lxc / lxc-templates Goto Github PK
View Code? Open in Web Editor NEWOld style template scripts for LXC (prefer distrobuilder)
License: GNU Lesser General Public License v2.1
Old style template scripts for LXC (prefer distrobuilder)
License: GNU Lesser General Public License v2.1
Firstly, all other attempted templates work just fine.
lxc-start --version
: 4.0.6lxc-checkconfig
:LXC version 4.0.6
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-5.10.0-9-amd64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
--- Control groups ---
Cgroups: enabled
Cgroup v1 mount points:
Cgroup v2 mount points:
/sys/fs/cgroup
Cgroup v1 systemd controller: missing
Cgroup v1 freezer controller: missing
Cgroup namespace: required
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded
--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities:
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
uname -a
: Linux <hostname> 5.10.0-9-amd64 lxc/lxc#1 SMP Debian 5.10.70-1 (2021-09-30) x86_64 GNU/Linux
cat /proc/self/cgroup
: 0::/user.slice/user-1000.slice/session-1.scope
cat /proc/1/mounts
:sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,nosuid,relatime,size=8137956k,nr_inodes=2034489,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,nodev,noexec,relatime,size=1637504k,mode=755 0 0
/dev/sda2 / ext4 rw,relatime,errors=remount-ro 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0
efivarfs /sys/firmware/efi/efivars efivarfs rw,nosuid,nodev,noexec,relatime 0 0
none /sys/fs/bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12720 0 0
mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0
tracefs /sys/kernel/tracing tracefs rw,nosuid,nodev,noexec,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,nosuid,nodev,noexec,relatime 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,relatime,pagesize=2M 0 0
configfs /sys/kernel/config configfs rw,nosuid,nodev,noexec,relatime 0 0
fusectl /sys/fs/fuse/connections fusectl rw,nosuid,nodev,noexec,relatime 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/sda5 /tmp ext4 rw,relatime 0 0
/dev/sda3 /var ext4 rw,relatime 0 0
/dev/sda6 /home ext4 rw,relatime 0 0
/dev/loop1 /snap/core/11993 squashfs ro,nodev,relatime 0 0
/dev/loop2 /snap/core20/1169 squashfs ro,nodev,relatime 0 0
lxcfs /var/lib/lxcfs fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
tmpfs /run/snapd/ns tmpfs rw,nosuid,nodev,noexec,relatime,size=1637504k,mode=755 0 0
tmpfs /run/user/1000 tmpfs rw,nosuid,nodev,relatime,size=1637500k,nr_inodes=409375,mode=700,uid=1000,gid=1000 0 0
Running sudo lxc-create -t alpine -n test1
will output:
Obtaining an exclusive lock... done
==> Fetching and/or verifying APK keys
[email protected]: OK
[email protected]: OK
[email protected]: OK
[email protected]: OK
[email protected]: OK
[email protected]: OK
[email protected]: OK
[email protected]: OK
Obtaining an exclusive lock... done
==> Installing Alpine Linux in /var/lib/lxc/test1/rootfs
(1/20) Installing musl (1.2.2-r3)
(2/20) Installing busybox (1.33.1-r3)
Executing busybox-1.33.1-r3.post-install
(3/20) Installing alpine-baselayout (3.2.0-r16)
Executing alpine-baselayout-3.2.0-r16.pre-install
Executing alpine-baselayout-3.2.0-r16.post-install
(4/20) Installing ifupdown-ng (0.11.3-r0)
(5/20) Installing openrc (0.43.3-r2)
Executing openrc-0.43.3-r2.post-install
(6/20) Installing alpine-conf (3.12.0-r0)
(7/20) Installing libcrypto1.1 (1.1.1l-r0)
(8/20) Installing libssl1.1 (1.1.1l-r0)
(9/20) Installing ca-certificates-bundle (20191127-r5)
(10/20) Installing libretls (3.3.3p1-r2)
(11/20) Installing ssl_client (1.33.1-r3)
(12/20) Installing zlib (1.2.11-r3)
(13/20) Installing apk-tools (2.12.7-r0)
(14/20) Installing busybox-suid (1.33.1-r3)
(15/20) Installing busybox-initscripts (3.3-r1)
Executing busybox-initscripts-3.3-r1.post-install
(16/20) Installing scanelf (1.3.2-r0)
(17/20) Installing musl-utils (1.2.2-r3)
(18/20) Installing libc-utils (0.7.2-r3)
(19/20) Installing alpine-keys (2.4-r0)
(20/20) Installing alpine-base (3.14.2-r0)
Executing busybox-1.33.1-r3.trigger
OK: 9 MiB in 20 packages
mknod: dev/zero: File exists
lxc-create: test1: lxccontainer.c: create_run_template: 1616 Failed to create container from template
lxc-create: test1: tools/lxc_create.c: main: 319 Failed to create container test1
Also, possibly related with nearly identical error: lxc/lxc#609 (yes, I know this is necromancy, but the error message makes me question its relationship)
Hello,
I created containers from the archlinux template and saw, that they are 500MB each.
For an arch image, that is pretty much.
There are a lot of packages installed, that are not needed.
For example:
cryptsetup
dhcpcd
diffutils
e2fsprogs
gawk
gzip
jfsutils
less
licenses
man-db
man-oages
mdadm
nano
netctl
perl
reiserfsprogs
...
By not installing them by default, the image would be a lot smaller.
And all users, that need those packages, can install them either manually or automatically as dependency of packages.
Would it be possible, to remove them and maybe other non-required packages from the default archlinux image?
A Devuan template for the new release is missing. At least for the AMD64 platform.
Hi there,
the Gentoo template is missing a feature to make the package manager work. To enable it, do the following:
echo 'FEATURES="-pid-sandbox"' >> /etc/portage/make.conf
Then the SSH server is not installed in the template, so a SSH connection to the container will not work, even if the public SSH key is given in the Proxmox GUI. To enable the SSH server, do the following:
emerge-webrsync
emerge --changed-use net-misc/openssh
rc-update add sshd default
rc-service sshd start
Further information (in German) can be found in https://www.goos-habermann.de/howto-10048-Gentoo-Proxmox-Paketverwaltung-LAMP-Software-Downgrade .
It would be nice, if you could include these "patches" into the next version of the Gentoo template. So it would be fully usable out-of-the-box.
Cu Hauke
The Arch Linux template fails to create a new container, unless the host system itself has pacman installed. Practically you can thus only create an Arch Linux container on an Arch Linux host.
The Debian template is building the security apt sources.list incorrectly. Apt update is failing with an error:
E: The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file.
Steps to reproduce:
lxc-create --template debian --name bullseye-test -- --release bullseye
lxc-start bullseye-test
lxc-attach bullseye-test
# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Ign:2 http://security.debian.org bullseye/updates InRelease
Get:3 http://deb.debian.org/debian bullseye/main Translation-en [6,241 kB]
Err:4 http://security.debian.org bullseye/updates Release
404 Not Found [IP: 151.101.50.132 80]
Reading package lists... Done
E: The repository 'http://security.debian.org bullseye/updates Release' does not have a Release f
ile.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
According to https://www.debian.org/security/ the sources.list security entry should have something like this:
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
Rather than ${release}/updates
Looks like this line needs to change:
lxc-templates/templates/lxc-debian.in
Line 245 in 80ba0cb
I edited the source.list to make sure this would work and the apt update was successful:
root@bullseye-test:~# cat /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main
deb http://security.debian.org/ bullseye/updates main
root@bullseye-test:~# sed -i "s|bullseye/updates|bullseye-security|" /etc/apt/sources.list
root@bullseye-test:~# cat /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main
deb http://security.debian.org/ bullseye-security main
root@bullseye-test:~# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Get:2 http://security.debian.org bullseye-security InRelease [44.1 kB]
Get:3 http://security.debian.org bullseye-security/main amd64 Packages [25.4 kB]
Get:4 http://security.debian.org bullseye-security/main Translation-en [12.5 kB]
Fetched 81.9 kB in 0s (244 kB/s)
Reading package lists... Done
Building dependency tree... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
Let me know if you need any more information.
I quite liked your shell scripts.
distrobuilder is a big Go monster, the format is yaml (why should shell commands
be written as yaml?). I cannot find an equally big collection of supported Linux
distributions. I like to build locally against local caches of linux distros. etc.
Are you still accepting fixes and pull requests?
Any plans to keep this lxc-templates project maybe alive as is..
Hello,
it seems that at the moment - in the current version - it is impossible to get an Fedora 28 conatiner with the template lxc-fedora used by lxc-create (at least on non fedora-hosts).
Hi,
It's been almost 3 years without a release. Would it be possible to get one?
This is what I get from: lxc-create -n c10 -t /path/to/lxc-template
I'm also unable to login with the root password from /var/lib/lxc/c10/tmp_root_pass
Copy /var/cache/lxc/centos/x86_64/7/rootfs to /var/lib/lxc/c10/rootfs ...
Copying rootfs to /var/lib/lxc/c10/rootfs ...
sed: can't read /var/lib/lxc/c10/rootfs/etc/init/tty.conf: No such file or directory
Storing root password in '/var/lib/lxc/c10/tmp_root_pass'
chpasswd: cannot open /etc/passwd
Expiring password for user root.
passwd: Libuser error at line: 413 - Error replacing `/etc/passwd': Permission denied.
passwd: Error
sed: can't read /var/lib/lxc/c10/rootfs/etc/rc.sysinit: No such file or directory
sed: can't read /var/lib/lxc/c10/rootfs/etc/rc.d/rc.sysinit: No such file or directory
Container rootfs and config have been created.
Edit the config file to check/enable networking setup.
The temporary root password is stored in:
'/var/lib/lxc/c10/tmp_root_pass'
The root password is set up as expired and will require it to be changed
at first login, which you should do as soon as possible. If you lose the
root password or wish to change it without starting the container, you
can change it from the host by running the following command (which will
also reset the expired flag):
chroot /var/lib/lxc/c10/rootfs passwd
Because of the way this repository was created, all file history was lost.
Please delete this repository and re-create it, copying the files in such a way as to preserve their history. Instructions on how to do this can be found many places. Google works well for this kind of thing: https://www.google.com/search?q=github+one+repo+to+another+preserving+history
Thank you.
I tried to create rockylinux8 container on rockylinux8 host by lxc 4.0.12.
I used "meta.tar.xz" and "rootfs.tar.xz" files I got from image-rockylinux
But I failed to make rockylinux8 container with some errors below.
# lxc-create -n test04 -t local -- -m meta.tar.xz -f rootfs.tar.xz
Unpacking the rootfs
---
You just created a Rockylinux 8 x86_64 (20230223_02:06) container.
lxc-create: test04: parse.c: lxc_file_for_each_line_mmap: 130 Failed to parse config file "/usr/local/share/lxc/config/common.conf" at line "lxc.seccomp.profile = /usr/local/share/lxc/config/common.seccomp"
lxc-create: test04: parse.c: lxc_file_for_each_line_mmap: 130 Failed to parse config file "/usr/local/var/lib/lxc/test04/config" at line "lxc.include = /usr/local/share/lxc/config/common.conf"
lxc-create: test04: tools/lxc_create.c: main: 317 Failed to create container test04
What should I do to solve this problem?
Similar to #39, the current apt configuration in the image debian:bullseye
seems to be broken. apt update
fails with:
E: The repository 'http://security.debian.org/debian-security bullseye/updates Release' does not have a Release file.
Steps to reproduce:
$ lxc-create --template debian --name bullseye-test -- --release bullseye
$ lxc-start bullseye-test
$ lxc-attach bullseye-test
# apt update
Hit:1 http://deb.debian.org/debian bullseye InRelease
Ign:2 http://security.debian.org/debian-security bullseye/updates InRelease
Err:3 http://security.debian.org/debian-security bullseye/updates Release
404 Not Found [IP: 146.75.122.132 80]
Get:4 http://deb.debian.org/debian bullseye/main Translation-en [6,240 kB]
Reading package lists... Done
E: The repository 'http://security.debian.org/debian-security bullseye/updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Content of /etc/apt/sources.list
:
# cat /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main
deb http://security.debian.org/debian-security bullseye/updates main
AFAIK, the content of a new Debian Bullseye installation contains the following lines in /etc/apt/sources.list
:
deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
Hi,
Following up from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950840#16, there are some situations where this code, present in the lxc-debian template, will fail.
encoding=$(echo "$LANG" | cut -d. -f2)
chroot "$rootfs" sed -e "s/^# \(${LANG} ${encoding}\)/\1/" \
-i /etc/locale.gen 2> /dev/null
cat >> "$rootfs/etc/locale.gen" << EOF
$LANG $encoding
This is due to the fact that some LANG are only UTF-8 (eg en_IN), and hence LANG=en_IN and not LANG=en_IN.UTF-8. So the call to cut will not work.
I'll offer a patch in a PR.
With best regards.
The template below is mostly useful for bug reports and support questions.
Feel free to remove anything which doesn't apply to you and add more information where it makes sense.
lxc-start --version
: 3.2.1uname -a
: Linux arkadia 4.18.0-80.7.1.el8_0.x86_64 lxc/lxc#1 SMP Sat Aug 3 15:14:00 UTC 2019 x86_64 x86_64 x86_64 GNU/LinuxI installed LXC3 on Centos8 using:
https://copr.fedorainfracloud.org/coprs/ganto/lxc3/
and then tried to run:
root@arkadia ~]# lxc-create -n test2 -t centos -- -R 8
Host CPE ID from /etc/os-release: cpe:/o:centos:centos:8
Checking cache download in /var/cache/lxc/centos/x86_64/8/rootfs ...
Downloading CentOS minimal ...
Failed to set locale, defaulting to C
Failed to set locale, defaulting to C
Unable to detect release version (use '--releasever' to specify release version)
CentOS-8 - Base 36 B/s | 38 B 00:01
Error: Failed to synchronize cache for repo 'base'
Reinstalling packages ...
mkdir: cannot create directory '/var/cache/lxc/centos/x86_64/8/partial/etc/yum.repos.disabled': File exists
mv: cannot stat '/var/cache/lxc/centos/x86_64/8/partial/etc/yum.repos.d/*.repo': No such file or directory
mknod: /var/cache/lxc/centos/x86_64/8/partial//var/cache/lxc/centos/x86_64/8/partial/dev/null: File exists
mknod: /var/cache/lxc/centos/x86_64/8/partial//var/cache/lxc/centos/x86_64/8/partial/dev/urandom: File exists
cp: cannot stat '/var/cache/lxc/centos/x86_64/8/partial/var/cache/yum/*': No such file or directory
chroot: failed to run command 'yum': No such file or directory
Failed to download the rootfs, aborting.
Failed to download 'CentOS base'
failed to install CentOS
lxc-create: test2: lxccontainer.c: create_run_template: 1648 Failed to create container from template
lxc-create: test2: tools/lxc_create.c: main: 331 Failed to create container test2
I want to install debian (6) squeeze in a container
i know, it is old ;)
is it possible anyways?
http://archive.debian.org/debian/dists/
Hi,
Followup from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839843 , some templates are trapping singint in a way that can be dangerous.
e.g., if the path provided for the container creation is not the good one, when SIGINTint the create process, the directory is destroyed, which can sometimes be counter productive.
I'd suggest a prompt with a yes/no question offering to delete the directory.
Impacted templates : archlinux, centos, fedora, fedora-legacy, pld, and void-linux
Cheers.
Currently the template scripts manually create symlinks to enable/disable systemd services.
For instance, the fedora template script explicitly enables systemd-networkd
, but systemd reverts back to the 'preset' state whenever there's no /etc/machine-id
file at boot time, where fedora now explicitly disables systemd-networkd
in favor of NetworkManager
.
This is done via /usr/lib/systemd/system-preset/90-default.preset
.
The template should probably additionally also ship a preset (eg. /etc/systemd/system-preset/00-lxc.preset
or something) containin the enable systemd-networkd.service
line (and potentially others that get enabled).
While this behavior is somewhat awkward, it'll probably also be "safer" as eg. systemd-networkd.service
contains an Alias=
and a few Also=
lines by now which aren't taken into account in the template scripts either.
When attempting to copy a statically linked interpreter, the script intends to create the target folder mkdir -p. However, the target created is the basename, not the dirname of the target path of the interpreter. This will likely still function if the target directory happens to exist (e.g. rootfs/usr/bin), but may also create a nonsense folder in the working path. In the line below, basename should be replaced with dirname.
mkdir -p "$(basename "$cache/partial-$release-$arch/$interpreter_path")"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.