Note: Updated slightly now rancher 2.0 is GA.

There are a couple of tricks, but it is possible to get the Rancher beta running in an lxc container with some tweaks. Firstly, the lxc profile needs to be tweaked:

lxc profile edit default

The defaults that worked for me were:

  linux.kernel_modules: bridge,br_netfilter,ip_tables,ip6_tables,ip_vs,netlink_diag,nf_nat,overlay,xt_conntrack       
  raw.lxc: |-                                                                                                         
    lxc.aa_profile = unconfined                                                                                       
    lxc.cgroup.devices.allow = a                                                                                  sys:rw                                                                                     
    lxc.cap.drop =                                                                                                    
  security.nesting: "true"                                                                                            
  security.privileged: "true"                                                                                         
description: Default LXD profile                                                                                      
    nictype: bridged                                                                                                  
    parent: lxdbr0                                                                                                    
    type: nic                                                                                                         
    path: /                                                                                                           
    pool: default                                                                                                     
    type: disk                                                                                                        
name: default

Then launch a container that can run rancher:

lxc launch ubuntu-daily:16.04 rancher -c security.nesting=true -c security.privileged=true

Once the container is started, get the ip address for it with:

lxc list rancher

Now to install Rancher, start a shell in the container with:

lxc exec rancher bash

Next, install docker, as per the standard instructions - but with a slightly higher docker version than Rancher recommends/requires:

apt install docker-ce=17.06.0~ce-0~ubuntu

Then perform the standard Rancher install:

docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher

Once Rancher is running, access the web ui using the ip address recorded earlier, it will be something like:

Once you've done the basic setup of Rancher, add a Custom cluster and select Allow unsupported versions in the Docker version on nodes setting and click Next. On the next screen select Etcd, Control and Worker.

Copy and paste the command line into the lxc container as well, something like:

sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes \
-v /var/run:/var/run rancher/agent:v2.0.0-beta4 --server \
--token 8679zsvdbdsk6br2dzwqpmwp48fk69cbdgk5gqm776vrsc52ww9b2b \
--ca-checksum f5fb156f357c779f81a2373c007a65bd819c09b6e339c90b2694f68a864760f8 --etcd --controlplane --worker

After a while, depending on bandwidth, your lxc rancher container will have a running rancher and cluster all locally which is handy for testing.

It was trial and error getting this worked out, with help from issue posts like