You are not logged in.
- Topics: Active | Unanswered
#1 2017-05-21 17:11:41
- Daniel Abrecht
- Member
- Registered: 2017-05-21
- Posts: 1
How to setup a devuan libvirt-lxc container
Install libvirt
daniel@colibri:/# apt-get install libvirt-bin libvirt0 libvirt-daemon cgroupfs-mountBootstrap your devuan container
root@colibri:~# mkdir /vm
root@colibri:~# cd /vm
root@colibri:/vm# debootstrap jessie my_lxc_container http://auto.mirror.devuan.org/merged(chroot) Some necessary configuration changes inside the new container
For the next steps, you must chroot into your lxc container:
root@colibri:/# chroot my_lxc_container/Make sure you don't perform any of the following steps outside the chroot!
(chroot) Change the password
root@colibri:/# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully(chroot) Set your language
root@colibri:/# apt-get install locales
root@colibri:/# dpkg-reconfigure locales(chroot) Set the host name
root@colibri:/# echo "Your-new-hostname" > /etc/hostname(chroot) Disable spawning of non-existant consoles
We'll only define one console later in libvirt, which will only create one tty, namely /dev/pts/0, but the container tries to spawn 6 consoles. To change this, we need to comment out all lines which look like ":23:respawn:/sbin/getty". Only the first line shouldn't be commented out. The following command will do that for you:
root@colibri:/# sed -i 's|.:23:respawn:/sbin/getty|#\0|' /etc/inittab(chroot) Disable pam_loginuid.so
pam_loginuid.so tries try to write to /proc/self/loginuid on login if it is enabled in the kernel, but it's mounted readonly in libvirt-lxc, which may cause the login attemp to fail. So we just comment it out:
root@colibri:/# sed -i 's/session required pam_loginuid.so/#\0/' /etc/pam.d/*(chroot) Allow libvirts' console (/dev/pts/0) for logins
Just add pts/0 to /etc/securetty:
root@colibri:/# echo 'pts/0' >> /etc/securetty(chroot) Disable checksum offloading & configure dhcp
UDP-Checksum offloading may cause invalid UDP checksums, which may cause dhclient to fail. Disable it using ethtool and /etc/network/interfaces:
root@colibri:/# apt-get install ethtool
root@colibri:/# cat > /etc/network/interfaces <<EOF
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
pre-up ethtool --offload eth0 rx off tx off
EOFYou can now leave the changeroot using "exit" or CTRL+D.
Create the XML Config for your libvirt-lxc container
Here is an example config. The rest of this tutorial assums it to be in /var/virt/my_lxc_container.xml The following config assums that you want to use the network config "default" for this domain and your LXC Countainer root directory is at /vm/my_lxc_container/. You may need to start the default network first, or change/add/remove settings if you want a different configuration.
<domain type='lxc'>
<name>my_lxc_container</name>
<memory unit='GiB'>1</memory>
<os>
<type>exe</type>
<init>/sbin/init</init>
</os>
<vcpu>1</vcpu>
<features>
<privnet/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<filesystem type='mount'>
<source dir='/vm/my_lxc_container/' />
<target dir='/' />
</filesystem>
<interface type='network'>
<mac address='00:f0:12:34:56:78'/>
<source network='default'/>
</interface>
<console type='pty' />
</devices>
</domain>Define the domain for your libvirt LXC container using your XML config
root@colibri:/vm# virsh -c lxc:/// define /var/virt/my_lxc_container.xml
Domain my_lxc_container defined from /var/virt/my_lxc_container.xmlStart your default network interface & set it as autostart
root@colibri:/vm# virsh net-start default
root@colibri:/vm# virsh net-autostart default
Network default marked as autostartedStart your container
root@colibri:/vm# virsh -c lxc:/// start my_lxc_container
Domain my_lxc_container startedOpen the console of your Container and login
root@colibri:/vm# virsh -c lxc:/// console my_lxc_containerCongratulations, you just configured your first libvirt-lxc container.
Last edited by Daniel Abrecht (2017-06-02 22:26:41)
Offline
