Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
tools:lxc [2022/09/01 22:36] – [Unprivileged containers] darrontools:lxc [2024/10/24 00:19] (current) – [Setup] darron
Line 12: Line 12:
  
 <code> <code>
-apt-get install lxc lxc-templates bridge-utils cgroupfs-mount conntrack iptables+apt-get install lxc lxc-templates bridge-utils cgroupfs-mount conntrack iptables debootstrap
 /etc/init.d/cgroupfs-mount start /etc/init.d/cgroupfs-mount start
 </code> </code>
Line 31: Line 31:
 ==systemd== ==systemd==
 <code> <code>
 +systemctl stop lxc-monitord.service
 +systemctl disable lxc-monitord.service
 +systemctl mask lxc-monitord.service
 systemctl disable lxc-net.service systemctl disable lxc-net.service
 systemctl disable lxc.service systemctl disable lxc.service
Line 38: Line 41:
  
 <code> <code>
-sed -i 's/LXC_AUTO="true"/LXC_AUTO="false"/ /etc/default/lxc +sed -i 's/LXC_AUTO="true"/LXC_AUTO="false"/g' /etc/default/lxc 
-sed -i 's/USE_LXC_BRIDGE="true"/USE_LXC_BRIDGE="false"/ /etc/default/lxc-net+sed -i 's/USE_LXC_BRIDGE="true"/USE_LXC_BRIDGE="false"/g' /etc/default/lxc-net
 </code> </code>
  
Line 85: Line 88:
 iptables -t raw -F iptables -t raw -F
 iptables -t nat -F iptables -t nat -F
-/usr/sbin/conntrack -F+conntrack -F
  
 # raw:PREROUTING # raw:PREROUTING
Line 135: Line 138:
  
 <code> <code>
 +mkdir -p /var/cache/lxc/debian
 wget "https://ftp-master.debian.org/keys/release-10.asc" wget "https://ftp-master.debian.org/keys/release-10.asc"
 +gpg --no-default-keyring --keyring /var/cache/lxc/debian/archive-key.gpg --import release-10.asc
 wget "https://ftp-master.debian.org/keys/release-11.asc" wget "https://ftp-master.debian.org/keys/release-11.asc"
-gpg --no-default-keyring --keyring /var/cache/lxc/debian/archive-key.gpg --import release-10.asc 
 gpg --no-default-keyring --keyring /var/cache/lxc/debian/archive-key.gpg --import release-11.asc gpg --no-default-keyring --keyring /var/cache/lxc/debian/archive-key.gpg --import release-11.asc
 </code> </code>
Line 152: Line 156:
 lxc-create -n terminator -t debian -- -r bullseye -a armhf lxc-create -n terminator -t debian -- -r bullseye -a armhf
 </code> </code>
-=== Configure === 
  
-==/var/lib/lxc/HOSTNAME/config== +Install bookworm (32-bit)
- +
-__Obsolete Debian template__+
  
 <code> <code>
-# Template used to create this container: /usr/share/lxc/templates/lxc-debian +lxc-create -n cracker -t debian -- -r bookworm -a armhf
-# Parameters passed to the template: -r wheezy -a amd64 +
-# For additional config options, please look at lxc.container.conf(5) +
-lxc.rootfs = /var/lib/lxc/HOSTNAME/rootfs +
- +
-# Common configuration +
-lxc.include = /usr/share/lxc/config/debian.common.conf +
- +
-# Container specific configuration +
-lxc.mount = /var/lib/lxc/HOSTNAME/fstab +
-lxc.utsname = HOSTNAME +
-lxc.arch = amd64 +
- +
-# Network +
-lxc.network.type = veth +
-lxc.network.flags = up +
- +
-# that's the interface defined above in host's interfaces file +
-lxc.network.link = lxcbr0 +
- +
-# name of network device inside the container, +
-# defaults to eth0, you could choose a name freely +
-lxc.network.name = lxcnet0  +
- +
-lxc.network.hwaddr = 00:FF:AA:00:00:01 +
-lxc.network.veth.pair = veth1 +
- +
-# the ip may be set to 0.0.0.0/24 or skip this line +
-# if you like to use a dhcp client inside the container +
-lxc.network.ipv4 = 10.10.10.10/24 +
- +
-# define a gateway to have access to the internet +
-lxc.network.ipv4.gateway = 10.10.10.1 +
- +
-# Autostart +
-lxc.start.auto = 1 +
-lxc.start.delay = 5 +
-lxc.start.order = 100+
 </code> </code>
 +=== Configure ===
  
-__Modern Debian template__+==/var/lib/lxc/HOSTNAME/config==
  
 <code> <code>
Line 305: Line 270:
  
 Now we can start and stop the container, attach to it, etc. Now we can start and stop the container, attach to it, etc.
 +
 +===Runit===
 +
 +Start container and login as root
 +<code>
 +lxc-start -F -n container
 +</code>
 +
 +Install runit. It will ask you to enter a phrase and after installation reboot.
 +
 +<code>
 +apt install runit-init
 +reboot
 +</code>
 +
 +or 
 +
 +<code>
 +apt-get install runit runit-run runit-systemd
 +</code>
 +
 +Login to tidy up.
 +
 +<code>
 +lxc-attach -n container
 +cd /etc/service
 +rm getty-tty*
 +</code>
 +
 +===Apt===
 +
 +<code>
 +sed -i 's/debian-security bookworm/debian-security bookworm-security/g' /etc/apt/sources.list
 +</code>