lxc

warning: Creating default object from empty value in /data/web/1/000/027/003/273448/htdocs/panticz.de/modules/taxonomy/taxonomy.pages.inc on line 33.

LXC: create Ubuntu Xenial container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create_ubuntu_xenial.sh -O - | bash -s

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=xenial
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t ubuntu -n ${CONTAINER} -- template-options -r xenial $@

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

Allow root SSH login with password
sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sed -i 's|PasswordAuthentication no|PasswordAuthentication yes|' /etc/ssh/sshd_config
service ssh restart

LXC: create Ubuntu Trusty container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.trusty.sh -O - | bash -s

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=trusty
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t ubuntu -n ${CONTAINER} -- template-options -r trusty $@

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

Allow root SSH login with password
sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sed -i 's|PasswordAuthentication no|PasswordAuthentication yes|' /etc/ssh/sshd_config
service ssh restart

Install LXD

wget https://raw.githubusercontent.com/panticz/installit/master/install.lxd.sh -O - | bash -

#!/bin/bash

sudo apt-get install -y software-properties-common
sudo add-apt-repository -y ppa:ubuntu-lxc/lxd-stable

# use Ubunut Trusty repository on Utopic
sed -i 's|utopic|trusty|g' /etc/apt/sources.list.d/ubuntu-lxc-ubuntu-lxd-stable-utopic.list

sudo apt-get update
sudo apt-get install -y lxd lxc lxcfs

Links
https://linuxcontainers.org/lxd/getting-started-cli/

LXC: Installation under Ubuntu / Debian

wget --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master/install.lxc.sh -O - | bash -

#!/bin/bash

# ensure that this script is run by root
if [ $(id -u) -ne 0 ]; then
  sudo $0
  exit
fi

# install lxc
apt-get install -y software-properties-common
add-apt-repository -y ppa:ubuntu-lxc/lxd-stable

# fix dist name
for FILE in $(find /etc/apt/sources.list.d/ -name "*lxc*.list"); do
  sed -i 's|jessie|trusty|g;s|utopic|trusty|g' ${FILE}
done

apt-get update
apt-get install -y lxc lxcfs

if [ "$1" == "-b" ]; then
  # install required packages
  apt-get install -y bridge-utils

  # disable auto configuration for eth0
  sed -i 's|auto eth0|#auto eth0|g' /etc/network/interfaces
  sed -i 's|iface eth0 inet dhcp|#iface eth0 inet dhcp|g' /etc/network/interfaces

# create network bridge
cat <<EOF>> /etc/network/interfaces
auto lxcbr0
iface lxcbr0 inet dhcp
  bridge_ports eth0
EOF

  # disable auto configuration for network bridge by lxc
  [ -f /etc/default/lxc-net ] && sed -i 's|USE_LXC_BRIDGE="true"|USE_LXC_BRIDGE="false"|g' /etc/default/lxc-net
  
  # disable network managed by NetworkManager when installed
  [ -f /etc/NetworkManager/NetworkManager.conf ] && sed -i 's|managed=true|managed=false|g' /etc/NetworkManager/NetworkManager.conf
fi

# allow all user to list the containers
[ -d /etc/sudoers.d/ ] && echo "ALL ALL=NOPASSWD: /usr/bin/lxc-ls" >> /etc/sudoers.d/lxc

# install under Debian Jessie
apt-get install bridge-utils
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master/install.lxc.sh -O - | bash -s -- -b
#wget http://mirrors.kernel.org/ubuntu/pool/main/l/lxc/lxc_1.0.7-0ubuntu0.2_amd64.deb -P /tmp/
#dpkg -x /tmp/lxc_1.0.7-0ubuntu0.2_amd64.deb /tmp/
#cp -a /tmp/etc/* /etc/

# Check kernel configuration
lxc-checkconfig

LXC: create Debian Jessie container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -s

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=jessie
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r jessie $@

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

(re)create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -s -- -f

Allow root SSH login with password
CONTAINER=jessie
sudo lxc-attach -n ${CONTAINER} -- sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sudo lxc-attach -n ${CONTAINER} -- service ssh restart

Fix DNS
echo nameserver 8.8.8.8 | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

Default login credentials
user: root
pass: root

FixMe
"Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1346734

Failed to open /dev/autofs: No such file or directory
Failed to initialize automounter: No such file or directory
[FAILED] Failed to set up automount Arbitrary Executable File Formats File System Automount Point.
See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
Unit proc-sys-fs-binfmt_misc.automount entered failed state.

Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Kernel Socket.
See 'systemctl status systemd-udevd-kernel.socket' for details.
Socket service systemd-udevd.service not loaded, refusing.
[FAILED] Failed to listen on udev Control Socket.
See 'systemctl status systemd-udevd-control.socket' for details.

Bugs
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1347020
https://wiki.debian.org/LXC#Incompatibility_with_systemd

Fix DNS
echo nameserver 8.8.8.8 > /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

# test
http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

Debian Jessie

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=jessie
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r jessie $@

# workaround for "Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied"
echo "lxc.aa_profile = unconfined" | sudo tee -a /var/lib/lxc/${CONTAINER}/config

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

LXC: create Debian Wheezy container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.wheezy.sh -O - | bash -

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=wheezy
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r wheezy $@

# set container MAC address if specified
if [ ! -z ${CONTAINER_MAC} ]; then
  sed -i "s|lxc.network.hwaddr = .*|lxc.network.hwaddr = ${CONTAINER_MAC}|" /var/lib/lxc/${CONTAINER}/config
fi

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

(re)create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.wheezy.sh -O - | bash -s -- -f

Default login credentials
user: root
pass: root

Fix DNS
echo nameserver 8.8.8.8 > /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

LXC: create Debian Squeeze container

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.squeeze.sh -O - | bash -

#!/bin/bash

[ -z ${CONTAINER} ] && CONTAINER=squeeze
LANG=en_US.UTF-8

# force, remove previous container
if [ "$1" == "-f" ]; then
  [ $(sudo lxc-ls ${CONTAINER} | wc -l) -gt 0 ] && sudo lxc-destroy -f -n ${CONTAINER}
  shift
fi

# create container
sudo lxc-create -t debian -n ${CONTAINER} -- template-options -r squeeze $@

# start container in background
sudo lxc-start -d -n ${CONTAINER}

# wait 3 seconds until network is up
sleep 3

# copy APT proxy configuration from host
APT_PROXY=$(grep -h "Acquire::http::Proxy" /etc/apt/* -r | head -1)
[ -n "${APT_PROXY}" ] && echo ${APT_PROXY} | sudo tee /var/lib/lxc/${CONTAINER}/rootfs/etc/apt/apt.conf.d/01proxy

# update packages in container
sudo lxc-attach -n ${CONTAINER} -- apt-get update
sudo lxc-attach -n ${CONTAINER} -- apt-get dist-upgrade -y

# show containers status
sudo lxc-ls ${CONTAINER} -f

(re)create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.squeeze.sh -O - | bash -s -- -f

Default login credentials
user: root
pass: root

Fix DNS
echo nameserver 8.8.8.8 > /var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf

LXC Containers

# centos
sudo lxc-create -t centos -n centos -- --release 7

# nested container / docker support
echo "lxc.aa_profile = unconfined" >> /var/lib/lxc/centos/config
echo "lxc.cgroup.devices.allow = a\n" >> /var/lib/lxc/centos/config

# fixme (on first run)
+ preseed
Configuring console-setup

echo "console-setup/layoutcode string UTF-8" | debconf-set-selections

Update LXC container templates filesystem

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/scripts/lxc-update-templates.sh -O - | bash -

#!/bin/bash

# ensure that this script is run as root
if [ $(id -u) -ne 0 ]; then
  sudo $0
  exit
fi

# set language to english
LANG=en_US.UTF-8

# update APT rootfs (Debian and Ubuntu)
for DIST in $(find /var/cache/lxc/*/* -maxdepth 0 -type d); do
  echo "Updating ${DIST} ..."
  chroot "${DIST}" apt-get update -qq
  chroot "${DIST}" apt-get dist-upgrade -qq -y
  chroot "${DIST}" apt-get autoremove -qq -y
  chroot "${DIST}" apt-get clean
done

# fix dns
echo "nameserver 8.8.8.8" > /var/cache/lxc/debian/rootfs-wheezy-amd64/etc/resolv.conf

Cronjob
echo "0 13 * * * root /usr/bin/wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/scripts/lxc-update-templates.sh -O - | bash -" > /etc/cron.d/lxc_update_template
service cron restart

# fix squeeze repository
sed -i 's|cdn.debian.net|ftp.debian.org|g' /var/cache/lxc/debian/rootfs-squeeze-amd64/etc/apt/sources.list

Syndicate content