On Thu 2011-09-29 (18:05), Derek Simkowiak wrote: > Hello, > I have just published a new Open Source LXC container creation > script, called lxc-ubuntu-x. It implements all the latest "best > practices" I found on the web, and introduces some new features. I am > using this script in a production environment, and I invite you to check > it out: > > http://derek.simkowiak.net/lxc-ubuntu-x/ > > It currently generates Ubuntu or Debian containers. > > I created this because the scripts and tutorials I found on the web > all had shortcomings of one form or another. For example, many blogs > recommend mounting filesystems within the container's init (which does > not allow for a shared read-only mount, because root can simply remount > it). So, this script uses an external fstab file. Also: > > - It creates a random MAC address with a high vendor address, to > workaround Launchpad bug #58404 > - It generates new (unique) SSH host keys and SSL certificates for each > new container > - It applies all necessary dev, mtab, and init script fixes, including > booting containers with Upstart > - It is fully non-interactive; it allows for automatic generation of > containers. (Getting this to work was surprisingly difficult!) > - It restricts container "capabilities" as much as possible by default > - It creates a default user, sets his password, installs any SSH > "authorized_keys" file you want, and adds him to the sudo admin group.
Besides the last step, I have it all in my solution which I have posted to the list several months ago: http://fex.rus.uni-stuttgart.de/lxc.html Plus: I can execute any command inside a container without ssh. -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlac...@rus.uni-stuttgart.de Universitaet Stuttgart Tel: ++49-711-685-65868 Allmandring 30 Fax: ++49-711-682357 70550 Stuttgart (Germany) WWW: http://www.rus.uni-stuttgart.de/ ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
