Heute wollte ich einen neuen Container aufsetzen auf Basis
von Debian Bookworm. Leider klappt das nicht mehr,
offenbar stellt linuxcontainers.org nur noch eingeschränkt
Images für LXD bereit:
1
2
3
4
$ lxc image ls images:
+-------+-------------+--------+-------------+--------------+------+------+-------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE |
+-------+-------------+--------+-------------+--------------+------+------+-------------+
Eine kurze Erklärung findet sich hier .
Ich muß das Debian-Image offenbar selbst erstellen.
Einspielen von “distrobuilder”
1
sudo snap install distrobuilder --classic
Alternativ kann “distrobuilder” auch selbst gebaut werden.
Siehe Github-Repo .
Herunterladen von “debian.yaml” und Variationen davon
1
wget https://github.com/lxc/lxc-ci/raw/main/images/debian.yaml
Build-Skript herunterladen
build-lxcimages.sh
Images bauen und verwenden
Es werden diese Images erzeugt:
debian-bookworm-20240224_130036-amd64-lxcimage.tar.xz
debian-bookworm-20240224_130036-i386-lxcimage.tar.xz
debian-uli-bookworm-20240224_130036-amd64-lxcimage.tar.xz … “root”-Zugriff per SSH für Uli
debian-uli-bookworm-20240224_130036-i386-lxcimage.tar.xz … “root”-Zugriff per SSH für Uli
debian-dp-bookworm-20240224_130036-amd64-lxcimage.tar.xz … “root”-Zugriff per SSH für Steffen und Uli
debian-dp-bookworm-20240224_130036-i386-lxcimage.tar.xz … “root”-Zugriff per SSH für Steffen und Uli
Kurztest:
1
2
3
4
5
6
7
8
9
10
11
12
$ lxc image import debian-bookworm-amd64-lxcimage.tar.xz --alias debian-bookworm-amd64
$ lxc launch debian-bookworm-amd64 debian-bookworm-64bit
$ lxc ls debian-bookworm-64bit
+-----------------------+---------+----------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+-----------------------+---------+----------------------+------+-----------+-----------+
| debian-bookworm-64bit | RUNNING | 10.253.205.42 (eth0) | | CONTAINER | 0 |
+-----------------------+---------+----------------------+------+-----------+-----------+
# Aufräumen
$ lxc delete debian-bookworm-64bit -f
$ lxc image delete debian-bookworm-amd64
Images bauen in Einzelschritten
Unnötig, ersetzt durch “build-images.sh”!
Debian-Image bauen
amd64
1
2
3
4
5
6
sudo distrobuilder build-dir debian.yaml debian-uli -o image.release=bookworm -o image.architecture=amd64
# erzeugt debian-uli
sudo distrobuilder pack-lxc debian.yaml debian-uli -o image.release=bookworm -o image.architecture=amd64
# erzeugt meta.tar.xz und rootfs.tar.xz
sudo distrobuilder pack-incus debian.yaml debian-uli -o image.release=bookworm -o image.architecture=amd64
# erzeugt rootfs.squashfs und incus.tar.xz
Neu verpacken:
1
2
3
4
5
6
7
8
9
10
11
12
13
mkdir repackaged
(
cd repackaged
xz -cd ../incus.tar.xz|sudo tar -xpf -
mkdir rootfs
cd rootfs
xz -cd ../../rootfs.tar.xz|sudo tar -xpf -
)
(
cd repackaged
sudo tar --numeric-owner -cpf - *
)|xz -T0 -c9 >debian-bookworm-amd64-lxcimage.tar.xz
sudo rm -rf repackaged
Kurztest:
1
2
3
4
5
6
7
8
9
10
11
12
$ lxc image import debian-bookworm-amd64-lxcimage.tar.xz --alias debian-bookworm-amd64
$ lxc launch debian-bookworm-amd64 debian-bookworm-64bit
$ lxc ls debian-bookworm-64bit
+-----------------------+---------+----------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+-----------------------+---------+----------------------+------+-----------+-----------+
| debian-bookworm-64bit | RUNNING | 10.253.205.42 (eth0) | | CONTAINER | 0 |
+-----------------------+---------+----------------------+------+-----------+-----------+
# Aufräumen
$ lxc delete debian-bookworm-64bit -f
$ lxc image delete debian-bookworm-amd64
i386
1
2
3
4
5
6
sudo distrobuilder build-dir debian.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
# erzeugt debian-uli
sudo distrobuilder pack-lxc debian.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
# erzeugt meta.tar.xz und rootfs.tar.xz
sudo distrobuilder pack-incus debian.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
# erzeugt rootfs.squashfs und incus.tar.xz
Neu verpacken:
1
2
3
4
5
6
7
8
9
10
11
12
13
mkdir repackaged
(
cd repackaged
xz -cd ../incus.tar.xz|sudo tar -xpf -
mkdir rootfs
cd rootfs
xz -cd ../../rootfs.tar.xz|sudo tar -xpf -
)
(
cd repackaged
sudo tar --numeric-owner -cpf - *
)|xz -T0 -c9 >debian-bookworm-i386-lxcimage.tar.xz
sudo rm -rf repackaged
Kurztest:
1
2
3
4
5
6
7
8
9
10
11
12
$ lxc image import debian-bookworm-i386-lxcimage.tar.xz --alias debian-bookworm-i386
$ lxc launch debian-bookworm-i386 debian-bookworm-32bit
$ lxc ls debian-bookworm-32bit
+-----------------------+---------+----------------------+------+-----------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+-----------------------+---------+----------------------+------+-----------+-----------+
| debian-bookworm-32bit | RUNNING | 10.253.205.92 (eth0) | | CONTAINER | 0 |
+-----------------------+---------+----------------------+------+-----------+-----------+
# Aufräumen
$ lxc delete debian-bookworm-32bit -f
$ lxc image delete debian-bookworm-i386
Erweiterungen
Zusätzliche Pakete
1
2
cp debian.yaml debian-uli.yaml
# debian-uli.yaml anpassen
Anpassungen debian-uli.yaml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
--- debian.yaml 2024-02-24 09:27:37.690252292 +0100
+++ debian-uli.yaml 2024-02-24 11:26:08.487263194 +0100
@@ -1148,6 +1148,14 @@
types:
- vm
+- path: /root/.ssh/authorized_keys
+ generator: dump
+ mode: 600
+ uid: 0
+ gid: 0
+ content: |-
+ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1cdBC88JrLfbQtjR6QSCBfK/7zba4O1CjraiB7MT59ztpc9Br1z7uLbXn3OvCmIaTl/BkYPSVMKJK1xT6ce4i6suFWosd9H8e13hMrlqGtahbohOJdg32XKwWNo7vqM8HCrCgYQE+y4d/PzdqIq4KQbEYJNqEw3ZFN+Fep7bH0kYCay0keKJdhBcIzPYOpG5WbZyYjN07NiDDJMFuimnk1QBUj0K/FMfvtMfxqPv3tdcKGo0TSWE6QteborIXmQVcZ9Zsir+diFb6cS0HsHZ0xrkde8xQrX0B+2bPEYZhax3ro2Qj/Cv7RGbS4H7jidxUAp6Q+VFQ/eAnpCZDoITmw== uli@notebook
+
packages:
manager: apt
update: true
@@ -1173,6 +1181,10 @@
- procps
- sudo
- vim
+ - joe-jupp
+ - apt-transport-https
+ - at
+ - python3-apt
+ - openssh-server
+ - ncat
+ - less
action: install
- packages:
Verpacken:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
sudo distrobuilder build-dir debian-uli.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
sudo distrobuilder pack-lxc debian-uli.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
sudo distrobuilder pack-incus debian-uli.yaml debian-uli-i386 -o image.release=bookworm -o image.architecture=i386
mkdir repackaged
(
cd repackaged
xz -cd ../incus.tar.xz|sudo tar -xpf -
mkdir rootfs
cd rootfs
xz -cd ../../rootfs.tar.xz|sudo tar -xpf -
)
(
cd repackaged
sudo tar --numeric-owner -cpf - *
)|xz -T0 -c9 >uli-debian-bookworm-i386-lxcimage.tar.xz
sudo rm -rf repackaged
Probleme und offene Punkte
Anmelden per SSH klappt nicht
debian*.yaml muß ergänzt werden um “openssh-server”
Keine IP-Adresse bei neuer Verpackung
1
2
3
4
5
6
7
mkdir repackaged
(
cd repackaged
xz -cd ../incus.tar.xz|tar xf -
ln -s ../debian-uli rootfs
sudo tar --numeric-owner -cpf - ./metadata.yaml ./templates/ ./rootfs/*
)|xz -T0 -c9 >debian-bookworm-amd64-lxcimage.tar.xz
Was bringt keine Verbesserung?
Weglassen von “—numeric-owner”
Welche Unterschiede?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
-- sr 2024-02-24 10:35:22.225384958 +0100
+++ srootfs 2024-02-24 10:35:12.217406410 +0100
@@ -320,6 +320,7 @@
./etc/rc5.d/
./etc/rc6.d/
./etc/rcS.d/
+./etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf
./etc/.resolv.conf.systemd-resolved.bak
./etc/rmt -> /usr/sbin/rmt
./etc/rpc
@@ -649,17 +650,22 @@
./etc/systemd/logind.conf
./etc/systemd/network/
./etc/systemd/networkd.conf
+./etc/systemd/network/eth0.network
./etc/systemd/pstore.conf
./etc/systemd/resolved.conf
./etc/systemd/sleep.conf
./etc/systemd/system/
./etc/systemd/system.conf
./etc/systemd/system/dbus-org.freedesktop.resolve1.service -> /lib/systemd/system/systemd-resolved.service
+./etc/systemd/system-generators/
+./etc/systemd/system-generators/lxc
./etc/systemd/system/getty.target.wants/
./etc/systemd/system/getty.target.wants/getty@tty1.service -> /lib/systemd/system/getty@.service
./etc/systemd/system/multi-user.target.wants/
./etc/systemd/system/multi-user.target.wants/e2scrub_reap.service -> /lib/systemd/system/e2scrub_reap.service
./etc/systemd/system/multi-user.target.wants/remote-fs.target -> /lib/systemd/system/remote-fs.target
+./etc/systemd/system/sockets.target.wants/
+./etc/systemd/system/sockets.target.wants/systemd-networkd.socket -> /lib/systemd/system/systemd-networkd.socket
./etc/systemd/system/sysinit.target.wants/
./etc/systemd/system/sysinit.target.wants/systemd-pstore.service -> /lib/systemd/system/systemd-pstore.service
./etc/systemd/system/sysinit.target.wants/systemd-resolved.service -> /lib/systemd/system/systemd-resolved.service
@@ -807,7 +813,6 @@
./root/.profile
./root/.ssh/
./run/
-./run/systemd/resolve/stub-resolv.conf
./sbin -> usr/sbin
./solvers/dump
./srv/
Was sind die Ursachen?
distrobuilder pack-incus
verpackt nicht einfach nur den Inhalt vom “rootfs”, sondern führt
auch noch die Generatoren innerhalb der YAML-Datei aus. Diese sind u.a. für die Netzwerkkonfiguration
verantwortlich.
Links
Änderungen
2023-02-24: Erste Version