You are here: start » tools » lxc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tools:lxc [2022/09/01 22:19] – [Networking] darrontools:lxc [2024/10/24 00:19] (current) – [Setup] darron
Line 2: Line 2:
  
 Linux containers (LXC) is the Linux implementation of FreeBSD Jails. Linux containers (LXC) is the Linux implementation of FreeBSD Jails.
- 
-This page mostly covers usage in debian, however, due to limitations 
-there it's best to adapt this to ubuntu instead. Only minor differences 
-exist and they are not mentioned. 
  
 Within a Linux container we can run a self-contained installation of Linux Within a Linux container we can run a self-contained installation of Linux
Line 16: Line 12:
  
 <code> <code>
-apt-get install lxc lxc-templates bridge-utils cgroupfs-mount conntrack iptables+apt-get install lxc lxc-templates bridge-utils cgroupfs-mount conntrack iptables debootstrap
 /etc/init.d/cgroupfs-mount start /etc/init.d/cgroupfs-mount start
 </code> </code>
Line 35: Line 31:
 ==systemd== ==systemd==
 <code> <code>
 +systemctl stop lxc-monitord.service
 +systemctl disable lxc-monitord.service
 +systemctl mask lxc-monitord.service
 systemctl disable lxc-net.service systemctl disable lxc-net.service
 systemctl disable lxc.service systemctl disable lxc.service
Line 42: Line 41:
  
 <code> <code>
-sed -i 's/LXC_AUTO="true"/LXC_AUTO="false"/ /etc/default/lxc +sed -i 's/LXC_AUTO="true"/LXC_AUTO="false"/g' /etc/default/lxc 
-sed -i 's/USE_LXC_BRIDGE="true"/USE_LXC_BRIDGE="false"/ /etc/default/lxc-net+sed -i 's/USE_LXC_BRIDGE="true"/USE_LXC_BRIDGE="false"/g' /etc/default/lxc-net
 </code> </code>
  
Line 82: Line 81:
  
 <code> <code>
-#!/bin/sh +#! /bin/sh 
-PATH=/sbin+PATH=/sbin:/usr/sbin:/bin:/usr/bin
  
 iptables -t filter -F iptables -t filter -F
Line 89: Line 88:
 iptables -t raw -F iptables -t raw -F
 iptables -t nat -F iptables -t nat -F
-/usr/sbin/conntrack -F+conntrack -F
  
 # raw:PREROUTING # raw:PREROUTING
Line 139: Line 138:
  
 <code> <code>
 +mkdir -p /var/cache/lxc/debian
 wget "https://ftp-master.debian.org/keys/release-10.asc" wget "https://ftp-master.debian.org/keys/release-10.asc"
-wget "https://ftp-master.debian.org/keys/release-11.asc" 
 gpg --no-default-keyring --keyring /var/cache/lxc/debian/archive-key.gpg --import release-10.asc gpg --no-default-keyring --keyring /var/cache/lxc/debian/archive-key.gpg --import release-10.asc
 +wget "https://ftp-master.debian.org/keys/release-11.asc"
 gpg --no-default-keyring --keyring /var/cache/lxc/debian/archive-key.gpg --import release-11.asc gpg --no-default-keyring --keyring /var/cache/lxc/debian/archive-key.gpg --import release-11.asc
 </code> </code>
Line 156: Line 156:
 lxc-create -n terminator -t debian -- -r bullseye -a armhf lxc-create -n terminator -t debian -- -r bullseye -a armhf
 </code> </code>
-=== Configure === 
  
-==/var/lib/lxc/HOSTNAME/config== +Install bookworm (32-bit)
- +
-__Obsolete Debian template__+
  
 <code> <code>
-# Template used to create this container: /usr/share/lxc/templates/lxc-debian +lxc-create -n cracker -t debian -- -r bookworm -a armhf
-# Parameters passed to the template: -r wheezy -a amd64 +
-# For additional config options, please look at lxc.container.conf(5) +
-lxc.rootfs = /var/lib/lxc/HOSTNAME/rootfs +
- +
-# Common configuration +
-lxc.include = /usr/share/lxc/config/debian.common.conf +
- +
-# Container specific configuration +
-lxc.mount = /var/lib/lxc/HOSTNAME/fstab +
-lxc.utsname = HOSTNAME +
-lxc.arch = amd64 +
- +
-# Network +
-lxc.network.type = veth +
-lxc.network.flags = up +
- +
-# that's the interface defined above in host's interfaces file +
-lxc.network.link = lxcbr0 +
- +
-# name of network device inside the container, +
-# defaults to eth0, you could choose a name freely +
-lxc.network.name = lxcnet0  +
- +
-lxc.network.hwaddr = 00:FF:AA:00:00:01 +
-lxc.network.veth.pair = veth1 +
- +
-# the ip may be set to 0.0.0.0/24 or skip this line +
-# if you like to use a dhcp client inside the container +
-lxc.network.ipv4 = 10.10.10.10/24 +
- +
-# define a gateway to have access to the internet +
-lxc.network.ipv4.gateway = 10.10.10.1 +
- +
-# Autostart +
-lxc.start.auto = 1 +
-lxc.start.delay = 5 +
-lxc.start.order = 100+
 </code> </code>
 +=== Configure ===
  
-__Modern Debian template__+==/var/lib/lxc/HOSTNAME/config==
  
 <code> <code>
Line 285: Line 246:
 some user ids to map to the container then configure it. some user ids to map to the container then configure it.
  
-This has been tested to work Ubuntu vivid. It failed to operate on Debian +This has been tested to work Ubuntu vivid and nothing else since.
-at this time due to set up of /dev within the container and possibly other issues.+
  
 When assigning a range of ids to the root user. Choose what is available, here i When assigning a range of ids to the root user. Choose what is available, here i
 chose 200000 because this was free. chose 200000 because this was free.
 +
 <code> <code>
 usermod --add-subuids 200000-265535 root usermod --add-subuids 200000-265535 root
Line 310: Line 271:
 Now we can start and stop the container, attach to it, etc. Now we can start and stop the container, attach to it, etc.
  
 +===Runit===
  
 +Start container and login as root
 +<code>
 +lxc-start -F -n container
 +</code>
 +
 +Install runit. It will ask you to enter a phrase and after installation reboot.
 +
 +<code>
 +apt install runit-init
 +reboot
 +</code>
 +
 +or 
 +
 +<code>
 +apt-get install runit runit-run runit-systemd
 +</code>
 +
 +Login to tidy up.
 +
 +<code>
 +lxc-attach -n container
 +cd /etc/service
 +rm getty-tty*
 +</code>
 +
 +===Apt===
 +
 +<code>
 +sed -i 's/debian-security bookworm/debian-security bookworm-security/g' /etc/apt/sources.list
 +</code>