Add 'debian10-LXC.md'

2021-05-20 12:58:19 +00:00
parent 49cb44711a
commit e612bf8f42
1 changed files with 51 additions and 0 deletions
--- a/debian10-LXC.md
+++ b/debian10-LXC.md
@@ -0,0 +1,51 @@
+# Setup LXC on debian 10
+
+Install packages and add unprivileged user
+```
+apt install lxc libvirt0 libpam-cgfs bridge-utils uidmap
+useradd -r lxcuser
+cat /etc/s*id|grep lxcuser
+```
+
+Put the following in /etc/default/lxc-net 
+```
+USE_LXC_BRIDGE="true"
+ 
+#### /etc/lxc/default.conf 
+lxc.idmap = u 0 <Replace with output of cat> <Replace with output of cat>
+lxc.idmap = g 0 <Replace with output of cat> <Replace with output of cat>
+lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
+lxc.apparmor.profile = unconfined
+lxc.apparmor.allow_nesting = 1
+lxc.net.0.type = veth
+lxc.net.0.link = lxcbr0
+lxc.net.0.flags = up
+lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
+```
+
+Give root acces to unprivileged user space
+```
+echo "root:<Replace with output of cat>:<Replace with output of cat>" >> /etc/subuid
+echo "root:<Replace with output of cat>:<Replace with output of cat>" >> /etc/subgid 
+```
+
+Enable and start lxc network service 
+```
+systemctl enable --now lxc-net
+```
+enable unprivileged user namespaces for kernels < 5.10
+```
+echo kernel.unprivileged_userns_clone=1 >> /etc/sysctl.conf
+sysctl -p
+```
+
+
+# Extra config KB
+* Create Container `lxc-create -t download -n <CTName> -- -d debian -r buster -a amd64`
+* Container config `/var/lib/lxc/<CTName>/config`
+* add to Container config to start on boot `lxc.start.auto = 1`
+* add to Container config for static ip
+```
+lxc.net.0.ipv4.address = 10.0.3.<IP>/24
+lxc.net.0.ipv4.gateway = 10.0.3.1
+```