Intelligente Lösungen
in neuer Dimension

LXC-Container Debian-9

Hier beschreibe ich, wie ich meinen Basiscontainer mit Debian-9 erzeuge.

Voraussetzungen

  1. LXD ist installiert: lxd --version –> 4.0.0
  2. LXC ist installiert: lxc --version –> 4.0.0
  3. Es gibt diverse LXC-Netzwerke: lxc network list
1
2
3
4
5
6
7
8
9
+-------------+----------+---------+-------------+---------+
|    NAME     |   TYPE   | MANAGED | DESCRIPTION | USED BY |
+-------------+----------+---------+-------------+---------+
| enp0s31f6   | physical | NO      |             | 0       |
+-------------+----------+---------+-------------+---------+
| lxdhostonly | bridge   | YES     |             | 6       |
+-------------+----------+---------+-------------+---------+
| lxdnat      | bridge   | YES     |             | 5       |
+-------------+----------+---------+-------------+---------+

Basiscontainer einrichten

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[email protected]# lxc image list images:debian/9|grep x86_64
| debian/9 (7 more)               | 82365eca5020 | yes    | Debian stretch amd64 (20200402_05:24)   | x86_64       | VIRTUAL-MACHINE | 218.25MB | Apr 2, 2020 at 12:00am (UTC) |
| debian/9 (7 more)               | bc9389f19853 | yes    | Debian stretch amd64 (20200402_05:24)   | x86_64       | CONTAINER       | 65.38MB  | Apr 2, 2020 at 12:00am (UTC) |
| debian/9/cloud (3 more)         | bb2d6de3c951 | yes    | Debian stretch amd64 (20200402_05:24)   | x86_64       | CONTAINER       | 79.46MB  | Apr 2, 2020 at 12:00am (UTC) |
| debian/9/cloud (3 more)         | bfa4c3c722d9 | yes    | Debian stretch amd64 (20200402_05:24)   | x86_64       | VIRTUAL-MACHINE | 239.94MB | Apr 2, 2020 at 12:00am (UTC) |
[email protected]# lxc launch images:debian/9 debian-9
Creating debian-9
Starting debian-9                           
[email protected]# lxc list debian-9
+----------+---------+----------------------+------+-----------+-----------+
|   NAME   |  STATE  |         IPV4         | IPV6 |   TYPE    | SNAPSHOTS |
+----------+---------+----------------------+------+-----------+-----------+
| debian-9 | RUNNING | 10.38.131.180 (eth0) |      | CONTAINER | 0         |
+----------+---------+----------------------+------+-----------+-----------+

Basiscontainer anpassen

Zusatzpakete installieren

Diese Zusatzpakete installieren wir im Basiscontainer:

  • joe
  • openssh-server
1
2
3
4
5
6
7
8
9
10
11
12
[email protected]# lxc exec debian-9 /bin/bash
[email protected]# apt-get install joe
Reading package lists... Done
Building dependency tree       
Reading state information... Done
...
Unpacking joe (4.4-1) ...
Setting up joe (4.4-1) ...
update-alternatives: using /usr/bin/joe to provide /usr/bin/editor (editor) in auto mode
[email protected]# apt-get install openssh-server
...
[email protected]# apt-get clean

SSH-Schlüssel eintragen

1
2
3
4
5
6
7
[email protected]# lxc exec debian-9 /bin/bash
[email protected]# mkdir .ssh
[email protected]# cat >.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1...ZDoITmw== [email protected]
EOF
[email protected]# chmod 700 .ssh
[email protected]# chmod 600 .ssh/authorized_keys

Ewige Protokollierung mit Zeitstempel

Siehe StackOverflow -Unlimited Bash History.

/etc/bash.bashrc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
...
HISTFILESIZE=
HISTSIZE=
HISTTIMEFORMAT="[%F %T] "
# Change the file location because certain bash sessions truncate .bash_history file upon close.
# http://superuser.com/questions/575479/bash-history-truncated-to-500-lines-on-each-login
HISTFILE=~/.bash_eternal_history
# Force prompt to write history after every command.
# http://superuser.com/questions/20900/bash-history-loss
PROMPT_COMMAND="history -a; ${PROMPT_COMMAND:-true}"
# Log last command to syslog
log_command () {
 echo "${USER} $(HISTTIMEFORMAT='' builtin history 1|cut -c8-)" |  logger -t shell -p user.info
}
PROMPT_COMMAND="${PROMPT_COMMAND:-true};log_command"

/etc/skel/.bashrc und /root/.bashrc und /home/ubuntu/.bashrc

Bislang:

1
2
3
4
...
HISTSIZE=1000
HISTFILESIZE=2000
...

Neu:

1
2
3
4
...
#HISTSIZE=1000
#HISTFILESIZE=2000
...

Zeitzone korrigieren

1
2
3
4
5
[email protected]:~# date
Fri Apr 10 16:42:11 UTC 2020
[email protected]:~# timedatectl set-timezone Europe/Berlin
[email protected]:~# date
Fri Apr 10 18:43:06 CEST 2020

Apt-Cacher-NG vom LXDHOST aktivieren

/root/bin/apt-proxy.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#!/bin/sh

# port of apt-cacher-ng on the lxd host
PORT=3142
APT_PROXY_FILE="/etc/apt/apt.conf.d/01proxy"
LXDHOST=

for h in $(ip addr|grep -o "inet [0-9.]*/"|grep -v 127.0.0.1|grep -o "[0-9.]*"|sed -e "s/[.][0-9]*$/.1/"); do
  nc -z "${h}" "${PORT}" && { LXDHOST="${h}"; break; }
done

if [ -n "${LXDHOST}" ]; then
  echo >"${APT_PROXY_FILE}" "Acquire::http::Proxy \"http://${LXDHOST}:${PORT}\";"
else
  rm -f "${APT_PROXY_FILE}"
fi

/root/systemd/apt-proxy.service

1
2
3
4
5
6
7
8
9
10
11
12
[Unit]
Description=Apt proxy to apt-cacher-ng on lxd host
After=network.target

[Service]
ExecStart=/root/bin/apt-proxy.sh
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Aktivieren

1
2
3
[email protected]:~# systemctl enable /root/systemd/apt-proxy.service
Created symlink /etc/systemd/system/multi-user.target.wants/apt-proxy.service → /root/systemd/apt-proxy.service.
Created symlink /etc/systemd/system/apt-proxy.service → /root/systemd/apt-proxy.service.

Test

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[email protected]:~# reboot
...
[email protected]:~# systemctl status apt-proxy
● apt-proxy.service - Apt proxy to apt-cacher-ng on lxd host
   Loaded: loaded (/root/systemd/apt-proxy.service; enabled; vendor preset: enabled)
   Active: active (exited) since Sat 2020-04-11 08:51:37 CEST; 36s ago
  Process: 102 ExecStart=/root/bin/apt-proxy.sh (code=exited, status=0/SUCCESS)
 Main PID: 102 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/apt-proxy.service

Apr 11 08:51:37 debian-9 systemd[1]: Started Apt proxy to apt-cacher-ng on lxd host.
Apr 11 08:51:37 debian-9 systemd[1]: apt-proxy.service: Failed to reset devices.list: Operation not permitted
Apr 11 08:51:37 debian-9 systemd[1]: apt-proxy.service: Failed to set invocation ID on control group /system.slice/apt-proxy.service, ignoring: Operation not permitted

Änderungen

  • 2020-04-11: Apt-Cacher-NG