Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revisionBoth sides next revision | ||
| lxc_openwrt_host [2021/09/19 08:22] – begin drafting page based on https://forum.openwrt.org/t/openwrt-arm64-quick-lxc-howto-guide-lms-in-debian-system-in-lxc-container/99835 darksky2 | lxc_openwrt_host [2021/09/22 08:05] – [Setup on the OpenWRT host] darksky2 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Running LXC on OpenWRT Host ====== | ====== Running LXC on OpenWRT Host ====== | ||
| - | In principal, OpenWRT host can run any compatible guest distro via [[https:// | + | In principal, |
| ^ OpenWRT host arch ^ LXC arch ^ | ^ OpenWRT host arch ^ LXC arch ^ | ||
| Line 12: | Line 12: | ||
| | tbd | s390x| | | tbd | s390x| | ||
| + | ===== Example | ||
| + | This example was using OpenWRT ARM64 MVEBU ESPRESSOBIN et ESPRESSOBIN ULTRA. | ||
| + | [[https:// | ||
| + | ==== Setup on the OpenWRT host ==== | ||
| + | Install some necessary tools and prerequisites: | ||
| + | < | ||
| + | |||
| + | Install the needed kernel modules: | ||
| + | < | ||
| + | |||
| + | Install the core lxc packages: | ||
| + | < | ||
| + | |||
| + | FIXME: Note that getopt should be a package dependency, see: [[https:// | ||
| + | |||
| + | Additional packages exist that can add functionality but that aren't strictly required. | ||
| + | < | ||
| + | |||
| + | FIXME: Note that until [[https:// | ||
| + | |||
| + | Edit ''/ | ||
| + | < | ||
| + | |||
| + | Optionally check the kernel config to see if anything required is missing: | ||
| + | < | ||
| + | # lxc-checkconfig | ||
| + | LXC version 4.0.5 | ||
| + | --- Namespaces --- | ||
| + | Namespaces: enabled | ||
| + | Utsname namespace: enabled | ||
| + | Ipc namespace: enabled | ||
| + | Pid namespace: enabled | ||
| + | User namespace: enabled | ||
| + | Network namespace: enabled | ||
| + | |||
| + | --- Control groups --- | ||
| + | Cgroups: enabled | ||
| + | |||
| + | Cgroup v1 mount points: | ||
| + | / | ||
| + | / | ||
| + | / | ||
| + | / | ||
| + | / | ||
| + | / | ||
| + | / | ||
| + | / | ||
| + | |||
| + | Cgroup v2 mount points: | ||
| + | |||
| + | |||
| + | Cgroup v1 freezer controller: missing | ||
| + | Cgroup v1 clone_children flag: enabled | ||
| + | Cgroup device: missing | ||
| + | Cgroup sched: enabled | ||
| + | Cgroup cpu account: enabled | ||
| + | Cgroup memory controller: enabled | ||
| + | Cgroup cpuset: enabled | ||
| + | |||
| + | --- Misc --- | ||
| + | Veth pair device: enabled, loaded | ||
| + | Macvlan: enabled, not loaded | ||
| + | Vlan: enabled, not loaded | ||
| + | Bridges: enabled, not loaded | ||
| + | Advanced netfilter: enabled, not loaded | ||
| + | CONFIG_NF_NAT_IPV4: | ||
| + | CONFIG_NF_NAT_IPV6: | ||
| + | CONFIG_IP_NF_TARGET_MASQUERADE: | ||
| + | CONFIG_IP6_NF_TARGET_MASQUERADE: | ||
| + | CONFIG_NETFILTER_XT_TARGET_CHECKSUM: | ||
| + | CONFIG_NETFILTER_XT_MATCH_COMMENT: | ||
| + | FUSE (for use with lxcfs): enabled, not loaded | ||
| + | |||
| + | --- Checkpoint/ | ||
| + | checkpoint restore: missing | ||
| + | CONFIG_FHANDLE: | ||
| + | CONFIG_EVENTFD: | ||
| + | CONFIG_EPOLL: | ||
| + | CONFIG_UNIX_DIAG: | ||
| + | CONFIG_INET_DIAG: | ||
| + | CONFIG_PACKET_DIAG: | ||
| + | CONFIG_NETLINK_DIAG: | ||
| + | File capabilities: | ||
| + | |||
| + | Note : Before booting a new kernel, you can check its configuration | ||
| + | usage : CONFIG=/ | ||
| + | |||
| + | In order to download distro images for the guest, we need to either: | ||
| + | - Use a keyserver on the host which requires additional setup, or | ||
| + | - Disable validation (not recommended) | ||
| + | |||
| + | To verify signature of the images, we need to install some additional packages which can be remove after the guest is setup: | ||
| + | < | ||
| + | |||
| + | Alternatively, | ||
| + | |||
| + | Example: | ||
| + | < | ||
| + | |||
| + | ==== Create a LXC container ==== | ||
| + | There are many different distros available for installation. | ||
| + | < | ||
| + | |||
| + | This guide will use Debian Buster selected by pre-specifying the distro, release, and architecture via switches, but it is possible to simply omit these three and select them interactively as well. | ||
| + | |||
| + | < | ||
| + | Setting up the GPG keyring | ||
| + | ERROR: Unable to fetch GPG key from keyserver | ||
| + | lxc-create: myLMS: lxccontainer.c: | ||
| + | lxc-create: myLMS: tools/ | ||
| + | |||
| + | ==== Container management ==== | ||
| + | |||
| + | To list the installed containers and query their status, use **lxc-ls**: | ||
| + | < | ||
| + | NAME STATE | ||
| + | myLMS STOPPED 0 | ||
| + | |||
| + | Start and stop containers with **lxc-start** and **lxc-stop** respectively: | ||
| + | |||
| + | < | ||
| + | root@ultra: | ||
| + | NAME STATE | ||
| + | myLMS RUNNING 0 | ||
| + | |||
| + | < | ||
| + | root@ultra: | ||
| + | NAME STATE | ||
| + | myLMS STOPPED 0 | ||
| + | |||
| + | Setup networking in the container: | ||
| + | < | ||
| + | ... | ||
| + | # Network configuration | ||
| + | # | ||
| + | lxc.net.0.type = veth | ||
| + | lxc.net.0.link = br-lan | ||
| + | lxc.net.0.flags = up | ||
| + | lxc.net.0.hwaddr = 00: | ||
| + | |||
| + | Optionally mount a share from the OpenWRT host inside the guest | ||
| + | Make sure to create the path to the share in the container, then edit the container config adding the following line: | ||
| + | < | ||
| + | |||
| + | |||
| + | ==== Setup the containerized guest distro ==== | ||
| + | Attach to the guest which will drop you in as root user. Example below is enabling ssh and fixing sudo within Debian. | ||
| + | < | ||
| + | root@myLMS: | ||
| + | $ adduser admin | ||
| + | $ apt install sudo | ||
| + | $ addgroup admin sudo | ||
| + | $ apt install ssh -y | ||
| + | $ ip a | ||
| + | root@myLMS: | ||
| + | 1: lo: < | ||
| + | link/ | ||
| + | inet 127.0.0.1/8 scope host lo | ||
| + | | ||
| + | inet6 ::1/128 scope host | ||
| + | | ||
| + | 2: eth0@if12: < | ||
| + | link/ether 00: | ||
| + | inet 192.168.1.188/ | ||
| + | | ||
| + | inet6 fdc5: | ||
| + | | ||
| + | inet6 fe80:: | ||
| + | | ||
| + | $ exit | ||
| + | </ | ||
| + | |||
| + | ==== Auto start the container on OpenWRT host ==== | ||
| + | < | ||
| + | uci show lxc-auto | ||
| + | uci add lxc-auto container | ||
| + | uci set lxc-auto.@container[-1].name=myLMS | ||
| + | uci set lxc-auto.@container[-1].timeout=30 | ||
| + | uci show lxc-auto | ||
| + | uci commit lxc-auto</ | ||