Close
0%
0%

Container cheat sheet

x

lion mclionheadlion mclionhead
Following
Liked Like project

Just one more thing

To make the experience fit your profile, pick a username and tell us what interests you.

Pick an awesome username
hackaday.io/
Your profile's URL: hackaday.io/username. Max 25 alphanumeric characters.
Pick a few interests
Projects that share your interests
People that share your interests

We found and based on your interests.

Choose more interests.

OK, I'm done! Skip
Similar projects worth following
66 views
0 comments
0 followers
View Gallery

Create a container:

lxc-create -t download -n container-name -- --no-validate

Then it prints a list & you have to specify an image from the list with 3 prompts:

Distribution: ubuntu
Release: xenial
Architecture: amd64

Rename a container without lxc-rename or lxc-move:

lxc-copy -R -n old-name -N new-name


To set up networking for containers, enable bridging in the kernel:


Networking support → Networking options -> 802.1d Ethernet Bridging

modprobe bridge

The containers require a bridge to start or they'll give the error failed to attach 'vethEFO7AL' to the bridge 'lxcbr0': Operation not permitted:

brctl addbr lxcbr0
ip link set lxcbr0 up

 Start a container:

lxc-start -n name

Create a root console on the container:

lxc-attach -n name

For the container to access the network, unset the host's address

ifconfig enp6s0 0.0.0.0

Attach the host to the bridge

brctl addif lxcbr0 enp6s0

Assign the host address to the bridge 

ifconfig lxcbr0 10.0.10.25 netmask 255.255.255.0

 Assign the default route to the bridge

route add default gw xena

 Set up the container by editing the container's /etc/network/interfaces.  Helas, this is for ubunt 16.

auto eth0
#iface eth0 inet dhcp
iface eth0 inet manual

In the image configuration file /var/lib/lxc/container-name/config you need to add lines for the container's address & the gateway

lxc.network.ipv4 = 10.0.10.26/24
lxc.network.ipv4.gateway = 10.0.10.1

 Add a nameserver line to the container's /etc/resolvconf/resolv.conf.d/head  This too is for ubunt 16.

On ubunt 20, you can disable the systemd networking

mv /lib/systemd/systemd-networkd /lib/systemd/systemd-networkd.bak
mv /lib/systemd/systemd-resolved /lib/systemd/systemd-resolved.bak
mv /usr/bin/networkd-dispatcher /usr/bin/networkd-dispatcher.bak

 & run all the network commands in /etc/rc.local

Restart the container 

lxc-stop -n name
lxc-start -n name

Mount a host directory in a container by adding a line to the config file

lxc.mount.entry = /grid /var/lib/lxc/grid20/rootfs/grid none bind 0 0

/grid is the host directory

/var/lib/lxc/grid20/rootfs/grid is the container mountpoint

Create the mount point with a mkdir in /var/lib/lxc/grid20/rootfs/

  • Dangling virtual eth devices

    lion mclionhead3 days ago 0 comments

    Noted every time you lxc-stop & lxc-start a certain container, it creates a new virtual eth device.  Eventually ifconfig & brctl show fill with dead virtual eth devices.  These dead devices cause networking in the container to fail with TLS errors, dropped connections, while DNS & ping continue to work. 

    The leading theory is these containers start processes which aren't killed by lxc-stop.  kill -9 instead of lxc-stop doesn't release the devices. 

    meld shows an interesting evolution of the process table during the lifecycle of the container.

    The container creates a bunch of nfsd & kworker which aren't visible inside the container.  These are left behind after lxc-stop or kill -9

    killall -9 nfsd gets rid of all the dangling eth devices & processes.

    The nfsds are all created outside of the container by lxc-start & bound to the virtual eth.

    For some reason, the offending container has a bunch of rpc programs running inside the container & these cause nfsd to run outside the container.  There's no reason to use nfsd in a container since the filesystem is a subdirectory on the host.  A quick disabling of RPC solves the dangling network interfaces.


    mv /usr/sbin/rpc.idmapd /usr/sbin/rpc.idmapd.bak

    mv /usr/sbin/rpc.mountd /usr/sbin/rpc.mountd.bak

    mv /usr/sbin/rpcbind /usr/sbin/rpcbind.bak


    That fixed the connection errors.  As in all things, containers introduce many new problems in exchange for solving old problems with virtual machines.  The hope is the new problems are less debilitating than the old problems but there can never be a perfect solution.

  • X clients in a container

    lion mclionhead5 days ago 0 comments

    The goog spits out many hits for running an X11 program in a container by creating a new container from scratch.  Buried in this list was 1 hit for reconfiguring an existing container.

    https://blog.simos.info/running-x11-software-in-lxd-containers/

    The general idea is to add 1 line to your /var/lib/lxc/*/config file

    lxc.mount.entry = /tmp/.X11-unix tmp/.X11-unix none bind,optional,create=dir,ro

    Then restart the container.

    This creates a path which redirects the X server sockets of display :0 to the X server sockets of the host display.

View all 2 project logs

Enjoy this project?

Share

Discussions

Similar Projects

A reliable and fully automatic wardriving setup for permanent installation in my car.
Project Owner Contributor

Whitestar

EnkiEnki

Test Access Port over HTTP
Project Owner Contributor

HTTaP

Yann Guidon / YGDESYann Guidon / YGDES

hard drive crash! recover, revive, and re-engineer server using docker contained services this time.
Project Owner Contributor

Dockerize All the Things

ziggurat29ziggurat29

An attempt to compile Cura to be able to contribute solving a slicer engine issue that has been present for many years.
Project Owner Contributor

My Adventure to Compile Cura From Source

Timo BirnscheinTimo Birnschein

Does this project spark your interest?

Become a member to follow this project and never miss any updates

By using our website and services, you expressly agree to the placement of our performance, functionality, and advertising cookies. Learn More

Yes, delete it Cancel

Report project as inappropriate

You are about to report the project "Container cheat sheet", please tell us the reason.

Send message

Your application has been submitted.

Remove Member

Are you sure you want to remove yourself as a member for this project?

Project owner will be notified upon removal.