How to update Debian or Ubuntu Linux containers (lxc) VM

I‘m using LXC (Linux Containers) a virtualization system running on a Ubuntu LTS. How can I update all my Ubuntu or Debian Linux based guests containers VM from host operating system?

Container is not new technology. A large number of Unix-like system already have developed powerful container based virtualization solutions such as FreeBSD jails, OpenVZ, Solaris Zones and more. The LXC is very fast efficient virtualization. An OS kernel (host) gives different views of the system to different running processes. This is also know as sandboxing or compartmentalization of CPU, and other resources. This is useful to increase server and application security and efficiency.

Fig. 01: Sample Linux Containers

Security 101: Keep Linux kernel and software up to date

Applying security patches is an important part of maintaining Linux server. Linux provides all necessary tools to keep your system updated, and also allows for easy upgrades between versions. You can use the RPM package manager such as yum command and/or apt-get command to apply all security updates:
[www-container]# yum update
OR
[www-container]# apt-get update && apt-get upgrade

List the containers existing on the system

Type the following command on host:
# lxc-ls -1
# lxc-ls

Sample outputs:

dnsvm     wwwvm    mysqlvm        memcache

Applying update from host to Linux containers using lxc-attach command

The syntax is as follows for Debian/Ubuntu based LXC guest vm:
[hostOS]# lxc-attach -n VM-NAME-HERE apt-get update
[hostOS]# lxc-attach -n VM-NAME-HERE apt-get -y upgrade

To run command on mysqlvm, type:
[hostOS]# lxc-attach -n mysqlvm apt-get update
[hostOS]# lxc-attach -n mysqlvm apt-get -y upgrade

The syntax is as follows for CentOS/RHEL/Fedora Linux based LXC guest vm:
[hostOS]# lxc-attach -n VM-NAME-HERE yum update -y
To run command on wwwvm vm, run:
[hostOS]# lxc-attach -n wwwvm yum update -y

A sample shell script to update all Debian/Ubuntu LXC vms

#!/bin/bash
# Purpose: Update all lxc vms
# Note: Tested on Ubuntu LTS only
# Author: Vivek Gite <www.cyberciti.biz>, under GPL v2+
# -------------------------------------------------------
 
# Get the vm list
vms="$(lxc-ls --active)"
 
# Update each vm
update_vm(){
        local vm="$1"
        echo "*** [VM: $vm [$(hostname) @ $(date)] ] ***"
        /usr/bin/lxc-attach -n "$vm" apt-get -- -qq update
        /usr/bin/lxc-attach -n "$vm" apt-get -- -qq -y upgrade
        /usr/bin/lxc-attach -n "$vm" apt-get -- -qq -y clean
        /usr/bin/lxc-attach -n "$vm" apt-get -- -qq -y autoclean 
        # Note for RHEL/CentOS/Fedora Linux comment above two line and uncomment the following line #
        # lxc-attach -n "$vm" yum -y update 
        echo "-----------------------------------------------------------------"
}
 
# Do it
for v in $vms
do
   update_vm "$v"
done

Run it as follows:
# ~/bin/lxc-update-vm.sh
Sample outputs:

*** [VM: wwwvm [server1 @ Wed Jul 22 12:31:12 CDT 2015] ] ***
(Reading database ... 20514 files and directories currently installed.)
Preparing to unpack .../mysql-common_5.5.44-0ubuntu0.14.04.1_all.deb ...
Unpacking mysql-common (5.5.44-0ubuntu0.14.04.1) over (5.5.43-0ubuntu0.14.04.1) ...
Preparing to unpack .../libmysqlclient18_5.5.44-0ubuntu0.14.04.1_amd64.deb ...
Unpacking libmysqlclient18:amd64 (5.5.44-0ubuntu0.14.04.1) over (5.5.43-0ubuntu0.14.04.1) ...
Preparing to unpack .../linux-libc-dev_3.13.0-58.97_amd64.deb ...
Unpacking linux-libc-dev:amd64 (3.13.0-58.97) over (3.13.0-57.95) ...
Preparing to unpack .../mysql-client_5.5.44-0ubuntu0.14.04.1_all.deb ...
Unpacking mysql-client (5.5.44-0ubuntu0.14.04.1) over (5.5.43-0ubuntu0.14.04.1) ...
Preparing to unpack .../mysql-client-5.5_5.5.44-0ubuntu0.14.04.1_amd64.deb ...
Unpacking mysql-client-5.5 (5.5.44-0ubuntu0.14.04.1) over (5.5.43-0ubuntu0.14.04.1) ...
Preparing to unpack .../mysql-client-core-5.5_5.5.44-0ubuntu0.14.04.1_amd64.deb ...
Unpacking mysql-client-core-5.5 (5.5.44-0ubuntu0.14.04.1) over (5.5.43-0ubuntu0.14.04.1) ...
Setting up mysql-common (5.5.44-0ubuntu0.14.04.1) ...
Setting up libmysqlclient18:amd64 (5.5.44-0ubuntu0.14.04.1) ...
Setting up linux-libc-dev:amd64 (3.13.0-58.97) ...
Setting up mysql-client-core-5.5 (5.5.44-0ubuntu0.14.04.1) ...
Setting up mysql-client-5.5 (5.5.44-0ubuntu0.14.04.1) ...
Setting up mysql-client (5.5.44-0ubuntu0.14.04.1) ...
Processing triggers for libc-bin (2.19-0ubuntu6.6) ...
-----------------------------------------------------------------
*** [VM: memcachevm [server1 @ Wed Jul 22 12:31:23 CDT 2015] ] ***
-----------------------------------------------------------------
*** [VM: nixcraftvm [server1 @ Wed Jul 22 12:31:28 CDT 2015] ] ***
-----------------------------------------------------------------
*** [VM: dbvm [server1 @ Wed Jul 22 12:31:34 CDT 2015] ] ***
(Reading database ... 15085 files and directories currently installed.)
Preparing to unpack .../mysql-common_5.5.44-0ubuntu0.14.04.1_all.deb ...
Unpacking mysql-common (5.5.44-0ubuntu0.14.04.1) over (5.5.43-0ubuntu0.14.04.1) ...
Preparing to unpack .../libmysqlclient18_5.5.44-0ubuntu0.14.04.1_amd64.deb ...
Unpacking libmysqlclient18:amd64 (5.5.44-0ubuntu0.14.04.1) over (5.5.43-0ubuntu0.14.04.1) ...
Setting up mysql-common (5.5.44-0ubuntu0.14.04.1) ...
Setting up libmysqlclient18:amd64 (5.5.44-0ubuntu0.14.04.1) ...
Processing triggers for libc-bin (2.19-0ubuntu6.6) ...
-----------------------------------------------------------------
*** [VM: testingvm [server1 @ Wed Jul 22 12:31:44 CDT 2015] ] ***
-----------------------------------------------------------------
🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
6 comments… add one
  • Ricky Baratan Jul 24, 2015 @ 2:30

    I like this tutorial.. Good job bro.

  • Antonio Jul 24, 2015 @ 12:58

    May be he wants to know how to upgrade using packages already downloaded by the host.

    If he does not, I do.

    • Tom Jul 25, 2015 @ 16:51

      In that case use the dpkg command:

      # Copy foo.deb to containers called wwwvm
      cp -f foo.deb /var/lib/lxc/wwwvm/rootfs/tmp/
      # Run command on wwwvm to install foo.deb
      lxc-attach -n wwwvm dpkg -i /tmp/foo.deb
      # Delete it foo.deb
      lxc-attach -n wwwvm rm -f /tmp/foo.deb

  • dima Sep 6, 2015 @ 23:40

    13510686955fbdf689b6aeb_000001

  • ChrisK Sep 8, 2016 @ 6:09

    What’s the advantage of your solution over using UnattendedUpgrades?
    https://wiki.debian.org/UnattendedUpgrades

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.