8 GB the default just for this demonstration obviously you want to make sure that you provision enough space for whatever you have in mind but do note that you can expand this at a future date now I'm going to leave the ACLS the access control lists and the mount options as the default as you can see on screen that's because that's going to be sufficient for what I want to set up but do note that you can enable or disable Access Control list so that's going to change some of the accessibility of the files that you're going to be mounting into this container and you can also do additional Mount options like no user IDs Etc as well I'm not going to go into detail on this please have a look at the documentation you might need that if you're going to be doing some more advanced setups and hopefully we'll cover this in the next video where we do a more advanced setup with some cardware pass through next we're going to get on to the CPU I'm going to give it two cores just because we're only going to be running Pyle and I will give it a limit of also two cores if you leave it unlimited you can obvious viously imagine what might happen Pyle should never use all of my CPU but if for example there was some error within the program or you're using something that's intense and it doesn't have a limit it could cause system instability and as you know I'm running lots of EMS I wouldn't want all of those to go down so I recommend that you put a limit here next we're going to move on to the memory and for this I'm going to give it two gigs and you can also specify a swap so that's the memory that's temporary and on the disc so an additional set of storage that it can use I'm going to leave that as 512 that should be fine it shouldn't really need to use that because 2 gigs is going to be enough for what we're demonstrating today obviously you'll want to change that up depending on what you're doing for Network I'm going to leave all of the defaults as is so by default it's going to have f0o as it network adapter it's going to be on my bridge of vmbr0 you can obviously choose whichever ones you want in here and then it's up to you whether you want to give it a static IP or DHCP I'm going to put DHCP on just because I have that already configured but if you want to make this static which is probably a good idea just like we've done with virtual machines before go ahead and do that and it means that you know exactly where this is every time it restarts I'm going to click next so we get onto the DNS settings and I'm going to leave that to use the host settings which in my case is already configured to use both my kubernetes and my lxc py holes next we're going to be asked whether we want to confirm this everything looks fine from here so I'm going to click finish that's going away and that's going to create that lxc and once that's completed we should be in a position to start this thing up so we're going to close that down and hopefully with any look we'll see that within our list now you can see that by default lxc go above virtual machines and they don't get the computer screen with the little green arrow they actually get this Cube here if we click on the cube here it looks very similar to the layout of a virtual machine and in many senses that's how it behaves so let's go to the console now and fingers crossed we should be able to start this thing up so I've clicked on console and I'm going to click Start and so the default username for this will be root and my password 1 2 3 4 5 6 and then we're in and it's as simple as that didn't need to go through any of the installation wizard it was a bit like having a cloud in it so now we basically have a copy of debbi and 12 running on our proxmox host in its own containerized environment so that gives us all the benefits pretty much of a virtual machine minus some of the security but it gives it in a much more minimalist package and there's virtually no overheads with doing this on the host so it's a a lot less resource intensive than a virtual machine so now we're in here we can do anything that we normally would so we can do ping commands and it's going to behave like a virtual machine or we can do some look at commands and have a look at our IP address for example and here you'll see that it's picked up an IP address of 200. 211 so now if I jumped into my putty or my vs code or whatever I'd be able to connect to this like any remote host so in order to test this out I'm going to go over to Pall website I'm going to grab the automated installation script I'm going to paste that into this machine here and then hopefully we're going to be able to access that as we normally would through the web browser with a working pie hole so to get this running I'm going to use the pie hole automation script but before that we're going to need to install curl because it doesn't come with curl so now that's completed we should be able to run the Pyle command but I'm going to jump into vs code just to prove to you that it behaves exactly like a virtual machine now I'm going to connect to a new host and as per my previous video I've been into the SSH config file and I've created the files necessary for this machine here so now it's going to use that certific and hopefully in a second it should set up the SSH connection and we should be in now we're connected and in the bottom left you can see that confirmation so I should be able to now go to the terminal and be able to set this up so now with the terminal I'm going to paste in the command and hopefully with any look everything should be ready to now install Pall so this is going to go through that process and I'll see you on the other side so that's now completed I'm going to grab the password that's here and hopefully we can now open up this IP address on screen and we should be greeted with the Pyle admin dashboard don't forget that SL admin that throws most people so if I go to the IP address in the address bar/ admin fingers crossed here we go there's py hole running on that lxc that we just created so there you go a really quick overview of lxs in probably the most basic stance so you've seen how it behaves just like a virtual machine we can run all of the regular commands that we're used to and we get a lot of benefits through almost native performance and very small overheads on the host itself yes VMS don't take up much either but if you're really struggling this might be a good option especially if you're only going to be posting things that are going to be accessed locally I will come back to Alex C's in the future where we'll do some Hardware pass through because again it's really good idea to maximize the value of your Hardware it's also more performant if you're going to put it into an lxc versus a virtual machine again we're talking a few percent here but hey everything helps right but anyway if you like this video give it a thumbs up hit that subscribe and I'll see you on the next one take care [Music] everybody he
Info
Channel: Jim's Garage
Views: 29,337
Rating: undefined out of 5
Keywords: proxmox lxc, linux container, container in linux, proxmox, proxmox install, proxmox tutorial, virtual machine, linux, debian, ubuntu, proxmox lxc guide, lxc vs docker, lxc container, docker vs lxc, lxc tutorial, pihole, pihole setup, setup pihole, pihole proxmox, lxc vs vm, what is lxc
Id: xKhWRMj5Nrc
Channel Id: undefined
Length: 17min 0sec (1020 seconds)
Published: Sat Feb 03 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.