Project

General

Profile

Support #967

Linux Containers on Debian

Added by Daniel Curtis about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Jails / Container
Target version:
Start date:
02/02/2022
Due date:
% Done:

100%

Estimated time:
Spent time:

Description

This is a simple guide for setting up and using Linux Containers on Debian.

Prepare the Environment

  • Make sure the system is up to date:
    sudo apt update
    

Install LXC

  • Install LXC;
    sudo apt install lxc
    

Templates

Arch Container

  • Create the container:
    lxc-create -n arch.example.com -t download -- --dist archlinux --release current --arch amd64
    
    • NOTE : To display a list of available templates to download, use:
      lxc-create -n arch.example.com -t download
      
  • Start the Arch container:
    lxc-start -n arch.example.com
    
  • Open a console to the container:
    lxc-attach -n arch.example.com
    

Debian Container

  • Create the container:
    lxc-create -n debian.example.com -t download -- -d debian -r bullseye -a amd64
    
  • (Optional) Add the Raspbian repository on top of stock Debian repos:
    echo 'deb http://archive.raspbian.org/raspbian bullseye main contrib non-free rpi' >> /etc/apt/sources.list.d/raspbian.list
    echo 'deb-src http://archive.raspbian.org/raspbian bullseye main contrib non-free rpi' >> /etc/apt/sources.list.d/raspbian.list
    
    • And add the Raspbian public signing key:
      wget https://archive.raspbian.org/raspbian.public.key -O - | sudo apt-key add -
      
    • Update the apt repository cache and upgrade any necessary files:
      apt update && apt upgrade
      
  • (Optional) Add the Wolfram Alpha repository:
    echo 'deb http://repository.wolfram.com/raspbian/ stable non-free' >> /etc/apt/sources.list.d/wolfram.list
    
    • And add the Wolfram public signing key:
      apt-key adv —keyserver http://repository.wolfram.com/raspbian/raspbian@wolfram.com.gpg.pub-key —recv-keys 574FA74E5CBB4222
      
    • Update the apt repository cache and upgrade any necessary files:
      apt update && apt upgrade
      
    • Install wolfram:
      apt-get install wolfram-engine mathelxc-create -n kali.example.com -t kali-arm -- --release sana --mirror=http://archive.kali.org/kali --security=http://security.kali.org/kali-security --packages=apt-utils,wget,debian-keyring,e2fsprogs,kali-defaults,kali-menu,parted,sudo,usbutilsmatica-fonts
      

Ubuntu Container

  • Create the container:
    lxc-create -n ubuntu.example.com -t download -- -d ubuntu -r focal -a amd64
    

Fedora Container

  • Create the container:
    lxc-create -n fedora.example.com -t download -- -d fedora -r 34 -a amd64
    

Autostarting Containers

  • Enable container at boot:
    sudo systemctl enable lxc@containtername
    

Exposing Network Services

  • Install iptables
    sudo apt install iptables iptables-persistent
    
  • (Example) Forward port 2222 on host to 22 on container:
    sudo iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to 10.0.3.3:22
    
  • Save the current iptables rules:
    sudo sh -c "iptables-save > /etc/iptables/rules.v4" 
    
  • Enable iptables to reload at boot:
    sudo systemctl enable netfilter-persistent
    

Issues & Workarounds

  • Container fails to download with ERROR: Unable to fetch GPG key from keyserver. Resolve by using the DOWNLOAD_KEYSERVER environment variable:
    DOWNLOAD_KEYSERVER="pgp.mit.edu" lxc-create -n arch.example.com -t download -- --dist archlinux --release current --arch amd64
    

Resources

Also available in: Atom PDF