LXCs: the safest way to learn Linux skills
Start course

The courses in this Linux certification series will prepare you for the Linux Professional Institute LPIC-1 certification exam. While the series' main focus will be on Linux, where there's a parallel or overlap with the professional administration of deployments on Amazon's AWS architecture, we'll also highlight the skills you'll need to integrate the cloud into your Linux portfolio.

The cloud is the future, and Linux skills are the tools you'll need to get there.

This first course will introduce you to:

  • the Linux ecosystem
  • the structure and expectations of the LPIC exam
  • the way the eleven courses that make up this series will be organized, and
  • some critical survival skills that will help place your Linux skills on a solid foundation.

The next course in this series will focus on System Architecture.

If you have thoughts or suggestions for this course, please contact Cloud Academy at


If you want to really learn enough about Linux to have a chance at passing the LPIC exam, just watching these videos won't be enough. You'll also have to try everything out for yourself. Even better, you'll have to play around with each of the tools we'll discuss to see how they'll work differently using different configuration parameters.

The problem is that many of these tools are very powerful, and if you don't fully understand what you're doing - or even if you make a simple typing error - you can cause yourself a great deal of grief. In fact, as we will learn, running commands as the admin user can easily cripple your whole system. Here's a very common example: you've just downloaded and installed a software package and, after unpacking it into a directory and working with it for a while, you realize it's not what you're after. Rather than leaving old, unused packages lying around your system, you decide to remove all of the files in one shot. So that you'll catch even the files stored in subdirectories, you make your remove command recursive using: rm -r *

Perfect. Except that you've forgotten that - since this is a new shell session that you've just opened - your current work directly is no longer the one into which you originally unpacked the package, but your home directory. You've just wiped out every single personal file on your system. And the console doesn't dump deleted files in a GUI trash can. They're gone.

Scared? You can bet that I am.

So you'll need to play around a lot in order to learn. But until you learn, every command you use puts you at great risk. How is this going to end happily? Linux has a beautiful solution: Virtualization. You may already be aware that many of the web services you use are driven not by individual servers running single operating system instances, but by virtual machines launched from host servers (often called hypervisors).

Using Linux LXC virtual machines as a learning sandbox

A virtual machine (also called a container) is an operating system that's been fooled into thinking that it's all alone on it's own computer when, in fact, it's really the sharing hardware resources of a single computer with dozens - or even thousands - of other containers. For many reasons, software services can be offered far more efficiently when they are virtualized this way and, currently, virtualization is pretty much the dominant tool in the delivery of web services.

All that's just fine, but you're probably wondering what this has to do with us? So here's the deal: One of the most elegant and efficient virtualization tools is LXC, which kind of stands for Linux Containers. Installing the LXC package will turn your humble PC into a fully provisioned, fire breathing virtualization host! As you'll soon see, LXC containers can be built in just a couple of minutes and rebooted in seconds. They provide you with a clean, fully-functioning terminal environment that, for our purposes is disposable. Did you make a mistake and it no longer boots? No problem. As I'll show you in a minute, you can easily fix most problems from the outside without booting it. But it's usually easier just to destroy it and create a brand new one. And because it's so well isolated, absolutely nothing you do within an LXC container will have any effect on your own host system. So the kinds of mistakes all newcomers to Linux will make as they get themselves up to speed have no serious consequences at all.

I therefore highly recommend that you create your own LXC containers as sandboxes for your learning experience. And that's why I'm now going to spend a couple of minutes teaching you the basic workings of LXC container management.

First of all, assuming that you're using a Ubuntu distribution, you can install the LXC package using sudo apt-get update to make sure your system is aware of the current state of the repositories, and sudo apt-get install lxc

That's it. Give it a few minutes for the files to download and unpack, and you'll be all ready to go. I'm not going to actually do this, since LXC is already installed on my machine.

Now let's create our first container. By the way, all LXC commands you issue from the hypervisor require administrator rights, so you'll need to use sudo. The command is lxc-create, which is followed by -t, telling LXC which template to use to build the new container. We'll go with the Ubuntu template. Finally, -n tells LXC what name our new container will have. We'll call it newpc.

Once newpc exists - it really only takes two or three minutes - we'll use lxc-ls to list all the containers on the system. There's our newpc container. Let's start it up using sudo lxc-start -n newpc - which, obviously, will tell LXC which container to fire up. But we'll also add -d to make sure that our shell session will be detached from the container. If we don't do that, then the only way to exit would be by shutting down the container altogether, but we might want it to continue in the background.

Now let's run lxc-ls --fancy - which will display the key details for each container...including the local private IP addresses of each container that's currently running. This will allow us to ssh in.
Speaking of ssh (secure shell), you will definitely want to make sure it's installed on your machine. If it's not, install it using sudo apt-get install openssh-server

Since ssh is definitely working on my machine, we'll use it to log in to newpc. By default, the admin user for an LXC container built with the Ubuntu template is named ubuntu, and has the password, ubuntu. Make sure you change that password if you plan to use the container for anything serious. Let's log in.

And here we are, in a brand new, clean, safe, and completely isolated virtual computer. Feel free to completely mess it up.

I did mention before that you can easily clean up LXC messes from outside. Let's exit the container and I'll show you how. I will note that you might have no idea what I'm doing now, but you needn't worry. You will certainly pick it all up once you've been through some of the later courses in this series, and you can always come back to this later if it's necessary. Using a sudo shell, we'll move to the special LXC root directory in /var/lib/lxc. We can see directories for each of the containers. We'll cd to the newpc directory, and see that there's a file called config and another file called fstab. These are plain text files that contain configuration data defining the container. Cd'ing into the newpc directory will place us inside the container's file system...even if the container isn't actually running, allowing us to edit any system file that might be causing us trouble. Again, don't worry if you don't understand much about this last point, but it's something you may appreciate later.

One final point. One reason that LXC containers are so lean and fast is because, by default, they come installed with only the base system. You may find some useful packages are missing. Now is the time to add packages like the nano text editor.

So let's take a minute to sum up what we've learned. LXC containers are excellent environments where we can play around with a real Linux system without having to worry about breaking anything important. We create a new container using sudo lxc-create -t ubuntu -n newname. we list all the containers using lxc-ls, but use lxc-ls --fancy to list containers with their status and IP addresses. We boot a container using lxc-start -n newname -d - to detach our shell from the container. And we can log in to a running container using ssh ubuntu@ipaddress

Oh. And one more thing: you can destroy a container that's broken or no longer needed using sudo lxc-destroy -n newname

About the Author
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.

Covered Topics