LXC-Container Ubuntu-18.04 - daemons point - Intelligente Lösungen in neuer Dimension

Hier beschreibe ich, wie ich meinen Basiscontainer erzeuge.

Basiscontainer via LXD herunterladen und aktualisieren

# Auf dem Host...
lxc launch ubuntu:18.04 ubuntu-1804
lxc exec ubuntu-1804 /bin/bash

# Im Container...
apt-get update
apt-get upgrade
apt-get dist-upgrade
apt-get autoremove
apt-get clean
poweroff

Nacharbeiten

Zusatzpakete installieren

Für meine tägliche Arbeit brauche ich

joe
apt-transport-https
openssh-server (scheint bei 18.04 bereits per Standard installiert zu sein)
net-tools (für ifconfig und netstat)

Diese Pakete installiere ich im Container so:

apt-get install joe
apt-get install apt-transport-https
apt-get install openssh-server
apt-get install net-tools # ... provides ifconfig and netstat
apt-get clean

OpenSSH aktivieren

systemctl enable ssh

SSH-Zugriff via PubKey

mkdir /root/.ssh
chmod 700 /root/.ssh
touch /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
cat >>/root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1cd... Uli's SSH Key
^D

Ewige Protokollierung mit Zeitstempel

Siehe StackOverflow -Unlimited Bash History.

/etc/bash.bashrc

...
HISTFILESIZE=
HISTSIZE=
HISTTIMEFORMAT="[%F %T] "
# Change the file location because certain bash sessions truncate .bash_history file upon close.
# http://superuser.com/questions/575479/bash-history-truncated-to-500-lines-on-each-login
HISTFILE=~/.bash_eternal_history
# Force prompt to write history after every command.
# http://superuser.com/questions/20900/bash-history-loss
PROMPT_COMMAND="history -a; ${PROMPT_COMMAND:-true}"
# Log last command to syslog
log_command () {
 echo "${USER} $(HISTTIMEFORMAT='' builtin history 1|cut -c8-)" |  logger -t shell -p user.info
}
PROMPT_COMMAND="${PROMPT_COMMAND:-true};log_command"

/etc/skel/.bashrc und /root/.bashrc und /home/ubuntu/.bashrc

Bislang:

...
HISTSIZE=1000
HISTFILESIZE=2000
...

Neu:

...
#HISTSIZE=1000
#HISTFILESIZE=2000
...

Zeitzone korrigieren

[email protected]:~# date
Mon Apr  8 04:59:43 UTC 2019
[email protected]:~# timedatectl set-timezone Europe/Berlin
[email protected]:~# date
Mon Apr  8 07:00:21 CEST 2019

Apt-Cacher-NG vom LXDHOST aktivieren

/root/bin/apt-proxy.sh

#!/bin/sh

# port of apt-cacher-ng on the lxd host
PORT=3142
APT_PROXY_FILE="/etc/apt/apt.conf.d/01proxy"
LXDHOST=

for h in $(ip addr|grep -o "inet [0-9.]*/"|grep -v 127.0.0.1|grep -o "[0-9.]*"|sed -e "s/[.][0-9]*$/.1/"); do
  nc -z "${h}" "${PORT}" && { LXDHOST="${h}"; break; }
done

if [ -n "${LXDHOST}" ]; then
  echo >"${APT_PROXY_FILE}" "Acquire::http::Proxy \"http://${LXDHOST}:${PORT}\";"
else
  rm -f "${APT_PROXY_FILE}"
fi

/root/systemd/apt-proxy.service

[Unit]
Description=Apt proxy to apt-cacher-ng on lxd host
After=network.target

[Service]
ExecStart=/root/bin/apt-proxy.sh
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Aktivieren

lxdhost# systemctl enable /root/systemd/apt-proxy.service
Created symlink /etc/systemd/system/multi-user.target.wants/apt-proxy.service → /root/systemd/apt-proxy.service.
Created symlink /etc/systemd/system/apt-proxy.service → /root/systemd/apt-proxy.service.

Test

lxdhost# reboot
...
lxdhost# systemctl status apt-proxy
● apt-proxy.service - Apt proxy to apt-cacher-ng on lxd host
   Loaded: loaded (/root/systemd/apt-proxy.service; enabled; vendor preset: enabled)
   Active: active (exited) since Sun 2019-12-08 07:10:09 CET; 12min ago
  Process: 217 ExecStart=/root/bin/apt-proxy.sh (code=exited, status=0/SUCCESS)
 Main PID: 217 (code=exited, status=0/SUCCESS)

Dec 08 07:10:09 hostonly systemd[1]: apt-proxy.service: Failed to reset devices.list: Operation not permitted
Dec 08 07:10:09 hostonly systemd[1]: Started Apt proxy to apt-cacher-ng on lxd host.

Änderungshistorie

2019-12-08: Apt-Cacher-NG
2019-04-29: Bash-Historie in /var/log/syslog speichern