@tme said:
Hi, here is my public SSH key. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDntE+N38zRGvpDB3eKffGBoUrTFR+4wylNevShXAXlZZA3ihJm9dHagj3+XT/cAdIParvZbJiqtjXPNOaRsKORClOjQLKqEnhtXlIHEFZnfjBCMVpYc5+Jnh/1MtsHDnD/ZkE3OWS1eGN+Ge3IU0aHELDJ6SzqGOUyI8qkpMfMuWK7kQzsoVBJJdsFSoQ4T4HtaqolR9HAIPxni6Ayo4ekZCm2WaRufTVI1aRCUGSdpWjAlE/S+HHajQaZ5LuhEDBQkGV7NJejwcuEM8nJIyQif0aB85eFHdVF1VQFn7wA9hFIHchvsVsjZSI4azrxenIWblrdKcgXI7gZR3qcGpzr8Pflgtb0P9rB2VShO/tj30soLvtkL+sZLHanFTnDPrqofA1S2R9pPsAFa6y1YUdwDnJvJptFuaJgme2qSmU6AdfFqbJjJDE5XxIIk7j6YbSdkyJJPZEeM5G1Sj0NkAhcssabL9CejP3vR4EJXyHfNuIBh4IEo1jKNCL1GJPeTHM= user@TME-PC
@Not_Oles said:
Hi @chitree! Welcome to LES! Congratulations on your first post! Want to introduce yourself to the community? Please tell us a little about who and where you are, your experience, and what you want to do on the server. Also, we will need your ed25519 ssh public key to give you an account. Thanks! Tom
Thanks @Not_Oles! Sure, I'm a privacy advocate and work in the computer security field. I'm a New Englander and I've been using Linux since it began in the 90s. I would like to explore in my Alpine Linux shell, as I know it's very different approach to an OS. My ed25519 ssh public key is here
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaMPrmXnsbLYdSg9j14Ry65FqOmv1k/iWWkUMi7F7uT
Thanks
Excellent! Do you have a website or other presence elsewhere on the web where we can learn more about your position on privacy and about your work in computer security? Thanks!
I don't have a website as that would defeat the point of good OpSec, privacy, and security I've honestly already shared lots about me that I don't normally share. I work with many local people and only do work in-person. My position on privacy and security is to not use any operating systems that heavily surveil their users (Microsoft and Apple). I only utilize free and open source software and help others do the same. I'm still interested in an Alpine Linux shell if you're still open to granting me one. Thank you.
Wonderful to hear from you! I see that you have been here on LES for awhile, and that your profile might have less activity than some others. Would you like to introduce yourself by telling us who and where you are plus something about your Linux experience? Also, what do you want to do on the server?
Wonderful to hear from you! I see that you have been here on LES for awhile, and that your profile might have less activity than some others. Would you like to introduce yourself by telling us who and where you are plus something about your Linux experience? Also, what do you want to do on the server?
@Not_Oles said:
Hi @chitree! Welcome to LES! Congratulations on your first post! Want to introduce yourself to the community? Please tell us a little about who and where you are, your experience, and what you want to do on the server. Also, we will need your ed25519 ssh public key to give you an account. Thanks! Tom
Thanks @Not_Oles! Sure, I'm a privacy advocate and work in the computer security field. I'm a New Englander and I've been using Linux since it began in the 90s. I would like to explore in my Alpine Linux shell, as I know it's very different approach to an OS. My ed25519 ssh public key is here
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaMPrmXnsbLYdSg9j14Ry65FqOmv1k/iWWkUMi7F7uT
Thanks
Excellent! Do you have a website or other presence elsewhere on the web where we can learn more about your position on privacy and about your work in computer security? Thanks!
I don't have a website as that would defeat the point of good OpSec, privacy, and security I've honestly already shared lots about me that I don't normally share. I work with many local people and only do work in-person. My position on privacy and security is to not use any operating systems that heavily surveil their users (Microsoft and Apple). I only utilize free and open source software and help others do the same. I'm still interested in an Alpine Linux shell if you're still open to granting me one. Thank you.
Seems you might already have extensive Linux experience and also abundant server resources? How would it work for you to set up Alpine on a server from Racknerd or Dedipath?
I will keep trying to give you an account. Thank you for your interest!
Welcome to LES! Congrats on your first post! I am delighted to be the first to thank you!
Want to share a little about who and where you are, your Linux experience, and what you want to do on the server? I think everyone will be glad to meet you!
@Not_Oles said: @Not_Oles said: LXC still is not expected to work yet partly because lxcbr0 isn't present because /etc/network/interfaces hasn't been updated yet. There is no bridge in the current setup. I sent the possible new interfaces configuration to Cloudie, so we will see what he says.
Haven't yet heard back from @Cloudie. He is a great guy! Sometimes he gets busy, and that's okay.
@Cloudie is very helpful and kind. But he still seems busy. Maybe my message about the network configuration went astray. I took the liberty of bumping that message
@Not_Oles said: @Not_Oles said: Hi Guys! Heard from Cloudie. He said he is checking. Best! Tom
Heard again from @Cloudie, who said one of the routers is misbehaving.
Let's pause adding new accounts until the situation with the router is resolved. Hopefully soon!
Thanks everyone!
Even though there doesn't yet seem to be more news, it's beyond doubt that @Cloudie still is working hard on the router situation.
Welcome to LES! Congrats on your first post! I am delighted to be the first to thank you!
Want to share a little about who and where you are, your Linux experience, and what you want to do on the server? I think everyone will be glad to meet you!
I have been using Windows for a long time since my school, but after I choose development path I find difficult to work in it.
One of my friend recommended linux.I tried it out, and it has an amazing development environment.
I searched for some cheap linux servers, but all were too costly for my usage and I find this forum.
I like to have a linux server to improve my coding skills and linux knowledge. I will use it to learn more in linux and run/test some of my codes in linux environment.
Welcome to LES! Congrats on your first post! I am delighted to be the first to thank you!
Want to share a little about who and where you are, your Linux experience, and what you want to do on the server? I think everyone will be glad to meet you!
I have been using Windows for a long time since my school, but after I choose development path I find difficult to work in it.
One of my friend recommended linux.I tried it out, and it has an amazing development environment.
I searched for some cheap linux servers, but all were too costly for my usage and I find this forum.
I like to have a linux server to improve my coding skills and linux knowledge. I will use it to learn more in linux and run/test some of my codes in linux environment.
Thanks.
Hi Melvik!
Thanks for your message!
Sorry, does TJC mean "Tyler Junior College?"
Do you have any code or anything else about you online anywhere?
Have you tried any of the free accounts available for students from Google, Oracle, Amazon, Azure, etc?
@tme said:
Hi, here is my public SSH key. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDntE+N38zRGvpDB3eKffGBoUrTFR+4wylNevShXAXlZZA3ihJm9dHagj3+XT/cAdIParvZbJiqtjXPNOaRsKORClOjQLKqEnhtXlIHEFZnfjBCMVpYc5+Jnh/1MtsHDnD/ZkE3OWS1eGN+Ge3IU0aHELDJ6SzqGOUyI8qkpMfMuWK7kQzsoVBJJdsFSoQ4T4HtaqolR9HAIPxni6Ayo4ekZCm2WaRufTVI1aRCUGSdpWjAlE/S+HHajQaZ5LuhEDBQkGV7NJejwcuEM8nJIyQif0aB85eFHdVF1VQFn7wA9hFIHchvsVsjZSI4azrxenIWblrdKcgXI7gZR3qcGpzr8Pflgtb0P9rB2VShO/tj30soLvtkL+sZLHanFTnDPrqofA1S2R9pPsAFa6y1YUdwDnJvJptFuaJgme2qSmU6AdfFqbJjJDE5XxIIk7j6YbSdkyJJPZEeM5G1Sj0NkAhcssabL9CejP3vR4EJXyHfNuIBh4IEo1jKNCL1GJPeTHM= user@TME-PC
Thank you for asking! Sorry we haven't been going faster!
We are waiting on two issues, (1) a router sometimes is not working, and (2) we are looking for approval from @Cloudie on the proposed, new /etc/network/interfaces. With (2), the questions include whether exposing the container MAC addresses on the physical network is a problem.
You are more than welcome to compile on one of my other servers. The other guys here also are more than welcome on my other servers.
If you want to take over the network configuration here or provide even more help with how it should be done, then we can go faster on the configuration. But there also are the router issues.
January 4 -- @yoursunny says "Bridging containers directly on the physical port may result in the containers' MAC addresses becoming visible on the physical network. I don't know about Cloudie, but doing this in KVM would get filtered in Virtualizor, and doing this on Hetzner would trigger infraction warning letter." @Not_Oles decides he ought to check with @Cloudie to see whether the proposed /etc/network/interfaces configuration is okay.
January 4 -- Revised /etc/network/interfaces proposed
January 7 -- Multiple downtime/uptime cycles previous night. @Not_Oles says, ". . . when he has time, I'm sure i will hear from @Cloudie on the server /etc/network/interfaces configuration. . . ."
January 7 -- @Not_Oles reports, "Heard from Cloudie. He said he is checking."
January 8 -- @Cloudie says one of the routers is misbehaving. @Not_Oles pauses new accounts until the router issue is resolved.
January 14 -- @Not_Oles says, "@Cloudie is very helpful and kind. But he still seems busy. Maybe my message about the network configuration went astray. I took the liberty of bumping that message."
January 14 -- @Not_Oles says, "Even though there doesn't yet seem to be more news, it's beyond doubt that @Cloudie still is working hard on the router situation."
I believe you can create lxcbr0 not joined with the uplink, so that no container MAC address would show up on the hardware side.
I did some trials on an ephemeral Alpine 3.17 system, created by netboot.xyz and running in tmpfs.
The IP addresses in the sample are:
The host has a primary IPv4 (not shown), used for host originated traffic.
192.168.5.188 is the host's secondary IPv4, used for outgoing NAT traffic from containers.
192.168.5.188 is marked preferred_lft 0 so that it would not be auto-selected for host originated traffic.
192.168.188.0/24 is assigned to containers.
Traffic from this subnet is NAT'ed.
2600:4040:2ca4:a5bc::/64 is assigned to containers.
This prefix must be routed to the server.
If there's only on-link prefix, NDP responder would be required to convert it into a routed prefix.
These are typed by root into Alpine console:
: install necessary packages
echo http://dl-cdn.alpinelinux.org/alpine/v3.17/community | tee -a /etc/apk/repositories
apk update
apk add iptables lxc lxc-download lxcfs shadow-subids xz
: enable cgroups
rc-update add cgroups
rc-service cgroups start
: create LXC bridge and assign addresses
ip link add lxcbr0 type bridge
ip addr add 192.168.188.1/24 dev lxcbr0
ip addr add 2600:4040:2ca4:a5bc::/64 dev lxcbr0
: enable IPv4 and IPv6 forwarding
sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
: setup IPv4 NAT, with a secondary public IPv4 address for outgoing traffic
ip addr add 192.168.5.188/24 dev eth0 preferred_lft 0
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth0 -j SNAT --to 192.168.5.188
: create a user and grant permission for subids and LXC bridge
adduser user
echo 'user:100000:65536' | tee /etc/subuid /etc/subgid
echo 'user veth lxcbr0 100' | tee /etc/lxc/lxc-usernet
These are typed by user into Alpine console:
: write LXC config defaults
mkdir -p ~/.config/lxc
cat > ~/.config/lxc/default.conf <<EOT
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
EOT
: create Ubuntu 22.04 container and assign IP addresses
lxc-create -n ubuntu -t download -- -d ubuntu -r jammy -a amd64
tee -a ~/.local/share/lxc/ubuntu/config <<EOT
lxc.net.0.ipv4.address = 192.168.188.2/24
lxc.net.0.ipv4.gateway = 192.168.188.1
lxc.net.0.ipv6.address = 2600:4040:2ca4:a5bc::2/64
lxc.net.0.ipv6.gateway = 2600:4040:2ca4:a5bc::
lxc.init.cmd = /bin/bash
EOT
: start the container
lxc-start -n ubuntu
: attach to the container console
lxc-attach -n ubuntu
: kill the container
lxc-stop -k -n ubuntu
These are typed into container console:
: set DNS server
rm /etc/resolv.conf
echo 'nameserver 2600:4700:4700::1111' | tee /etc/resolv.conf
: network will work after this
Caveats:
All the network configs on the host are ephemeral.
They must be re-typed after the host reboots.
IPv6 into containers is on-link, not routed.
It's possible to add routed IPv6 subnet, by running one ip route add command for each container on the host.
IP address conflicts between containers are possible, if two users assign the same address.
If a conflict occurs, the container that starts later will typically show the address as dadfailed.
systemd in the container will not work, so the entry process is changed to bash.
By changing entry process to bash, the container will not shutdown, and can only be killed.
@Not_Oles said:
ip: RTNETLINK answers: Not supported
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/6.1.1-0-lts
If you installed the kernel from packages, you need to modprobe some modules, including but not limited to: bridge, ip_tables.
If you have upgraded the kernel but has not rebooted, now is the time to do so, otherwise modprobe will not work because the modules directory for the running kernel is already deleted.
If you compiled the kernel from source, you need to re-compile with some options enabled, including but not limited to: CONFIG_BRIDGE, CONFIG_NETFILTER.
@Not_Oles said:
ip: RTNETLINK answers: Not supported
modprobe: FATAL: Module ip_tables not found in directory /lib/modules/6.1.1-0-lts
If you installed the kernel from packages, you need to modprobe some modules, including but not limited to: bridge, ip_tables.
If you have upgraded the kernel but has not rebooted, now is the time to do so, otherwise modprobe will not work because the modules directory for the running kernel is already deleted.
If you compiled the kernel from source, you need to re-compile with some options enabled, including but not limited to: CONFIG_BRIDGE, CONFIG_NETFILTER.
@yoursunny Thanks very much for your helpful comment! Now that there have been updates and upgrades and a reboot, it's time to take a look at the errors related to the kernel. 👀 More before too long. . . . Thanks again!
@yoursunny Seem to be no errors upon repeating ./lxc-up.sh. No further changes beyond updating, upgrading, and rebooting.
Please check whether you now have everything you need. If there is anything more, please tell me.
Other guys listed in /etc/subuid and /etc/subgid, please also check. If you need anything, please tell me by posting here in the thread.
Thank you all so much!
fmt:~# date -u
Mon Jan 23 22:44:33 UTC 2023
fmt:~# # Retry @yoursunny lxc-up commands after updates and reboot
fmt:~# cat lxc-up.sh
ip link add lxcbr0 type bridge
ip addr add 192.168.188.1/24 dev lxcbr0
ip addr add [$REDACTED] dev lxcbr0
sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188
fmt:~# ./lxc-up.sh
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
fmt:~# exit
Connection to fmt.metalvps.com closed.
Hi @Not_Oles ,
Is the server ready for running a LXC container now?
I`m fail to start a LXC container.
Maybe I do it in a wrong way.
~/pri/pf/lxc_test $ cat $HOME/.config/lxc/default.conf
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 1022000000 65536
lxc.idmap = g 0 1022000000 65536
~/pri/pf/lxc_test $ CONFIG=$HOME/.config/lxc/default.conf lxc-checkconfig
LXC version 5.0.2
WARNING: Unable to detect version from configuration, assuming latest
--- Namespaces ---
Namespaces: required
Utsname namespace: missing
Ipc namespace: required
Pid namespace: required
User namespace: missing
Network namespace: missing
--- Control groups ---
Cgroups: missing
Cgroup namespace: enabled
Cgroup v1 mount points:
- /sys/fs/cgroup/openrc
- /sys/fs/cgroup/cpuset
- /sys/fs/cgroup/cpu
- /sys/fs/cgroup/cpuacct
- /sys/fs/cgroup/blkio
- /sys/fs/cgroup/memory
- /sys/fs/cgroup/devices
- /sys/fs/cgroup/freezer
- /sys/fs/cgroup/net_cls
- /sys/fs/cgroup/perf_event
- /sys/fs/cgroup/net_prio
- /sys/fs/cgroup/hugetlb
- /sys/fs/cgroup/pids
Cgroup v2 mount points:
- /sys/fs/cgroup/unified
Cgroup v1 systemd controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: missing
Cgroup sched: missing
Cgroup cpu account: missing
Cgroup memory controller: missing
--- Misc ---
Veth pair device: missing
Macvlan: missing
Vlan: missing
Bridges: missing
Advanced netfilter: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
CONFIG_NETFILTER_XT_MATCH_COMMENT: missing
FUSE (for use with lxcfs): missing
--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: missing
CONFIG_EVENTFD: missing
CONFIG_EPOLL: missing
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
~/pri/pf/lxc_test $ lxc-create -n guest1 -f $HOME/.config/lxc/default.conf -t download
Downloading the image index
---
DIST RELEASE ARCH VARIANT BUILD
---
almalinux 8 amd64 default 20230123_23:10
...
ubuntu focal arm64 default 20230123_07:46
...
---
Distribution:
ubuntu
Release:
focal
Architecture:
amd64
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
---
You just created an Ubuntu focal amd64 (20230123_07:42) container.
To enable SSH, run: apt install openssh-server
No default root or user password are set by LXC.
~/pri/pf/lxc_test $ lxc-start -n guest1 -f $HOME/.config/lxc/default.conf
lxc-start: guest1: ../src/lxc/lxccontainer.c: wait_on_daemonized_start: 878 Received container state "ABORTING" instead of "RUNNING"
lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 309 To get more details, run the container in foreground mode
lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options
@Not_Oles said:
ip addr add 192.168.188.1/24 dev lxcbr0
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188
The 192.168.5.188 is a sample value in my test box.
It's meant to be a public IPv4 address routed to the host machine, that is used for outgoing NAT traffic.
IPv6 assignment is wrong too.
Currently eth1 has 2602:fba1:999::2/48 and lxcbr0 has 2602:fba1:999::/48, so that the kernel thinks both interfaces are on the same subnet and would not forward traffic between them.
You should reduce the subnet size on each, so that they don't overlap.
For example, change eth1 to 2602:fba1:999::2/64 and change lxcbr0 to 2602:fba1:999:1c00::/56.
@yoursunny
I run the start command with -F,it seems to be a file permission issue.
The owner of the rootfs is 10220000 which is different from 1022000000.
Is the number 1022000000 out of range to be used as suid or guid?
~/pri/pf/lxc_test $ lxc-start -n guest1 -f $HOME/.config/lxc/default.conf -F -P $(pwd)/container
lxc-start: guest1: ../src/lxc/conf.c: lxc_storage_prepare: 496 Operation not permitted - Failed to recursively turn root mount tree into dependent mount
lxc-start: guest1: ../src/lxc/conf.c: lxc_rootfs_init: 542 Invalid argument - Failed to prepare rootfs storage
lxc-start: guest1: ../src/lxc/start.c: __lxc_start: 2079 Failed to handle rootfs pinning for container "guest1"
lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options
~/pri/pf/lxc_test $ ls container/guest1/ -al
total 16
drwxrwx--- 3 10220000 subenhon 4096 Jan 24 11:28 .
drwxr-xr-x 3 subenhon subenhon 4096 Jan 24 11:27 ..
-rw-r----- 1 subenhon subenhon 752 Jan 24 11:28 config
drwxr-xr-x 17 10220000 10220000 4096 Jan 23 07:47 rootfs
~/pri/pf/lxc_test $ cat /etc/subuid
root:100000:65536
notoles:1000000000:65536
localhost:1002000000:65536
Fritz:1005000000:65536
yoursunny:1018000000:65536
subenhon:1022000000:65536
Comments
Hi @tme!
Welcome to MetalVPS! Haha, I also hope you can get in! Wanna try something like
ssh [email protected] -p 42365
Might work over both IPv4 and IPv6.
Password login has been disabled, but your account's password is in a file in your home directory. Please feel free to change your password.
I hope you have fun on the server!
Best wishes and kindest regards!
Tom
MetalVPS
Heard again from @Cloudie, who said one of the routers is misbehaving.
Let's pause adding new accounts until the situation with the router is resolved. Hopefully soon!
Thanks everyone!
MetalVPS
Sorry just saw this. Glad that you have it solved! Somehow I didn't have to set the envar.
The all seeing eye sees everything...
I don't have a website as that would defeat the point of good OpSec, privacy, and security I've honestly already shared lots about me that I don't normally share. I work with many local people and only do work in-person. My position on privacy and security is to not use any operating systems that heavily surveil their users (Microsoft and Apple). I only utilize free and open source software and help others do the same. I'm still interested in an Alpine Linux shell if you're still open to granting me one. Thank you.
VPS providers to check out: Dedipath (aff)
Hey @terrorgen ,
Looks like a new issue is popped up for me
It would be great if you can look into it :-)
Here i post images
The first one is happening i try to use a nix cmd
And the second is a text before the shell when I login
Regards
Raveen
Add a nix channel and update it.
The all seeing eye sees everything...
Hey,
Thanks for the reply,
And here is my public key
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWazqchQhVol2yJiXwkAfX4ROyZiX2xII7B0UAuc2DW
thx for all
Hi @qmesso!
I added your account. Welcome again!
When you get a chance, could you please try to log in via IPv4 and IPv6 with your ssh key and something like:
ssh [email protected] -p 42365
and let us know whether it works?
Password login has been disabled, but your account's password is in a file in your home directory. Please feel free to change your password.
Hope you have fun on the server!
Best!
Tom
MetalVPS
Hi @chitree!
Seems you might already have extensive Linux experience and also abundant server resources? How would it work for you to set up Alpine on a server from Racknerd or Dedipath?
I will keep trying to give you an account. Thank you for your interest!
Always best wishes and kindest regards,
Tom
MetalVPS
Hi there!
I am excited to try this.
Thanks.
Hi @QuantumBackdoor!
Welcome to LES! Congrats on your first post! I am delighted to be the first to thank you!
Want to share a little about who and where you are, your Linux experience, and what you want to do on the server? I think everyone will be glad to meet you!
Best wishes and kindest regards,
Tom
MetalVPS
@Cloudie is very helpful and kind. But he still seems busy. Maybe my message about the network configuration went astray. I took the liberty of bumping that message
Even though there doesn't yet seem to be more news, it's beyond doubt that @Cloudie still is working hard on the router situation.
Best wishes and kindest regards,
Tom
MetalVPS
Hi @Not_Oles,
I am Melvik, a student of TJC.
I have been using Windows for a long time since my school, but after I choose development path I find difficult to work in it.
One of my friend recommended linux.I tried it out, and it has an amazing development environment.
I searched for some cheap linux servers, but all were too costly for my usage and I find this forum.
I like to have a linux server to improve my coding skills and linux knowledge. I will use it to learn more in linux and run/test some of my codes in linux environment.
Thanks.
Hi Melvik!
Thanks for your message!
Sorry, does TJC mean "Tyler Junior College?"
Do you have any code or anything else about you online anywhere?
Have you tried any of the free accounts available for students from Google, Oracle, Amazon, Azure, etc?
Thanks again!
Tom
MetalVPS
Do google, amazon, oracle have any free student offers?
Almost all the big companies have free offers. Some offers for everyone, and, often, bigger offers for students. Here's a link to Oracle's Free Tier
https://www.oracle.com/cloud/free/
If you look around, you will find many free and introductory offers from the bigger companies.
Best wishes!
Tom
MetalVPS
Thanks
Haha thanks for it, am trying to figure out how to use it Was on vacation, so couldn't respond earlier
lxcbr0 when?
Currently compiling OpenWrt on a 4-core Skylake machine.
It would be 4x faster if it's compiling on an LXC container in fmt.MetalVPS.
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
TL;DR
Hi @yoursunny!
Thank you for asking! Sorry we haven't been going faster!
We are waiting on two issues, (1) a router sometimes is not working, and (2) we are looking for approval from @Cloudie on the proposed, new /etc/network/interfaces. With (2), the questions include whether exposing the container MAC addresses on the physical network is a problem.
You are more than welcome to compile on one of my other servers. The other guys here also are more than welcome on my other servers.
If you want to take over the network configuration here or provide even more help with how it should be done, then we can go faster on the configuration. But there also are the router issues.
Always best wishes and kindest regards,
Tom
Links
January 3 -- New /etc/network/interfaces proposed
January 4 -- @yoursunny says "Bridging containers directly on the physical port may result in the containers' MAC addresses becoming visible on the physical network. I don't know about Cloudie, but doing this in KVM would get filtered in Virtualizor, and doing this on Hetzner would trigger infraction warning letter." @Not_Oles decides he ought to check with @Cloudie to see whether the proposed /etc/network/interfaces configuration is okay.
January 4 -- Revised /etc/network/interfaces proposed
January 4 -- Revised /etc/network/interfaces sent to @Cloudie
January 6 -- Waiting to hear from @Cloudie about /etc/network/interfaces. @Not_Oles says he might try something.
January 6 -- Multiple users experience downtime.
January 7 -- Multiple downtime/uptime cycles previous night. @Not_Oles says, ". . . when he has time, I'm sure i will hear from @Cloudie on the server /etc/network/interfaces configuration. . . ."
January 7 -- @Not_Oles reports, "Heard from Cloudie. He said he is checking."
January 8 -- @Cloudie says one of the routers is misbehaving. @Not_Oles pauses new accounts until the router issue is resolved.
January 14 -- @Not_Oles says, "@Cloudie is very helpful and kind. But he still seems busy. Maybe my message about the network configuration went astray. I took the liberty of bumping that message."
January 14 -- @Not_Oles says, "Even though there doesn't yet seem to be more news, it's beyond doubt that @Cloudie still is working hard on the router situation."
MetalVPS
I believe you can create lxcbr0 not joined with the uplink, so that no container MAC address would show up on the hardware side.
I did some trials on an ephemeral Alpine 3.17 system, created by netboot.xyz and running in tmpfs.
The IP addresses in the sample are:
192.168.5.188 is the host's secondary IPv4, used for outgoing NAT traffic from containers.
192.168.5.188 is marked
preferred_lft 0
so that it would not be auto-selected for host originated traffic.192.168.188.0/24 is assigned to containers.
Traffic from this subnet is NAT'ed.
2600:4040:2ca4:a5bc::/64 is assigned to containers.
This prefix must be routed to the server.
If there's only on-link prefix, NDP responder would be required to convert it into a routed prefix.
These are typed by root into Alpine console:
These are typed by user into Alpine console:
These are typed into container console:
Caveats:
All the network configs on the host are ephemeral.
They must be re-typed after the host reboots.
IPv6 into containers is on-link, not routed.
It's possible to add routed IPv6 subnet, by running one
ip route add
command for each container on the host.IP address conflicts between containers are possible, if two users assign the same address.
If a conflict occurs, the container that starts later will typically show the address as
dadfailed
.systemd in the container will not work, so the entry process is changed to bash.
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
Thanks @yoursunny!
Here are the results of the first try, from last night.
There are a few mistakes I made and maybe a few tweaks still might be needed.
This is fun for me! Thanks again! 💖
Tom
MetalVPS
If you installed the kernel from packages, you need to modprobe some modules, including but not limited to: bridge, ip_tables.
If you have upgraded the kernel but has not rebooted, now is the time to do so, otherwise modprobe will not work because the modules directory for the running kernel is already deleted.
If you compiled the kernel from source, you need to re-compile with some options enabled, including but not limited to: CONFIG_BRIDGE, CONFIG_NETFILTER.
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
Today's upgrades.
Reboot coming very soon! Currently:
MetalVPS
Reboot successful.
MetalVPS
@yoursunny Thanks very much for your helpful comment! Now that there have been updates and upgrades and a reboot, it's time to take a look at the errors related to the kernel. 👀 More before too long. . . . Thanks again!
MetalVPS
@yoursunny Seem to be no errors upon repeating ./lxc-up.sh. No further changes beyond updating, upgrading, and rebooting.
Please check whether you now have everything you need. If there is anything more, please tell me.
Other guys listed in /etc/subuid and /etc/subgid, please also check. If you need anything, please tell me by posting here in the thread.
Thank you all so much!
MetalVPS
Hi @Not_Oles ,
Is the server ready for running a LXC container now?
I`m fail to start a LXC container.
Maybe I do it in a wrong way.
The
192.168.5.188
is a sample value in my test box.It's meant to be a public IPv4 address routed to the host machine, that is used for outgoing NAT traffic.
IPv6 assignment is wrong too.
Currently eth1 has
2602:fba1:999::2/48
and lxcbr0 has2602:fba1:999::/48
, so that the kernel thinks both interfaces are on the same subnet and would not forward traffic between them.You should reduce the subnet size on each, so that they don't overlap.
For example, change eth1 to
2602:fba1:999::2/64
and change lxcbr0 to2602:fba1:999:1c00::/56
.CONFIG environ is meant to be kernel config file, not LXC config file.
Try
CONFIG=/boot/config-lts lxc-checkconfig
.Did you follow the prompt?
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
@yoursunny
I run the start command with -F,it seems to be a file permission issue.
The owner of the rootfs is 10220000 which is different from 1022000000.
Is the number 1022000000 out of range to be used as suid or guid?