container-tools: Host Setup =========================== 1. Debian Packages ------------------- apt install bridge-utils ifenslave vlan 2. Boot Parameters ------------------ 2.1 CGroup Memory Controller ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In order to enable the memory controller the following boot parameter needs to be used: cgroup_enable=memory 2.2 CGroup Swap Controller ~~~~~~~~~~~~~~~~~~~~~~~~~~ In order to enable the swap controller the following boot parameter needs to be used: swapaccount=1 3. Networking ~~~~~~~~~~~~~ 3.1 Enable IPv4 Forwarding ~~~~~~~~~~~~~~~~~~~~~~~~~~ apt install procps echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_foward.conf sysctl -p 3.2 Configure Network Bridge ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3.2.1 Bridge: 1 Interface, standalone, DHCP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF # /etc/network/interfaces auto lo iface lo inet loopback iface eth0 inet manual auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF 3.2.2 Bridge: 1 Interface, standalone, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF # /etc/network/interfaces auto lo iface lo inet loopback iface eth0 inet manual auto br0 iface br0 inet static address 10.0.0.2 broadcast 10.0.0.255 gateway 10.0.0.1 netmask 255.255.255.0 network 10.0.0.0 pre-up ifconfig eth0 down pre-up ifconfig eth0 up bridge_ports eth0 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF 3.2.3 Bridge: 2 logical Interfaces, subnet, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF # /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto br0 iface br0 inet static address 10.0.0.1 broadcast 10.0.0.255 netmask 255.255.255.0 network 10.0.0.0 pre-up brctl addbr br0 post-down brctl delbr br0 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF 3.2.4 Bridge: 3 physical Interfaces, vlan, bonding, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF # /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp iface eth1 inet manual iface eth2 inet manual auto bond0 iface bond0 inet manual up ifconfig bond0 0.0.0.0 up down ifconfig bond0 down slaves eth1 eth2 bond-mode 4 bond-miimon 100 bond-downdelay 200 bond-updelay 200 bond-lacp-rate 1 bond-xmit-hash-policy layer2+3 iface bond0.100 inet manual vlan-raw-device bond0 auto br100 iface br100 inet static address 10.100.0.2 broadcast 10.100.0.255 #gateway 10.100.0.1 netmask 255.255.255.0 network 10.100.0.0 post-up ip route add 10.100.0.0/24 via 10.100.0.1 dev br100 post-down ip route del 147.87.226.0/24 dev br100 bridge_ports bond0.100 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF 4. Enabling container-shell --------------------------- Managing containers requires root privileges. In order to allow unprivileged users to manage containers without granting them privileges or accounts, the container-shell can be used together with sudo and a container user. sudo adduser --gecos "container-tools,,," \ --home /var/lib/machines/container-tools \ --shell /usr/bin/container-shell \ --no-create-home container