Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
lxc_openwrt_host [2021/09/19 09:01] – show interactive install example darksky2lxc_openwrt_host [2021/09/22 08:05] – [Setup on the OpenWRT host] darksky2
Line 15: Line 15:
 This example was using OpenWRT ARM64 MVEBU ESPRESSOBIN et ESPRESSOBIN ULTRA.  It has also been verified on a OpenWRT aarch64 Raspberry Pi4 B. This example was using OpenWRT ARM64 MVEBU ESPRESSOBIN et ESPRESSOBIN ULTRA.  It has also been verified on a OpenWRT aarch64 Raspberry Pi4 B.
  
 +[[https://forum.openwrt.org/t/openwrt-arm64-quick-lxc-howto-guide-lms-in-debian-system-in-lxc-container/99835|Original Forum Topic]]
 ==== Setup on the OpenWRT host ==== ==== Setup on the OpenWRT host ====
 Install some necessary tools and prerequisites: Install some necessary tools and prerequisites:
Line 22: Line 23:
 <code>opkg install kmod-ikconfig kmod-veth</code> <code>opkg install kmod-ikconfig kmod-veth</code>
  
-Install the lxc packages (note that not all of these are required)+Install the core lxc packages: 
-<code>opkg install liblxc luci-app-lxc lxc lxc-attach lxc-auto lxc-autostart lxc-cgroup lxc-checkconfig lxc-common lxc-config lxc-configs lxc-console lxc-copy lxc-create lxc-destroy lxc-device lxc-execute lxc-freeze lxc-hooks lxc-info lxc-init lxc-ls lxc-monitor lxc-monitord lxc-snapshot lxc-start lxc-stop lxc-templates lxc-top lxc-unfreeze lxc-unprivileged lxc-unshare lxc-user-nic lxc-usernsexec lxc-wait rpcd-mod-lxc</code>+<code>opkg install lxc-start lxc-stop lxc-create lxc-attach lxc-destroy lxc-config lxc-ls getopt</code>
  
-Check the kernel config to see if anything required is missing: +FIXME: Note that getopt should be a package dependency, see: [[https://github.com/openwrt/packages/issues/16684|#16684]] is fixed. 
-<code>root@ultra:~# lxc-checkconfig + 
 +Additional packages exist that can add functionality but that aren't strictly required.  Find them with: 
 +<code>opkg list | grep lxc</code> 
 + 
 +FIXME: Note that until [[https://github.com/openwrt/packages/pull/16660|PR#16660]] is merged, users of 21.02 will have to complete this extra step.  Users of snapshot builds newer than 20-Sep-2021 can skip this next step. 
 + 
 +Edit ''/usr/share/lxc/config/common.conf'' and comment out all lines relating to legacy cgroup configuration: 
 +<code>sed -i s/lxc.cgroup.devices/#lxc.cgroup.devices/ /usr/share/lxc/config/common.conf</code> 
 + 
 +Optionally check the kernel config to see if anything required is missing: 
 +<code>root@ultra:~# opkg install lxc-checkconfig 
 +# lxc-checkconfig 
 LXC version 4.0.5 LXC version 4.0.5
 --- Namespaces --- --- Namespaces ---
Line 87: Line 99:
 Note : Before booting a new kernel, you can check its configuration Note : Before booting a new kernel, you can check its configuration
 usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig</code> usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig</code>
 +
 +In order to download distro images for the guest, we need to either:
 +  - Use a keyserver on the host which requires additional setup, or
 +  - Disable validation (not recommended)
 +
 +To verify signature of the images, we need to install some additional packages which can be remove after the guest is setup:
 +<code>opkg install gnupg2-utils gnupg2-dirmngr</code>
 +
 +Alternatively, just use the **--no-validate** switch in the command when setting up the container.  This is potentially dangerous and insecure.
 +
 +Example:
 +<code>root@ultra:~# lxc-create --name myLMS --template download -- --no-validate</code>
  
 ==== Create a LXC container ==== ==== Create a LXC container ====
-This example will use Debian Buster but there are many different options from which to choose.  Search for your favorite distro from the supported ones with this command:+There are many different distros available for installation.  Search for your favorite distro from the supported ones with this command:
 <code>lxc-create --name myLMS --template download -- --list --no-validate</code> <code>lxc-create --name myLMS --template download -- --list --no-validate</code>
 +
 +This guide will use Debian Buster selected by pre-specifying the distro, release, and architecture via switches, but it is possible to simply omit these three and select them interactively as well.
  
 <code>root@ultra:~# lxc-create --name myLMS --template download -- --dist debian --release buster --arch arm64 <code>root@ultra:~# lxc-create --name myLMS --template download -- --dist debian --release buster --arch arm64
Line 98: Line 124:
 lxc-create: myLMS: tools/lxc_create.c: main: 319 Failed to create container myLMS</code> lxc-create: myLMS: tools/lxc_create.c: main: 319 Failed to create container myLMS</code>
  
-==== Fix the Unable to fetch GPG key from keyserver ==== +==== Container management ====
-There are two possible solutions to this. +
-  - Use a keyserver on the host +
-  - Disable validation (not recommended)+
  
-=== 1. Use a keyserver on the host ==== +To list the installed containers and query their status, use **lxc-ls**:
- +
-<code>opkg install gnupg2-utils gnupg2-dirmngr +
-root@ultra:~# DOWNLOAD_KEYSERVER="pgp.mit.edu" lxc-create --name myPOD --template download -- --dist debian --release buster --arch arm64 +
-Setting up the GPG keyring +
-Downloading the image index +
-Downloading the rootfs +
-Downloading the metadata +
-The image cache is now ready +
-Unpacking the rootfs +
-</code> +
- +
-=== 2. Disable gpg validation === +
-<code>root@ultra:~# lxc-create --name myLMS --template download -- --dist debian --release buster --arch arm64 --no-validate +
-Downloading the image index +
-WARNING: Running without gpg validation! +
-Downloading the rootfs +
-Downloading the metadata +
-The image cache is now ready +
-Unpacking the rootfs +
- +
---- +
-You just created a Debian buster arm64 (20210623_05:24) container. +
- +
-To enable SSH, run: apt install openssh-server +
-No default root or user password are set by LXC.</code> +
- +
-==== List container and status ====+
 <code>root@ultra:~# lxc-ls -f <code>root@ultra:~# lxc-ls -f
 NAME  STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED  NAME  STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED 
 myLMS STOPPED 0              -    -    false</code> myLMS STOPPED 0              -    -    false</code>
  
-==== Starting the container ====+Start and stop containers with **lxc-start** and **lxc-stop** respectively: 
 <code>root@ultra:~# lxc-start -n myLMS <code>root@ultra:~# lxc-start -n myLMS
 root@ultra:~# lxc-ls -f root@ultra:~# lxc-ls -f
Line 141: Line 138:
 myLMS RUNNING 0              -    -    false</code> myLMS RUNNING 0              -    -    false</code>
  
-==== Stopping the container ==== 
 <code>root@ultra:~# lxc-stop -n myLMS <code>root@ultra:~# lxc-stop -n myLMS
 root@ultra:~# lxc-ls -f root@ultra:~# lxc-ls -f
Line 147: Line 143:
 myLMS STOPPED 0              -    -    false</code> myLMS STOPPED 0              -    -    false</code>
  
-==== Networking in the container ====+Setup networking in the container:
 <code>root@ultra:~# nano /srv/lxc/myLMS/config <code>root@ultra:~# nano /srv/lxc/myLMS/config
 ... ...
Line 157: Line 153:
 lxc.net.0.hwaddr = 00:FF:DD:BB:CC:01</code> lxc.net.0.hwaddr = 00:FF:DD:BB:CC:01</code>
  
-==== Optionally mount a share from the OpenWRT host inside the guest ====+Optionally mount a share from the OpenWRT host inside the guest
 Make sure to create the path to the share in the container, then edit the container config adding the following line: Make sure to create the path to the share in the container, then edit the container config adding the following line:
 <code>lxc.mount.entry = /mnt/SHARE /srv/lxc/myLMS/rootfs/mnt/SHARE none bind,create=d</code> <code>lxc.mount.entry = /mnt/SHARE /srv/lxc/myLMS/rootfs/mnt/SHARE none bind,create=d</code>
Line 190: Line 186:
  
 ==== Auto start the container on OpenWRT host ==== ==== Auto start the container on OpenWRT host ====
-<code>uci show lxc-auto+<code>opkg install lxc-auto lxc-autostart 
 +uci show lxc-auto
 uci add lxc-auto container uci add lxc-auto container
 uci set lxc-auto.@container[-1].name=myLMS uci set lxc-auto.@container[-1].name=myLMS
  • Last modified: 2024/11/22 12:04
  • by levitatingbusinessman