ubuntu18.04にLXCでコンテナインストールしてsshまでやってみる
Lpic304の勉強がてら試したのでメモ。
参考
環境
Ubuntu 18.04 LTS
インストール
mukkun@mukkun-ubuntu:~$ sudo apt-get install lxc ## 初期設定 ブリッジの設定を追記する mukkun@mukkun-ubuntu:~$ cat /etc/lxc/lxc-usernet # USERNAME TYPE BRIDGE COUNT mukkun veth lxcbr0 10 mukkun@mukkun-ubuntu:~$ mkdir ~/.config mukkun@mukkun-ubuntu:~$ mkdir ~/.config/lxc mukkun@mukkun-ubuntu:~$ cp /etc/lxc/default.conf ~/.config/lxc/default.conf mukkun@mukkun-ubuntu:~$ grep $USER /etc/subgid mukkun:165536:65536 ↑この値と合わせる cat << EOT >> ~/.config/lxc/default.conf lxc.idmap = u 0 165536 65536 lxc.idmap = g 0 165536 65536 EOT
コンテナ作成・確認
mukkun@mukkun-ubuntu:~$ lxc-create -t download -n my-container Setting up the GPG keyring Downloading the image index --- DIST RELEASE ARCH VARIANT BUILD --- alpine 3.10 amd64 default 20200709_13:00 ・ ・ ・ ↑リストが出るので選ぶ。 Distribution: ubuntu Release: xenial Architecture: i386 Downloading the image index Downloading the rootfs Downloading the metadata The image cache is now ready Unpacking the rootfs --- You just created an Ubuntu xenial i386 (20200709_07:42) container. To enable SSH, run: apt install openssh-server No default root or user password are set by LXC.
コンテナの確認
mukkun@mukkun-ubuntu:~$ lxc-ls -f NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED my-container RUNNING 0 - 10.0.3.175 - true
起動
mukkun@mukkun-ubuntu:~$ lxc-start -n my-container -d
確認
mukkun@mukkun-ubuntu:~$ lxc-info my-container Name: my-container State: RUNNING PID: 3888 IP: 10.0.3.175 Memory use: 18.60 MiB KMem use: 7.08 MiB Link: vethUNE5V1 TX bytes: 1.62 KiB RX bytes: 2.29 KiB Total bytes: 3.91 KiB
コンテナのユーザー作成
mukkun@mukkun-ubuntu:~$ lxc-attach -n my-container root@my-container:/# adduser lahm Adding user `lahm' ... Adding new group `lahm' (1001) ... Adding new user `lahm' (1001) with group `lahm' ... Creating home directory `/home/lahm' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for lahm Enter the new value, or press ENTER for the default Full Name []: lahm Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y root@my-container:/#
sudoにも追加しておく
root@my-container:/# gpasswd -a lahm sudo Adding user lahm to group sudo openssh-server入れておく root@my-container:/# apt-get -y install openssh-server root@my-container:/# exit exit
ログインしてみる
mukkun@mukkun-ubuntu:~$ lxc-console -n my-container Connected to tty 1 Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself Login incorrect my-container login: Login timed out after 60 seconds. Ubuntu 16.04.6 LTS my-container pts/0 my-container login: lahm Password: Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.15.0-109-generic i686) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. lahm@my-container:~$
ネットワーク確認
lahm@my-container:~$ ip -4 a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 5: eth0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link-netnsid 0 inet 10.0.3.175/24 brd 10.0.3.255 scope global eth0 valid_lft forever preferred_lft forever lahm@my-container:~$ lahm@my-container:~$ ip route default via 10.0.3.1 dev eth0 10.0.3.0/24 dev eth0 proto kernel scope link src 10.0.3.175
ちゃんと外に出れる
lahm@my-container:~$ ping yahoo.co.jp PING yahoo.co.jp (182.22.59.229) 56(84) bytes of data. 64 bytes from f1.top.vip.ssk.yahoo.co.jp (182.22.59.229): icmp_seq=1 ttl=49 time=4.49 ms 64 bytes from f1.top.vip.ssk.yahoo.co.jp (182.22.59.229): icmp_seq=2 ttl=49 time=4.18 ms
コンソールから抜ける時は Ctrl + a押した後にqを押せば抜けられる
ホストからコンテナにsshしてみる
mukkun@mukkun-ubuntu:~$ ssh lahm@10.0.3.175 The authenticity of host '10.0.3.175 (10.0.3.175)' can't be established. ECDSA key fingerprint is SHA256:PB7M16D3fCJtHqLnrd4pJ+aYgjey+u1hj+pUeNZDnWk. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.3.175' (ECDSA) to the list of known hosts. lahm@10.0.3.175's password: Welcome to Ubuntu 16.04.6 LTS (GNU/Linux 4.15.0-109-generic i686) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage Last login: Fri Jul 10 00:46:19 2020 To run a command as administrator (user "root"), use "sudo <command>". See "man sudo_root" for details. lahm@my-container:~$
コンテナ停止
<Code> mukkun@mukkun-ubuntu:~$ lxc-ls -f NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED my-container RUNNING 0 - 10.0.3.175 - true mukkun@mukkun-ubuntu:~$ mukkun@mukkun-ubuntu:~$ lxc-stop -n my-container mukkun@mukkun-ubuntu:~$ lxc-ls -f NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED my-container STOPPED 0 - - - true