From d98c3f029dcd831f692b5d9fb52fd2474964a243 Mon Sep 17 00:00:00 2001 From: Inga Date: Fri, 9 Feb 2024 15:28:22 +0100 Subject: [PATCH] lxd -> incus --- README.md | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index e96f9e8..728630a 100644 --- a/README.md +++ b/README.md @@ -595,7 +595,7 @@ Now exit root shell (just with `exit`), and try `lxc-console -n CONTAINERNAME`. You should be able to log in using the new username and password. (To exit lxc console, use Ctrl+A, Q). -### Alternatively: unprivileged LXC using LXD (ran as privileged service on host) +### Alternatively: unprivileged LXC using LXD / Incus (ran as privileged service on host) #### Security notes @@ -618,48 +618,48 @@ and connect to the container using ssh. As simple as ``` -apk add lxd lxd-client lxcfs dbus -rc-update add lxc -rc-update add lxd -rc-update add lxcfs -rc-update add dbus -doas reboot +doas apk add incus incus-client +doas rc-update add incusd +doas rc-service start incusd +doas incus admin init ``` Networking with routing should work automatically. +#### SSH support + +``` +doas apk add openssh-client +ssh-keygen -t ed25519 +``` + +(Also make sure that `echo $SSH_AUTH_SOCK` is not empty; it shouldn't be if gnome-keyring-daemon is configured properly.) + #### Creating container ``` -doas lxc launch images:alpine/edge -c security.nesting=true -c security.privileged=false -c security.idmap.isolated=true -c security.idmap.size=6553600 test-alpine-container -doas lxc exec test-alpine-container -- /bin/ash +doas incus launch images:alpine/edge -c security.nesting=true -c security.privileged=false -c security.idmap.isolated=true -c security.idmap.size=6553600 test-alpine-container +doas incus exec test-alpine-container -- /bin/ash ``` Networking should work inside of container. -### OpenSSH - -With password-based auth (not recommended): in container (from root, `lxc-attach`/`lxc exec`) +Then, in target container (from root, `lxc-attach`/`lxc exec`) ``` -apk add openssh +apk add openssh doas rc-update add sshd rc-service sshd start -``` -Check IP of container with `ifconfig`, and then on host, -``` -doas apk add openssh-client -ssh CONTAINER_IP +adduser -g YOUR_USER YOUR_USER +adduser YOUR_USER wheel ``` -With keys-based auth: +Check IP of container with `ifconfig`, and then on host, ``` -ssh-keygen -t ed25519 ssh-copy-id CONTAINER_IP +ssh CONTAINER_IP ``` -(Also make sure that `echo $SSH_AUTH_SOCK` is not empty; it shouldn't be if gnome-keyring-daemon is configured properly.) - ### Webdev #### Accessing dev sites running inside container