-
Notifications
You must be signed in to change notification settings - Fork 16
LXC Configuration
- create and run container
- prepare container : add user, git command script & packages
- stop container & configure LXC network
$ cd /home/webida
$ mkdir lxc
$ sudo lxc-create -P ./lxc -t download -n webida -- -d ubuntu -r trusty -a amd64
$ sudo lxc-start -n webida -f ./lxc/webida/config
if you want to use some other directory to keep your container's root file system, you may have to set proper paths in Webida server configuration file. See Configuration what to change.
Saw container running? Open another terminal and set up the container.
$ sudo lxc-attach -n webida
Following instructions should be run in the container, with root shell. Before start, recall the uid of the webida user in your host system.
# adduser webida --uid $your_webida_user_uid
(set proper password)
# mkdir /fs
# usermod -d /fs webida
In the container, we recommend to move the home directory of webida user to /fs, where the workspace volume of each user is mounted, to give them easier access. The root file system should be read-only.
# apt-get install git-svn lxc openjdk-7-jdk
# wget http://nodejs.org/dist/v4.2.2/node-v4.2.2-linux-x64.tar.gz
# tar zxvf node-v4.2.2-linux-x64.tar.gz
# cd node-v4.2.2-linux-x64
# sudo cp -r * /usr/local/
# npm install -g grunt-cli
Some (node) packages should be installed 'in' the container as they are installed in the host. Do not omit lxc, especially in ubuntu host. init.lxc command should be populated into container to run lxc-execute. You should also install node.js & grunt to support build webapps via terminal. If you want to add some other tools & features then you can add any them in the container like above. Since some git commands are executed in the container, you must not omit git.
In the container, git commands are executed under git.sh, a simple shell script who wraps real commands and providing credentials given by Web UI. Create the script.
# vi /usr/bin/git.sh
# chmod +x /usr/bin/git.sh
copy following git.sh file contents into your editor. git.sh
#/bin/bash
AUTH_ID=''
AUTH_PASS=''
ARGS=( )
#SSH_KEY=$HOME/.userinfo/id_rsa
#UNIQ_KEY=`uuid`
#TMP_SSH=/tmp/.git_ssh.$UNIQ_KEY
for args in "$@"
do
if [[ "$args" = --authuser* ]] ;then
AUTH_ID=`echo "$args" | cut -d'=' -f2`
elif [[ "$args" = --authpass* ]] ;then
AUTH_PASS=`echo "$args" | cut -d'=' -f2`
else
ARGS=("${ARGS[@]}" "$args")
fi
done
#if [ -f $SSH_KEY ]; then
# echo "ssh -q -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i $SSH_KEY \$@" > $TMP_SSH
# chmod +x $TMP_SSH
# export GIT_SSH=$TMP_SSH
#fi
#git Run the git command
if [ ! -z $AUTH_ID ] ;then
#expect -d <<EOF
expect <<EOF
set timeout -1
spawn -noecho git --no-pager ${ARGS[@]}
expect {
"*sername" {
send "$AUTH_ID\r"
exp_continue
}
"*assword" {
send "$AUTH_PASS\r"
expect eof
}
busy {
exp_continue
}
}
EOF
else
git --no-pager "${ARGS[@]}"
fi
#if [ $? -ne 0 ]; then
# echo "Note: If using SSH protocol, you need to verify the private key(id_rsa) in the following location."
# echo " > \$HOME/.userinfo/id_rsa"
#fi
It's almost done. Stop the container & setup networking of the container.
(in where you were working)
# exit
(in the terminal where you started container via lxc-start)
$ sudo lxc-stop -n webida
To expand ip address range assigned to each lxc-execute processes, modify LXC networking configuration file /etc/init/lxc-net.conf
env USE_LXC_BRIDGE="true"
env LXC_BRIDGE="lxcbr0"
env LXC_ADDR="10.0.0.1"
env LXC_NETMASK="255.0.0.0"
env LXC_NETWORK="10.0.0.0/8"
env LXC_DHCP_RANGE="10.0.0.1,10.255.255.254"
env LXC_DHCP_MAX="16000000"
And also modify /etc/default/lxc-net file:
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.0.1"
LXC_NETMASK="255.0.0.0"
LXC_NETWORK="10.0.0.0/8"
LXC_DHCP_RANGE="10.0.0.2,10.255.255.254"
LXC_DHCP_MAX="16000000"
And restart lxc services:
$ stop lxc
$ restart lxc-net
$ start lxc
If you want to use some different network configuration for each container that runs in your host, you should modify Webida server's configuration file to assign proper IP's to each containers. (For security & protection from collision, each webida terminal runs under differnt container with different IP.) So, prepare 'enough' IP range for users, at least 3x(number of concurrent IDE sessions)
If your host has 10.x.y.z IP, (maybe in some NAT network or virtual machine), then you must change Webida server configuration to set up proper IP range, gateway & subnet mask for containers to avoid collision with with host network.