Practical use of Linux Deploy on desktops
Despite the fact that Linux Deploy was originally conceived as an application for Android, over time, there are other options for its use. With the advent of Linux Deploy CLI, a number of features have become available that open up new areas of application for this tool.
The Linux Deploy CLI is a command line application designed to automate the process of installing, configuring, and running GNU / Linux distributions inside the chroot container. The application can work both in regular Linux desktop distributions and on mobile platforms based on the Linux kernel, provided that the necessary dependencies are observed (all dependencies can be collected statically). Applications from the Linux distribution run in a chroot environment, run in parallel with the main system and are comparable to it in speed. Since the work of Linux Deploy is based on the Linux kernel system call, only Linux distributions can act as guest systems.
The application can work in two modes: with root privileges (chroot) and without them (proot). In normal mode, all supported installation types are available: installation to a file, to a disk partition (logical disk), to a POSIX compatible directory, and to RAM (tmpfs). In proot mode, installation is only available in a directory, and a number of restrictions appear:
')
The application supports automatic installation (base system) and initial configuration of Debian, Ubuntu, Kali Linux, Arch Linux, Fedora, CentOS, Gentoo, openSUSE and Slackware distributions. Installing Linux-distribution is carried out on the network from the official mirrors on the Internet. It also supports importing any other system from a pre-prepared rootfs file in tar.gz, tar.bz2 or tar.xz format. The application allows you to connect to the console of the installed system (container), as well as start and stop applications inside the container (there is support for various initialization systems and custom autorun scripts). Each installation option is saved in a separate configuration file, which is responsible for setting up each container. If necessary, the containers can be run in parallel. You can export the configuration and the container itself as a rootfs archive for later deployment of this container without reinstalling and configuring.
In general, the idea of ​​Linux Deploy arose from a desire to get an easy and convenient tool for quickly deploying a Linux distribution that could be used for development, testing or training, and then quickly remove it without making changes to the main (host) Linux system and without risking its integrity. Thanks to the PRoot program, it became possible to create containers for running Linux applications without root privileges (root), and also to use QEMU software emulation to run applications with a different architecture from the host without having to support the kernel module binfmt_misc .
It turned out that my main job since 2011 has been using computers with Debian. Local developers periodically need a system to run and test their web applications (mostly Java, PHP, Python). For these purposes, virtual systems were usually used either based on VirtualBox, or in the local Proxmox cloud, or Docker. The main disadvantage of VirtualBox is its demands on computer resources, the large size of the VDI disk image, the relatively low performance and the likelihood of a VM image crashing if the system is not properly shut down. The disadvantage of using the "cloud" can be called the need for the administrator to handle user requests for the creation of such systems, as well as the expenditure of "cloud" resources for secondary tasks. Docker requires superuser privileges.
An experiment was conducted this month, for PHP developers, their virtual server was replaced with an LD container. Two containers based on Debian were prepared: Apache + PHP + OCI8 and Apache + PHP + MySQL + PhpMyAdmin. The containers were placed on a shared network drive in the local network, the size of each container was about 150 MB.
What did the administrator get from this?
What the developer got:
And now more details on how to achieve this. Next will be instructions on the preparation and deployment of the LD container.
To run containers without superuser rights, you need to install PRoot:
Download and install the Linux Deploy CLI:
Creating a configuration called “linux” to deploy the base system of Debian Wheezy (64 bits):
View saved configuration:
Running a new system deployment:
Connecting the container to the console as root (exit command exit):
Then you can install and configure the necessary software in the container, but you should consider the features described earlier. For example, to start Apache, you need to change its port (file /etc/apache2/ports.conf) to 8000, set the empty parameter APACHE_ULIMIT_MAX_FILES = "" (file / etc / apache2 / envvars), and start apachectl from under a regular user ( not root).
Configuring autorun based on the SysV initialization system:
Parameters: INIT_LEVEL — SysV initialization level, INIT_USER — from which user to start services (by default, this is root), INIT_ASYNC — to start services in parallel.
Preparing the configuration, exporting it and exporting the container to the rootfs archive (tar.gz, tar.bz2 and tar.xz archives are supported):
Escaping "\ $" allows you to save variable names in the config, not their values. Thus, when importing a config, these variables will be automatically replaced with the corresponding values, which may differ from the current values. Now there are two files (linux.conf and linux.tgz) that can be used when importing a container on another computer:
Connect the host system directory to the container (connect the ~ / www directory to the / var / www container):
Container launch (for SysV, the /etc/rcN.d/SXXname start scripts are executed):
Stopping the container with freeing resources (for SysV, the /etc/rc6.d/KXXname stop scripts are executed):
The result was a solution that meets the needs of both developers and administrators. Linux Deploy application source code is available under the GPL version 3 license.
The Linux Deploy CLI is a command line application designed to automate the process of installing, configuring, and running GNU / Linux distributions inside the chroot container. The application can work both in regular Linux desktop distributions and on mobile platforms based on the Linux kernel, provided that the necessary dependencies are observed (all dependencies can be collected statically). Applications from the Linux distribution run in a chroot environment, run in parallel with the main system and are comparable to it in speed. Since the work of Linux Deploy is based on the Linux kernel system call, only Linux distributions can act as guest systems.
The application can work in two modes: with root privileges (chroot) and without them (proot). In normal mode, all supported installation types are available: installation to a file, to a disk partition (logical disk), to a POSIX compatible directory, and to RAM (tmpfs). In proot mode, installation is only available in a directory, and a number of restrictions appear:
')
- all users inside the container have full access to the entire file system of the container, and the current user is the owner of all files and directories;
- no access to privileged system operations, for example, ping, ulimit, etc. does not work;
- applications can only work with network port numbers above 1024;
- if the application uses the chroot system call in its work, then it must be run through a special fakechroot utility, for example fakechroot / usr / sbin / sshd -p 2222.
The application supports automatic installation (base system) and initial configuration of Debian, Ubuntu, Kali Linux, Arch Linux, Fedora, CentOS, Gentoo, openSUSE and Slackware distributions. Installing Linux-distribution is carried out on the network from the official mirrors on the Internet. It also supports importing any other system from a pre-prepared rootfs file in tar.gz, tar.bz2 or tar.xz format. The application allows you to connect to the console of the installed system (container), as well as start and stop applications inside the container (there is support for various initialization systems and custom autorun scripts). Each installation option is saved in a separate configuration file, which is responsible for setting up each container. If necessary, the containers can be run in parallel. You can export the configuration and the container itself as a rootfs archive for later deployment of this container without reinstalling and configuring.
In general, the idea of ​​Linux Deploy arose from a desire to get an easy and convenient tool for quickly deploying a Linux distribution that could be used for development, testing or training, and then quickly remove it without making changes to the main (host) Linux system and without risking its integrity. Thanks to the PRoot program, it became possible to create containers for running Linux applications without root privileges (root), and also to use QEMU software emulation to run applications with a different architecture from the host without having to support the kernel module binfmt_misc .
It turned out that my main job since 2011 has been using computers with Debian. Local developers periodically need a system to run and test their web applications (mostly Java, PHP, Python). For these purposes, virtual systems were usually used either based on VirtualBox, or in the local Proxmox cloud, or Docker. The main disadvantage of VirtualBox is its demands on computer resources, the large size of the VDI disk image, the relatively low performance and the likelihood of a VM image crashing if the system is not properly shut down. The disadvantage of using the "cloud" can be called the need for the administrator to handle user requests for the creation of such systems, as well as the expenditure of "cloud" resources for secondary tasks. Docker requires superuser privileges.
An experiment was conducted this month, for PHP developers, their virtual server was replaced with an LD container. Two containers based on Debian were prepared: Apache + PHP + OCI8 and Apache + PHP + MySQL + PhpMyAdmin. The containers were placed on a shared network drive in the local network, the size of each container was about 150 MB.
What did the administrator get from this?
- Once prepared, the container can be deployed on the developer’s computer with one team without administrator’s participation;
- Work with the container does not require superuser rights, so there is no risk of the main system breaking.
What the developer got:
- deployment, launch and management of the system in a container is carried out without the participation of the administrator by one team;
- container deployment from pre-prepared archives is carried out over the network in less than a minute;
- starting and stopping the container (Web server + DB) occurs instantly, no need to wait for the operating system to start;
- There is no risk of damaging the container if you forgot to turn it off when you turn off the computer, because The system image is a regular directory without its own file system;
- the computer is faster because resources are spent only on running software in the container, and not on the entire operating system (in our case it is about 50 MB, instead of 500 MB in VirtualBox).
- checking software operation directly from the IDE directory without having to upload it to the server; to do this, simply connect the necessary directory of the main system to the container.
And now more details on how to achieve this. Next will be instructions on the preparation and deployment of the LD container.
To run containers without superuser rights, you need to install PRoot:
mkdir ~/bin wget http://portable.proot.me/proot-x86_64 -O ~/bin/proot chmod 755 ~/bin/proot Download and install the Linux Deploy CLI:
wget -O cli.zip https://github.com/meefik/linuxdeploy-cli/archive/master.zip unzip cli.zip rm cli.zip ln -sf ~/linuxdeploy-cli/cli.sh ~/bin/linuxdeploy Creating a configuration called “linux” to deploy the base system of Debian Wheezy (64 bits):
linuxdeploy -p linux conf --method='proot' --source-path='http://mirror.yandex.ru/debian/' \ --distrib='debian' --arch='amd64' --suite='wheezy' --target-path='$ENV_DIR/rootfs/linux' \ --chroot-dir='$TARGET_PATH' --target-type='directory' --username='webmaster' --include='bootstrap' View saved configuration:
linuxdeploy -p linux conf -x Running a new system deployment:
linuxdeploy -p linux deploy Connecting the container to the console as root (exit command exit):
linuxdeploy -p linux shell -u root Then you can install and configure the necessary software in the container, but you should consider the features described earlier. For example, to start Apache, you need to change its port (file /etc/apache2/ports.conf) to 8000, set the empty parameter APACHE_ULIMIT_MAX_FILES = "" (file / etc / apache2 / envvars), and start apachectl from under a regular user ( not root).
Configuring autorun based on the SysV initialization system:
linuxdeploy -p linux conf --include='$INCLUDE init' --init='sysv' --init-level='3' --init-user='$USER_NAME' --init-async Parameters: INIT_LEVEL — SysV initialization level, INIT_USER — from which user to start services (by default, this is root), INIT_ASYNC — to start services in parallel.
Preparing the configuration, exporting it and exporting the container to the rootfs archive (tar.gz, tar.bz2 and tar.xz archives are supported):
linuxdeploy -p linux conf --source-path='linux.tgz' --target-path='\$ENV_DIR/rootfs/linux' --chroot-dir='\$TARGET_PATH' linuxdeploy -p linux conf -x > /path/to/linux.conf linuxdeploy -p linux export /path/to/linux.tgz Escaping "\ $" allows you to save variable names in the config, not their values. Thus, when importing a config, these variables will be automatically replaced with the corresponding values, which may differ from the current values. Now there are two files (linux.conf and linux.tgz) that can be used when importing a container on another computer:
cd /path/to linuxdeploy -p linux conf -i ./linux.conf linuxdeploy -p linux deploy Connect the host system directory to the container (connect the ~ / www directory to the / var / www container):
linuxdeploy -p linux conf --mounts='$HOME/www:/var/www' Container launch (for SysV, the /etc/rcN.d/SXXname start scripts are executed):
linuxdeploy -p linux start Stopping the container with freeing resources (for SysV, the /etc/rc6.d/KXXname stop scripts are executed):
linuxdeploy -p linux stop -u The result was a solution that meets the needs of both developers and administrators. Linux Deploy application source code is available under the GPL version 3 license.
Source: https://habr.com/ru/post/276013/
All Articles