Cyberben's picture

街拍vip第一站 Hello all,

街拍vip第一站 I recently found mseism.com. I am very interested in the LXC appliance. Excited to begin downloading and deploying multiple TurnKey apps side-by-side on the same host in securely isolated lightweight containers.

Is there a step by step instruction on how to do this the mseism.com way? Ive been searching for the proper command lines that work with the appliance provided here.

街拍vip第一站 Thank You

?

Forum:?
Cyberben's picture

街拍vip第一站 As a complete novice i was having a hard time figuring out what I was looking at.

Found some things that suggest this might be the LXC available in the Ubuntu 16.04 default repository.

lxc-checkconfig
ls /usr/share/lxc/templates/
lxc-ls

and a lot of other commands respective to this version work. Im just not clear on the specific commands needed to successfully start using the several appliances I want to use.

Thanks

?

?

Jeremy Davis's picture

The LXC appliance page街拍vip第一站 has some basic overview info which is worth reading in full (if you haven't yet - at least until you get to the "Usage details & Logging in for Administration" section).

街拍vip第一站You'll also notice at the end of the top section (just above the screenshots), there is a link to the , which should hopefully get you going in the right direction (for use with TurnKey apps at least). Otherwise as you've discovered, it should work as per "usual" (i.e. the default LXC commands should "just work") for TurnKey and non-TurnKey) LXC templates alike.

街拍vip第一站If you're having a particular issue with something, or there's something in the docs you don't understand, or isn't working as you'd expect, please give further specific details of the issue/confusion and I'll do my best to assist you.

街拍vip第一站As a bit of background, TurnKey Linux is based on Debian; which is also the basis of Ubuntu (although unlike Ubuntu, TurnKey is completely "binary compatible" with Debian). The current library images (i.e. v15.x series) are built on top of Debian 9/Stretch (currently "oldstable"). The (as yet unreleased) upcoming v16.x series will be based on Debian 10/Buster (currently "stable").

Some other resources you may find of interest are the and the - also available from the terminal of your appliance (as should most other terminal commands). I.e. like this:

man lxc

Please note that whilst the Debian wiki can often give a good overview and general info, Debian wiki pages can sometimes be a bit out of date. The man pages for the specific version (i.e. from the local commandline, or the online 9/Stretch pages in the case of v15.x apps) should always be relevant to the versions you have installed locally.

If you have any further issues or questions, please ask.

Cyberben's picture

Thank you

?

?

Cyberben's picture

My machine is on a home network. I've used this from the usage text:

# cat > /root/wp.inithooks.conf <<EOF
export ROOT_PASS=secretrootpass
export DB_PASS=secretmysqlpass
export APP_PASS=secretadminwppass
export APP_EMAIL=admin@example.com
export APP_DOMAIN=www.example.com
export HUB_APIKEY=SKIP
export SEC_ALERTS=SKIP
export SEC_UPDATES=FORCE
EOF

街拍vip第一站 Continuing from the earlier inithooks example, we'll create a TurnKey Wordpress container using the bridged network configuration.

街拍vip第一站 Create the container:

# lxc-create -n wp1 -f /etc/lxc/bridged.conf -t turnkey -- wordpress -i /root/wp.inithooks.conf -v 15.0-stretch

This could have been shortened because the version now defaults to `latest available`.:

# lxc-create -n wp1 -f /etc/lxc/bridged.conf -t turnkey -- wordpress -i /root/wp.inithooks.conf

Start the container:

# lxc-start -n wp1

List the containers:

# lxc-ls -f

街拍vip第一站 "Wp is running but not connected."

I don't actually understand any of it, I just got that far using that text as a guide. Super unclear on how to use this information to run other applications I actually wanted to.

街拍vip第一站 This is really interesting stuff. I had hoped I could quickly get away from VMware technology using this but its over my head this season.

I'm left wondering what would each of the namesofall.inithooks.conf街拍vip第一站 files be for the respective appliances?

街拍vip第一站 I wanted to use the Samba appliance among others.

街拍vip第一站 If i ever figure it out I will try to post a guide here.

Jeremy Davis's picture

Whilst our LXC appliance should do what you want, considering that the learning curve for the uninitiated (vs VMware for example) is perhaps a little steep, maybe our LXC app isn't the best fit for you? Whilst it's lean but still pretty powerful, perhaps there is a better option for your purposes? Assuming that you are after a locally installable free open source server hosting solution, perhaps the might suit your purposes better? That provides support for LXC too, as well as "proper" full VMs (via KVM - so you can also run Windows or other OS - not just Linux as per LXC). It has a relatively intuitive (web based) admin UI. TurnKey appliances are available for download and usage within the web UI too! :)

It is worth noting that there are some idiosyncrasies with our current images (which I hope to address in our upcoming v16.x release). E.g. launching a "unprivileged" container (the Proxmox default), will fail. Current TurnKey appliances currently requires a "privileged" container - although there is a somewhat clunky workaround (please note that the bug is closed because code that resolves it has been merged; however the images have not been rebuilt as we're holding out for the new, upcoming major version release).


If you'd prefer to persist with TurnKey LXC host:

So could you please clarify what you mean when you say "Wp is running but not connected."? Was that the output that showed up when you listed your containers?

In the example you've used (taken from the docs by the look) you're using the . That means that your new container should get assigned an IP address via your network DHCP (just like any other "real" PC on your network would). And it should "just work". It's been a while, but last time I tested, the examples given in the docs created a WordPress container that could be directly accessed via it's (DHCP allocated) IP address.


Re the required contents of inithooks.conf files for other appliances, for starters, you should be able to get by with just using those same ones. Any that are irrelevant will be ignored. Any that are required but not set will be manually/interactively set when you log in via SSH.

If you'd rather it all be pre-seeded from the get go, then all the appliance inithooks should be documented (and there's a ).

FWIW, as noted at the top of the inithooks doc page (on the website) it notes that we try to keep the docs up to date, but sometimes they get a little out of date, so as a general rule it's often easier to just read the . Having said that, we're currently midway through transitioning to a new major version (v16.x) so the live docs actually reflect the new (as yet unreleased) version. It should be near enough for your purposes. Whilst there's some new inithooks for v16.x, configuring them on a v15.x system shouldn't cause error, they should just be ignored. In fear of confusing you, it's possible to view the inithooks docs specifically for and because it's easier for me to link directly to the relevant sections that's what I'll use in this post.

If you want to get a good understanding of how the inithooks work, it's worth at least a skim through the whole page. If there's anything that doesn't make any sense, please ask. Perhaps we can improve them?

Anyway, about 2/3 of the way down, you'll find a section titled: . The inithook info is displayed in 2 or 3 columns. The first column is the name of the inithook file (which strictly speaking, is irrelevant for your purposes currently; although is useful when we get to the appliance specific inithooks). The second is the variable name you'll need to set in the inithooks.conf file. The 3rd (if it's there) is the values that it will accept. Optional values are in square brackets.

So the first set (i.e. "30rootpass" to "95secupdates") are common to all appliances. The next set (just one line; "29preseed") is for "headless" builds only (FWIW headless builds are when you don't have access to a "proper" terminal - so the LXC builds are headless). The third and final set of inithooks are the appliances specific ones. Appliances that include MySQL (i.e. all of the LAMP based appliances) or PostgreSQL use the top 2 ("35mysqlpass" & "35pgsqlpass" respectively). Then the rest are explicitly named for the appliance they occur in. E.g. for WordPress; set "APP_PASS" and "APP_EMAIL" - as per "40wordpress".

Re your note that you intend to use Samba, which one? We have 2; they both include Samba4 but are configured quite differently. The Fileserver appliance is configured in "stand alone mode" (as per Samba3) and as the name suggests is designed to act as a stand-alone Fileserver. The Domain Controller appliance is configured to be a (Samba4) Active Directory Domain Controller.

Re Fileserver: You'll note that there isn't actually an inithook noted for the Fileserver appliance. That has a twofold reason. Firstly - it's not required for most builds (it recycles the root Linux user account password and also uses it as the Samba root user password too). And secondly - we've neglected to note the exception for LXC. On an LXC instance, as the root Linux user is set on the host, you actually do need to explicitly note the Samba root user password (via APP_USER). As per my notes above, looking at the Fileserver . I've just updated the readme to include that now (although only in master). FYI:

Fileserver appliance specific - LXC only:

    35samba-container       APP_PASS

街拍vip第一站Linux and Samba user management is separate and discrete. Previously by default Samba users were mapped 1-1 with Linux users and Samba supported syncronization of passwords between the Linux and Samba users (so essentially the difference between the 2 user management systems was hidden from the end user). However due to a significant security issue, this module has been removed. Samba4 has moved to prioritize support for AD integration (which uses a different paradigm - all Samba users are contained within a single Linux user account).

To somewhat work around this limitation, on the TurnKey Fileserver appliance, when you set the root (Linux) user password, the Samba root user password is also set. However for an LXC container, the root password is set on the host, not the guest. So this workaround is not possible. Hence the Samba root password must be set separately.

As noted in the docs, the Domain Controller's inithooks are:

APP_PASS, APP_DOMAIN [, APP_REALM, APP_JOIN, APP_JOIN_NS]

Note APP_JOIN, APP_JOIN_NS are only relevant if you wish to join an existing domain.

Cyberben's picture

街拍vip第一站 Thank you! Forgive me, let me try again,

街拍vip第一站 So I reinstalled the vmdk for LXC from scratch.

I wanted to use Fileserver as the Appliance to start with.

?

My question is: What would these values have to look like, to use the Fileserver

---Start inithooks example---

# cat > /root/wp.inithooks.conf <<EOF
export ROOT_PASS=secretrootpass
export DB_PASS=secretmysqlpass
export APP_PASS=secretadminwppass
export APP_EMAIL=admin@example.com
export APP_DOMAIN=www.example.com
export HUB_APIKEY=SKIP
export SEC_ALERTS=SKIP
export SEC_UPDATES=FORCE
EOF

---End inithooks example---

?

Also: how would this command line change if you wanted to load the Fileserver appliance

---Begin lxc-create example---

# lxc-create -n wp1 -f /etc/lxc/bridged.conf -t turnkey -- wordpress -i /root/wp.inithooks.conf

街拍vip第一站 ---End lxc-create example---

?

街拍vip第一站 Studying the way to load the images to the Turnkey LXC appliance.

?

Ben

?

?

Or if you where able to use the images with current version that comes with Ubuntu Server 18-

Loadng Turnkey images on it yourself. The command for the version Turnkey LXC uses would be different

?

From:

?

Manually importing images (exerpt from current version )

街拍vip第一站 Importing from a URL

“lxc image import” also works with some special URLs. If you have an https web server which serves a path with the LXD-Image-URL and LXD-Image-Hash headers set, then LXD will pull that image into its image store.

For example you can do:

lxc image import http://dl.stgraber.org/lxd --alias busybox-amd64

街拍vip第一站 When pulling the image, LXD also sets some headers which the remote server could check to return an appropriate image. Those are LXD-Server-Architectures and LXD-Server-Version.

This is meant as a poor man’s image server. It can be made to work with any static web server and provides a user friendly way to import your image.

?

?

?

Jeremy Davis's picture

街拍vip第一站Whilst it may not be obvious to you, your question re inithooks is answered in my previous post (not to mention the docs I pointed to). I'm trying to take the "teach a man to fish..." approach! :) But perhaps my rambling writing style and my attempt to be exhaustive is making it too hard for you to see the explicit info you're after? Regardless, re-reading the docs a few times now, I keep noticing bits that need update/tweaking, so it's a great opportunity for me to tidy up the docs a bit in preparation of our upcoming v16.x release. I've tweaked my previous post a little too.

So please let me try again... For starters, let me highlight the explicitly relevant bit from my (updated) previous post:

Re the required contents of inithooks.conf files for other appliances, for starters, you should be able to get by with just using those same ones. Any that are irrelevant will be ignored. Any that are required but not set will be manually/interactively set when you log in via SSH.

In the case of the Fileserver appliance, there are no additional values required (so if you use that same inithooks.conf file you should not be required to interactively answer any questions on first SSH login). Plus many of those will be ignored as they are irrelevant to the Fileserver appliance. E.g. to quote myself again:

On an LXC instance, as the root Linux user is set on the host, you actually do need to explicitly note the Samba root user password (via APP_USER). [...] FYI:

Fileserver appliance specific - LXC only:

    35samba-container       APP_PASS

街拍vip第一站A further recommendation I'd make is that you name your Fileserver inithooks preseeds file something more relevant. What you have posted will generate a file named /root/wp.inithooks.conf, I suggest that you name it something more appropriate such as /root/fserver.inithooks.conf (or whatever takes you fancy; so long as you call that same file when you launch the Fileserver LXC template; it doesn't really matter).

街拍vip第一站To be explicit; for the Fileserver itself, only the value of APP_PASS will be used/required (to set the fileserver root Samba user password when running on LXC). As hinted in the the last 3 lines are generically useful. Please note that I have (hopefully) improved that section of the . So here's the 3 other values you'll likely want to include.

  • HUB_APIKEY=SKIP - will skip adding the Hub API key (or include your Hub API key if you're using our automated remote backup tool, TKLBAM).
  • SEC_ALERTS=SKIP - will skip registering for sec_alerts.
  • SEC_UPDATES=FORCE - will force apt security updates to run on first boot.

So to explicitly summarise all this into an example of what you might do (I removed the leading hash so you can copy/paste into your terminal):

cat > /root/fserver.inithooks.conf <<EOF
export APP_PASS=secret_samba_root_pass
export HUB_APIKEY=SKIP
export SEC_ALERTS=SKIP
export SEC_UPDATES=FORCE
EOF

Then to load the LXC Fileserver appliance (named 'fserver', using the /root/fserver.inithooks.conf created above):

lxc-create -n fserver -f /etc/lxc/bridged.conf -t turnkey -- fileserver -i /root/fserver.inithooks.conf

Re using LXD via Ubuntu, I have no idea really... By my (limited) understanding LXD is essentially a wrapper around LXC. But it's not a part of the TurnKey LXC appliance and I have no experience with it. In a perfect world, we'd have LXD images (available via an "LXD image server"), however it's not been a priority for us, so there has been no progress there. Another community member has played with a fair bit and has done some work on providing better, more integrated support for LXD, but he's been busy travelling so efforts have somewhat stalled AFAIK. Plus it wold also require us (or someone) to provide the LXD image server infrastructure. One day perhaps...?!

街拍vip第一站To elaborate a little further; AFAIK, under the hood LXD uses vanilla LXC, so it should certainly be possible to use our images with LXC/LXD on Ubuntu. But our images are NOT LXD images. So you can't auto download the template as per your quote. LXC/LXD on Ubuntu also doesn't have support for our inithooks, so you would need to log in via SSH and complete them interactively. Also, from my brief googling, it appears that LXD requires a metadata.yaml file in a specific format which we don't provide. It appears that LXD also uses cloud-init which our images also don't currently include or support.

街拍vip第一站If you were determined to use Ubuntu rather than our LXC appliance (or Proxmox as mentioned/recommended in my previous post), I'm fairly sure that you could still make it work. I strongly suspect that all of those points mentioned could be worked around, but will require a fair bit more legwork by you. Judging by our conversation to date, I suspect that the required reading and experimentation on your behalf may be a bridge too far at this point (I'm sure you'd be capable, but perhaps unrealistic until you have some more experience with and understanding of LXC/LXD).

Having said that, if you do wish to pursue LXD images, then please be my guest. But I doubt I'll be able to provide much assistance.

Cyberben's picture

Thank you for your help I think i understand how to make lxc-create create the appliance I want.

街拍vip第一站 I have gotten the lxc-create command to create a fileserver and have started it.

I was able to do the same for a test opencart appliance.

街拍vip第一站 However, after starting them i get a message it is not connected.

街拍vip第一站 When I? lxc-console to them from the LXC host, the access is root/enter(no password), seems useless and logs off with every command attempt, making you type root/enter(no password) over and over again.

So the objective is network & administration

New hurdles but im happy for now with your help now I can load the appliance at least!

?

?

Add new comment