============================= container-tools Configuration ============================= Configuration Locations ======================= container-tools knows the following configuration locations: * **Container configuration:** ``/etc/container-tools/config/${FQDN}.conf`` Other locations: * **Container filesystem:** ``/var/lib/machines/${FQDN}`` * Preseed and configuration scripts: ``/etc/container-tools/debconf`` * Internal preseed package: ``/usr/share/container-tools/scripts`` * Internal debootstrap scripts: ``/usr/share/container-tools/scripts`` * Chache for chroot-building a new container fs: ``/var/cache/container-tools`` Modifications in use at BFH: * Git repository for preseed and configuration scripts ``/etc/container-tools/debconf`` on linux.bfh.ch * Symbolic link ``/etc/container-tools/*`` to ``/srv/container/container-tools/*`` * Symbolic link ``/var/lib/machines`` to ``/srv/container`` Host setup ========== Debian Packages --------------- .. code-block:: bash apt install bridge-utils ifenslave vlan Boot Parameters --------------- CGroup Memory Controller ^^^^^^^^^^^^^^^^^^^^^^^^ In order to enable the memory controller the following boot parameter needs to be used: .. code-block:: bash cgroup_enable=memory CGroup Swap Controller ^^^^^^^^^^^^^^^^^^^^^^ In order to enable the swap controller the following boot parameter needs to be used: .. code-block:: bash swapaccount=1 Networking ---------- Enable IPv4 Forwarding ^^^^^^^^^^^^^^^^^^^^^^ .. code-block:: bash apt install procps echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_foward.conf sysctl -p Bridge: 1 Interface, standalone, DHCP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code-block:: bash cat > /etc/network/interfaces << EOF # /etc/network/interfaces auto lo iface lo inet loopback iface eth0 inet manual auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF Bridge: 1 Interface, standalone, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code-block:: bash cat > /etc/network/interfaces << EOF # /etc/network/interfaces auto lo iface lo inet loopback iface eth0 inet manual auto br0 iface br0 inet static address 10.0.0.2 gateway 10.0.0.1 netmask 255.255.255.0 pre-up ifconfig eth0 down pre-up ifconfig eth0 up bridge_ports eth0 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF Bridge: 2 logical Interfaces, subnet, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code-block:: bash cat > /etc/network/interfaces << EOF # /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto br0 iface br0 inet static address 10.0.0.1 netmask 255.255.255.0 pre-up brctl addbr br0 post-down brctl delbr br0 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF Bridge: 3 physical Interfaces, vlan, bonding, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ .. code-block:: bash cat > /etc/network/interfaces << EOF # /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp iface eth1 inet manual iface eth2 inet manual auto bond0 iface bond0 inet manual up ifconfig bond0 0.0.0.0 up down ifconfig bond0 down slaves eth1 eth2 bond-mode 4 bond-miimon 100 bond-downdelay 200 bond-updelay 200 bond-lacp-rate 1 bond-xmit-hash-policy layer2+3 iface bond0.100 inet manual vlan-raw-device bond0 auto br100 iface br100 inet static address 10.100.0.2 #gateway 10.100.0.1 netmask 255.255.255.0 post-up ip route add 10.100.0.0/24 via 10.100.0.1 dev br100 post-down ip route del 10.100.0.0/24 dev br100 bridge_ports bond0.100 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF Enabling container-shell ------------------------ Managing containers requires root privileges. In order to allow unprivileged users to manage containers without granting them privileges or accounts, the container-shell can be used together with sudo and a container user. .. code-block:: bash sudo adduser --gecos "container-tools,,," \ --home /var/lib/machines/container-tools \ --shell /usr/bin/container-shell \ --no-create-home container Container Network ================= Physical Network ---------------- .. code-block:: bash # container-tools: linux.bfh.ch [start] cnt.auto=admin1.linux.bfh.ch cnt.network-bridge=veth-84:br250 cnt.overlay= bind=/srv/data/linux.bfh.ch:/srv/linux.bfh.ch; boot=yes capability= directory=/var/lib/machines/linux.bfh.ch drop-capability= link-journal=no machine=linux.bfh.ch network-veth-extra=veth-84:eth0 private-users=no register=yes [limit] BlockIODeviceWeight= BlockIOReadBandwidth= BlockIOWeight= BlockIOWriteBandwidth= CPUQuota= CPUShares= MemoryLimit= TasksMax= .. HINT:: For `cnt.network-bridge` and `network-veth-extra` use the host id portion in the label to retain uniqueness. The container has an ip address of `147.87.250.84` and shows up as `veth-84`.