Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
lxc_openwrt_host [2021/09/19 09:03] – [Create a LXC container] wording darksky2lxc_openwrt_host [2021/09/22 08:05] – [Setup on the OpenWRT host] darksky2
Line 15: Line 15:
 This example was using OpenWRT ARM64 MVEBU ESPRESSOBIN et ESPRESSOBIN ULTRA.  It has also been verified on a OpenWRT aarch64 Raspberry Pi4 B. This example was using OpenWRT ARM64 MVEBU ESPRESSOBIN et ESPRESSOBIN ULTRA.  It has also been verified on a OpenWRT aarch64 Raspberry Pi4 B.
  
 +[[https://forum.openwrt.org/t/openwrt-arm64-quick-lxc-howto-guide-lms-in-debian-system-in-lxc-container/99835|Original Forum Topic]]
 ==== Setup on the OpenWRT host ==== ==== Setup on the OpenWRT host ====
 Install some necessary tools and prerequisites: Install some necessary tools and prerequisites:
Line 22: Line 23:
 <code>opkg install kmod-ikconfig kmod-veth</code> <code>opkg install kmod-ikconfig kmod-veth</code>
  
-Install the lxc packages (note that not all of these are required)+Install the core lxc packages: 
-<code>opkg install liblxc luci-app-lxc lxc lxc-attach lxc-auto lxc-autostart lxc-cgroup lxc-checkconfig lxc-common lxc-config lxc-configs lxc-console lxc-copy lxc-create lxc-destroy lxc-device lxc-execute lxc-freeze lxc-hooks lxc-info lxc-init lxc-ls lxc-monitor lxc-monitord lxc-snapshot lxc-start lxc-stop lxc-templates lxc-top lxc-unfreeze lxc-unprivileged lxc-unshare lxc-user-nic lxc-usernsexec lxc-wait rpcd-mod-lxc</code>+<code>opkg install lxc-start lxc-stop lxc-create lxc-attach lxc-destroy lxc-config lxc-ls getopt</code>
  
-Check the kernel config to see if anything required is missing: +FIXME: Note that getopt should be a package dependency, see: [[https://github.com/openwrt/packages/issues/16684|#16684]] is fixed. 
-<code>root@ultra:~# lxc-checkconfig + 
 +Additional packages exist that can add functionality but that aren't strictly required.  Find them with: 
 +<code>opkg list | grep lxc</code> 
 + 
 +FIXME: Note that until [[https://github.com/openwrt/packages/pull/16660|PR#16660]] is merged, users of 21.02 will have to complete this extra step.  Users of snapshot builds newer than 20-Sep-2021 can skip this next step. 
 + 
 +Edit ''/usr/share/lxc/config/common.conf'' and comment out all lines relating to legacy cgroup configuration: 
 +<code>sed -i s/lxc.cgroup.devices/#lxc.cgroup.devices/ /usr/share/lxc/config/common.conf</code> 
 + 
 +Optionally check the kernel config to see if anything required is missing: 
 +<code>root@ultra:~# opkg install lxc-checkconfig 
 +# lxc-checkconfig 
 LXC version 4.0.5 LXC version 4.0.5
 --- Namespaces --- --- Namespaces ---
Line 87: Line 99:
 Note : Before booting a new kernel, you can check its configuration Note : Before booting a new kernel, you can check its configuration
 usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig</code> usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig</code>
 +
 +In order to download distro images for the guest, we need to either:
 +  - Use a keyserver on the host which requires additional setup, or
 +  - Disable validation (not recommended)
 +
 +To verify signature of the images, we need to install some additional packages which can be remove after the guest is setup:
 +<code>opkg install gnupg2-utils gnupg2-dirmngr</code>
 +
 +Alternatively, just use the **--no-validate** switch in the command when setting up the container.  This is potentially dangerous and insecure.
 +
 +Example:
 +<code>root@ultra:~# lxc-create --name myLMS --template download -- --no-validate</code>
  
 ==== Create a LXC container ==== ==== Create a LXC container ====
Line 99: Line 123:
 lxc-create: myLMS: lxccontainer.c: create_run_template: 1616 Failed to create container from template lxc-create: myLMS: lxccontainer.c: create_run_template: 1616 Failed to create container from template
 lxc-create: myLMS: tools/lxc_create.c: main: 319 Failed to create container myLMS</code> lxc-create: myLMS: tools/lxc_create.c: main: 319 Failed to create container myLMS</code>
-==== Fix the Unable to fetch GPG key from keyserver ==== 
-There are two possible solutions to this. 
-  - Use a keyserver on the host 
-  - Disable validation (not recommended) 
  
-=== 1. Use a keyserver on the host ====+==== Container management ====
  
-<code>opkg install gnupg2-utils gnupg2-dirmngr +To list the installed containers and query their status, use **lxc-ls**:
-root@ultra:~# DOWNLOAD_KEYSERVER="pgp.mit.edu" lxc-create --name myPOD --template download -- --dist debian --release buster --arch arm64 +
-Setting up the GPG keyring +
-Downloading the image index +
-Downloading the rootfs +
-Downloading the metadata +
-The image cache is now ready +
-Unpacking the rootfs +
-</code> +
- +
-=== 2. Disable gpg validation === +
-<code>root@ultra:~# lxc-create --name myLMS --template download -- --dist debian --release buster --arch arm64 --no-validate +
-Downloading the image index +
-WARNINGRunning without gpg validation! +
-Downloading the rootfs +
-Downloading the metadata +
-The image cache is now ready +
-Unpacking the rootfs +
- +
---- +
-You just created a Debian buster arm64 (20210623_05:24) container. +
- +
-To enable SSH, run: apt install openssh-server +
-No default root or user password are set by LXC.</code> +
- +
-==== List container and status ====+
 <code>root@ultra:~# lxc-ls -f <code>root@ultra:~# lxc-ls -f
 NAME  STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED  NAME  STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED 
 myLMS STOPPED 0              -    -    false</code> myLMS STOPPED 0              -    -    false</code>
  
-==== Starting the container ====+Start and stop containers with **lxc-start** and **lxc-stop** respectively: 
 <code>root@ultra:~# lxc-start -n myLMS <code>root@ultra:~# lxc-start -n myLMS
 root@ultra:~# lxc-ls -f root@ultra:~# lxc-ls -f
Line 142: Line 138:
 myLMS RUNNING 0              -    -    false</code> myLMS RUNNING 0              -    -    false</code>
  
-==== Stopping the container ==== 
 <code>root@ultra:~# lxc-stop -n myLMS <code>root@ultra:~# lxc-stop -n myLMS
 root@ultra:~# lxc-ls -f root@ultra:~# lxc-ls -f
Line 148: Line 143:
 myLMS STOPPED 0              -    -    false</code> myLMS STOPPED 0              -    -    false</code>
  
-==== Networking in the container ====+Setup networking in the container:
 <code>root@ultra:~# nano /srv/lxc/myLMS/config <code>root@ultra:~# nano /srv/lxc/myLMS/config
 ... ...
Line 158: Line 153:
 lxc.net.0.hwaddr = 00:FF:DD:BB:CC:01</code> lxc.net.0.hwaddr = 00:FF:DD:BB:CC:01</code>
  
-==== Optionally mount a share from the OpenWRT host inside the guest ====+Optionally mount a share from the OpenWRT host inside the guest
 Make sure to create the path to the share in the container, then edit the container config adding the following line: Make sure to create the path to the share in the container, then edit the container config adding the following line:
 <code>lxc.mount.entry = /mnt/SHARE /srv/lxc/myLMS/rootfs/mnt/SHARE none bind,create=d</code> <code>lxc.mount.entry = /mnt/SHARE /srv/lxc/myLMS/rootfs/mnt/SHARE none bind,create=d</code>
Line 191: Line 186:
  
 ==== Auto start the container on OpenWRT host ==== ==== Auto start the container on OpenWRT host ====
-<code>uci show lxc-auto+<code>opkg install lxc-auto lxc-autostart 
 +uci show lxc-auto
 uci add lxc-auto container uci add lxc-auto container
 uci set lxc-auto.@container[-1].name=myLMS uci set lxc-auto.@container[-1].name=myLMS
  • Last modified: 2024/11/22 12:04
  • by levitatingbusinessman