|
Size: 4443
Comment:
|
Size: 5365
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 179: | Line 179: |
=== setup_ssh_container.sh === {{{#!highlight bash CONTAINER=ssh-container lxc-stop $CONTAINER lxc-destroy $CONTAINER lxc-create -t download -n $CONTAINER -- -d alpine -r 3.16 -a i386 lxc-execute -n $CONTAINER -- ash -c "echo 'assd' > /t1.txt" lxc-start -n $CONTAINER -d lxc-attach -n $CONTAINER -- ash -c "/sbin/apk update" lxc-attach -n $CONTAINER -- ash -c "/sbin/apk add --update curl wget nano vim shadow openssh" lxc-attach -n $CONTAINER -- ash -c "mkdir /app" lxc-attach -n $CONTAINER -- ash -c "echo 'root:screencast' | /usr/sbin/chpasswd" lxc-attach -n $CONTAINER -- ash -c "echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config" lxc-attach -n $CONTAINER -- ash -c "echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config" lxc-attach -n $CONTAINER -- ash -c "/sbin/rc-update add sshd" lxc-attach -n $CONTAINER -- ash -c "/sbin/service sshd start" sleep 5 lxc-ls --fancy | grep $CONTAINER }}} |
lxc
Linux Containers
LXC (Linux Containers) is an operating system–level virtualization method for running multiple isolated Linux systems (containers) on a single control host.
LXC provides operating system-level virtualization through a virtual environment that has its own process and network space, instead of creating a full-fledged virtual machine.
Ubuntu precise i386 container on Slackware 14.2
1 2016-11-08T23:39 root@nb200:/tmp
2 $ lxc-create -t download -n containerx -- -d ubuntu -r precise -a i386
3 Setting up the GPG keyring
4 Downloading the image index
5 Downloading the rootfs
6 Downloading the metadata
7 The image cache is now ready
8 Unpacking the rootfs
9
10 ---
11 You just created an Ubuntu container (release=precise, arch=i386, variant=default)
12
13 To enable sshd, run: apt-get install openssh-server
14
15 For security reason, container images ship without user accounts
16 and without a root password.
17
18 Use lxc-attach or chroot directly into the rootfs to set a root password
19 or create user accounts.
20 # start a container
21 lxc-start -n containerx -d
22 # list containers
23 lxc-ls --fancy
24 # spawn a new shell running inside an existing container
25 lxc-attach -n containerx
26
27 # session in containerx
28 root@containerx:/etc# cat /etc/os-release
29 NAME="Ubuntu"
30 VERSION="12.04.5 LTS, Precise Pangolin"
31 ID=ubuntu
32 ID_LIKE=debian
33 PRETTY_NAME="Ubuntu precise (12.04.5 LTS)"
34 VERSION_ID="12.04"
35
36 # run several commands in the container
37 lxc-attach -n containerx -- sh -c 'TESTFILE=/tmp/asd;cat $TESTFILE; echo $TESTFILE'
38 lxc-attach -n containerx -- sh -c 'cat /etc/os-release; dpkg -l;'
39 # containers are stored under /var/lib/lxc/
40
Containers in Slackware64 15.0
1 su
2 # list available templates and distros
3 lxc-create -t download -n NAME
4 #Setting up the GPG keyring
5 #Downloading the image index
6 #
7 #---
8 #DIST RELEASE ARCH VARIANT BUILD
9 #---
10 #almalinux 8 amd64 default 20220224_23:09
11 #almalinux 8 arm64 default 20220224_23:09
12 #alpine 3.12 amd64 default 20220225_13:00
13 #alpine 3.12 arm64 default 20220225_13:01
14 #alpine 3.12 armhf default 20220225_13:00
15 #alpine 3.12 i386 default 20220225_13:01
16 # press ctrl+c to exit
17 lxc-create -t download -n containery -- -d ubuntu -r bionic -a i386
18 lxc-start -n containery -d
19 lxc-ls --fancy
20 lxc-attach -n containery
21 # in the container
22 lsb_release -a
/etc/cgconfig.conf
group qwerty {
perm {
task {
uid = vitor;
gid = users;
}
admin {
uid = vitor;
gid = users;
}
}
cpuset {
cgroup.clone_children = 1;
cpuset.mems = 0;
}
cpu {}
cpuacct {}
blkio {}
memory { memory.use_hierarchy = 1; }
devices {}
freezer {}
net_cls {}
perf_event {}
net_prio {}
pids {}
}
/etc/cgrules.conf
vitor * qwerty/
/etc/subgid
vitor:100000:65537
/etc/subuid
vitor:100000:65537
/etc/default/lxc-net
1 USE_LXC_BRIDGE="true"
/etc/lxc/default.conf
lxc.net.0.type = empty
~/.config/lxc/default.conf
lxc.idmap = u 0 100000 65536 lxc.idmap = g 0 100000 65536 lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = lxcbr0
/etc/rc.d/rc.inet1.conf
1 USE_DHCP[0]="yes"
/etc/rc.d/rc.local
1 echo 1 > /proc/sys/net/ipv4/ip_forward
2 /sbin/brctl addbr lxcbr0
3 /sbin/brctl setfd lxcbr0 0
4 /sbin/ifconfig lxcbr0 192.168.100.1 netmask 255.255.255.0 promisc up
5 #/usr/sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
6 /usr/sbin/iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
7 /usr/libexec/lxc/lxc-net start
Test steps
setup_ssh_container.sh
1 CONTAINER=ssh-container
2 lxc-stop $CONTAINER
3 lxc-destroy $CONTAINER
4 lxc-create -t download -n $CONTAINER -- -d alpine -r 3.16 -a i386
5 lxc-execute -n $CONTAINER -- ash -c "echo 'assd' > /t1.txt"
6 lxc-start -n $CONTAINER -d
7 lxc-attach -n $CONTAINER -- ash -c "/sbin/apk update"
8 lxc-attach -n $CONTAINER -- ash -c "/sbin/apk add --update curl wget nano vim shadow openssh"
9 lxc-attach -n $CONTAINER -- ash -c "mkdir /app"
10 lxc-attach -n $CONTAINER -- ash -c "echo 'root:screencast' | /usr/sbin/chpasswd"
11 lxc-attach -n $CONTAINER -- ash -c "echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config"
12 lxc-attach -n $CONTAINER -- ash -c "echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config"
13 lxc-attach -n $CONTAINER -- ash -c "/sbin/rc-update add sshd"
14 lxc-attach -n $CONTAINER -- ash -c "/sbin/service sshd start"
15 sleep 5
16 lxc-ls --fancy | grep $CONTAINER