Cyberben's picture

I know you all are busy,

I tried to install LXC from scratch on the newest TKCore thinking I could DIY Debian Buster with LXC. I did get the Core running and LXC installed but I realized its behaivior is not the same as the TKLXC appliance.

I will have to learn how to configure a vanilla Debian 10.3 LXC install to work with the TK containers. It will be fun actually figuring that out (TKCore + LXC install configured TK style?) but ....

are you working on a Buster TK-LXC?



Jeremy Davis's picture

Yes! :) We are certainly intending to produce a v16.0 LXC host appliance. As per all the other v16.x appliances, it will be based on Debian 10.x/Buster.

Having said that, I'm not clear when we'll actually get to working on that. Historically, it has generally been relatively late in the vXX.0 development cycle, although it's also historically tended to be fairly community driven. Long term community powerhouse John Carver (aka Dude4Linux) has been a significant driver of our LXC host in both v14.x and v15.x (and perhaps earlier, although that was before I was intimately involved in the dev cycle).

John has been less active in more recent times but I note that he has been in touch relatively recently. Although I'm not clear how much time and/or effort he will be able to contribute this time around?

Regardless of that, we'd love to hear how you go and if you'd like to assist, you'd be more than welcome. Even just reporting back what works and what doesn't would be useful.

Although if you're interested in learning more about working with TKLDev and appliance build code (as you've already dabbled a bit with getting TurnKey LXC guests working on your Stretch based LXC host). You can follow the links to docs from the TKLDev appliance page, but it's well worth noting that some of the TKLDev docs are a bit out of date.

For entry level TKLDev docs, there is a website page on building an ISO, thought that will only work as seamlessly as that suggests for an appliance that we have already published as v16.x (and even then, for appliances that use upstream source code, not guarantees)! Then there's a slightly more technical overview (on GitHub - within the TKLDev build code repo). Then there's a page specifically for updating/maintaining and applaince.

There are lot more docs there, some which might be useful, some not so much... If you do have a go and have questions and/or hit issues, please ask! Also, if you have suggestions feedback re the docs, I'd love to hear.

Also, whilst the actual appliance is completely different (i.e. Odoo rather than LXC) the discussion in this thread might give some insight into developing/updating an appliance for v16.0?!

Cyberben's picture

Great stuff!

Going to start a project to produce a Turnkey Linux v16.0 LXC host appliance based on Debian 10.x/Buster using the TKLDev appliance build code. 

Talk Soon!



Cyberben's picture

When I get to the build process I get errors after I execute the "make" command.

Check out this image link:

The errors



Jeremy Davis's picture

The sed command is failing because stunnel.conf doesn't exist in v16.0.

For context, since v14.0, both Webmin & Webshell (aka shellinabox) run behind stunnel. In v14.x/15.x stunnel runs as a single service (configured via stunnel.comf). In v16.0+ Stunnel has 2 separate instances, one each for Webmin and Webshell (named /etc/stunnel/webmin.conf & /etc/stunnel/shellinabox.conf).

Looking at the new and old conf files, the format is the same, so that particular sed line should still work as intended, you'd just need to run it against both of those files.

I'm almost certain that you'll hit more issues yet... The error message and the lines preceding it should give insight into what has gone wrong.

Cyberben's picture

I believe it starts here. However I dont understand enough about Stunnel to figure out what needs to happen next.

Jeremy Davis's picture

Is something wrong? Or are you just checking it looks ok?

FWIW the last 7 lines look fine. It just looks like it's running the common conf scripts; the last 4 lines come from the shellinabox script, the very last line in your screenshot comes from this line.

Cyberben's picture

I think I have to get the system to say the stunnel.conf  file and path are there and then adjust the code.

Jeremy Davis's picture

You're still battling with that sed line?! Sorry If I wasn't clear enough. Let me try again. When I said:

In v16.0+ Stunnel has 2 separate instances, one each for Webmin and Webshell (named /etc/stunnel/webmin.conf & /etc/stunnel/shellinabox.conf).

Looking at the new and old conf files, the format is the same, so that particular sed line should still work as intended, you'd just need to run it against both of those files.

What I meant was, change:

# old line
sed -i 's|^\(accept *= *\)1\(232[01]\)|\12\2|g' /etc/stunnel/stunnel.conf


#new lines
sed -i 's|^\(accept *= *\)1\(232[01]\)|\12\2|g' /etc/stunnel/webmin.conf
sed -i 's|^\(accept *= *\)1\(232[01]\)|\12\2|g' /etc/stunnel/shellinabox.conf
Cyberben's picture


Seems I underestimated the scope of this task. If I get any closer to understanding Ill be sure to post.


Jeremy Davis's picture

I posted a hint above re the stunnel stuff. But fair enough... We'll get to it eventually, but I'm not sure exactly when...

Cyberben's picture

Thank you for your help. I cant locate the file to change the lines as I think you suggest in your hint.

Jeremy Davis's picture

It's in the LXC appliance conf.d/main script. Line 31 to be precise.

If you look at the first log you posted here, see where it says:

fab-chroot build/root.patched --script conf.d/main

That means that it's running the conf.d/main script from the current directory. I.e. this script which you will find in the lxc buildcode directory, where you are running 'make'.

If you look at the commands it runs, they match the commands being run within the conf script.

Apologies if my hints before weren't explicit enough. A bit of a curse of knowledge going on I suspect.

Hopefully that helps. If I'm still not clear enough, please let me know and I'll try again. If you hit futher issues and need more help, please don't hesitate.

Cyberben's picture

Thanks! The line changes worked and I got an .iso, however I think Webmin or Webservice is getting hung up trying to start and confconsole doesnt seem to complete what it wants to confconsole runs into trouble. It does Init but confcons loops in error. Get to the prompt with ctrl-c. 

Jeremy Davis's picture

My guess is that it'll be fairly easy to fix, but we need to be able to recreate the issue. Do you have a GitHub account? If so, can you please create a new branch of the LXC appliance and commit and push your changes? That way I can pull them and create the exact same ISO as you have.

Even if you have no idea what I'm talking about, let me know if you're happy to push ahead with that. Just open a GitHub account and let me know and I'll give you a hand setting it up, so you can link your TKLDev and push your code changes.

Alternatively, you could make a patch. Something like this would probably do the trick:

cd lxc
git diff > lxc.patch

Then upload the lxc.patch file somewhere.

Finally, you could upload your ISO somewhere. But that will take a while and it'd be much better to just have the code (either via GitHub or a patch).

Jeremy Davis's picture

I'm building the ISO locally and will have a closer look at the Confconsole bug you've noted. I'm not sure when we'll have a fix, but soon hopefully.

Regarding future development though, I've got a few pointers to make things better for both of us.

First up, in future, please use a Linux compatible text editor whenever you edit Linux files. After applying your patch, the conf.d/main script had Windows line endings which will cause issues.

Personally, I prefer to edit files directly within TKLDev itself. It's quicker and easier IMO. I use Vim (I install the "proper" full Vim, rather than use the minimalist 'vim.tiny' that is pre-installed in TurnKey). Although I also run Linux on my Desktop and use Vim as my default text editor so YMMV. If you wish to edit files in place, you may find Nano more intuitive as a Windows user. If you've used Windows Notepad, you'll find Nano pretty straight forward IMO. Nano is also pre-installed in TurnKey.

If you rather download the files to Windows first and edit with a GUI text editor (then upload back to TKLDev), that's ok too. But please be sure to install one that will respect the Linux line endings. Notepad++ is the one I used to use back when I used Windows. I'm sure that there are other options too.

Also, FWIW, after I applied your patch and tidied up the code afterwards, I ended up with a pretty small changeset. It might have been easier to just commit and push your changes direct from your TKLDev?

Thinking about that a bit further, I had a look at our existing docs and decided to try to improve them a bit and make it a bit more explicit. So I've essentially rewritten our "gitflow" docs. Please have a look and let me know if there is anything that is unclear to you and/or doesn't work as expected and I'll do some more work on it.

FWIW, now I've had a closer look at the LXC conf.d/main script, the lines that were causing you issues are actually redundant (no longer required because of some more recent changes). So to clean things up, I've completely removed them. I've also updated the commands that were meant to be disabling Stunnel (it wasn't being disabled). So Nginix will start now too.

To pull these changes into your LXC buildcode on your TKLDev, try this:

cd lxc
git remote add jeremy
git fetch jeremy
git checkout 16-update

Assuming that you follow the steps in the "Gitflow" doc, then you can fork the TurnKey repo and add your own repo as a remote. I'll document that below, as well as renaming the TurnKey repo (as I assume that you've already cloned that).

cd lxc
# rename TurnKey repo, 'turnkey' (you can name it some
git remote rename origin turnkey
# assuming that you follow my advice and set up SSH GitHub auth
# add your remote as origin; or use something else if you'd rather
git remote add origin

Now if you want to push the changes that I've already done to your own "16-update" branch (on GitHub), you can like this:

cd lxc
# If you repo is named something other than origin, rename below
git push origin 16-update

I hope that helps... Hopefully we'll have an updated Confconsole shortly.

Jeremy Davis's picture

My colleague Stefan has had a look at Confconsole and fixed that bug (and another unrelated one too). I've just rebuilt the package and pushed it.

So if you rebuild the LXC appliance now, you should get a working Confconsole...

There are quite possibly still more LXC related issues, but hopefully things are closer...

Cyberben's picture

Ok I will study the info you linked and get more familiar with the way,

Meantime just for speed here is another image with a messsage about the turnkey.gpg

It is getting closer....



Cyberben's picture

Right so...

After i copied the turnkey.gpg from my stand alone physical TKLXC and placed it, it almost did it image

Jeremy Davis's picture

Could you please copy/paste the text next time? I get that screenshots might be a bit quicker and easier, but copy/pasting the text of the output shouldn't be too much harder. Having text makes it much easier for me to point specific parts of the code out. It will also make it easier for both of us to do internet searches for relevant info.

Just in case you aren't aware, simply selecting the text within the PuTTY session should copy it into your Windows clipboard. Then just paste it into a new line in a forum post and that should be good enough. By default, it probably won't format it as "code" (it'll probably just be formatted as "normal" text) but that's fine. If you want, you can probably change it to "formatted" text after you've pasted it, but no need really...

But to get back to your issue. The fact that you copied turnkey.gpg appears to be completely coincidental... The problem that your screenshot shows appears to be with the turnkey.common.conf file that is provided via an overlay file in the LXC appliance buildcode. Look closely at the output that you have posted. Notice that it says:

[...] failed to parse config file "/usr/share/lxc/config/turnkey.common.conf" at "lxc.pivotdir = lxc_putold" [...]

So you'll need to update that file (/usr/share/lxc/config/turnkey.common.conf) so that it doesn't cause any errors. You can view the default file within your TKLDev by browsing to your LXC build code dir (i.e. "cd lxc") and looking for file "overlay/usr/share/lxc/config/turnkey.common.conf" and/or in Github, here.

I don't know enough about LXC and it's configuration options to know exactly what might need to change. But after consulting the relevant Debian man pages; lxc.conf(5), lxc.container.conf(5) & lxc.system.conf(5) - it seems clear that the lxc.pivotdir directive is no longer valid (or requried). So simply removing that line should do the trick (at least resolve that particular error message; although there may be more!?). FWIW I actually dug a little deeper and it appears that it may not have even been required for the previous release either, but was silently ignored.

I suggest that you edit the file noted above as suggested (i.e. remove that particular line, or at least comment it out). Also remove the "/var/lib/lxc/fileserver/config" file:

rm /var/lib/lxc/fileserver/config

Although it may actually be worth removing the whole dir? To do that:

rm -r /var/lib/lxc/fileserver

Then re-run the command(s) you used to launch your LXC container. It may well error again on another config option that is either no longer supported/required or perhaps a new one that is required but not provided by our config file. You'll just need to keep working through it until it works.

Once you have that file edited enough to make it work, ensure that you copy it back to your TKLDev build code. FWIW, assuming that your test LXC appliance is on the same network as your TKLDev, you can use SCP from the commandline to copy it directly between the 2 appliances (NOTE you only need to use one of the copy options; don't need to use both; apply the first part whichever option you use and set the relevant options IP address - i.e. repalce

# convenience vars; set these regardless of which server you copy to/from below

# Option 1 - on test LXC app
# set TKLDEV_IP_ADDR to be your TKLDev IP address (replace

# Option 2 - on your TKLDev
# set LXC_TEST_IP_ADDR to be your LXC test appliance IP address (replace

Once you've copied it across, add it, commit it and push to GitHub so that I can provide more feedback for you. To do that (assuming that you have followed my previous advice); on your TKLDev:

cd lxc
git add overlay/usr/share/lxc/config/turnkey.common.conf
git commit -m "Add updated TurnKey LXC common conf file."
git push origin 16-update

(This assumes that you have named your remote GitHub URL "origin"). If that all works (and you've followed my previous advice on forking the LXC appliance buildcode to your own GitHub account etc) then you should be able to browse to and you should see right at the top, your commit message "Add updated TurnKey LXC common conf file.".

Add new comment