container-tools: Host Setup =========================== 1. Debian Packages ------------------- apt install net-tools bridge-utils ifenslave vlan 2. Boot Parameters ------------------ 2.1 CGroup Memory Controller ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In order to enable the memory controller the following boot parameter needs to be used: cgroup_enable=memory 2.2 CGroup Swap Controller ~~~~~~~~~~~~~~~~~~~~~~~~~~ In order to enable the swap controller the following boot parameter needs to be used: swapaccount=1 3. Networking ~~~~~~~~~~~~~ 3.1 Enable IPv4 Forwarding ~~~~~~~~~~~~~~~~~~~~~~~~~~ apt install procps echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_foward.conf sysctl -p 3.2 Configure Network Bridge ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 3.2.1 Bridge: 1 Interface, standalone, DHCP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF # /etc/network/interfaces source /etc/network/interfaces.d/* auto lo iface lo inet loopback iface eth0 inet manual allow-hotplug br0 iface br0 inet dhcp bridge_ports eth0 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF 3.2.2 Bridge: 1 Interface, standalone, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF # /etc/network/interfaces source /etc/network/interfaces.d/* auto lo iface lo inet loopback iface eth0 inet manual allow-hotplug br0 iface br0 inet static address 10.0.0.2 gateway 10.0.0.1 netmask 255.255.255.0 pre-up ifconfig eth0 down pre-up ifconfig eth0 up bridge_ports eth0 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF 3.2.3 Bridge: 2 logical Interfaces, subnet, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF # /etc/network/interfaces source /etc/network/interfaces.d/* auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet dhcp allow-hotplug br0 iface br0 inet static address 10.0.0.1 netmask 255.255.255.0 pre-up brctl addbr br0 post-down brctl delbr br0 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF 3.2.4 Bridge: 3 physical Interfaces, vlan, bonding, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cat > /etc/network/interfaces << EOF # /etc/network/interfaces source /etc/network/interfaces.d/* auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet dhcp iface eth1 inet manual iface eth2 inet manual allow-hotplug bond0 iface bond0 inet manual up ifconfig bond0 0.0.0.0 up down ifconfig bond0 down slaves eth1 eth2 bond-mode 4 bond-miimon 100 bond-downdelay 200 bond-updelay 200 bond-lacp-rate 1 bond-xmit-hash-policy layer2+3 iface bond0.100 inet manual vlan-raw-device bond0 allow-hotplug br100 iface br100 inet static address 10.100.0.2 #gateway 10.100.0.1 netmask 255.255.255.0 post-up ip route add 10.100.0.0/24 via 10.100.0.1 dev br100 post-down ip route del 10.100.0.0/24 dev br100 bridge_ports bond0.100 bridge_fd 0 bridge_maxwait 0 bridge_stp 0 EOF 4. Enabling container-shell --------------------------- Managing containers requires root privileges. In order to allow unprivileged users to manage containers without granting them privileges or accounts, the container-shell can be used together with sudo and a container user. sudo adduser --gecos "container-tools,,," \ --home /var/lib/machines/container-tools \ --shell /usr/bin/container-shell \ --no-create-home container