Geekly Articles each Day
📜 ⬆️ ⬇️

Linux containers: when containers gets bigger



In the last article, I briefly talked about what container virtualization is, LXC in particular, why it is needed and how to set it up quickly.

During use, the number of containers is gradually increasing. In this case, some may be clones of others, and plus to all, built on snapshots. There is a natural desire: to ease the procedure for managing this container warehouse.
')



This is just what lives on a personal laptop.

Command shell configuration


First of all, I want to get rid of the need to enter sudo / su every time and get access to the LXC control utilities from under my user.

Here a natural thought immediately arises to make shell aliases. What was done:

lxc.alias



alias "lxc-monitor=sudo lxc-monitor" alias "lxc-test-saveconfig=sudo lxc-test-saveconfig" alias "lxc-wait=sudo lxc-wait" alias "lxc-config=sudo lxc-config" alias "lxc-test-createtest=sudo lxc-test-createtest" alias "lxc-test-apparmor=sudo lxc-test-apparmor" alias "lxc-test-destroytest=sudo lxc-test-destroytest" alias "lxc-test-containertests=sudo lxc-test-containertests" alias "lxc-unshare=sudo lxc-unshare" alias "lxc-autostart=sudo lxc-autostart" alias "lxc-snapshot=sudo lxc-snapshot" alias "lxc-create=sudo lxc-create" alias "lxc-execute=sudo lxc-execute" alias "lxc-test-shutdowntest=sudo lxc-test-shutdowntest" alias "lxc-freeze=sudo lxc-freeze" alias "lxc-test-get_item=sudo lxc-test-get_item" alias "lxc-test-getkeys=sudo lxc-test-getkeys" alias "lxc-cgroup=sudo lxc-cgroup" alias "lxc-test-attach=sudo lxc-test-attach" alias "lxc-usernsexec=sudo lxc-usernsexec" alias "lxc-test-cgpath=sudo lxc-test-cgpath" alias "lxc-test-snapshot=sudo lxc-test-snapshot" alias "lxc-start-ephemeral=sudo lxc-start-ephemeral" alias "lxc-test-device-add-remove=sudo lxc-test-device-add-remove" alias "lxc-test-concurrent=sudo lxc-test-concurrent" alias "lxc-destroy=sudo lxc-destroy" alias "lxc-test-console=sudo lxc-test-console" alias "lxc-checkconfig=sudo lxc-checkconfig" alias "lxc-test-autostart=sudo lxc-test-autostart" alias "lxc-start=sudo lxc-start" alias "lxc-test-locktests=sudo lxc-test-locktests" alias "lxc-clone=sudo lxc-clone" alias "lxc-test-may-control=sudo lxc-test-may-control" alias "lxc-test-list=sudo lxc-test-list" alias "lxc-test-clonetest=sudo lxc-test-clonetest" alias "lxc-test-lxcpath=sudo lxc-test-lxcpath" alias "lxc-ls=sudo lxc-ls --fancy" alias "lxc-console=sudo lxc-console" alias "lxc-info=sudo lxc-info" alias "lxc-unfreeze=sudo lxc-unfreeze" alias "lxc-test-startone=sudo lxc-test-startone" alias "lxc-device=sudo lxc-device" alias "lxc-test-reboot=sudo lxc-test-reboot" alias "lxc-stop=sudo lxc-stop" alias "lxc-attach=sudo lxc-attach"



Suitable for both zsh and bash. To activate, you will need to register source /path/to/lxc.alias in ~ / .bashrc or ~ / .zshrc.

The second is to write the execution of all these commands in /etc/sudoers.d with permission to run without entering a password:

/etc/sudoers.d/lxc



 user ALL=(ALL) NOPASSWD: /usr/bin/lxc-autostart user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-attach user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-apparmor user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-concurrent user ALL=(ALL) NOPASSWD: /usr/bin/lxc-usernsexec user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-destroytest user ALL=(ALL) NOPASSWD: /usr/bin/lxc-clone user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-shutdowntest user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-device-add-remove user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-locktests user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-clonetest user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-console user ALL=(ALL) NOPASSWD: /usr/bin/lxc-attach user ALL=(ALL) NOPASSWD: /usr/bin/lxc-config user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-list user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-startone user ALL=(ALL) NOPASSWD: /usr/bin/lxc-device user ALL=(ALL) NOPASSWD: /usr/bin/lxc-snapshot user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-autostart user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-getkeys user ALL=(ALL) NOPASSWD: /usr/bin/lxc-unfreeze user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-lxcpath user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-createtest user ALL=(ALL) NOPASSWD: /usr/bin/lxc-execute user ALL=(ALL) NOPASSWD: /usr/bin/lxc-create user ALL=(ALL) NOPASSWD: /usr/bin/lxc-console user ALL=(ALL) NOPASSWD: /usr/bin/lxc-start-ephemeral user ALL=(ALL) NOPASSWD: /usr/bin/lxc-checkconfig user ALL=(ALL) NOPASSWD: /usr/bin/lxc-info user ALL=(ALL) NOPASSWD: /usr/bin/lxc-destroy user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-get_item user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-snapshot user ALL=(ALL) NOPASSWD: /usr/bin/lxc-cgroup user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-may-control user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-reboot user ALL=(ALL) NOPASSWD: /usr/bin/lxc-wait user ALL=(ALL) NOPASSWD: /usr/bin/lxc-unshare user ALL=(ALL) NOPASSWD: /usr/bin/lxc-start user ALL=(ALL) NOPASSWD: /usr/bin/lxc-monitor user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-cgpath user ALL=(ALL) NOPASSWD: /usr/bin/lxc-stop user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-containertests user ALL=(ALL) NOPASSWD: /usr/bin/lxc-ls user ALL=(ALL) NOPASSWD: /usr/bin/lxc-freeze user ALL=(ALL) NOPASSWD: /usr/bin/lxc-test-saveconfig



Here “user” is the name of your account.

Setting up a local DHCP server



The next thing I would like to do is to enable our containers to receive network settings automatically, without tedious editing of personal configs. Googling a bit, I came across this article .

The recipe was creatively rethought and adopted, but something had to be corrected. What exactly, I will tell further.

The first thing to do is install the dhcp-server itself.

 apt-get install isc-dhcp-server


If you configured according to my last article, then you do not need to touch / etc / network / interfaces. Just in case, let me remind you what it looks like:

/ etc / network / interfaces



 iface br0 inet static address 172.20.0.1 netmask 255.255.255.0 pre-up /sbin/brctl addbr br0 post-up /sbin/brctl setfd br0 0 post-up iptables -t nat -A POSTROUTING -s 172.20.0.0/24 -j MASQUERADE post-up echo 1 > /proc/sys/net/ipv4/ip_forward pre-down /sbin/brctl delbr br0



Instead of editing the configuration of each container, edit the global one:

/etc/lxc/default.conf



 lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.name = eth0



It is not necessary to register here gateways, subnet masks, DNS, and the more mac-addresses. All this will give dhcp-server and lxc.



Configure isc-dhcpd:

/ etc / default / isc-dhcp-server


 INTERFACES="br0"


That is, simply specify the interface on which dhcpd will work.

Open the file /etc/dhcp/dhcpd.conf, find there commented directives like subnet and add the following:

/etc/dhcp/dhcpd.conf



 subnet 172.20.0.0 netmask 255.255.255.0 { range 172.20.0.10 172.20.0.250; option domain-name-servers 8.8.8.8, 8.8.4.4 ; option routers 172.20.0.1; }




DNS I indicated Google. It is clear that everyone can choose to taste, for example from here or use their own local one.

Results



As a result of the above actions, manipulations with containers become much more pleasant: there is no need to edit the config of each container and in general to enter extra letters from the keyboard.

This is all for now.

Source: https://habr.com/ru/post/270439/

More articles:


All Articles