[[lxc]]

LXC

Sur ubuntu :

# apt install lxc-utils lxcfs

Il y a de nombreuses images téléchargeables pour servir de base.

$ sudo lxc-create -t download -n cequonveut
Setting up the GPG keyring
Downloading the image index
 
---
DIST	RELEASE	ARCH	VARIANT	BUILD
---
(...)
alpine	edge	amd64	default	20190918_13:00
(...)
centos	6	amd64	default	20190919_07:08
(...)
debian	buster	amd64	default	20190919_05:24
(...)

Téléchargement d'un Debian Buster (amd64) :

$ sudo lxc-create -t download -n buster-base -- --dist debian --release buster --arch amd64

Cliquez pour afficher ⇲

Cliquez pour masquer ⇱

Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
 
---
You just created a Debian buster amd64 (20190919_05:24) container.
 
To enable SSH, run: apt install openssh-server
No default root or user password are set by LXC.
 
$ sudo lxc-create -t download -n stretch-base -- --dist debian --release stretch --arch amd64
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
 
---
You just created a Debian stretch amd64 (20190919_05:24) container.
 
To enable SSH, run: apt install openssh-server
No default root or user password are set by LXC.
$ sudo lxc-ls -f
NAME            STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED 
buster-base     STOPPED 0         -      -    -    false        
stretch-base    STOPPED 0         -      -    -    false 
$ sudo lxc-destroy NOM-IMAGE
$ sudo lxc-start -n stretch-base

On peut vérifier :

$ sudo lxc-ls -f
NAME            STATE   AUTOSTART GROUPS IPV4       IPV6 UNPRIVILEGED 
buster-base     STOPPED 0         -      -          -    false        
stretch-base    RUNNING 0         -      10.0.3.220 -    false 
$ sudo lxc-stop -n stretch-base
$ sudo lxc-attach -n stretch-base
root@stretch-base:/#

Il faut rajouter une ligne dans sa configuration :

$ sudo vim /var/lib/lxc/stretch-base/config
(...)
lxc.start.auto = 1
(...)

Et redémarrer le conteneur.

J'ai eu des problèmes parce que Bind9 était installé ! Pour vérifier :

$ sudo netstat -lnp | grep ":53 "

S'il y a des lignes aec “named”, supprimez Bind9 (si vous n'en avez pas besoin). Une fois que tout sera installé, voici ce qu'il y aura :

$ sudo netstat -lnp | grep ":53 "
tcp        0      0 10.0.3.1:53             0.0.0.0:*               LISTEN      7330/dnsmasq        
udp        0      0 10.0.3.1:53             0.0.0.0:*                           7330/dnsmasq 

Il faut installer dnsmasq-base avant tout chose.

$ sudo apt remove bind9
 
$ sudo apt install dnsmasq-base
 
$ sudo cat /etc/lxc/lxc-net 
USE_LXC_BRIDGE="true"
 
$ sudo /etc/lxc/default.conf 
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
 
$ sudo systemctl enable lxc-net.service
 
$ sudo systemctl start lxc-net.service
 
$ sudo systemctl status lxc-net
● lxc-net.service - LXC network bridge setup
   Loaded: loaded (/lib/systemd/system/lxc-net.service; enabled; vendor preset: enabled)
   Active: active (exited) since Mon 2019-10-07 08:41:41 UTC; 14min ago
  Process: 7297 ExecStart=/usr/lib/x86_64-linux-gnu/lxc/lxc-net start (code=exited, status=0/SUCCESS)
 Main PID: 7297 (code=exited, status=0/SUCCESS)
   Memory: 2.0M
   CGroup: /system.slice/lxc-net.service
           └─7330 dnsmasq -u dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --listen-address 10.0.3.1 --dhcp-range 10.0.3.2,10.0.3.2
 
oct. 07 08:41:40 ns334000 lxc-net[7297]: iptables: Bad rule (does a matching rule exist in that chain?).
oct. 07 08:41:41 ns334000 dnsmasq[7330]: demarré, version 2.80 (taille de cache 150)
oct. 07 08:41:41 ns334000 dnsmasq[7330]: options à la compilation : IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-det
oct. 07 08:41:41 ns334000 dnsmasq-dhcp[7330]: DHCP, plage d'adresses IP 10.0.3.2 -- 10.0.3.254, durée de bail 1h
oct. 07 08:41:41 ns334000 dnsmasq-dhcp[7330]: DHCP, sockets bound exclusively to interface lxcbr0
oct. 07 08:41:41 ns334000 dnsmasq[7330]: Lecture de /etc/resolv.conf
oct. 07 08:41:41 ns334000 dnsmasq[7330]: utilise le serveur de nom 127.0.0.1#53
oct. 07 08:41:41 ns334000 dnsmasq[7330]: utilise le serveur de nom 213.186.33.99#53
oct. 07 08:41:41 ns334000 dnsmasq[7330]: lecture /etc/hosts - 6 adresses
oct. 07 08:41:41 ns334000 systemd[1]: Started LXC network bridge setup.
 
$ sudo systemctl restart lxc
 
$ sudo systemctl status lxc
● lxc.service - LXC Container Initialization and Autoboot Code
   Loaded: loaded (/lib/systemd/system/lxc.service; enabled; vendor preset: enabled)
   Active: active (exited) since Mon 2019-10-07 08:56:53 UTC; 4s ago
     Docs: man:lxc-autostart
           man:lxc
  Process: 7620 ExecStartPre=/usr/lib/x86_64-linux-gnu/lxc/lxc-apparmor-load (code=exited, status=0/SUCCESS)
  Process: 7621 ExecStart=/usr/lib/x86_64-linux-gnu/lxc/lxc-containers start (code=exited, status=0/SUCCESS)
 Main PID: 7621 (code=exited, status=0/SUCCESS)
 
oct. 07 08:56:53 ns334000 systemd[1]: Starting LXC Container Initialization and Autoboot Code...
oct. 07 08:56:53 ns334000 systemd[1]: Started LXC Container Initialization and Autoboot Code.

Notes : Il y a des exemples dans la doc :

$ sudo cat /usr/share/doc/lxc/examples/lxc-veth.conf 
# Container with network virtualized using a pre-configured bridge named br0 and
# veth pair virtual network devices
lxc.uts.name = beta
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = br0
lxc.net.0.hwaddr = 4a:49:43:49:79:bf
lxc.net.0.ipv4.address = 10.2.3.5/24
lxc.net.0.ipv6.address = 2003:db8:1:0:214:1234:fe0b:3597

Source : serverfault.com

On ajoute une ligne dans /etc/lxc/lxc-net pour utiliser la configuration dnsmasq du fichier /etc/lxc/dnsmasq.conf :

$ sudo cat /etc/lxc/lxc-net 
USE_LXC_BRIDGE="true"
LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
 
$ sudo cat /etc/lxc/dnsmasq.conf 
dhcp-host=caliban,10.0.3.2

On commente la ligne concernant l'ip fixe dans la configuration du conteneur :

# cat /var/lib/lxc/buster-base/config 
(...)
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:22:1a:9e
#lxc.net.0.ipv4.address = 10.0.3.2/24

On éteint le conteneur et on redémarre le service lxc-net :

$ sudo lxc-stop buster-base
 
$ sudo systemctl restart lxc-net
 
$ sudo systemctl status lxc-net
● lxc-net.service - LXC network bridge setup
(...)
   CGroup: /system.slice/lxc-net.service
           └─15671 dnsmasq --conf-file=/etc/lxc/dnsmasq.conf -u dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --listen-address 10.0.3(...)
(...)
 
$ sudo lxc-start buster-base
 
$ sudo lxc-ls -f
NAME    STATE   AUTOSTART GROUPS IPV4     IPV6 UNPRIVILEGED 
buster-base RUNNING 0         -      10.0.3.2 -    false

Et voilà, notre conteneur “buster-base” aura toujours l'adresse IP 10.0.3.2 !

Chaque conteneur a sa configuration dans ce dossier :

$ sudo ls -al /var/lib/lxc/buster-base/
total 16
drwxrwx---  3 root root 4096 oct.   7 08:39 .
drwxr-xr-x  4 root root 4096 oct.   7 08:39 ..
-rw-r-----  1 root root  809 oct.   7 08:39 config
drwxr-xr-x 21 root root 4096 oct.   7 08:40 rootfs
 
$ sudo cat /var/lib/lxc/buster-base/config 
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: --dist debian --release buster --arch amd64
# Template script checksum (SHA-1): 273c51343604eb85f7e294c8da0a5eb769d648f3
# For additional config options, please look at lxc.container.conf(5)
 
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
 
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64
 
# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/buster-base/rootfs
lxc.uts.name = buster-base
 
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:9d:7f:53

C'est donc là qu'on peut faire les configurations spécifiques à chaque conteneur !

On a vu juste au dessus où se trouvait la configuration spécifique de chaque conteneur. C'est également dans ce dossier qu'il y a le rootfs de chaque conteneur :

$ sudo  ls -al /var/lib/lxc/buster-base/rootfs/
total 84
drwxr-xr-x 21 root root 4096 oct.   7 08:40 .
drwxrwx---  3 root root 4096 oct.   7 08:39 ..
drwxr-xr-x  2 root root 4096 oct.   6 05:26 bin
drwxr-xr-x  2 root root 4096 août  30 12:31 boot
drwxr-xr-x  3 root root 4096 oct.   7 08:39 dev
drwxr-xr-x 40 root root 4096 oct.   7 08:40 etc
drwxr-xr-x  2 root root 4096 août  30 12:31 home
drwxr-xr-x 10 root root 4096 oct.   6 05:26 lib
drwxr-xr-x  2 root root 4096 oct.   6 05:26 lib64
drwxr-xr-x  2 root root 4096 oct.   6 05:25 media
drwxr-xr-x  2 root root 4096 oct.   6 05:25 mnt
drwxr-xr-x  2 root root 4096 oct.   6 05:25 opt
drwxr-xr-x  2 root root 4096 août  30 12:31 proc
drwx------  2 root root 4096 oct.   7 08:44 root
drwxr-xr-x  2 root root 4096 oct.   6 05:26 run
drwxr-xr-x  2 root root 4096 oct.   6 05:26 sbin
drwxr-xr-x  2 root root 4096 oct.   6 05:25 srv
drwxr-xr-x  2 root root 4096 août  30 12:31 sys
drwxrwxrwt  7 root root 4096 oct.   7 08:56 tmp
drwxr-xr-x 10 root root 4096 oct.   6 05:25 usr
drwxr-xr-x 11 root root 4096 oct.   6 05:25 var

Bon à savoir pour les sauvegardes !

# cd /var/lib/lxc/monContainer/
 
root@ns334000:/var/lib/lxc/monContainer# tar --numeric-owner -czvf monContainer_fs_`date "+%Y-%m-%d"`.tar.gz ./*
 
root@ns334000:/var/lib/lxc/monContainer# ls
monContainer_fs_2019-10-19.tar.gz  config  rootfs  snaps
$ sudo lxc-stop -n monconteneur
 
$ su
 
$ cd /var/lib/lxc/monconteneur/
 
# tar --numeric-owner -czvf monconteneur_fs.tar.gz ./*
 
# ll
total 208692
-rw-r-----  1 root root       795 oct 10 11:43 config
-rw-r--r--  1 root root 213684873 oct 10 17:03 monconteneur_fs.tar.gz
drwxr-xr-x 21 root root      4096 oct 10 11:43 rootfs

On copie dans le dossier de l'utilisateur (root n'ayant pas les accès ssh de mon utilisateur) :

# mv monconteneur_fs.tar.gz /home/simon/tmp/
 
# chown simon:simon /home/simon/tmp/monconteneur_fs.tar.gz

On repasse en utilisateur “normal” et on envoie sur un autre serveur

$ scp /home/simon/tmp/monconteneur_fs.tar.gz simon@192.168.14.12:~/

Sur le serveur :

$ simon@192.168.14.12
 
simon@server:~$ sudo -s
 
root@server:/home/simon# mkdir /var/lib/lxc/monconteneur
 
root@server:/home/simon# cd /var/lib/lxc/monconteneur/
 
root@server:/var/lib/lxc/monconteneur# cp /home/simon/monconteneur_fs.tar.gz /var/lib/lxc/monconteneur/
 
root@server:/var/lib/lxc/monconteneur# ls
monconteneur_fs.tar.gz
 
root@server:/var/lib/lxc/monconteneur# tar --numeric-owner -xzvf monconteneur_fs.tar.gz
 
root@server:/var/lib/lxc/monconteneur# ls
config	monconteneur_fs.tar.gz	rootfs
 
root@ns334000:/var/lib/lxc/monconteneur# lxc-ls -f
NAME    STATE   AUTOSTART GROUPS IPV4     IPV6 UNPRIVILEGED 
(...)     
monconteneur    STOPPED 0         -      -        -    false        
 
root@ns334000:/var/lib/lxc/monconteneur# lxc-start monconteneur
 
root@ns334000:/var/lib/lxc/monconteneur# lxc-ls -f
NAME    STATE   AUTOSTART GROUPS IPV4     IPV6 UNPRIVILEGED 
(...)
monconteneur    RUNNING 0         -      10.0.3.13 -    false
 
root@server:/var/lib/lxc/monconteneur# lxc-attach monconteneur
root@monconteneur:/#

Source : https://stackoverflow.com/questions/23427129/how-do-i-backup-move-lxc-containers

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
        LC_ALL = (unset),
        LANG = "fr_FR.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

Solution :

# dpkg-reconfigure locales
  • lxc.txt
  • Dernière modification: 2019/10/19 17:45
  • par simon