FreedomBoxBlog

Installing LXC, DHCP and DNS on my FreedomBox

Rob van der Hoeven
Sun Apr 24 2011

Linux Containers (LXC) are the basic building blocks of my FreedomBox architecture. This article shows how the network must be configured in order to support LXC. It further shows how DHCP and DNS are used to support the LXC infrastructure. After installing LXC a simple script can be run to create LXC containers which are fully integrated into a local DNS domain (you can use: ssh root@containername.freedom.box).

Requirements.

My FreedomBox uses Debian GNU/Linux in combination with LXC virtual machines. This article only describes a Debian configuration.

This article describes the installation of a local DHCP/DNS combination which must be the only DHCP/DNS service in the configured network segment. All other DHCP/DNS services (hint: on the router) must be disabled. The FreedomBox must be able to use a static IP address.

Disclaimer.

Some of the procedures in this article are not without risks and I cannot guaranty the accuracy of all the information in this article. If you follow any of the procedures mentioned in this article, you do so at your own risk.

The main risk is loosing the network connection to your box. If this happens and if ssh is the only way you can connect to your box, then the only way to correct this problem is to take out the HD and connect it to another Linux machine so you can edit the network configuration.

Preparing the network interface.

Each LXC container adds a virtual networking interface (card) to your system. In order to connect multiple networking interfaces you have to create a network bridge. Network bridges are very simple, if one network card does not know how to reach a specific IP address it asks all the other cards in the bridge if they can reach the IP address. A positive response is remembered by the bridge. If no card can reach the IP address, the gateway is used.

You can create a network bridge by:

Installing bridge-utils.

apt-get install bridge-utils

Edit /etc/network/interfaces

before:

# The loopback network interface

auto lo
    iface lo inet loopback

# The primary network interface

allow-hotplug eth0
    iface eth0 inet dhcp

after:

# The loopback network interface

auto lo
    iface lo inet loopback

# The primary network interface

auto br0
    iface br0 inet static
    bridge_ports eth0
    bridge_fd 0
    address 192.168.1.3
    netmask 255.255.255.0
    network 192.168.1.0
    broadcast 192.168.1.255
    gateway 192.168.1.1

I am using the 192.168.1.0/24 network. Remember to change this if your router is using another network.

WARNING: Double-check /etc/network/interfaces. Restarting the network makes you lose your connection. Mistakes in the configuration may prevent you from connecting to your box again. If this happens you have to connect the HD to another GNU/Linux computer in order to correct the problem.

Restart the network.

/etc/init.d/networking restart

You lose your network connection...

Connect to the new address.

ssh root@192.168.1.3

Installing DHCP/DNS.

I like domain names. What I want for my local LXC network is an integrated DHCP/DNS combination. After the DHCP server handout an address, the address must be communicated to a DNS server that binds it to a domain name. Fortunately there is a package that can do this: dnsmasq. It's ideal – lightweight, powerful and very easy to configure!

Installation.

apt-get install dnsmasq

Edit /etc/dnsmasq.conf

Find the following #settings and replace them by the settings on the next line:

#resolv-file=
resolv-file=/etc/resolv_router.conf

#local=/localnet/
local=/box/

#expand-hosts
expand-hosts

#domain=thekelleys.org.uk
domain=freedom.box

#dhcp-range=192.168.0.50,192.168.0.150,12h
dhcp-range=192.168.1.50,192.168.1.250,12h

#dhcp-option=3,1.2.3.4
dhcp-option=3,192.168.1.1

Change the name-server.

cd /etc

cp resolv.conf resolv_router.conf

edit resolv.conf change the IP address to: 192.168.1.3

Restart dnsmasq.

/etc/init.d/dnsmasq restart

This configuration creates the freedom.box domain. If you use my LXC installation script to create a LXC container with a name of “helloworld”, you can use helloworld.freedom.box to get it's IP address.

Install LXC.

The LXC technology depends on a Linux kernel feature called cgroups. In order to use this feature you must do the following:

Create a /cgroup directory

mkdir /cgroup

Edit /etc/fstab, add the line:

cgroup /cgroup cgroup defaults 0 0

Mount the /cgroup directory.

mount -a

Install LXC.

apt-get install lxc

Check the installation.

lxc-checkconfig

Everything should be enabled except the cgroup memory controler. This feature has some performance issues and is not compiled into the kernel by default.

You can find some documentation in: /usr/share/doc/lxc.

In /usr/lib/lxc/templates you can find scripts to install containers with various GNU/Linux distributions.

In order to create a Debian container you have to install debootstrap first:

apt-get install debootstrap

The LXC utilities expect the containers to be created in subdirectories of /var/lib/lxc. This is hardcoded, so don't try to use another directory. To create a container you can do the following:

(this works, but don't do this. Use my slightly modified script... )

cd /var/lib/lxc

mkdir mycontainer

/usr/lib/lxc/templates/lxc-debian -n mycontainer -p /var/lib/lxc/mycontainer

After you have created the container you can start the container in two ways:

Daemon mode.

lxc-start -n mycontainer -d

Terminal mode.

lxc-start -n mycontainer

In daemon mode you can use ssh to connect to the container. The lxc-debian script does not give the container a domain name. You have to find the IP address of the container yourself.

In terminal mode you can use the standard password (root) to work inside the container. The terminal mode is “Hotel California” - you can check in any time you want, but you can never leave. To leave terminal mode you must use another terminal and issue the command:

lxc-stop -n mycontainer

If you use the lxc-debian script that comes with Squeeze you are in for a surprise. This script creates Lenny containers! In order to create Squeeze containers and give them a nice domain name I made a slightly modified version of the lxc-debian script. Download this lxc-debian-box script and put it into /usr/lib/lxc/templates.

Create a test container and have some fun.

Now everything is in place to start using LXC containers. Let's create one:

cd /var/lib/lxc

mkdir test

/usr/lib/lxc/templates/lxc-debian-box -n test -p /var/lib/lxc/test

Start the container as a daemon.

lxc-start -n test -d
lxc-info -n test

ssh root@test.freedom.box (default password: root)

passwd
dpkg-reconfigure tzdata

apt-get update
apt-get upgrade
apt-get install lynx

lynx freedomboxblog.nl

Comments: 1

From: rob - Mon, 30 Jun 2014 21:01:21 +0200
test