INSTALLATION D UN ISOLATEUR : LXC (LINUX CONTAINER)
root@serveurMail:~# apt-get update Ign http://ftp.fr.debian.org jessie InRelease
Réception de : 1 http://ftp.fr.debian.org jessie-updates InRelease [135 kB]
Atteint http://ftp.fr.debian.org jessie Release.gpg
Atteint http://ftp.fr.debian.org jessie Release
Réception de : 2 http://security.debian.org jessie/updates InRelease [63,1 kB]
Réception de : 3 http://ftp.fr.debian.org jessie-updates/main Sources [2 296 B]
Réception de : 4 http://ftp.fr.debian.org jessie-updates/main amd64 Packages/DiffIndex [367 Lecture des listes de paquets... Fait
root@serveurMail:~# apt-get install lxc Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances Lecture des informations d'état... Fait
Les paquets supplémentaires suivants seront installés : debootstrap libapparmor1 libseccomp2 rsync
différées (« triggers ») pour libc-bin (2.19-18+deb8u1) ...
Traitement des actions différées (« triggers ») pour systemd (215-17+deb8u2) ...
root@serveurMail:~# apt-get install bridge-utils libvirt-bin debootstrap Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
update-initramfs: deferring update (trigger activated)
update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults Traitement des actions différées (« triggers ») pour libc-bin (2.19-18+deb8u1) ...
Traitement des actions différées (« triggers ») pour systemd (215-17+deb8u2) ...
Traitement des actions différées (« triggers ») pour initramfs-tools (0.120) ...
update-initramfs: Generating /boot/initrd.img-3.16.0-4-amd64
root@serveurMail:~# nano /etc/fstab
cgroup /sys/fs/cgroup cgroup defaults 0 0
root@serveurMail:~# mount /sys/fs/cgroup/
mount: cgroup est déjà monté ou /sys/fs/cgroup est occupé cgroup est déjà monté sur /sys/fs/cgroup/systemd cgroup est déjà monté sur /sys/fs/cgroup/cpuset cgroup est déjà monté sur /sys/fs/cgroup/cpu,cpuacct cgroup est déjà monté sur /sys/fs/cgroup/devices cgroup est déjà monté sur /sys/fs/cgroup/freezer
cgroup est déjà monté sur /sys/fs/cgroup/net_cls,net_prio cgroup est déjà monté sur /sys/fs/cgroup/blkio
cgroup est déjà monté sur /sys/fs/cgroup/perf_even
root@serveurMail:~# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.16.0-4-amd64 --- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: enabled Network namespace: enabled Multiple /dev/pts instances: enabled
--- Control groups --- Cgroup: enabled
Cgroup clone_children flag: enabled Cgroup device: enabled
Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled Macvlan: enabled
Vlan: enabled
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
root@serveurMail:~#
root@serveurMail:~# lxc-create -n contener1 -t debian -- -r jessie debootstrap est /usr/sbin/debootstrap
Checking cache download in /var/cache/lxc/debian/rootfs-jessie-amd64 ...
Downloading debian minimal ...
I: Retrieving Release I: Retrieving Release.gpg I: Checking Release signature
I: Valid Release signature (key id 75DDC3C4A499F1A18CB5F3C8CBF8D6FD518E17E1) I: Retrieving Packages
I: Validating Packages
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional required dependencies: acl adduser dmsetup insserv libaudit-common ...
I: Configuring isc-dhcp-client...
I: Configuring libgssapi-krb5-2:amd64...
I: Configuring openssh-client...
I: Configuring openssh-sftp-server...
I: Configuring openssh-server...
I: Configuring libc-bin...
I: Configuring systemd...
I: Base system installed successfully.
Download complete.
Copying rootfs to /var/lib/lxc/contener1/rootfs...Generating locales (this might take a while)...
fr_FR.UTF-8... done Generation complete.
insserv: warning: current start runlevel(s) (empty) of script `checkroot.sh' overrides LSB defaults (S).
insserv: warning: current stop runlevel(s) (S) of script `checkroot.sh' overrides LSB defaults (empty).
insserv: warning: current start runlevel(s) (empty) of script `checkroot.sh' overrides LSB defaults (S).
update-rc.d: error: umountfs Default-Start contains no runlevels, aborting.
insserv: warning: current start runlevel(s) (empty) of script `hwclock.sh' overrides LSB defaults (S).
insserv: warning: current stop runlevel(s) (0 6 S) of script `hwclock.sh' overrides LSB defaults (0 6).
update-rc.d: error: cannot find a LSB script for hwclockfirst.sh Creating SSH2 RSA key; this may take some time ...
2048 0f:04:47:23:fb:ab:20:0d:a0:47:85:34:85:ae:aa:c9 /etc/ssh/ssh_host_rsa_key.pub (RSA) Creating SSH2 DSA key; this may take some time ...
1024 10:e9:56:15:a4:0b:71:b8:ae:4a:9e:ff:9e:fd:52:32 /etc/ssh/ssh_host_dsa_key.pub (DSA) Creating SSH2 ECDSA key; this may take some time ...
256 9e:4b:39:9d:b8:42:b1:8e:0a:1f:76:70:b6:f5:b9:cc /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 ae:0f:48:30:f5:21:54:02:99:44:90:1f:4e:5c:4e:61 /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
Failed to read /proc/cmdline. Ignoring: Aucun fichier ou dossier de ce type
invoke-rc.d: policy-rc.d denied execution of start.
Current default time zone: 'Europe/Paris'
Local time is now: Thu Nov 26 09:46:35 CET 2015.
Universal Time is now: Thu Nov 26 08:46:35 UTC 2015.
Root password is 'qVeE3voK', please change ! root@serveurMail:~# lxc-start -n contener1
systemd 215 running in system mode. (+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR)
Detected virtualization 'lxc'.
Detected architecture 'x86-64'.
Welcome to Debian GNU/Linux 8 (jessie)!
Set hostname to <contener1>.
Cannot add dependency job for unit dbus.socket, ignoring: Unit dbus.socket failed to load: No such file or directory.
[ OK ] Reached target Remote File Systems (Pre).
[ OK ] Reached target Paths.
Failed to open /dev/autofs: No such file or directory Failed to initialize automounter: No such file or directory
[FAILED] Failed to set up automount Arbitrary Executable File Formats File System Automount Point.
See 'systemctl status proc-sys-fs-binfmt_misc.automount' for details.
Unit proc-sys-fs-binfmt_misc.automount entered failed state.
[ OK ] Reached target Encrypted Volumes.
[ OK ] Reached target Swap.
[ OK ] Created slice Root Slice.
[ OK ] Created slice User and Session Slice.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on Delayed Shutdown Socket.
...
[ OK ] Reached target Login Prompts.
[ OK ] Reached target Multi-User System.
Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Update UTMP about System Runlevel Changes.
Debian GNU/Linux 8 contener1 console
contener1 login: root Mot de passe :
Linux contener1 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u4 (2015-09-19) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@contener1:~# ls root@contener1:~# pwd /root
root@contener1:~# cd / root@contener1:/# ls -al total 72
drwxr-xr-x 22 root root 4096 nov. 26 09:49 . drwxr-xr-x 22 root root 4096 nov. 26 09:49 ..
drwxr-xr-x 2 root root 4096 nov. 26 09:44 bin drwxr-xr-x 2 root root 4096 août 26 18:31 boot drwxr-xr-x 6 root root 500 nov. 26 09:49 dev drwxr-xr-x 46 root root 4096 nov. 26 09:46 etc drwxr-xr-x 2 root root 4096 août 26 18:31 home drwxr-xr-x 10 root root 4096 nov. 26 09:44 lib drwxr-xr-x 2 root root 4096 nov. 26 09:43 lib64 drwxr-xr-x 2 root root 4096 nov. 26 09:43 media drwxr-xr-x 2 root root 4096 nov. 26 09:43 mnt drwxr-xr-x 2 root root 4096 nov. 26 09:43 opt dr-xr-xr-x 163 root root 0 nov. 26 09:49 proc drwx--- 2 root root 4096 nov. 26 09:43 root drwxr-xr-x 9 root root 260 nov. 26 09:49 run drwxr-xr-x 2 root root 4096 nov. 26 09:45 sbin drwxr-xr-x 2 root root 4096 nov. 26 09:46 selinux drwxr-xr-x 2 root root 4096 nov. 26 09:43 srv dr-xr-xr-x 13 root root 0 nov. 26 09:49 sys drwxrwxrwt 7 root root 4096 nov. 26 09:49 tmp drwxr-xr-x 10 root root 4096 nov. 26 09:43 usr drwxr-xr-x 11 root root 4096 nov. 26 09:43 var
root@serveurMail:/var/lib/lxc/contener1# cd rootfs root@serveurMail:/var/lib/lxc/contener1/rootfs# ls
bin boot dev etc home lib lib64 media mnt opt proc root run sbin selinux srv sys tmp usr var
root@contener1:/# init 0
INSTALLATION WEB PANEL
root@serveurMail:~# wget http://lxc-webpanel.github.com/tools/install.sh --2015-11-26 09:57:12-- http://lxc-webpanel.github.com/tools/install.sh
Résolution de lxc-webpanel.github.com (lxc-webpanel.github.com)… 23.235.43.133 Connexion à lxc-webpanel.github.com (lxc-webpanel.github.com)|23.235.43.133|:80…
connecté.
requête HTTP transmise, en attente de la réponse… 301 Moved Permanently Emplacement : http://lxc-webpanel.github.io/tools/install.sh [suivant]
--2015-11-26 09:57:13-- http://lxc-webpanel.github.io/tools/install.sh
Résolution de lxc-webpanel.github.io (lxc-webpanel.github.io)… 23.235.43.133 Réutilisation de la connexion existante à lxc-webpanel.github.com:80.
requête HTTP transmise, en attente de la réponse… 200 OK
Taille : 2678 (2,6K) [application/x-sh]
Sauvegarde en : « install.sh »
install.sh 100%[=============================================>]
2,62K --.-KB/s ds 0s
2015-11-26 09:57:13 (155 MB/s) — « install.sh » sauvegardé [2678/2678]
root@serveurMail:~# ls install.sh
root@serveurMail:~#
root@serveurMail:~# chmod +x install.sh root@serveurMail:~#
root@serveurMail:~# ./install.sh
_ __ _______ __ __ _ _____ _
| | \ \ / / ____| \ \ / / | | | __ \ | |
| | \ V / | \ \ /\ / /__| |__ | |__) |_ _ _ __ ___| |
| | > <| | \ \/ \/ / _ \ '_ \ | ___/ _` | '_ \ / _ \ |
| |____ / . \ |____ \ /\ / __/ |_) | | | | (_| | | | | __/ |
|______/_/ \_\_____| \/ \/ \___|_.__/ |_| \__,_|_| |_|\___|_|
Automatic installer
compilation terminated.
Installation complete!
Adding /etc/init.d/lwp...
Done
Starting server...done.
Connect you on http://your-ip-address:5000/
login/password : admin/admin
ANNEXE :
Avoir aussi le manuel du : lxc-console, lxc-stop, lxc-halt, lxc-list
