Moving in with Google

Our first LXC-Server hosted on the Google Cloud Platform

lxc comes bundled with lxc-net and dnsmasq-base

Install LXC and psmisc for the killall command.

root@lxc1> apt install lxc psmisc

lxc-net takes care of setting up the network bridge and configuring a DHCP server using DnsMasq. We need to tell LXC to use network bridging and specify a config file for DnsMasq.

root@lxc1> vim /etc/default/lxc-net
USE_LXC_BRIDGE="true"
LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf

Default lxc-bridge config is in: “/usr/lib/x86_64-linux-gnu/lxc/lxc-net”

Configure dnsmasq for lxc-net

A reference is made in the DnsMasq config to a list of container names and ip-addresses.

root@lxc1> vim /etc/lxc/dnsmasq.conf
dhcp-hostsfile=/etc/lxc/dnsmasq-hosts.conf
root@lxc1> vim /etc/lxc/dnsmasq-hosts.conf
sql,10.0.3.10
Reload lxc-net
root@lxc1> killall -s SIGHUP dnsmasq
root@lxc1> systemctl restart lxc-net
root@lxc1> systemctl status lxc-net
Create unprivileged containers for root

Subordinate user and group id, these values are subtracted from the owner and group.

Root owned files inside the container are shifted from 165536 => 0, and if a user has UID 1000 inside of the container it would be 166536 on the host system.

root@lxc1> vim /etc/subuid
root@lxc1> vim /etc/subgid
root:165536:65536

Tell the default config to use our sub uid & gid when ever a new container is created.

root@lxc1> vim /etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up

lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1

lxc.idmap = u 0 165536 65536
lxc.idmap = g 0 165536 65536
Create container
root@lxc1> lxc-create -n sql -t download
root@lxc1> lxc-start -n sql
root@lxc1> lxc-attach -n sql
root@sql> mysql_secure_installation
CREATE DATABASE `dbname`
CREATE USER `user`@`10.0.3.%` IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON `dbname`.* TO `user`@`10.0.3.%`;
FLUSH PRIVILEGES;
root@lxc1> iptables -t nat -A PREROUTING -p tcp -i ens4 --dport 80 -j DNAT --to-destination 10.0.3.11:80

Resizing a persistent root disk

Make sure you’re doing this on the right partition, i am growing my system disk while running, not recommended!

Yes, there is supposed to be a space in the growpart command.

root@lxc1> apt install cloud-guest-utils
root@lxc1> growpart /dev/sda 1

CHANGED: partition=1 start=262144 old: size=20709343 end=20971487 new: size=41680863,end=41943007

Proceed to resize the partition when growpart is done.

root@lxc1> resize2fs /dev/sda1

resize2fs 1.44.5 (15-Dec-2018)
Filesystem at /dev/sda1 is mounted on /; on-line resizing required
old_desc_blocks = 2, new_desc_blocks = 3
The filesystem on /dev/sda1 is now 5210107 (4k) blocks long.