lxd -> incus

main
Inga 🏳‍🌈 11 months ago
parent 3275f72f6d
commit d98c3f029d
  1. 44
      README.md

@ -595,7 +595,7 @@ Now exit root shell (just with `exit`), and try `lxc-console -n CONTAINERNAME`.
You should be able to log in using the new username and password. You should be able to log in using the new username and password.
(To exit lxc console, use Ctrl+A, Q). (To exit lxc console, use Ctrl+A, Q).
### Alternatively: unprivileged LXC using LXD (ran as privileged service on host) ### Alternatively: unprivileged LXC using LXD / Incus (ran as privileged service on host)
#### Security notes #### Security notes
@ -618,48 +618,48 @@ and connect to the container using ssh.
As simple as As simple as
``` ```
apk add lxd lxd-client lxcfs dbus doas apk add incus incus-client
rc-update add lxc doas rc-update add incusd
rc-update add lxd doas rc-service start incusd
rc-update add lxcfs doas incus admin init
rc-update add dbus
doas reboot
``` ```
Networking with routing should work automatically. Networking with routing should work automatically.
#### SSH support
```
doas apk add openssh-client
ssh-keygen -t ed25519
```
(Also make sure that `echo $SSH_AUTH_SOCK` is not empty; it shouldn't be if gnome-keyring-daemon is configured properly.)
#### Creating container #### Creating container
``` ```
doas lxc launch images:alpine/edge -c security.nesting=true -c security.privileged=false -c security.idmap.isolated=true -c security.idmap.size=6553600 test-alpine-container doas incus launch images:alpine/edge -c security.nesting=true -c security.privileged=false -c security.idmap.isolated=true -c security.idmap.size=6553600 test-alpine-container
doas lxc exec test-alpine-container -- /bin/ash doas incus exec test-alpine-container -- /bin/ash
``` ```
Networking should work inside of container. Networking should work inside of container.
### OpenSSH Then, in target container (from root, `lxc-attach`/`lxc exec`)
With password-based auth (not recommended): in container (from root, `lxc-attach`/`lxc exec`)
``` ```
apk add openssh apk add openssh doas
rc-update add sshd rc-update add sshd
rc-service sshd start rc-service sshd start
```
Check IP of container with `ifconfig`, and then on host, adduser -g YOUR_USER YOUR_USER
``` adduser YOUR_USER wheel
doas apk add openssh-client
ssh CONTAINER_IP
``` ```
With keys-based auth: Check IP of container with `ifconfig`, and then on host,
``` ```
ssh-keygen -t ed25519
ssh-copy-id CONTAINER_IP ssh-copy-id CONTAINER_IP
ssh CONTAINER_IP
``` ```
(Also make sure that `echo $SSH_AUTH_SOCK` is not empty; it shouldn't be if gnome-keyring-daemon is configured properly.)
### Webdev ### Webdev
#### Accessing dev sites running inside container #### Accessing dev sites running inside container

Loading…
Cancel
Save