Table of Contents
1 LXDをインストールする
以下のスクリプトはlxdをインストールします。
#!/bin/shset -eUSER_ADDED_TO_LXD_GROUP=”${USER}”# FIXME: Running LXD need this.[ -f /etc/subuid ] && sudo mv /etc/subuid /etc/subuid.orig[ -f /etc/subgid ] && sudo mv /etc/subgid /etc/subgid.origecho “root:100000:65536” | sudo tee /etc/subuidecho “root:100000:65536” | sudo tee /etc/subgid# LXD/LXC uses lxc-xxx pakcage.sudo dnf install -y lxc-devel# Install LXD/LXC.sudo groupadd -r lxdsudo mkdir -p /var/lib/lxdsudo chown root:lxd /var/lib/lxdsudo mkdir -p /var/log/lxdsudo chown root:lxd /var/log/lxdsudo dnf install -y git golang sqlite-devel dnsmasq squashfs-tools libacl-develexport GOPATH=${HOME}/goexport PATH=${GOPATH}/bin/:${PATH}go get -v -x -tags libsqlite3 github.com/lxc/lxd/lxc github.com/lxc/lxd/lxdsudo cp “${GOPATH}”/bin/* /usr/bin/# Create systemd service and socket.cat <<EOF | sudo tee /usr/lib/systemd/system/lxd.service[Unit]Description=LXD – main daemonAfter=network.targetRequires=network.target lxd.socketDocumentation=man:lxd(1)[Service]EnvironmentFile=-/etc/environmentExecStart=/usr/bin/lxd –group lxd –logfile=/var/log/lxd/lxd.logExecStartPost=/usr/bin/lxd waitready –timeout=600KillMode=processTimeoutStartSec=600TimeoutStopSec=40Restart=on-failureLimitNOFILE=infinityLimitNPROC=infinity[Install]Also=lxd.socketEOFcat <<EOF | sudo tee /usr/lib/systemd/system/lxd.socket[Unit]Description=LXD – unix socketDocumentation=man:lxd(1)[Socket]ListenStream=/var/lib/lxd/unix.socketSocketGroup=lxdSocketMode=0660Service=lxd.service[Install]WantedBy=sockets.targetEOF# FIXME: LXD needs SELinux configuration like container-selinux of docker.cat <<EOF > my-systemd.temodule my-systemd 1.0;require { type init_t; type unconfined_service_t; type var_lib_t; class unix_stream_socket { create setopt bind listen }; class sock_file { create setattr unlink };}#============= init_t ==============allow init_t unconfined_service_t:unix_stream_socket { create setopt bind listen };allow init_t var_lib_t:sock_file { create setattr unlink };EOFcheckmodule -M -m -o my-systemd.mod my-systemd.tesemodule_package -m my-systemd.mod -o my-systemd.ppsudo semodule -i my-systemd.pprm -f my-systemd.te my-systemd.mod my-systemd.pp# Run LXD for initialization.sudo systemctl –system daemon-reloadsudo systemctl enable lxdsudo systemctl start lxd# Initialize LXD.cat <<EOF | sudo lxd inityesdefaultdirnoyesyeslxdbr0autoautoEOF# Running container needs user_namespace.enable=1.sudo dnf install -y grub2-tools. /etc/default/grubV=”$GRUB_CMDLINE_LINUX user_namespace.enable=1″sudo sed -e “s;^GRUB_CMDLINE_LINUX=.*;GRUB_CMDLINE_LINUX=”$V”;g” -i /etc/default/grubsudo grub2-mkconfig -o /boot/grub2/grub.cfg# Add user to lxd for running lxc command without privilege.sudo gpasswd -a “${USER_ADDED_TO_LXD_GROUP}” lxd# Reboot.sudo reboot
2 コンテナを立ち上げる
debian/stretchのイメージをダウンロードして立ち上げることができました。IPアドレスが割り振られています。
$ lxc launch images:debian/stretch debian<snip>$ lxc exec debian ip a s1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWNgroup default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueuestate UP group default qlen 1000 link/ether 00:16:3e:29:1e:7d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::216:3eff:fe29:1e7d/64 scope link tentative valid_lft forever preferred_lft forever