From 250cb9eab4c05db272604014701023773dbbce1d Mon Sep 17 00:00:00 2001 From: Marc Beninca Date: Tue, 5 Dec 2017 22:14:15 +0100 Subject: [PATCH] lxc --- source/lxc/container.rst | 167 +++++++++++++++++++++++++++++++++++++++ source/lxc/host.rst | 75 ++++++++++++++++++ source/lxc/index.rst | 19 +++++ 3 files changed, 261 insertions(+) diff --git a/source/lxc/container.rst b/source/lxc/container.rst index 3bbad8a..06453c8 100644 --- a/source/lxc/container.rst +++ b/source/lxc/container.rst @@ -1,3 +1,170 @@ ********* Container ********* + +TODO +==== + +* look for creation through debootstrap + +Create +====== + +.. code:: shell + + lxc-create \ + --name="container_name" \ + --template="debian" \ + -- \ + --release="stretch" \ + --mirror="file:/mirrors/debian/debian-stretch" \ + --security-mirror="file:/mirrors/debian/debian-stretch-security" \ + +Configure +========= + +In containers/directory/container_nameĀ : + +* config + +.. code:: ini + + lxc.include = /usr/share/lxc/config/debian.common.conf + + lxc.arch = amd64 + lxc.autodev = 1 + lxc.kmsg = 0 + lxc.mount = /var/lib/lxc/container_name/fstab + lxc.rootfs = /var/lib/lxc/container_name/rootfs + lxc.rootfs.backend = dir + lxc.start.auto = 1 + lxc.utsname = hostname + + lxc.network.type = veth + + lxc.network.flags = up + lxc.network.link = br0 + lxc.network.name = eth0 + lxc.network.veth.pair = container_name + lxc.network.hwaddr = virtual_mac_address + +Static addresses variant: + +.. code:: ini + + lxc.network.ipv4 = container_ip4/network_mask_bits + lxc.network.ipv6 = container_ip6 + +* fstab + +.. warning:: + + | Do not forget to create the data directories + | otherwise the container start process will fail! + +:: + + data/directory/container_name data none bind,create=dir + /mirrors mirrors none bind,create=dir + +* rootfs/ + + * TODO Debian configuration + +* rootfs/etc/network/interfaces.d/eth0 + + if the container uses DHCP: + +:: + + auto eth0 + iface eth0 inet dhcp + +Start +===== + +.. warning:: + + | Be patient, for it can take a container + | up to 1 minute to get its network stack up! + +.. code:: shell + + lxc-start -n "container_name" + +.. code:: shell + + lxc-start --name="container_name" + +Run command +=========== + +.. code:: shell + + lxc-attach -n "container_name" -- command + +.. code:: shell + + lxc-attach --name="container_name" -- command + +Stop +==== + +.. code:: shell + + lxc-stop -n "container_name" + +.. code:: shell + + lxc-stop --name="container_name" + +Backup +====== + +system +------ + +.. code:: shell + + cd containers/directory + tar --numeric-owner -cvaf container_name.backup_name.txz container_name + +data +---- + +.. code:: shell + + cd data/directory + tar --numeric-owner -cvaf container_name.backup_name.txz container_name + +Destroy +======= + +.. code:: shell + + lxc-destroy -n "container_name" + +.. code:: shell + + lxc-destroy --name="container_name" + +Restore +======= + +system +------ + +.. code:: shell + + cd containers/directory + rm --recursive container_name + tar --numeric-owner -xvf container_name.backup_name.txz + +data +---- + +.. code:: shell + + cd data/directory + rm --recursive container_name + tar --numeric-owner -xvf container_name.backup_name.txz diff --git a/source/lxc/host.rst b/source/lxc/host.rst index e6187b3..c9896cf 100644 --- a/source/lxc/host.rst +++ b/source/lxc/host.rst @@ -1,3 +1,78 @@ **** Host **** + +Check +===== + +.. code:: shell + + lxc-checkconfig + +List +==== + +.. code:: shell + + lxc-ls -f + +.. code:: shell + + lxc-ls --fancy + +Network bridge +============== + +Create bridge br0 onto host's network interface eth0: + +* /etc/network/interfaces.d/eth0 + +:: + + auto br0 + iface br0 inet static + address host_ip/network_mask_bits + gateway gateway_ip + bridge_fd 0 + bridge_maxwait 0 + bridge_ports eth0 + bridge_stp on + +Service +======= + +Default configuration for new containers: + +* /etc/lxc/default.conf + +.. code:: ini + + lxc.include = /usr/share/lxc/config/debian.common.conf + + lxc.arch = amd64 + lxc.autodev = 1 + lxc.kmsg = 0 + lxc.rootfs.backend = dir + lxc.start.auto = 1 + + lxc.network.type = veth + + lxc.network.flags = up + lxc.network.link = br0 + lxc.network.name = eth0 + +Directories +=========== + +* 1 for the containers +* 1 for their data + +.. code:: shell + + mkdir --parents "containers/directory" + rmdir "/var/lib/lxc" + ln --symbolic "containers/directory" "/var/lib/lxc" + +.. code:: shell + + mkdir --parents "data/directory" diff --git a/source/lxc/index.rst b/source/lxc/index.rst index 2d10a42..eae0717 100644 --- a/source/lxc/index.rst +++ b/source/lxc/index.rst @@ -6,3 +6,22 @@ LXC host container + +*** +ESX +*** + +.. warning:: + + | If the host is part of an ESX virtual network architecture, + | make sure to configure its virtual switch to avoid packet drops. + +* Edit Settings / Policies / Security + +=================== ====== +Key Value +=================== ====== +Promiscuous Mode Accept +MAC Address Changes Accept +Forged Transmits Accept +=================== ======