Earl Warren
2e814536ce
The general idea is that all LXC containers will now have IPv6 activated, wether they need it or not. The lxc_install_lxc command also has an optional IPv6 argument which is semantically equivalent to the IPv6 prefix but for the IPv6 private range. NAT is activated for IPv6 because it only relies on private IP ranges. If an LXC container needs to be associated with a public IPv6, it will need to be proxied, it won't be available publicly.
166 lines
4.3 KiB
Bash
Executable file
166 lines
4.3 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
set -e
|
|
|
|
source $(dirname $0)/lxc-helpers-lib.sh
|
|
|
|
function verbose() {
|
|
set -x
|
|
PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}: '
|
|
LXC_VERBOSE=true
|
|
}
|
|
|
|
function help() {
|
|
cat <<'EOF'
|
|
lxc-helpers.sh - LXC container management helpers
|
|
|
|
SYNOPSIS
|
|
|
|
lxc-helpers.sh [-v|--verbose] [-h|--help]
|
|
[-o|--os {bookworm|bullseye} (default bookworm)]
|
|
command [arguments]
|
|
|
|
lxc-helpers.sh [-v|--verbose] [-h|--help]
|
|
[-o|--os {bookworm|bullseye} (default bookworm)]
|
|
[-c|--config {unprivileged lxc libvirt docker k8s} (default "lxc libvirt docker")]
|
|
lxc_container_create [arguments]
|
|
|
|
DESCRIPTION
|
|
|
|
A thin shell based layer on top of LXC to create, populate, run and
|
|
destroy LXC containers. A container is created from a copy of an
|
|
existing container.
|
|
|
|
The LXC network is configured to provide a NAT'ed IP address (IPv4
|
|
and IPv6) to each container, in a configurable private range.
|
|
|
|
CREATE AND DESTROY
|
|
|
|
lxc_prepare_environment
|
|
|
|
Install LXC dependencies.
|
|
|
|
lxc_container_create `name`
|
|
|
|
Create the `name` container.
|
|
|
|
lxc_container_mount `name` `path`
|
|
|
|
Configure `name` container to bind mount `path` so that it is
|
|
also accessible at `path` from within the container.
|
|
|
|
lxc_container_start `name`
|
|
|
|
Start the `name` container.
|
|
|
|
lxc_container_stop `name`
|
|
|
|
Stop the `name` container.
|
|
|
|
lxc_container_destroy `name`
|
|
|
|
Call lxc_container_stop `name` and destroy the container.
|
|
|
|
lxc_template_release
|
|
|
|
Echo the name of the container for the Operating System
|
|
specified with `--os`.
|
|
|
|
lxc_build_template `existing_container` `new_container`
|
|
|
|
Copy `existing_container` into `new_container`. If
|
|
`existing_container` is equal to $(lxc-helpers.sh lxc_template_release) it
|
|
will be created on demand.
|
|
|
|
CONFIGURATION
|
|
|
|
The `--config` option provides preset configurations appended to the `/var/lib/lxc/name/config`
|
|
file when the container is created with the `lxc_container_create` command. They are required
|
|
to run the corresponding subsystem:
|
|
|
|
* `docker` https://www.docker.com/
|
|
* `lxc` https://linuxcontainers.org/lxc/
|
|
* `libvirt` https://libvirt.org/
|
|
* `k8s` https://kubernetes.io/
|
|
* `unprivileged` none of the above
|
|
|
|
Example: lxc-helpers.sh --config "docker libvirt" lxc_container_create mycontainer
|
|
|
|
The `unprivileged` configuration does not add anything.
|
|
|
|
ACTIONS IN THE CONTAINER
|
|
|
|
For some command lxc_something `name` that can be called from outside the container
|
|
there is an equivalent function lxc_something_inside that can be called from inside
|
|
the container.
|
|
|
|
lxc_install_lxc `name` `prefix` [`prefixv6`]
|
|
lxc_install_lxc_inside `prefix` [`prefixv6`]
|
|
|
|
Install LXC in the `name` container to allow the creation of
|
|
named containers. `prefix` is a class C IP prefix from which
|
|
containers will obtain their IP (for instance 10.40.50). `prefixv6`
|
|
is an optional IPv6 private address prefix that defaults to fc15.
|
|
|
|
lxc_container_run `name` command [options...]
|
|
|
|
Run the `command` within the `name` container.
|
|
|
|
lxc_container_run_script `name` `path`
|
|
lxc_container_run_script_as `name` `user` `path`
|
|
|
|
Run the script found at `path` within the `name` container. The
|
|
environment is cleared before running the script. The first form
|
|
will run as root, the second form will impersonate `user`.
|
|
|
|
lxc_container_user_install `name` `user_id` `user` [`homedir` default `/home`]
|
|
|
|
Create the `user` with `user_id` in the `name` container with a
|
|
HOME at `/homedir/user`. Passwordless sudo permissions are
|
|
granted to `user`. It is made a member of the groups docker, kvm
|
|
and libvirt if they exist already. A SSH key is created.
|
|
|
|
Example: lxc_container_user_install mycontainer $(id -u) $USER
|
|
|
|
EOF
|
|
}
|
|
|
|
function main() {
|
|
local options=$(getopt -o hvoc --long help,verbose,os:,config: -- "$@")
|
|
[ $? -eq 0 ] || {
|
|
echo "Incorrect options provided"
|
|
exit 1
|
|
}
|
|
eval set -- "$options"
|
|
while true; do
|
|
case "$1" in
|
|
-v | --verbose)
|
|
verbose
|
|
;;
|
|
-h | --help)
|
|
help
|
|
;;
|
|
-o | --os)
|
|
LXC_CONTAINER_RELEASE=$2
|
|
shift
|
|
;;
|
|
-c | --config)
|
|
LXC_CONTAINER_CONFIG="$2"
|
|
shift
|
|
;;
|
|
--)
|
|
shift
|
|
break
|
|
;;
|
|
esac
|
|
shift
|
|
done
|
|
|
|
lxc_maybe_sudo
|
|
|
|
"$@"
|
|
}
|
|
|
|
main "$@"
|