Open AnrDaemon opened 9 years ago
--template …
is important. Dunno why it doesn't pick default type. Must be distribution specific.
add-apt-repository ppa:ubuntu-lxc/stable
apt-get update && apt-get install lxc
echo "lxc.lxcpath = /home/.lxc" >> /etc/lxc/lxc.conf
( umask 0027; mkdir /home/.lxc; )
lxc-create --name=dc1 --template=ubuntu --logfile=/var/log/lxc/dc1-create.log -- --flush-cache --mirror=http://ru.archive.ubuntu.com/ubuntu --packages=acl,nano,ncurses-term,tcpdump,python-software-properties,ldap-utils,dnsutils,aptitude
cp -r ~/.ssh ~/.profile ~/.bashrc /home/.lxc/dc1/rootfs/root
Bridge assembled on VirtualBox intnet doesn't forward packets. ARP tables always fall apart. I don't know if this is an LXC or VirtualBox issue.
Bridged container works on real hardware, but not in VM. I call bullshit on this one. Adding one more "physical" interface to VM and linking container to it in phys mode works.
Backup
printf "dc1/rootfs/%s\n" dev proc run sys | rar a -r -s -m5 -mde -ag-YYYYMMDD -oh -ol -ow -x@ -- dc1 dc1
dc1/config
# Common configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
# Container specific configuration
lxc.rootfs = /home/.lxc/dc1/rootfs
lxc.mount = /home/.lxc/dc1/fstab
lxc.utsname = dc1
lxc.arch = i686
# Network configuration (real)
#lxc.network.type = veth
#lxc.network.veth.pair = veth1
#lxc.network.link = br0
#lxc.network.hwaddr = 00:16:3e:xx:xx:xx
# Network configuration (vbox)
lxc.network.type = phys
lxc.network.link = eth3
lxc.network.flags = up
lxc.start.auto = 1
passwd -l ubuntu
mv /etc/apt/sources.list /etc/apt/sources.list-us
sed -re 's#(http://)([[:alpha:]]*\.)?(archive\.ubuntu\.com/)#\1ru.\3#g' > /etc/apt/sources.list < /etc/apt/sources.list-us
apt-get update && apt-get upgrade --yes
apt-get install nano ncurses-term tcpdump python-software-properties ldap-utils
Только для виртуалки…
ads/rootfs/etc/network/interfaces
…
auto eth3
iface eth3 inet dhcp
/etc/ssh/sshd_config
#Disable RSA host key
LoginGraceTime 10
PermitRootLogin without-password
RSAAuthentication no
PasswordAuthentication no
TCPKeepAlive no
MaxAuthTries 1
Check for correctly working container.
As ridiculous as it is, I've been bitten by /tmp
not being accessible to nobody
.
sudo -u '#65534' ls -l /tmp || echo 'Fail!'
macvlan's seems to be the better way to go, even if marginally.
lxc.network.type = macvlan
lxc.network.macvlan.mode = vepa (or bridge)
lxc.network.link = eth0
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.network.name = eth0
Trick to access filesystem of a running container. Courtesy @stgraber
ls -l /proc/$(lxc-info -n $NAME -p -H)/root/
Get inside a container with your favorite hat on?
lxc-attach -n $NAME -- /usr/bin/sudo -i -u $USER
May solve #2. May be.