Note: Updated slightly now rancher 2.0 is GA.
There are a couple of tricks, but it is possible to get the Rancher beta running in an lxc container with some tweaks. Firstly, the lxc profile needs to be tweaked:
lxc profile edit default
The defaults that worked for me were:
config:
linux.kernel_modules: bridge,br_netfilter,ip_tables,ip6_tables,ip_vs,netlink_diag,nf_nat,overlay,xt_conntrack
raw.lxc: |-
lxc.aa_profile = unconfined
lxc.cgroup.devices.allow = a
lxc.mount.auto=proc:rw sys:rw
lxc.cap.drop =
security.nesting: "true"
security.privileged: "true"
description: Default LXD profile
devices:
eth0:
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
name: default
Then launch a container that can run rancher:
lxc launch ubuntu-daily:16.04 rancher -c security.nesting=true -c security.privileged=true
Once the container is started, get the ip address for it with:
lxc list rancher
Now to install Rancher, start a shell in the container with:
lxc exec rancher bash
Next, install docker, as per the standard instructions - https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-docker-ce but with a slightly higher docker version than Rancher recommends/requires:
apt install docker-ce=17.06.0~ce-0~ubuntu
Then perform the standard Rancher install:
docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher
Once Rancher is running, access the web ui using the ip address recorded earlier, it will be something like:
https://10.243.42.85/
Once you've done the basic setup of Rancher, add a Custom cluster and select Allow unsupported versions in the Docker version on nodes setting and click Next. On the next screen select Etcd, Control and Worker.
Copy and paste the command line into the lxc container as well, something like:
sudo docker run -d --privileged --restart=unless-stopped --net=host -v /etc/kubernetes:/etc/kubernetes \ -v /var/run:/var/run rancher/agent:v2.0.0-beta4 --server https://10.243.42.85 \ --token 8679zsvdbdsk6br2dzwqpmwp48fk69cbdgk5gqm776vrsc52ww9b2b \ --ca-checksum f5fb156f357c779f81a2373c007a65bd819c09b6e339c90b2694f68a864760f8 --etcd --controlplane --worker
After a while, depending on bandwidth, your lxc rancher container will have a running rancher and cluster all locally which is handy for testing.
It was trial and error getting this worked out, with help from issue posts like https://github.com/moby/moby/issues/32968