Projekt

Allgemein

Profil

LXC

basic setup:

apt-get install lxc qemu-utils bridge-utils lsof debootstrap

if you like to create containers that can be run on arm plattforms (like raspberry pi, odroid etc) you'll also need additional qemu packages:

apt-get install --yes --force-yes qemu-user-static binfmt-support
apt-get clean

..and you need a lxc template to create the container from:
lxc-pi:"Pi template"

Network config
interfaces:

auto br0
iface br0 inet static
      address 192.168.9.1
      netmask 255.255.255.0
      bridge_ports none
      bridge_stp off
      bridge_fd 2
      bridge_maxwait 20
      post-up echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s 192.168.9.0/24 -o wlan0 -j MASQUERADE

Create basic machine

lxc-create -B loop -t debian -n debian2 --fssize=5G -- -r jessie

Client (guest config)
/var/lib/lxc/xxx/config

# TODO for later use
#lxc.hook.pre-start = /var/lib/lxc/prestart-nbd.sh
#lxc.hook.post-stop = /var/lib/lxc/poststop-nbd.sh
#lxc.rootfs = /var/lib/lxc/debian2/rootfs

lxc.network.type = veth
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.link = br0
lxc.network.ipv4 = 192.168.9.101/24
lxc.network.ipv4.gateway = 192.168.9.1

prestart:

#!/bin/bash
CHK=$(lsmod | grep '^nbd');
if [[ "$CHK" == "" ]] ; then
 modprobe nbd nbds_max=64 max_part=8
fi
DEV="" 

for D in /dev/nbd* ; do
F=$(basename $D)
if [[ $(lsblk | grep "^${F} ") == "" ]] ; then
DEV="$D" 
break;
fi
done

echo "Next free NBD is $DEV";

CHK=$(lsof /var/lib/lxc/${LXC_NAME}/rootdev-live.qcow2 | grep 'qemu-nbd' | awk '{ print $2 }');
if [[ "$CHK" == "" ]] ; then
if [[ "$DEV" == "" ]] ; then
print "No free nbd device found";
exit 1;
fi
echo "Connecting $DEV to /var/lib/lxc/${LXC_NAME}/rootdev-live.qcow2" 
qemu-nbd -c ${DEV} -n --aio=native /var/lib/lxc/${LXC_NAME}/rootdev-live.qcow2
else
NBD=$(lsof -p ${CHK} | grep '/dev/nbd' | awk '{ print $9 }');
if [[ "$NBD" != "" ]] ; then
echo "/var/lib/lxc/${LXC_NAME}/rootdev-live.qcow2 is already connected to $NBD" 
DEV="$NBD";
else
echo "/var/lib/lxc/${LXC_NAME}/rootdev-live.qcow2 is used by suspicious PID";
exit 1;
fi
fi

CHK=$(mount | grep " /var/lib/lxc/${LXC_NAME}/rootfs ")
if [[ "$CHK" == "" ]] ; then
 echo "/var/lib/lxc/${LXC_NAME}/rootfs not mounted";
 echo "Mounting ${DEV} to /var/lib/lxc/${LXC_NAME}/rootfs" 
 mount ${DEV} /var/lib/lxc/${LXC_NAME}/rootfs
fi
echo "${DEV} ${DEV:1} none bind,create=file,optional 0 0" > /var/lib/lxc/${LXC_NAME}/fstab

root@raspberry:~# cat /var/lib/lxc/poststop-nbd.sh

#!/bin/bash
CHK=$(mount | grep " /var/lib/lxc/${LXC_NAME}/rootfs " | awk '{ print $1 }')
if [[ "$CHK" != "" ]] ; then
 echo "Unmounting ${CHK} from /var/lib/lxc/${LXC_NAME}/rootfs" 
 echo "Disconnecting ${CHK}" 
 umount /var/lib/lxc/${LXC_NAME}/rootfs && qemu-nbd -d ${CHK}
fi

disable seccomp int /usr/share/lxc/config/debian.common.conf

#lxc.seccomp = /usr/share/lxc/config/common.seccomp

start machine:
(debug)

lxc-start -n debian2 -l trace -o test.log

(normal)

lxc-start -n debian2 -F

After setup, create qcow img and backingfile:

lxc-stop -n debian2
qemu-img convert -O qcow2 /var/lib/lxc/debian2/rootdev /var/lib/lxc/debian2/rootdev.qcow2
qemu-img create -f qcow2 -b /var/lib/lxc/debian2/rootdev.qcow2 /var/lib/lxc/debian2/rootdev-live.qcow2
rm debian2

Remove #-comments from client config so nbd usage becomes effectiv