OpenWrt in LXC containers

OpenWrt can run inside an LXC container, using the same kernel as running on the host system. This can be useful for development as well as for VM hosting.

Consult your distro for up to date instructions of the setup of either HostOS functionality.

The following gives a rough idea on how to get things up and running. Before anything, install LXC on the host machine and make sure it supports running unprivileged containers. You will likely also need bridge functionality and/or additional underlying related subsystems (macvlan, etc.) if used.

For some (amd64, arm...) architectures, the download template allows to retrieve an OpenWrt image from the remote mirror. To create the OpenWrt container, just do:

lxc-create -n <container_name> -t download -- -d openwrt -a amd64

and spell the release you want to install when asked to. For any error related to fetching the GPG key, just specify a different keyserver (e.g. keyserver.ubuntu.com) by either setting DOWNLOAD_KEYSERVER or appending the --keyserver option.

The container will be created according to your default LXC config files (unless you use --config to specify a different config), so you may probably want to customize it further (e.g. add network interfaces or mount points) by modifying the final config in the container directory (see lxc.container.conf(5) man page). Depending on your setup, you may need to attach and temporarily give a fixed IP address to the relevant interface in order to establish the first connection.

Once a new release becomes available, as announced by the OpenWrt team, you can install and migrate to it:

1. install the new release image as above (it will typically be available within the next day)
2. replace the new container's config file with the old one (remember to edit relevant options if needed e.g. the rootfs path, the host name, the autostart flag...)
3. backup the settings of the currently running OpenWrt as you would usually do, and shut it down
4. start the new container and, if it's safe to do so (as it usually is for minor releases), restore OpenWrt settings from backup

Note: if you are still getting the previous image after more than 24h since the new release (images are currently built daily by lxc), chances are an old cached image is being used. In this case, you can delete the old image by appending the --flush-cache option to the command.

For all other architectures, some manual steps are required:

1. Create the VM folder manually at .local/share/lxc/<vm-name>/
2. Download a snapshot rootfs of OpenWrt and unpack it to .local/share/lxc/<vm-name>/rootfs
3. Create a .local/share/lxc/<vm-name>/config containing the following content:
   

   lxc.include = /etc/lxc/default.conf
   lxc.include = /usr/share/lxc/config/common.conf
   lxc.include = /usr/share/lxc/config/userns.conf
   lxc.arch = linux64
   
   # find your ids via
   # cat  /etc/s*id|grep $USER
   lxc.idmap = u 0 100000 65536
   lxc.idmap = g 0 100000 65536
   
   lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
   
   # lan interface
   lxc.net.0.type = veth
   
   # wan interface
   lxc.net.1.type = veth
   lxc.net.1.link = lxcbr0
   
   # adapt <user> and <vm-name>
   lxc.rootfs.path = dir:/home/<user>/.local/share/lxc/<vm-name>/rootfs

4. run chmod on the rootfs folder with the id you obtained earlier
5. run lxc-start -n <vm-name>
6. run lxc-attach -n <vm-name>