container-tools: Host Setup
===========================


1. Debian Packages
-------------------

apt install bridge-utils ifenslave vlan


2. Boot Parameters
------------------

2.1 CGroup Memory Controller
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In order to enable the memory controller the following boot parameter needs to be used:

	cgroup_enable=memory


2.2 CGroup Swap Controller
~~~~~~~~~~~~~~~~~~~~~~~~~~

In order to enable the swap controller the following boot parameter needs to be used:

	swapaccount=1


3. Networking
~~~~~~~~~~~~~

3.1 Enable IPv4 Forwarding
~~~~~~~~~~~~~~~~~~~~~~~~~~

apt install procps
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_foward.conf
sysctl -p


3.2 Configure Network Bridge
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3.2.1 Bridge: 1 Interface, standalone, DHCP
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

cat > /etc/network/interfaces << EOF
# /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface eth0 inet manual

allow-hotplug br0
iface br0 inet dhcp
	bridge_ports	eth0
	bridge_fd	0
	bridge_maxwait	0
	bridge_stp	0
EOF


3.2.2 Bridge: 1 Interface, standalone, static
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

cat > /etc/network/interfaces << EOF
# /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface eth0 inet manual

allow-hotplug br0
iface br0 inet static
	address		10.0.0.2
	gateway		10.0.0.1
	netmask		255.255.255.0

	pre-up		ifconfig eth0 down
	pre-up		ifconfig eth0 up

	bridge_ports	eth0
	bridge_fd	0
	bridge_maxwait	0
	bridge_stp	0
EOF


3.2.3 Bridge: 2 logical Interfaces, subnet, static
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

cat > /etc/network/interfaces << EOF
# /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet dhcp

allow-hotplug br0
iface br0 inet static
	address		10.0.0.1
	netmask		255.255.255.0

	pre-up		brctl addbr br0
	post-down	brctl delbr br0

	bridge_fd	0
	bridge_maxwait	0
	bridge_stp	0
EOF


3.2.4 Bridge: 3 physical Interfaces, vlan, bonding, static
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

cat > /etc/network/interfaces << EOF
# /etc/network/interfaces

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet dhcp

iface eth1 inet manual

iface eth2 inet manual

allow-hotplug bond0
iface bond0 inet manual
	up			ifconfig bond0 0.0.0.0 up
	down			ifconfig bond0 down

	slaves			eth1 eth2

	bond-mode		4
	bond-miimon		100
	bond-downdelay		200
	bond-updelay		200
	bond-lacp-rate		1
	bond-xmit-hash-policy	layer2+3

iface bond0.100 inet manual
	vlan-raw-device bond0

allow-hotplug br100
iface br100 inet static
	address			10.100.0.2
	#gateway		10.100.0.1
	netmask			255.255.255.0

	post-up			ip route add 10.100.0.0/24 via 10.100.0.1 dev br100
	post-down		ip route del 10.100.0.0/24 dev br100

	bridge_ports		bond0.100
	bridge_fd		0
	bridge_maxwait		0
	bridge_stp		0
EOF


4. Enabling container-shell
---------------------------

Managing containers requires root privileges. In order to allow unprivileged
users to manage containers without granting them privileges or accounts,
the container-shell can be used together with sudo and a container user.

  sudo adduser --gecos "container-tools,,," \
	--home /var/lib/machines/container-tools \
	--shell /usr/bin/container-shell \
	--no-create-home container