Simple tool to create Debian LXC containers.
It performs the following operations :
- Creates LVM logical volume and filesystem for the container
- Adds entry to
/etc/fstaband mounts container's filesystem - Installs Debian using debootstrap (with cache to speed up the process)
- Configures networking inside container
- Disables a set of harmful/unused features for a container
- Allows host SSH key to connect to the container's root account
- Creates LXC configuration file
- Starts the container
This tool is compatible with Debian 6.0 and 7.0, as a LXC host or container.
LVM volume group with enough capacity to store the containers.
A linux bridge interface whose IP address serves as network gateway for the containers.
Example entry in /etc/network/interfaces :
auto br0
iface br0 inet static
bridge_ports none
address 10.42.0.254
netmask 255.255.255.0
These Debian packages must be installed :
lxcdebootstraplsb-release
Get the lxc-debootstrap script.
Create configuration directory :
mkdir /etc/lxc-debootstrap /etc/lxc-debootstrap/containers
Overwrite global variables in /etc/lxc-debootstrap/config if necessary.
See Configuration section below for a full list.
Example (/etc/lxc-debootstrap/config) :
DEBIAN_SUITE="wheezy" LXC_PATH="/var/lib/lxc" BRIDGE_INTERFACE="br0" NETMASK="255.255.255.0" GATEWAY="10.42.0.254" DOMAIN="example.com"
Create container-specific configuration file for an example container example1.
Example (/etc/lxc-debootstrap/containers/example1) :
IPADDR=10.42.0.29 HWADDR=42:00:00:00:00:29 DISKSIZE=5G
As root, execute lxc-debootstrap :
# ./lxc-debootstrap example1 Container parameters -------------------- lxc_name example1 debian_suite wheezy debian_arch amd64 lvm_disksize 5G lvm_volpath /dev/mapper/lxc-example1 net_ipaddr 10.42.0.29 net_gateway 10.42.0.254 net_hwaddr 42:00:00:00:00:29 lxc_rootfs /var/lib/lxc/example1/rootfs lxc_config /var/lib/lxc/example1/config Create ? y debootstrap cache dir already exists creating logical volume /dev/mapper/lxc-example1 creating filesystem on /dev/mapper/lxc-example1 creating root directory /var/lib/lxc/example1 adding entry in /etc/fstab mount /dev/mapper/lxc-example1 on /var/lib/lxc/example1 using fstab populating /var/lib/lxc/example1/rootfs networking : setting hostname networking : setting DNS resolver networking : setting IP configuration networking : creating hosts file disabling useless tty remove pointless services in a container disabling root password adding SSH keys setting APT configuration updating packages creating configuration file /var/lib/lxc/example1/config starting container with lxc-start Done.
Now, connect to the container using SSH :
# ssh 10.42.0.29 The authenticity of host '10.42.0.29 (10.42.0.29)' can't be established. RSA key fingerprint is 35:1a:b5:4e:32:c5:0d:4b:34:b1:fe:05:45:b8:30:3a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.42.0.29' (RSA) to the list of known hosts. Linux example1 2.6.32-5-amd64 #1 SMP Sun Sep 23 10:07:46 UTC 2012 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. -bash: warning: setlocale: LC_ALL: cannot change locale (en_US.utf8) root@example1:~#
Main configuration file is /etc/lxc-deboostrap/config. Per-container
configuration files are /etc/lxc-deboostrap/containers/CONTAINER_NAME.
They overwrite default values (see table below).
Configuration file format is shell script (directly sourced during script initialization). Variables are defined with KEY=VALUE pairs. Lines can be commented using # at the beggining of lines.
Each container MUST have these variables defined :
DISKSIZEIPADDRHWADDR
Here is a description of all configuration variables :
| Variable | Description |
|---|---|
| DISKSIZE | Container's disk size (e.g. 5G or 1T) |
| IPADDR | Container's IP address (e.g. 10.42.0.1) |
| HWADDR | Container's MAC address (e.g. 42:00:00:00:00:29) |
| LXC_VG_NAME | LVM volume group where container's logical volume are allocated |
| LXC_PATH | LXC root path where container's mount point are created |
| DEBIAN_MIRROR | Debian mirror URL |
| DEBIAN_SUITE | Debian distribution codename |
| DEBIAN_ARCH | Debian architecture |
| DOMAIN | Domain name, used in /etc/hosts and /etc/resolv.conf if defined |
| NETMASK | Network mask of container's network interface |
| GATEWAY | Network gateway of container's network interface |
| BRIDGE_IF | Network bridge interface name on host system |
| DNS_RESOLVER | Name server IP address |
| SSH_PUBFILE | SSH public key to allow to connect to the container root account |
| SSH_FROM_ADDR | IP address from where SSH root login is allowed |
| CACHE_ROOT | Directory where debootstrap cache is stored |
| FSTYPE | Container's filesystem type |
And their default values :
| Variable | Default value |
|---|---|
| DISKSIZE | Mandatory, no default value |
| IPADDR | Mandatory, no default value |
| HWADDR | Mandatory, no default value |
| LXC_VG_NAME | lxc |
| LXC_PATH | /var/lib/lxc |
| DEBIAN_MIRROR | http://ftp.debian.org/debian/ |
| DEBIAN_SUITE | Same as host (e.g. squeeze or wheezy) |
| DEBIAN_ARCH | Same as host (e.g. amd64 or i386) |
| DOMAIN | None |
| NETMASK | 255.255.255.0 |
| GATEWAY | 10.42.0.254 |
| BRIDGE_IF | br0 |
| DNS_RESOLVER | 10.42.0.254 |
| SSH_PUBFILE | /root/.ssh/id_rsa.pub |
| SSH_FROM_ADDR | Same as GATEWAY |
| CACHE_ROOT | /var/cache/lxc-debootstrap |
| FSTYPE | ext4 |
Q : Can I install additional packages using deboostrap --include option ?
A : No, it could break the debootstrap cache
- Check executed as root
- Check lxc_name is short
- Check directories do not exist
- Check DISKSIZE, IPADDR, HWADDR are defined, and only container-defined
- Option to force yes
- Option to build all containers
- Option to rebuild/update the debootstrap cache
- Option to remove container
- Source post-hook scripts in /etc/lxc-debootstrap/post.d/
- Auto-detect values of NETMASK, GATEWAY, DNS using bridge configuration
Copyright 2013 Thomas Martin [email protected]
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.