-
Notifications
You must be signed in to change notification settings - Fork 16
LXC Configuration
- create and run container
- prepare container : add user, git command script & packages
- stop container & configure LXC network
$ sudo lxc-create -t download -n webida -- -d ubuntu -r trusty -a amd64
$ sudo lxc-ls --fancy
lxc-create command is creates a lxc container.
lxc-ls command is show up the currently created container list.
Now you have a new container, 'webida', in /var/lib/lxc. If you want to use some other directories then default, you should edit lxc path in /etc/lxc/lxc.conf. We don't recommend move your container out of default lxc path, /var/lib/lxc/, without editing the lxc path in lxc.conf
$ sudo lxc-start -n webida
Now webida lxc container is running. you can see the login view. You do not be able to login webida lxc container. because the webida lxc container has not registered user. You must go to the next step.
Saw container running? Open another terminal and set up the container.
$ sudo lxc-attach -n webida
Following instructions should be run in the container, with root shell. Before start, recall the uid of the webida user in your host system.
# adduser webida --uid $your_webida_user_uid
(set proper password)
# mkdir /fs
# usermod -d /fs webida
If the host's webida user has uid 1000, then you may found the uid is used for ubuntu, already. You can change the id of ubuntu into webida, or change the uid of host webida user to 1000. Since the ubuntu account has sudoer previlege, it's better to create new webdia user and change the host /etc/passwd file.
Don't forget moving the home directory of webida user to /fs, where the workspace volume of each user is mounted, to give them easier access. The root file system should be read-only.
What is $your_webida_user_uid? If you don't know $your_webida_user_uid, then please read prerequisites document
# apt-get install wget git-svn lxc openjdk-7-jdk
# wget http://nodejs.org/dist/v4.2.2/node-v4.2.2-linux-x64.tar.gz
# tar zxvf node-v4.2.2-linux-x64.tar.gz
# cd node-v4.2.2-linux-x64
# sudo cp -r * /usr/local/
# npm install -g grunt-cli bower
Some (node) packages should be installed 'in' the container as they are installed in the host. Do not omit lxc, especially in ubuntu host. init.lxc command should be populated into container to run lxc-execute. You should also install node.js & grunt to support build webapps via terminal. If you want to add some other tools & features then you can add any them in the container like above. Since some git commands are executed in the container, you must not omit git
In the container, git commands are executed under git.sh, a simple shell script who wraps real commands and providing credentials given by Web UI. Create the script in common path, like /usr/bin/ and copy following git.sh file contents into your editor.
# vi /usr/bin/git.sh
# chmod +x /usr/bin/git.sh
git.sh
#!/bin/bash
SSH_KEY=$HOME/.userinfo/id_rsa
TMP_SSH=`mktemp`
if [ -f $SSH_KEY ]; then
echo "ssh -q -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i $SSH_KEY \$@" > $TMP_SSH
chmod +x $TMP_SSH
export GIT_SSH=$TMP_SSH
fi
#git Run the git command
git --no-pager "$@"
# remove temporary file on exit
trap "rm -f $TMP_SSH" 0
It's almost done. Stop the container & setup networking of the container.
(in where you were working)
# exit
(in the terminal where you started container via lxc-start)
$ sudo lxc-stop -n webida
To expand ip address range assigned to each lxc-execute processes, modify LXC networking configuration file /etc/init/lxc-net.conf
env USE_LXC_BRIDGE="true"
env LXC_BRIDGE="lxcbr0"
env LXC_ADDR="10.0.0.1"
env LXC_NETMASK="255.0.0.0"
env LXC_NETWORK="10.0.0.0/8"
env LXC_DHCP_RANGE="10.0.0.1,10.255.255.254"
env LXC_DHCP_MAX="16000000"
And also modify /etc/default/lxc-net file:
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.0.1"
LXC_NETMASK="255.0.0.0"
LXC_NETWORK="10.0.0.0/8"
LXC_DHCP_RANGE="10.0.0.2,10.255.255.254"
LXC_DHCP_MAX="16000000"
And restart lxc services:
$ stop lxc
$ restart lxc-net
$ start lxc
If you want to use some different network configuration for each container that runs in your host, you should modify Webida server's configuration file to assign proper IP's to each containers. (For security & protection from collision, each webida terminal runs under differnt container with different IP.) So, prepare 'enough' IP range for users, at least 3x(number of concurrent IDE sessions)
If your host has 10.x.y.z IP, (maybe in some NAT network or virtual machine), then you must change Webida server configuration to set up proper IP range, gateway & subnet mask for containers to avoid collision with with host network.