container-tools knows the following configuration locations:
/etc/container-tools/config/${FQDN}.confOther locations:
/var/lib/machines/${FQDN}/etc/container-tools/debconf/usr/share/container-tools/scripts/usr/share/container-tools/scripts/var/cache/container-toolsModifications in use at BFH:
/etc/container-tools/debconf on linux.bfh.ch/etc/container-tools/* to /srv/container/container-tools/*/var/lib/machines to /srv/containerapt install bridge-utils ifenslave vlan
In order to enable the memory controller the following boot parameter needs to be used:
cgroup_enable=memory
In order to enable the swap controller the following boot parameter needs to be used:
swapaccount=1
apt install procps
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_foward.conf
sysctl -p
cat > /etc/network/interfaces << EOF
# /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth0 inet manual
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_fd 0
bridge_maxwait 0
bridge_stp 0
EOF
cat > /etc/network/interfaces << EOF
# /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth0 inet manual
auto br0
iface br0 inet static
address 10.0.0.2
gateway 10.0.0.1
netmask 255.255.255.0
pre-up ifconfig eth0 down
pre-up ifconfig eth0 up
bridge_ports eth0
bridge_fd 0
bridge_maxwait 0
bridge_stp 0
EOF
cat > /etc/network/interfaces << EOF
# /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto br0
iface br0 inet static
address 10.0.0.1
netmask 255.255.255.0
pre-up brctl addbr br0
post-down brctl delbr br0
bridge_fd 0
bridge_maxwait 0
bridge_stp 0
EOF
cat > /etc/network/interfaces << EOF
# /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth1 inet manual
iface eth2 inet manual
auto bond0
iface bond0 inet manual
up ifconfig bond0 0.0.0.0 up
down ifconfig bond0 down
slaves eth1 eth2
bond-mode 4
bond-miimon 100
bond-downdelay 200
bond-updelay 200
bond-lacp-rate 1
bond-xmit-hash-policy layer2+3
iface bond0.100 inet manual
vlan-raw-device bond0
auto br100
iface br100 inet static
address 10.100.0.2
#gateway 10.100.0.1
netmask 255.255.255.0
post-up ip route add 10.100.0.0/24 via 10.100.0.1 dev br100
post-down ip route del 10.100.0.0/24 dev br100
bridge_ports bond0.100
bridge_fd 0
bridge_maxwait 0
bridge_stp 0
EOF
Managing containers requires root privileges. In order to allow unprivileged users to manage containers without granting them privileges or accounts, the container-shell can be used together with sudo and a container user.
sudo adduser --gecos "container-tools,,," \
--home /var/lib/machines/container-tools \
--shell /usr/bin/container-shell \
--no-create-home container
# container-tools: linux.bfh.ch
[start]
cnt.auto=admin1.linux.bfh.ch
cnt.network-bridge=veth-84:br250
cnt.overlay=
bind=/srv/data/linux.bfh.ch:/srv/linux.bfh.ch;
boot=yes
capability=
directory=/var/lib/machines/linux.bfh.ch
drop-capability=
link-journal=no
machine=linux.bfh.ch
network-veth-extra=veth-84:eth0
private-users=no
register=yes
[limit]
BlockIODeviceWeight=
BlockIOReadBandwidth=
BlockIOWeight=
BlockIOWriteBandwidth=
CPUQuota=
CPUShares=
MemoryLimit=
TasksMax=
Hint
For cnt.network-bridge and network-veth-extra use the host id portion in the label to retain uniqueness. The container has an ip address of 147.87.250.84 and shows up as veth-84.