Developers Club geek daily blog

2 years ago
Linux-containers: when containers become more

In last article I in brief told about what is container virtualization, LXC in particular why it is necessary and as quickly to configure all this.

In the course of use, the number of containers gradually grows. At the same time, one can be clones of others, and plus to everything, are constructed on snapshota. There is a natural desire: to facilitate to itself procedure of management of this container warehouse.


Linux-containers: when containers become more

It only what lives on a personal laptop.

Setup of a command cover


First of all, there is a wish to get rid of need every time to enter sudo/su and to get access to utilities of management of LXC from under the user.

Here at once there is a natural thought to make a large number cover alias. As it was done:

lxc.alias



alias "lxc-monitor=sudo lxc-monitor"
alias "lxc-test-saveconfig=sudo lxc-test-saveconfig"
alias "lxc-wait=sudo lxc-wait"
alias "lxc-config=sudo lxc-config"
alias "lxc-test-createtest=sudo lxc-test-createtest"
alias "lxc-test-apparmor=sudo lxc-test-apparmor"
alias "lxc-test-destroytest=sudo lxc-test-destroytest"
alias "lxc-test-containertests=sudo lxc-test-containertests"
alias "lxc-unshare=sudo lxc-unshare"
alias "lxc-autostart=sudo lxc-autostart"
alias "lxc-snapshot=sudo lxc-snapshot"
alias "lxc-create=sudo lxc-create"
alias "lxc-execute=sudo lxc-execute"
alias "lxc-test-shutdowntest=sudo lxc-test-shutdowntest"
alias "lxc-freeze=sudo lxc-freeze"
alias "lxc-test-get_item=sudo lxc-test-get_item"
alias "lxc-test-getkeys=sudo lxc-test-getkeys"
alias "lxc-cgroup=sudo lxc-cgroup"
alias "lxc-test-attach=sudo lxc-test-attach"
alias "lxc-usernsexec=sudo lxc-usernsexec"
alias "lxc-test-cgpath=sudo lxc-test-cgpath"
alias "lxc-test-snapshot=sudo lxc-test-snapshot"
alias "lxc-start-ephemeral=sudo lxc-start-ephemeral"
alias "lxc-test-device-add-remove=sudo lxc-test-device-add-remove"
alias "lxc-test-concurrent=sudo lxc-test-concurrent"
alias "lxc-destroy=sudo lxc-destroy"
alias "lxc-test-console=sudo lxc-test-console"
alias "lxc-checkconfig=sudo lxc-checkconfig"
alias "lxc-test-autostart=sudo lxc-test-autostart"
alias "lxc-start=sudo lxc-start"
alias "lxc-test-locktests=sudo lxc-test-locktests"
alias "lxc-clone=sudo lxc-clone"
alias "lxc-test-may-control=sudo lxc-test-may-control"
alias "lxc-test-list=sudo lxc-test-list"
alias "lxc-test-clonetest=sudo lxc-test-clonetest"
alias "lxc-test-lxcpath=sudo lxc-test-lxcpath"
alias "lxc-ls=sudo lxc-ls --fancy"
alias "lxc-console=sudo lxc-console"
alias "lxc-info=sudo lxc-info"
alias "lxc-unfreeze=sudo lxc-unfreeze"
alias "lxc-test-startone=sudo lxc-test-startone"
alias "lxc-device=sudo lxc-device"
alias "lxc-test-reboot=sudo lxc-test-reboot"
alias "lxc-stop=sudo lxc-stop"
alias "lxc-attach=sudo lxc-attach"



Will be suitable both for zsh, and for bash. For activation, it will be required to prescribe source/path/to/lxc.alias in ~ / .bashrc or ~ / .zshrc.

The second — to prescribe execution of all these commands in / to etc/sudoers.d with the permission to execution without password entry:

/ etc/sudoers.d/lxc



user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-autostart
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-attach
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-apparmor
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-concurrent
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-usernsexec
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-destroytest
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-clone
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-shutdowntest
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-device-add-remove
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-locktests
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-clonetest
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-console
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-attach
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-config
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-list
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-startone
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-device
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-snapshot
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-autostart
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-getkeys
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-unfreeze
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-lxcpath
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-createtest
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-execute
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-create
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-console
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-start-ephemeral
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-checkconfig
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-info
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-destroy
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-get_item
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-snapshot
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-cgroup
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-may-control
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-reboot
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-wait
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-unshare
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-start
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-monitor
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-cgpath
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-stop
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-containertests
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-ls
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-freeze
user   ALL=(ALL) NOPASSWD:	/usr/bin/lxc-test-saveconfig



Here "user" — a name of your account.

Setup of the local DHCP server



The following that it would be desirable to make: to give the chance to our containers to receive settings of a network in the automatic mode, without tiresome editing personal configs. A little bit pogugliv, I came across this article.

The recipe was creatively rethought and adopted, but something had to be corrected. What, I will tell further.

The first that needs to be made is to set dhcp-server.

apt-get install isc-dhcp-server


If configured under my last article, then it is not necessary to touch etc/network/interfaces/. Just in case, I will remind how it looks:

/ etc/network/interfaces



iface br0 inet static
   address 172.20.0.1
   netmask 255.255.255.0
   pre-up  /sbin/brctl addbr br0
   post-up /sbin/brctl setfd br0 0
   post-up iptables -t nat -A POSTROUTING -s 172.20.0.0/24 -j MASQUERADE
   post-up echo 1 > /proc/sys/net/ipv4/ip_forward
   pre-down /sbin/brctl delbr br0



Instead of governing a config of each container, we will edit global:

/ etc/lxc/default.conf



lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0



To register here gateways, subnet masks, DNS and the more so the mac-address is not necessary. All this will be issued by the dhcp-server and lxc.

Linux-containers: when containers become more

Let's configure isc-dhcpd:

/ etc/default/isc-dhcp-server


INTERFACES="br0"


That is, we will just specify the interface at which dhcpd will work.

We open file/etc/dhcp/dhcpd.conf, we find the commented-out directives of a type subnet there and we finish the following there:

/ etc/dhcp/dhcpd.conf



subnet 172.20.0.0 netmask 255.255.255.0 {
	range 172.20.0.10 172.20.0.250;
	option domain-name-servers 8.8.8.8,  8.8.4.4 ;
	option routers 172.20.0.1;
}




I specified by DNS guglovsky. It is clear, that everyone can select to taste, for example from here or to use the local.

Results



As a result of the above-stated actions, manipulations with containers become much more pleasant: the need a config of each container was gone to govern and in general to enter excess small letters from the keyboard.

On it till all.

This article is a translation of the original post at habrahabr.ru/post/270439/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus