You are here
I have successfully got one of the appliances running (turnkey-fileserver) inside lxc, but I am having trouble accessing the device. Does anyone know how to ssh into the device/container with a blank root password? I have played around with these settings and still getting permission denied when i try to enter an empty password:
<mountpoint>/etc/ssh/sshd_config
PermitRootLogin without-password
PermitEmptyPasswords yes
<mountpoint>/etc/pam.d/sshd
auth required /lib/security/pam_unix.so shadow nodelay nullok
* UPDATE: I lied about the above *
I didn't successfully run turnkey in a container. It turns out I had the config file mapping to the wrong mount point (a working one). Here's what I'm getting:
<mountpoint>/var/log/syslog
May 9 23:32:19 fileserver kernel: Cannot find map file.
Haven't run TurnKey under lxc yet
In the meantime I'm very interested in what you manage to learn trying this. Good luck!
steps with turnkey and lxc
to tell you the truth, i have a very limited knowledge base. but to save you some time, i found these links to be very resourceful:
http://www.stgraber.org/2009/11/06/lxc-containers-or-extremely-fast-virt...
http://www.turnkeylinux.org/blog/convert-vm-iso
i haven't tried (gotcha #2) for the second link, but i believe this is my next step. also, the turnkey appliance comes with 4 .vmdk files and a .ovl file whereas i only extracted the main file. i might have to extract the other files onto the same filesystem mount.
also, i'm on a headless host until ubuntu can fix their bugs with plymouth. the bootup splash-screen kills my agp video signal. i'm using all 32-bit as i'm on one of the original athlons (no amd-v/kvm)
From my reading LXC its not yet ready for prime time
I have been involved in a thread over on the Ubuntu forums which you may consider worth a read (find it here). One of the main contributors to that thread (and an Ubuntu Forums Admin) bodhi.zazen has summed summed the situation up in following quote:
lcx security context
jed,
i agree with most of bodhi's points especially with lack of documentation and questions about security. the lack of migration tools and setup scripts seem like a trivial issue. anyone wishing to implement anything in a production environment at this stage in infancy (well, 1 1/2 years) would be insane and should be fired. it seems like lxc was originally designed particularly for process and resource containment whereas implementing full systems appears to be a residual benefit. what i like about openvz is the ability to virtualize the nics, but i could never get it to install correctly. in lxc's defense, openvz's documentation could use a little updating.
i am treating this as an excercise in learning about os virtualization on home equipment, but mainly because i find automounting encrypted disks on the host machine prohibitive. if i had a management system that does it in a guest environment, even better.
For sure!
Although I was under the impression that LXC was meant as some sort of replacement for OpenVZ (it borrows a great deal from OpenVZ - as should happen in the open source world). I think it was perhaps shortsighted for Ubuntu to not allow inclusion of an OpenVZ kernel patch as now those using container virtualisation are left with no clear Ubuntu upgrade path.
Anyway, if you want to use virtualisation I can't recommend ProxmoxVE as a hypervisor OS enough. Check it out here. It is based on Debian Lenny and utilises both KVM (for OS agnostic virtualisation) and OpenVZ (for Linux container virtualisation). It has 3 different kernels available: 2.6.18, 2.6.24 and 2.6.31 (which currently only has KVM support - no OpenVZ, but this will be rectified since the recent OpenVZ kernel patch release). Itis 64 bit only and relies on CPU virtualisation extentions (for KVM).
Good luck with your playing. Also if you follow the link above bodhi has a couple of blog posts about LXC which may be useful for your experimentation.
proxmoxve
oh i've tried proxmoxve on a test machine at work and i think it's wonderful. the bare-metal installer is better IMO than esxi (not comparing hypervisors; just the installers). the only problem is that their 32-bit and non-vt support is lacking. my home "server" is on an athlon xp 2200. so then i tried to get openvz to work a few weeks ago using both the fedora and debian method from the wiki without any luck.
i have just finished reading the ubuntu thread you posted earlier. i do agree with you that ubuntu should have either included openvz in the release, or at very least, provided a migration mechanism for openvz containers. despite that, lxc appears to be the future.
If you are keen to look further at ProxmoxVE
then there is an (unsupported) way of installing ProxmoxVE on top of 32 bit Debian. This only has OpenVZ support (no KVM) but as such doesn't require CPU virtual extentions either. May be useful on your home server? Have a read here. I haven't tested it, just came across it in my travels and thought you may be interested. Whilst its unsupported, the devs are happy for the community to discuss it in the forums.
I agree LXC is probably the future, especially considering it seems better integrated into the mainstream/vannila kernel than OpenVZ was/is (although as I suggested before it uses the kernel inclusions originally provided by the OpenVZ devs). However, since OpenVZ has risen from the dead (development seemed to seriously stall there for a while) then its hard to say. Just have to wait and see...
proxmox-32
i tried that a few weeks ago before switching to openvz - kernel panic. whichever way the industry goes, there will still be a place for all three of these solutions.
Yep thats the beauty of open source!
I agree. And whilst development continues on all fronts then sys admins, tech heads and end users are all the richer for it IMO!
Also I'd be interested to hear how you go with your LXC experiments. Good luck!
[edit] If you are interested in playing some more with OpenVZ there is a Ubuntu Hardy/8.04 kernel patch available in the repos and there is also a 2.6.32 OpenVZ kernel currently in Debian Sid ('unstable') which should work in Ubuntu Lucid/10.04. Hopefully the OpenVZ kernel will make it into 'testing' before the Squeeze freeze!
current experiment
My current experiments have been frustrating at best, but encouraging at worst. I was able to get Stéphane's pre-configured container up and running. I am having trouble getting the the debootstrap or febootstrap to work and i am looking closely at the ubuntu thread to see to set this up.
progress
i've never learned anything about linux since i started this project. but here it is
%lxc-start -n test
* Setting preliminary keymap... [ OK ]
* Setting up resolvconf... [ OK ]
* Setting the system clock
Cannot access the Hardware Clock via any known method.
Use the --debug option to see the details of our search for an access method.
* Unable to set System Clock to: Thu May 13 23:14:40 UTC 2010
* Starting basic networking... [ OK ]
cp: cannot create special file `/dev/kmem': Operation not permitted
cp: cannot create special file `/dev/loop0': Operation not permitted
cp: cannot create special file `/dev/net/tun': Operation not permitted
cp: cannot create special file `/dev/ppp': Operation not permitted
* Setting the system clock
Cannot access the Hardware Clock via any known method.
Use the --debug option to see the details of our search for an access method.
* Unable to set System Clock to: Thu May 13 23:14:40 UTC 2010
* Loading kernel modules... * Loading manual drivers... [ OK ]
* Setting kernel variables... error: "kernel.maps_protect" is an unknown key
[fail]
* Activating swap... [ OK ]
* Checking file systems... fsck 1.40.8 (13-Mar-2008)
[ OK ]
* Mounting local filesystems... [ OK ]
* Activating swapfile swap... [ OK ]
* Checking minimum space in /tmp... [ OK ]
* Configuring network interfaces... [ OK ]
* Setting up console font and keymap... [ OK ]
my last post was a little misleading
probably because i was in a hurry to post my results. its not that i've never used linux before. what i meant to say was that i've never worked as in-depth with it as i have starting this project, particularly with the startup routine. anyway, i believe i'm on the right track. what i think i need to do is figure out how to mount the filesystem; then figure out a way how to run turnkey's startup script.
Add new comment