Intelligente Lösungen
in neuer Dimension

LXC-Container Debian-10

Hier beschreibe ich, wie ich meinen Basiscontainer mit Debian-10 erzeuge.

Voraussetzungen

  1. LXD ist installiert: lxd --version –> 4.1
  2. LXC ist installiert: lxc --version –> 4.1
  3. Es gibt diverse LXC-Netzwerke: lxc network list
1
2
3
4
5
6
7
8
9

+-------------+----------+---------+-------------+---------+
|    NAME     |   TYPE   | MANAGED | DESCRIPTION | USED BY |
+-------------+----------+---------+-------------+---------+
| enp0s31f6   | physical | NO      |             | 0       |
+-------------+----------+---------+-------------+---------+
| lxdhostonly | bridge   | YES     |             | 6       |
+-------------+----------+---------+-------------+---------+
| lxdnat      | bridge   | YES     |             | 5       |
+-------------+----------+---------+-------------+---------+

Basiscontainer einrichten

1
2
3
4
5
6
7
8
9
10
11
12
13
14

root@helsinki# lxc image list images:debian/10|grep x86_64
| debian/10 (7 more)               | 1e9364a19acc | yes    | Debian buster amd64 (20200516_05:24)   | x86_64       | VIRTUAL-MACHINE | 253.13MB | May 16, 2020 at 12:00am (UTC) |
| debian/10 (7 more)               | 310e84be2766 | yes    | Debian buster amd64 (20200516_05:24)   | x86_64       | CONTAINER       | 73.15MB  | May 16, 2020 at 12:00am (UTC) |
| debian/10/cloud (3 more)         | 0bdd03c3ef24 | yes    | Debian buster amd64 (20200516_05:24)   | x86_64       | VIRTUAL-MACHINE | 264.00MB | May 16, 2020 at 12:00am (UTC) |
| debian/10/cloud (3 more)         | f387c0cf358b | yes    | Debian buster amd64 (20200516_05:24)   | x86_64       | CONTAINER       | 87.64MB  | May 16, 2020 at 12:00am (UTC) |
root@helsinki# lxc launch images:debian/10 debian-10
Creating debian-10
Starting debian-10                           
root@helsinki# lxc list debian-10
+-----------+---------+---------------------+------+-----------+-----------+
|   NAME    |  STATE  |        IPV4         | IPV6 |   TYPE    | SNAPSHOTS |
+-----------+---------+---------------------+------+-----------+-----------+
| debian-10 | RUNNING | 10.38.131.61 (eth0) |      | CONTAINER | 0         |
+-----------+---------+---------------------+------+-----------+-----------+

Ansible-Zugriff freischalten

Für Ansible brauchen wir

  • Python
  • SSH
  • PublicKey in SSH

Hier die Kommandos:

1
2
3
4
5
6
7
8
9

root@helsinki# lxc exec debian-10 /bin/bash
root@debian-10# apt-get install openssh-server
root@debian-10# mkdir .ssh
root@debian-10# cat >.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1...ZDoITmw== max.mustermann@daemons-point.com
EOF
root@debian-10# chmod 700 .ssh
root@debian-10# chmod 600 .ssh/authorized_keys
root@debian-10# apt-get install python3

Ansible-Zugriff

  • Direkter Test: ansible debian-10 -m ping –> “[WARNING]: No hosts matched, nothing to do”
  • Ansible-Inventory erweitern
  • Erneuter Test: ansible debian-10 -m ping –> “Failed to connect to the host via ssh…”
  • ~/ssh/config erweitern oder Ansible-Setup erweitern
  • Erneuter Test: ansible debian-10 -m ping –> “SUCCESS”

Basiscontainer anpassen

1

$ ansible-playbook debian-basiscontainers.yml

Stand 2020-05-15 werden diese Aktionen durchgeführt:

  • Install joe openssh-server netcat acl
  • Deactivate HISTSIZE in /etc/skel/.bashrc und /root/.bashrc
  • Deactivate HISTFILESIZE in /etc/skel/.bashrc und /root/.bashrc
  • Extend /etc/bash.bashrc for better history
  • Set timezone to Europe/Berlin
  • Create some folders within /root: bin, systemd
  • Install apt-proxy.sh
  • Install apt-proxy.service

Container umhängen auf Host-Only-Netz

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

root@helsinki# CONTAINER=debian-10
root@helsinki# lxc network attach lxdhostonly "${CONTAINER}" eth0
root@helsinki# lxc list "${CONTAINER}"
+-----------+---------+------+------+-----------+-----------+
|   NAME    |  STATE  | IPV4 | IPV6 |   TYPE    | SNAPSHOTS |
+-----------+---------+------+------+-----------+-----------+
| debian-10 | RUNNING |      |      | CONTAINER | 1         |
+-----------+---------+------+------+-----------+-----------+
root@helsinki# lxc stop "${CONTAINER}"
root@helsinki# lxc start "${CONTAINER}"
+-----------+---------+--------------------+------+-----------+-----------+
|   NAME    |  STATE  |        IPV4        | IPV6 |   TYPE    | SNAPSHOTS |
+-----------+---------+--------------------+------+-----------+-----------+
| debian-10 | RUNNING | 10.2.110.61 (eth0) |      | CONTAINER | 1         |
+-----------+---------+--------------------+------+-----------+-----------+

Test: Funktioniert der Ansible-Zugriff noch? Ja!

Änderungen

  • 2020-05-16: Erste Version