Intelligente Lösungen
in neuer Dimension

Debian-Container in LXD

Heute wollte ich einen neuen Container aufsetzen auf Basis von Debian Bookworm. Leider klappt das nicht mehr, offenbar stellt linuxcontainers.org nur noch eingeschränkt Images für LXD bereit:

1
2
3
4
$ lxc image ls images:
+-------+-------------+--------+-------------+--------------+------+------+-------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE |
+-------+-------------+--------+-------------+--------------+------+------+-------------+

Eine kurze Erklärung findet sich hier. Ich muß das Debian-Image offenbar selbst erstellen.

Einspielen von “distrobuilder”

1
sudo snap install distrobuilder --classic

Alternativ kann “distrobuilder” auch selbst gebaut werden. Siehe Github-Repo.

Herunterladen von “debian.yaml” und Variationen davon

1
wget https://github.com/lxc/lxc-ci/raw/main/images/debian.yaml

Build-Skript herunterladen

build-lxcimages.sh

Images bauen und verwenden

1
./build-images.sh

Es werden diese Images erzeugt:

  • debian-bookworm-20240224_130036-amd64-lxcimage.tar.xz
  • debian-bookworm-20240224_130036-i386-lxcimage.tar.xz
  • debian-uli-bookworm-20240224_130036-amd64-lxcimage.tar.xz … “root”-Zugriff per SSH für Uli
  • debian-uli-bookworm-20240224_130036-i386-lxcimage.tar.xz … “root”-Zugriff per SSH für Uli
  • debian-dp-bookworm-20240224_130036-amd64-lxcimage.tar.xz … “root”-Zugriff per SSH für Steffen und Uli
  • debian-dp-bookworm-20240224_130036-i386-lxcimage.tar.xz … “root”-Zugriff per SSH für Steffen und Uli

Kurztest:

1
2
3
4
5
6
7
8
9
10
11
12
$ lxc image import debian-bookworm-amd64-lxcimage.tar.xz --alias debian-bookworm-amd64
$ lxc launch debian-bookworm-amd64 debian-bookworm-64bit
$ lxc ls debian-bookworm-64bit
+-----------------------+---------+----------------------+------+-----------+-----------+
|         NAME          |  STATE  |         IPV4         | IPV6 |   TYPE    | SNAPSHOTS |
+-----------------------+---------+----------------------+------+-----------+-----------+
| debian-bookworm-64bit | RUNNING | 10.253.205.42 (eth0) |      | CONTAINER | 0         |
+-----------------------+---------+----------------------+------+-----------+-----------+

# Aufräumen
$ lxc delete debian-bookworm-64bit -f
$ lxc image delete debian-bookworm-amd64

Images bauen in Einzelschritten

Unnötig, ersetzt durch “build-images.sh”!

Debian-Image bauen

amd64

1
2
3
4
5
6
sudo distrobuilder build-dir debian.yaml debian-uli -o image.release=bookworm -o image.architecture=amd64
# erzeugt debian-uli
sudo distrobuilder pack-lxc debian.yaml debian-uli -o image.release=bookworm -o image.architecture=amd64
# erzeugt meta.tar.xz und rootfs.tar.xz
sudo distrobuilder pack-incus debian.yaml debian-uli -o image.release=bookworm -o image.architecture=amd64
# erzeugt rootfs.squashfs und incus.tar.xz

Neu verpacken:

1
2
3
4
5
6
7
8
9
10
11
12
13
mkdir repackaged
(
  cd repackaged
  xz -cd ../incus.tar.xz|sudo tar -xpf -
  mkdir rootfs
  cd rootfs
  xz -cd ../../rootfs.tar.xz|sudo tar -xpf -
)
(
  cd repackaged
  sudo tar --numeric-owner -cpf - *
)|xz -T0 -c9 >debian-bookworm-amd64-lxcimage.tar.xz
sudo rm -rf repackaged

Kurztest:

1
2
3
4
5
6
7
8
9
10
11
12
$ lxc image import debian-bookworm-amd64-lxcimage.tar.xz --alias debian-bookworm-amd64
$ lxc launch debian-bookworm-amd64 debian-bookworm-64bit
$ lxc ls debian-bookworm-64bit
+-----------------------+---------+----------------------+------+-----------+-----------+
|         NAME          |  STATE  |         IPV4         | IPV6 |   TYPE    | SNAPSHOTS |
+-----------------------+---------+----------------------+------+-----------+-----------+
| debian-bookworm-64bit | RUNNING | 10.253.205.42 (eth0) |      | CONTAINER | 0         |
+-----------------------+---------+----------------------+------+-----------+-----------+

# Aufräumen
$ lxc delete debian-bookworm-64bit -f
$ lxc image delete debian-bookworm-amd64

i386

1
2
3
4
5
6
sudo distrobuilder build-dir debian.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
# erzeugt debian-uli
sudo distrobuilder pack-lxc debian.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
# erzeugt meta.tar.xz und rootfs.tar.xz
sudo distrobuilder pack-incus debian.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
# erzeugt rootfs.squashfs und incus.tar.xz

Neu verpacken:

1
2
3
4
5
6
7
8
9
10
11
12
13
mkdir repackaged
(
  cd repackaged
  xz -cd ../incus.tar.xz|sudo tar -xpf -
  mkdir rootfs
  cd rootfs
  xz -cd ../../rootfs.tar.xz|sudo tar -xpf -
)
(
  cd repackaged
  sudo tar --numeric-owner -cpf - *
)|xz -T0 -c9 >debian-bookworm-i386-lxcimage.tar.xz
sudo rm -rf repackaged

Kurztest:

1
2
3
4
5
6
7
8
9
10
11
12
$ lxc image import debian-bookworm-i386-lxcimage.tar.xz --alias debian-bookworm-i386
$ lxc launch debian-bookworm-i386 debian-bookworm-32bit
$ lxc ls debian-bookworm-32bit
+-----------------------+---------+----------------------+------+-----------+-----------+
|         NAME          |  STATE  |         IPV4         | IPV6 |   TYPE    | SNAPSHOTS |
+-----------------------+---------+----------------------+------+-----------+-----------+
| debian-bookworm-32bit | RUNNING | 10.253.205.92 (eth0) |      | CONTAINER | 0         |
+-----------------------+---------+----------------------+------+-----------+-----------+

# Aufräumen
$ lxc delete debian-bookworm-32bit -f
$ lxc image delete debian-bookworm-i386

Erweiterungen

Zusätzliche Pakete

1
2
cp debian.yaml debian-uli.yaml
# debian-uli.yaml anpassen

Anpassungen debian-uli.yaml:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
--- debian.yaml 2024-02-24 09:27:37.690252292 +0100
+++ debian-uli.yaml  2024-02-24 11:26:08.487263194 +0100
@@ -1148,6 +1148,14 @@
   types:
   - vm

+- path: /root/.ssh/authorized_keys
+  generator: dump
+  mode: 600
+  uid: 0
+  gid: 0
+  content: |-
+    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1cdBC88JrLfbQtjR6QSCBfK/7zba4O1CjraiB7MT59ztpc9Br1z7uLbXn3OvCmIaTl/BkYPSVMKJK1xT6ce4i6suFWosd9H8e13hMrlqGtahbohOJdg32XKwWNo7vqM8HCrCgYQE+y4d/PzdqIq4KQbEYJNqEw3ZFN+Fep7bH0kYCay0keKJdhBcIzPYOpG5WbZyYjN07NiDDJMFuimnk1QBUj0K/FMfvtMfxqPv3tdcKGo0TSWE6QteborIXmQVcZ9Zsir+diFb6cS0HsHZ0xrkde8xQrX0B+2bPEYZhax3ro2Qj/Cv7RGbS4H7jidxUAp6Q+VFQ/eAnpCZDoITmw== uli@notebook
+
 packages:
   manager: apt
   update: true
@@ -1173,6 +1181,10 @@
     - procps
     - sudo
     - vim
+    - joe-jupp
+    - apt-transport-https
+    - at
+    - python3-apt
+    - openssh-server
+    - ncat
+    - less
     action: install

   - packages:

Verpacken:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
sudo distrobuilder build-dir debian-uli.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
sudo distrobuilder pack-lxc debian-uli.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
sudo distrobuilder pack-incus debian-uli.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
mkdir repackaged
(
  cd repackaged
  xz -cd ../incus.tar.xz|sudo tar -xpf -
  mkdir rootfs
  cd rootfs
  xz -cd ../../rootfs.tar.xz|sudo tar -xpf -
)
(
  cd repackaged
  sudo tar --numeric-owner -cpf - *
)|xz -T0 -c9 >uli-debian-bookworm-i386-lxcimage.tar.xz
sudo rm -rf repackaged

Probleme und offene Punkte

Anmelden per SSH klappt nicht

debian*.yaml muß ergänzt werden um “openssh-server”

Keine IP-Adresse bei neuer Verpackung

1
2
3
4
5
6
7
mkdir repackaged
(
  cd repackaged
  xz -cd ../incus.tar.xz|tar xf -
  ln -s ../debian-uli rootfs
  sudo tar --numeric-owner -cpf - ./metadata.yaml ./templates/ ./rootfs/*
)|xz -T0 -c9 >debian-bookworm-amd64-lxcimage.tar.xz

Was bringt keine Verbesserung?

  • Weglassen von “—numeric-owner”

Welche Unterschiede?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
-- sr   2024-02-24 10:35:22.225384958 +0100
+++ srootfs  2024-02-24 10:35:12.217406410 +0100
@@ -320,6 +320,7 @@
 ./etc/rc5.d/
 ./etc/rc6.d/
 ./etc/rcS.d/
+./etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
 ./etc/.resolv.conf.systemd-resolved.bak
 ./etc/rmt -> /usr/sbin/rmt
 ./etc/rpc
@@ -649,17 +650,22 @@
 ./etc/systemd/logind.conf
 ./etc/systemd/network/
 ./etc/systemd/networkd.conf
+./etc/systemd/network/eth0.network
 ./etc/systemd/pstore.conf
 ./etc/systemd/resolved.conf
 ./etc/systemd/sleep.conf
 ./etc/systemd/system/
 ./etc/systemd/system.conf
 ./etc/systemd/system/dbus-org.freedesktop.resolve1.service -> /lib/systemd/system/systemd-resolved.service
+./etc/systemd/system-generators/
+./etc/systemd/system-generators/lxc
 ./etc/systemd/system/getty.target.wants/
 ./etc/systemd/system/getty.target.wants/getty@tty1.service -> /lib/systemd/system/getty@.service
 ./etc/systemd/system/multi-user.target.wants/
 ./etc/systemd/system/multi-user.target.wants/e2scrub_reap.service -> /lib/systemd/system/e2scrub_reap.service
 ./etc/systemd/system/multi-user.target.wants/remote-fs.target -> /lib/systemd/system/remote-fs.target
+./etc/systemd/system/sockets.target.wants/
+./etc/systemd/system/sockets.target.wants/systemd-networkd.socket -> /lib/systemd/system/systemd-networkd.socket
 ./etc/systemd/system/sysinit.target.wants/
 ./etc/systemd/system/sysinit.target.wants/systemd-pstore.service -> /lib/systemd/system/systemd-pstore.service
 ./etc/systemd/system/sysinit.target.wants/systemd-resolved.service -> /lib/systemd/system/systemd-resolved.service
@@ -807,7 +813,6 @@
 ./root/.profile
 ./root/.ssh/
 ./run/
-./run/systemd/resolve/stub-resolv.conf
 ./sbin -> usr/sbin
 ./solvers/dump
 ./srv/

Was sind die Ursachen?

distrobuilder pack-incus verpackt nicht einfach nur den Inhalt vom “rootfs”, sondern führt auch noch die Generatoren innerhalb der YAML-Datei aus. Diese sind u.a. für die Netzwerkkonfiguration verantwortlich.

Links

Änderungen

  • 2023-02-24: Erste Version