Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
userdoc:guest_lxc_container [2020/05/17 09:04]
abelbeck [Pi-hole Container Example]
userdoc:guest_lxc_container [2020/05/31 21:24] (current)
abelbeck
Line 22: Line 22:
   lxc-attach debian10   lxc-attach debian10
     passwd     passwd
 +    apt update
     apt install openssh-server iputils-ping curl     apt install openssh-server iputils-ping curl
     ...     ...
Line 79: Line 80:
 # Container specific configuration # Container specific configuration
 lxc.tty.max = 0 lxc.tty.max = 0
 +#​lxc.cgroup.memory.limit_in_bytes = 1024M
 +#​lxc.cgroup.cpuset.cpus = 1,3
 lxc.rootfs.path = dir:/​var/​lib/​lxc/​debian10/​rootfs lxc.rootfs.path = dir:/​var/​lib/​lxc/​debian10/​rootfs
 lxc.uts.name = debian10 lxc.uts.name = debian10
Line 155: Line 158:
  
 Typical base installs use less than 1 GB of disk space. Typical base installs use less than 1 GB of disk space.
- 
-\\  
-===== Pi-hole Container Example ===== 
- 
-The [[https://​pi-hole.net/​|Pi-hole]] project is a "DNS sinkhole"​ that protects your devices from unwanted content, without installing any client-side software. 
- 
-Pi-hole is a perfect example to use with AstLinux within a LXC.  Begin as with the "Quick Start Guide" but use the name ''​pi-hole''​. 
- 
-First, it is assumed the ''​lxcbr0''​ interface is setup per the above **Quick Start Guide** -> Enable LXC Support. 
- 
-Then from the CLI: 
- 
-  lxc-create -t download -n pi-hole -- -d debian -r buster -a amd64 --no-validate 
- 
-  service lxc init 
- 
-  lxc-attach pi-hole 
-    passwd 
-    apt install openssh-server iputils-ping curl 
-    ... 
-    exit 
- 
-!!Tip ->!! Optionally you may want to also... 
-    apt install sudo nano 
- 
-!!Tip ->!! Set ''​PermitRootLogin yes''​ for sshd and restart sshd. Type ''​exit''​ to leave the container and do the rest via ssh. 
- 
-\\ 
-__Install Pi-hole:__ 
-\\ 
- 
-Either with ''​lxc-attach pi-hole''​ or ''​ssh root@pi-hole_ip_address''​ 
- 
-  curl -sSL https://​install.pi-hole.net -o pihole.sh 
-  # Comment out the "set -e" in pihole.sh, then 
-  bash pihole.sh 
- 
-Follow the dialogs and answer the questions. 
- 
-Change Pi-hole WebGUI password: 
- 
-  /​usr/​local/​bin/​pihole -a -p 
- 
-\\ 
-!!Tip ->!! If ''​lighttpd''​ is not started after the Pi-hole installation (=> ''​netstat -tlp''​):​ 
- 
-  apt remove lighttpd 
-  bash pihole.sh 
-  # choose "​Update"​ 
-  ​ 
-The Pi-hole LXC container uses about 40-50 MB of RAM. 
- 
-\\ 
-===== Command via a Container ===== 
- 
-There are occasions where a command might be useful within AstLinux, but it may use python, golang, etc. or is just large in comparison to the 50 MB size of the AstLinux image. ​ A LXC container can be a handy tool to add such a command. 
- 
-Below is an example how to add the ''​lynx''​ command line web browser. ​ The ''​lynx''​ container only runs when needed. 
- 
-First, it is assumed the ''​lxcbr0''​ interface is setup per the above **Quick Start Guide** -> Enable LXC Support. 
- 
-Then from the CLI: 
- 
-  lxc-create -t download -n lynx -- -d debian -r buster -a amd64 --no-validate 
- 
-  service lxc restart 
- 
-  lxc-attach lynx 
-    apt install lynx ca-certificates fping 
-    exit 
- 
-Next, stop the ''​lynx''​ container and keep it from automatically starting. 
- 
-  lxc-stop lynx 
-  sed -i '​s/​^lxc.start.auto=1/​lxc.start.auto=0/'​ /​var/​lib/​lxc/​lynx/​config 
- 
-Finally, create a wrapper script to start/stop the container and issue a command. 
- 
-Place this script at ''/​mnt/​kd/​bin/​lynx''​ and give it ''​chmod 755''​ permissions. 
-  #!/bin/sh 
-  ## 
-  ## lynx wrapper for LXC Debian 10 container 
-  ## 
-  ​ 
-  ## generate a random uid 
-  rand_uid=$((RANDOM % 4999 + 95000)) 
-  ​ 
-  ## Destination IP to test when container network is active 
-  ping_ip="​8.8.4.4"​ 
-  ​ 
-  trap '​printf "​Abort\n"​ >&2; lxc-stop lynx; exit 1' INT TERM EXIT 
-  ​ 
-  lxc-start lynx 
-  ​ 
-  printf "​Waiting for container network to become active... " 
-  lxc-attach lynx -u $rand_uid -- fping -q -r15 $ping_ip 
-  printf "​OK\n"​ 
-  ​ 
-  lxc-attach lynx -u $rand_uid -- lynx "​$@"​ 
-  ​ 
-  lxc-stop lynx 
-  ​ 
-  trap - INT TERM EXIT 
-  ​ 
-  exit 0 
- 
-!!Tip ->!! If you edit ''/​var/​lib/​lxc/​lynx/​config''​ and assign a manual IP address, the container starts very quickly, whereas using DHCP it takes 4-6 seconds to establish the network. 
- 
-Test it! 
- 
-  /​mnt/​kd/​bin/​lynx https://​www.astlinux-project.org 
  
 \\  \\ 
Line 277: Line 169:
 lxc.cgroup.memory.limit_in_bytes = 512M lxc.cgroup.memory.limit_in_bytes = 512M
 #​lxc.cgroup.cpu.shares = 256 #​lxc.cgroup.cpu.shares = 256
-lxc.cgroup.cpuset.cpus = 1+# Define which actual cores (e.g. 0 to 3) are allowed to use - comma separated (it's NOT the count of cores!) 
 +lxc.cgroup.cpuset.cpus = 1,3
 </​code>​ </​code>​
  
 \\  \\