Intelligente Lösungen
in neuer Dimension

LXC-Container Ubuntu-22.04

Hier beschreibe ich, wie ich meinen Basiscontainer mit Ubuntu-22.04 erzeuge.

Voraussetzungen

  1. LXD ist installiert: lxd --version –> 4.21
  2. LXC ist installiert: lxc --version –> 4.21
  3. Es gibt diverse LXC-Netzwerke: lxc network list
1
2
3
4
5
6
7
8
9
10
root@helsinki ~ # lxc network list
+-------------+----------+---------+----------------+------+-------------+---------+
|    NAME     |   TYPE   | MANAGED |      IPV4      | IPV6 | DESCRIPTION | USED BY |
+-------------+----------+---------+----------------+------+-------------+---------+
| enp0s31f6   | physical | NO      |                |      |             | 0       |
+-------------+----------+---------+----------------+------+-------------+---------+
| lxdhostonly | bridge   | YES     | 10.2.110.1/24  | none |             | 24      |
+-------------+----------+---------+----------------+------+-------------+---------+
| lxdnat      | bridge   | YES     | 10.38.131.1/24 | none |             | 4       |
+-------------+----------+---------+----------------+------+-------------+---------+

Basiscontainer einrichten

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
root@helsinki# lxc image list images:ubuntu/22.04|grep x86_64
| ubuntu/jammy (7 more)               | 5c19aff7ebb3 | yes    | Ubuntu jammy amd64 (20211217_07:42)   | x86_64       | CONTAINER       | 105.95MB  | Dec 17, 2021 at 12:00am (UTC) |
| ubuntu/jammy (7 more)               | 880cd0ccbb73 | yes    | Ubuntu jammy amd64 (20211217_07:42)   | x86_64       | VIRTUAL-MACHINE | 257.19MB  | Dec 17, 2021 at 12:00am (UTC) |
| ubuntu/jammy/cloud (3 more)         | 4f391ba0406c | yes    | Ubuntu jammy amd64 (20211217_07:43)   | x86_64       | CONTAINER       | 126.34MB  | Dec 17, 2021 at 12:00am (UTC) |
| ubuntu/jammy/cloud (3 more)         | 66aa315fcaae | yes    | Ubuntu jammy amd64 (20211217_07:43)   | x86_64       | VIRTUAL-MACHINE | 289.44MB  | Dec 17, 2021 at 12:00am (UTC) |
| ubuntu/jammy/desktop (3 more)       | c5dfe1f7e945 | yes    | Ubuntu jammy amd64 (20211217_07:42)   | x86_64       | VIRTUAL-MACHINE | 1427.28MB | Dec 17, 2021 at 12:00am (UTC) |
root@helsinki# lxc launch images:ubuntu/22.04 ubuntu-2204
Creating ubuntu-2204
Starting ubuntu-2204                         
root@helsinki# bin/lxc-nat.sh ubuntu-2204
Profiles nat applied to ubuntu-2204
root@helsinki# lxc list ubuntu-2204
+-------------+---------+---------------------+------+-----------+-----------+
|    NAME     |  STATE  |        IPV4         | IPV6 |   TYPE    | SNAPSHOTS |
+-------------+---------+---------------------+------+-----------+-----------+
| ubuntu-2204 | RUNNING | 10.38.131.31 (eth1) |      | CONTAINER | 0         |
|             |         | 10.2.110.26 (eth0)  |      |           |           |
+-------------+---------+---------------------+------+-----------+-----------+

Ansible-Zugriff freischalten

Für Ansible brauchen wir

  • Python
  • SSH
  • PublicKey in SSH

Hier die Kommandos:

1
2
3
4
5
6
7
8
9
root@helsinki# lxc exec ubuntu-2204 /bin/bash
root@ubuntu-2204# apt-get install openssh-server
root@ubuntu-2204# mkdir .ssh
root@ubuntu-2204# cat >.ssh/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1...ZDoITmw== max.mustermann@daemons-point.com
EOF
root@ubuntu-2204# chmod 700 .ssh
root@ubuntu-2204# chmod 600 .ssh/authorized_keys
root@ubuntu-2204# apt-get install python3

Ansible-Zugriff

  • Direkter Test: ansible ubuntu-2204 -m ping –> “[WARNING]: No hosts matched, nothing to do”
  • Ansible-Inventory erweitern
  • Erneuter Test: ansible ubuntu-2204 -m ping –> “Failed to connect to the host via ssh…”
  • ~/ssh/config erweitern oder Ansible-Setup erweitern
  • Erneuter Test: ansible ubuntu-2204 -m ping –> “SUCCESS”

Basiscontainer anpassen

1
$ ansible-playbook site.yml -l ubuntu-2204

Stand 2021-12-18 werden diese Aktionen durchgeführt:

  • Install joe openssh-server netcat acl
  • Deactivate AcceptEnv within sshd_config
  • Deactivate HISTSIZE in /etc/skel/.bashrc und /root/.bashrc
  • Deactivate HISTFILESIZE in /etc/skel/.bashrc und /root/.bashrc
  • Extend /etc/bash.bashrc for better history
  • Set timezone to Europe/Berlin
  • Install pubkeys
  • Create some folders within /root: bin, systemd
  • Install apt-proxy.sh
  • Install apt-proxy.service

Container umhängen auf Host-Only-Netz

1
2
3
4
5
6
7
8
root@helsinki# CONTAINER=ubuntu-2204
root@helsinki# bin/lxc-hostonly.sh
root@helsinki# lxc list "${CONTAINER}"
+-------------+---------+--------------------+------+-----------+-----------+
|    NAME     |  STATE  |        IPV4        | IPV6 |   TYPE    | SNAPSHOTS |
+-------------+---------+--------------------+------+-----------+-----------+
| ubuntu-2204 | RUNNING | 10.2.110.26 (eth0) |      | CONTAINER | 0         |
+-------------+---------+--------------------+------+-----------+-----------+

Test: Funktioniert der Ansible-Zugriff noch? Ja!

Änderungen

  • 2021-12-18: Erste Version