OpenWrt in LXC containers

OpenWrt can run inside a LXC container, using the same kernel as running on the host system. This can be useful for development as well as for VM hosting.

Consult your distro for up to date instructions of the setup of either HostOS functionality.

The following gives a rough idea on how to get things up and running. Before anything, install LXC on the host machine and make sure it supports running unprivileged containers. You will likely also need bridge functionality and/or additional underlying related subsystems ( macvlan etc. ) if used.

For the amd64 architecture only (as of June 2021), the download template allows to retrieve an OpenWrt image from the remote mirror. To create the OpenWrt container, just do:

lxc-create -n <container_name> -t download -- -d openwrt -a amd64

and spell the release you want to install when asked to. For any error related to fetching the GPG key, just export DOWNLOAD_KEYSERVER to a different key server and retry, e.g.:

export DOWNLOAD_KEYSERVER=keyserver.ubuntu.com

The container will be created according to your default LXC config files (unless you use –config to specify a different config), so you may probably want to customize it further (e.g. add network interfaces or mount points) by modifying the final config in the container directory (see lxc.container.conf(5) man page).

Once a new release becomes available, as announced by the OpenWrt team, you can install and migrate to it:

1. install the new release image as above (it will tipically be available within the next day)
2. replace the new container's config file with the old one (remember to edit relevant options if needed e.g. the rootfs path, the host name, the autostart flag…)
3. backup the settings of the currently running OpenWrt as you would usually do, and shut it down
4. start the new container and restore OpenWrt settings (you may first need to attach and temporarily give it a fixed IP address to establish the connection)

For all other architectures, some manual steps are required:

1. Create the VM folder manually at .local/share/lxc/<vm-name>/
2. Download a snapshot rootfs of OpenWrt and unpack it to .local/share/lxc/<vm-name>/rootfs
3. Create a .local/share/lxc/<vm-name>/config containing the following content:
   

   lxc.include = /etc/lxc/default.conf
   lxc.include = /usr/share/lxc/config/common.conf
   lxc.include = /usr/share/lxc/config/userns.conf
   lxc.arch = linux64
   
   # find your ids via
   # cat  /etc/s*id|grep $USER
   lxc.idmap = u 0 100000 65536
   lxc.idmap = g 0 100000 65536
   
   lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
   
   # lan interface
   lxc.net.0.type = veth
   
   # wan interface
   lxc.net.1.type = veth
   lxc.net.1.link = lxcbr0
   
   # adapt <user> and <vm-name>
   lxc.rootfs.path = dir:/home/<user>/.local/share/lxc/<vm-name>/rootfs

4. run chmod on the rootfs folder with the id you obtained earlier
5. run lxc-start -n <vm-name>
6. run lxc-attach -n <vm-name>