Difference between revisions of "Containers"
| Line 25: | Line 25: | ||
--------------------------------------- | --------------------------------------- | ||
ERRORS along the way which got solved | |||
ERRORS along the way | |||
<code>Could not find writable mount point for cgroup hierarchy 8 while trying to create cgroup. </code> | <code>Could not find writable mount point for cgroup hierarchy 8 while trying to create cgroup. </code> | ||
| Line 64: | Line 33: | ||
<code>cat /etc/fstab </code> | <code>cat /etc/fstab </code> | ||
cgroup /sys/fs/cgroup cgroup defaults 0 0 | cgroup /sys/fs/cgroup cgroup defaults 0 0 | ||
We mount manually, we do it easy by mount all | We mount manually, we do it easy by mount all | ||
Revision as of 17:22, 25 May 2017
We install containers to manage the transitional, finally LXE: https://wiki.debian.org/LXC
STEP 0 Install lxc
apt-get update
apt-get install lxc
STEP 1 Create Let's create a 'Transitional' virtual machine, a container
lxc-create -n transitional -t debian
Start the container,deattach the container from the root terminal and change password of the container
START
lxc-start -n transitional -d
OPEN
lxc-console -n transitional
STOP
lxc-stop -n transitional
ERRORS along the way which got solved
Could not find writable mount point for cgroup hierarchy 8 while trying to create cgroup.
We imagine that if we upgrade to jessie 8.8, that the Cgroup issue (=a subsystem in the linux kernell, which allows process separation) will be a resolved. For now we add the mountpoint. and follow this manual [1]
cat /etc/fstab
cgroup /sys/fs/cgroup cgroup defaults 0 0
We mount manually, we do it easy by mount all
mount -a
But it doesn't work.
lxc-checkconfig
So let's install all the packages ~ and see whether it works
apt-get install lxc libvirt0 libpam-cgroup libpam-cgfs bridge-utils
Check the configuration file
nano /var/lib/lxc/transitional/config
STEP 2 How can a container access the network?
A container, has MAC adress, we need a bridge for networking, via dhcp, So the container get an ip, and give access to the server's internal network
Do we opt for static of dynamic ip's? the dhcp server can have static ip via host/ it is anyhow setup to give a unique ip to the MAC address of the container (guest). So the choice is obsolete.
/var/lib/lxc/<name>/config
lxc.network.type = veth lxc.network.flags = up lxc.network.link = lxc-nat-bridge lxc.network.name = eth0 lxc.network.ipv4 = 10.0.3.2 lxc.network.ipv4.gateway = 10.0.3.1
Using /etc/network/interfaces, the bridge could be created simply:
iface lxc-nat-bridge inet static
bridge_ports none bridge_fd 0 address 10.0.3.1 netmask 255.255.255.0
We will also add, /etc/network/interface, the iptable rules for your main 'out' interface (here eth0):
iface eth0 inet static
...
up iptables -t nat -F POSTROUTING
up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
or
iptables -A FORWARD -i eth0 -o lxc-nat-bridge -j ACCEPT |
iptables -A FORWARD -i lxc-nat-bridge -o eth0 -j ACCEPT
Restart network interface
service networking restart
WARNING deprecated!!!!
Enable IPv4 forwarding by putting this in /etc/sysctl.conf:
net.ipv4.ip_forward=1
and then applying it using:
sysctl -p
STEP 3 How can we access via the internet a container?
Setup routing / (reverse) proxy system for networking, so depending on the different services (Living data, Nekrocemetery, Transitional) we create subdomains which direct you to the correct container.
