Project

General

Profile

Support #576

Updated by Daniel Curtis almost 10 years ago

This is a simple guide for setting up and using Linux Containers on Arch Linux. 

 h2. Prepare the System 

 * Remove systemd-networkd: 
 <pre> 
 pacmans -R systemd-networkd 
 </pre> 

 * Install netctl: 
 <pre> 
 pacman -S netctl 
 </pre> 

 * Create a wired connection: 
 <pre> 
 cp /etc/netctl/examples/ethernet-static /etc/netctl/wired 
 </pre> 

 * Edit the /etc/netctl/wired to match your needs. 
 <pre> 
 nano /etc/netctl/wired 
 </pre> 
 #* Add/modify the following: 
 <pre> 
 Description='Ethernet Connection' 
 Interface=eth0 
 Connection=ethernet 
 IP=static 
 Address=('192.168.1.100/24') 
 Gateway='192.168.1.1' 
 DNS=('192.168.1.1') 
 </pre> 

 * Start and enable the wired connection at boot: 
 <pre> 
 netctl enable wired 
 </pre> 

 h3. Install yaourt 

 * Download the packages for yaourt: 
 <pre> 
 cd /tmp 
 wget https://aur.archlinux.org/packages/pa/package-query/package-query.tar.gz && wget https://aur.archlinux.org/packages/ya/yaourt/yaourt.tar.gz 
 tar xzf *.tgz 
 </pre> 
 #* Install package-query: 
 <pre> 
 cd package-query 
 makepkg -csi 
 </pre> 
 #* Install yaourt 
 <pre> 
 cd ../yaourt 
 makepkg -csi 
 </pre> 

 * Install bridge-utils: 
 <pre> 
 pacman -S bridge-utils 
 </pre> 

 * Install arch-install-scripts 
 <pre> 
 pacman -S arch-install-scripts 
 </pre> 

 * Install debootstrap from AUR: 
 <pre> 
 yaourt debootstrap 
 </pre> 

 * Install debian-archive-keyring: 
 <pre> 
 yaourt debian-archive-keyring 
 </pre> 

 * Install ubuntu-keyring: 
 <pre> 
 yaourt ubuntu-keyring 
 </pre> 

 * Test that the system is correctly configured  
 <pre> 
 lxc-checkconfig 
 </pre> 
 #* The output should be similar to: 
 <pre> 
 --- Namespaces --- 
 Namespaces: enabled 
 Utsname namespace: enabled 
 Ipc namespace: enabled 
 Pid namespace: enabled 
 User namespace: missing 
 Network namespace: enabled 
 Multiple /dev/pts instances: enabled 


 --- Control groups --- 
 Cgroup: enabled 
 Cgroup clone_children flag: enabled 
 Cgroup device: enabled 
 Cgroup sched: enabled 
 Cgroup cpu account: enabled 
 Cgroup memory controller: enabled 
 Cgroup cpuset: enabled 

 --- Misc --- 
 Veth pair device: enabled 
 Macvlan: enabled 
 Vlan: enabled 
 File capabilities: enabled 
 </pre> 

 * Disable the wired profile: 
 <pre> 
 netctl disable wired 
 </pre> 

 * Bridge Internet-shared - This example will bridge network interface eth0 and configure a static IP for the bridge: 
 nano /etc/netctl/lxcbridge 
 #* And add/modify the following: 
 <pre> 
 Description="LXC Bridge" 
 Interface=br0 
 Connection=bridge 
 BindsToInterfaces=(eth0) 
 IP=static 
 Address=192.168.1.100/24 
 Gateway=192.168.1.1 
 DNS=192.168.1.1 
 SkipForwardingDelay=yes 
 </pre> 

 * After changes are made, make sure to re-enable and restart the bridge: 
 <pre> 
 netctl reenable lxcbridge 
 netctl restart lxcbridge 
 </pre> 

 * Enable IP Forwarding persist at boot: 
 <pre> 
 echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.d/40-ip-forward.conf 
 </pre> 

 * And also apply this iptables rule: 
 <pre> 
 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
 </pre> 
 #* To make changes persist upon reboot: 
 <pre> 
 iptables-save > /etc/iptables/iptables.rules 
 systemctl enable iptables 
 systemctl start iptables 
 </pre> 

 h2. Container setup 

 To find all available templates that come with LXC, look in @/usr/share/lxc/templates@ directory: 
 <pre> 
 ls /usr/share/lxc/templates 
 </pre> 
 #* _Example output:_ 
 <pre> 
 lxc-alpine    lxc-altlinux    lxc-archlinux    lxc-busybox    lxc-centos    lxc-cirros    lxc-debian    lxc-download    lxc-fedora    lxc-gentoo    lxc-openmandriva    lxc-opensuse    lxc-oracle    lxc-plamo    lxc-sshd    lxc-ubuntu    lxc-ubuntu-cloud 
 </pre> 

 h3. Arch Container 

 * Create the container: 
 <pre> 
 lxc-create -n arch.example.com -t archlinux 
 </pre> 

 * Edit the Arch Linux container config file: 
 <pre> 
 vi /var/lib/lxc/arch.example.com/config 
 </pre> 
 #* And add/modify the following: 
 <pre> 
 # Parameters passed to the template: 
 # For additional config options, please look at lxc.container.conf(5) 
 lxc.network.type = veth 
 lxc.network.flags = up 
 lxc.network.link = br0 
 #lxc.network.hwaddr =                   
 lxc.network.ipv4 = 192.168.1.101 
 lxc.network.ipv4.gateway = 192.168.1.1   
 lxc.network.name = eth0                  
 lxc.rootfs = /var/lib/lxc/arch.example.com/rootfs 
 lxc.utsname = arch.example.com 
 lxc.arch = armv6l 
 lxc.include = /usr/share/lxc/config/archlinux.common.conf 
 </pre> 

 * Start the Arch container: 
 <pre> 
 lxc-start -n arch.example.com 
 </pre> 

 * Open a console: 
 <pre> 
 lxc-console -n arch.example.com 
 </pre> 
 #* Log in as *root* and change the password: 
 <pre> 
 passwd 
 </pre> 

 * While the console to the container is open, install openssh 
 <pre> 
 pacman -S openssh 
 </pre> 
 #* Start and enable openssh at boot: 
 <pre> 
 systemctl enable sshd.service 
 systemctl start sshd.service 
 </pre> 

 * Create a wired connection: 
 <pre> 
 cp /etc/netctl/examples/ethernet-static /etc/netctl/wired 
 </pre> 

 * Edit the /etc/netctl/wired to match your needs. 
 <pre> 
 nano /etc/netctl/wired 
 </pre> 
 #* Add/modify the following: 
 <pre> 
 Description='Ethernet Connection' 
 Interface=eth0 
 Connection=ethernet 
 IP=static 
 Address=('192.168.1.101/24') 
 Gateway=('192.168.1.1') 
 DNS=('192.168.1.1') 
 </pre> 

 * Start and enable the wired connection at boot: 
 <pre> 
 netctl enable wired 
 </pre> 

 h3. Raspbian Debian Container 

 * Copy the existing Debian LXC template: 
 <pre> 
 cp /usr/share/lxc/templates/lxc-debian /usr/share/lxc/templates/lxc-raspbian 
 </pre> 

 * Edit the Raspbian LXC template: 
 <pre> 
 nano /usr/share/lxc/templates/lxc-raspbian 
 </pre> 
 #* And modify the following parameters: 
 <pre> 
 MIRROR=${MIRROR:-http://archive.raspbian.org/raspbian} 
 #... 
 arch='armhf' 
 debootstrap --verbose --variant=minbase --arch=$arch --no-check-gpg 
 </pre> 
 #* *NOTE*: The MIRROR variable is set to Rasbian repositories at http://archive.raspbian.org/raspbian 
 #* *NOTE*: The arch variable is set to *armhf* 
 #* *NOTE*: The debootstrap command has the added *@--no-check-gpg argument@* 

 * Create the container: 
 <pre> 
 lxc-create -n raspbian.example.com debian.example.com -t raspbian debian 
 </pre> 

 h2. Resources 

 * https://wiki.archlinux.org/index.php?title=Linux_Containers&redirect=no

Back