Free Alpine Linux Shell Accounts

11112141617

Comments

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @tme said:
    Hi, here is my public SSH key. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDntE+N38zRGvpDB3eKffGBoUrTFR+4wylNevShXAXlZZA3ihJm9dHagj3+XT/cAdIParvZbJiqtjXPNOaRsKORClOjQLKqEnhtXlIHEFZnfjBCMVpYc5+Jnh/1MtsHDnD/ZkE3OWS1eGN+Ge3IU0aHELDJ6SzqGOUyI8qkpMfMuWK7kQzsoVBJJdsFSoQ4T4HtaqolR9HAIPxni6Ayo4ekZCm2WaRufTVI1aRCUGSdpWjAlE/S+HHajQaZ5LuhEDBQkGV7NJejwcuEM8nJIyQif0aB85eFHdVF1VQFn7wA9hFIHchvsVsjZSI4azrxenIWblrdKcgXI7gZR3qcGpzr8Pflgtb0P9rB2VShO/tj30soLvtkL+sZLHanFTnDPrqofA1S2R9pPsAFa6y1YUdwDnJvJptFuaJgme2qSmU6AdfFqbJjJDE5XxIIk7j6YbSdkyJJPZEeM5G1Sj0NkAhcssabL9CejP3vR4EJXyHfNuIBh4IEo1jKNCL1GJPeTHM= user@TME-PC

    Hope I can get in :smiley:

    Hi @tme!

    Welcome to MetalVPS! Haha, I also hope you can get in! :) Wanna try something like

    ssh [email protected] -p 42365

    Might work over both IPv4 and IPv6.

    Password login has been disabled, but your account's password is in a file in your home directory. Please feel free to change your password.

    I hope you have fun on the server!

    Best wishes and kindest regards!

    Tom

    Thanked by (1)tme

    I hope everyone gets the servers they want!

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @Not_Oles said: Hi Guys! Heard from Cloudie. He said he is checking. Best! Tom

    Heard again from @Cloudie, who said one of the routers is misbehaving.

    Let's pause adding new accounts until the situation with the router is resolved. Hopefully soon! :)

    Thanks everyone!

    I hope everyone gets the servers they want!

  • @raveen2k3 said:

    @subenhon said:

    ~$ nix-shell -p hello
    error: getting status of /nix/var/nix/daemon-socket/socket: Permission denied
    

    @terrorgen @Not_Oles

    I get a “Permission denied” error msg.
    Is there something else need to be done before I use it?

    I tried nix too , Got same error :P if you solve it or Gita a solution .tag me :-)

    Sorry just saw this. Glad that you have it solved! Somehow I didn't have to set the envar.

    Thanked by (2)Not_Oles raveen2k3

    The all seeing eye sees everything...

  • @Not_Oles said:

    @chitree said:

    @Not_Oles said:
    Hi @chitree! Welcome to LES! Congratulations on your first post! Want to introduce yourself to the community? Please tell us a little about who and where you are, your experience, and what you want to do on the server. Also, we will need your ed25519 ssh public key to give you an account. Thanks! Tom

    Thanks @Not_Oles! Sure, I'm a privacy advocate and work in the computer security field. I'm a New Englander and I've been using Linux since it began in the 90s. I would like to explore in my Alpine Linux shell, as I know it's very different approach to an OS. My ed25519 ssh public key is here
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaMPrmXnsbLYdSg9j14Ry65FqOmv1k/iWWkUMi7F7uT
    Thanks

    Excellent! Do you have a website or other presence elsewhere on the web where we can learn more about your position on privacy and about your work in computer security? Thanks!

    I don't have a website as that would defeat the point of good OpSec, privacy, and security :) I've honestly already shared lots about me that I don't normally share. I work with many local people and only do work in-person. My position on privacy and security is to not use any operating systems that heavily surveil their users (Microsoft and Apple). I only utilize free and open source software and help others do the same. I'm still interested in an Alpine Linux shell if you're still open to granting me one. Thank you.

    Thanked by (1)Not_Oles

    VPS providers to check out:

  • @terrorgen said:

    @raveen2k3 said:

    @subenhon said:

    ~$ nix-shell -p hello
    error: getting status of /nix/var/nix/daemon-socket/socket: Permission denied
    

    @terrorgen @Not_Oles

    I get a “Permission denied” error msg.
    Is there something else need to be done before I use it?

    I tried nix too , Got same error :P if you solve it or Gita a solution .tag me :-)

    Sorry just saw this. Glad that you have it solved! Somehow I didn't have to set the envar.

    Hey @terrorgen ,

    Looks like a new issue is popped up for me
    It would be great if you can look into it :-)

    Here i post images


    The first one is happening i try to use a nix cmd

    And the second is a text before the shell when I login

    Regards
    Raveen

    Thanked by (1)Not_Oles
  • Add a nix channel and update it.

    Thanked by (2)Not_Oles raveen2k3

    The all seeing eye sees everything...

  • Hi @qmesso!

    Wonderful to hear from you! I see that you have been here on LES for awhile, and that your profile might have less activity than some others. Would you like to introduce yourself by telling us who and where you are plus something about your Linux experience? Also, what do you want to do on the server?

    I'm looking forward to setting up your account!

    Best wishes!

    Tom

    Hey,
    Thanks for the reply,

    And here is my public key

    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWazqchQhVol2yJiXwkAfX4ROyZiX2xII7B0UAuc2DW

    thx for all :)

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @qmesso said:

    Hi @qmesso!

    Wonderful to hear from you! I see that you have been here on LES for awhile, and that your profile might have less activity than some others. Would you like to introduce yourself by telling us who and where you are plus something about your Linux experience? Also, what do you want to do on the server?

    I'm looking forward to setting up your account!

    Best wishes!

    Tom

    Hey,
    Thanks for the reply,

    And here is my public key

    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWazqchQhVol2yJiXwkAfX4ROyZiX2xII7B0UAuc2DW

    thx for all :)

    Hi @qmesso!

    I added your account. Welcome again!

    When you get a chance, could you please try to log in via IPv4 and IPv6 with your ssh key and something like:

    ssh [email protected] -p 42365

    and let us know whether it works?

    Password login has been disabled, but your account's password is in a file in your home directory. Please feel free to change your password.

    Hope you have fun on the server!

    Best!

    Tom

    I hope everyone gets the servers they want!

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @chitree said:

    @Not_Oles said:

    @chitree said:

    @Not_Oles said:
    Hi @chitree! Welcome to LES! Congratulations on your first post! Want to introduce yourself to the community? Please tell us a little about who and where you are, your experience, and what you want to do on the server. Also, we will need your ed25519 ssh public key to give you an account. Thanks! Tom

    Thanks @Not_Oles! Sure, I'm a privacy advocate and work in the computer security field. I'm a New Englander and I've been using Linux since it began in the 90s. I would like to explore in my Alpine Linux shell, as I know it's very different approach to an OS. My ed25519 ssh public key is here
    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaMPrmXnsbLYdSg9j14Ry65FqOmv1k/iWWkUMi7F7uT
    Thanks

    Excellent! Do you have a website or other presence elsewhere on the web where we can learn more about your position on privacy and about your work in computer security? Thanks!

    I don't have a website as that would defeat the point of good OpSec, privacy, and security :) I've honestly already shared lots about me that I don't normally share. I work with many local people and only do work in-person. My position on privacy and security is to not use any operating systems that heavily surveil their users (Microsoft and Apple). I only utilize free and open source software and help others do the same. I'm still interested in an Alpine Linux shell if you're still open to granting me one. Thank you.

    Hi @chitree!

    Seems you might already have extensive Linux experience and also abundant server resources? How would it work for you to set up Alpine on a server from Racknerd or Dedipath?

    I will keep trying to give you an account. Thank you for your interest!

    Always best wishes and kindest regards,

    Tom

    I hope everyone gets the servers they want!

  • Hi there!
    I am excited to try this.

    Thanks.

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @QuantumBackdoor said:
    Hi there!
    I am excited to try this.

    Thanks.

    Hi @QuantumBackdoor!

    Welcome to LES! Congrats on your first post! I am delighted to be the first to thank you!

    Want to share a little about who and where you are, your Linux experience, and what you want to do on the server? I think everyone will be glad to meet you!

    Best wishes and kindest regards,

    Tom

    I hope everyone gets the servers they want!

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @Not_Oles said: @Not_Oles said: LXC still is not expected to work yet partly because lxcbr0 isn't present because /etc/network/interfaces hasn't been updated yet. There is no bridge in the current setup. I sent the possible new interfaces configuration to Cloudie, so we will see what he says.

    Haven't yet heard back from @Cloudie. He is a great guy! Sometimes he gets busy, and that's okay.

    @Cloudie is very helpful and kind. But he still seems busy. Maybe my message about the network configuration went astray. I took the liberty of bumping that message


    @Not_Oles said: @Not_Oles said: Hi Guys! Heard from Cloudie. He said he is checking. Best! Tom

    Heard again from @Cloudie, who said one of the routers is misbehaving.

    Let's pause adding new accounts until the situation with the router is resolved. Hopefully soon!

    Thanks everyone!

    Even though there doesn't yet seem to be more news, it's beyond doubt that @Cloudie still is working hard on the router situation.

    Best wishes and kindest regards,

    Tom

    I hope everyone gets the servers they want!

  • @Not_Oles said:

    @QuantumBackdoor said:
    Hi there!
    I am excited to try this.

    Thanks.

    Hi @QuantumBackdoor!

    Welcome to LES! Congrats on your first post! I am delighted to be the first to thank you!

    Want to share a little about who and where you are, your Linux experience, and what you want to do on the server? I think everyone will be glad to meet you!

    Best wishes and kindest regards,

    Tom

    Hi @Not_Oles,
    I am Melvik, a student of TJC.

    I have been using Windows for a long time since my school, but after I choose development path I find difficult to work in it.
    One of my friend recommended linux.I tried it out, and it has an amazing development environment.
    I searched for some cheap linux servers, but all were too costly for my usage and I find this forum.
    I like to have a linux server to improve my coding skills and linux knowledge. I will use it to learn more in linux and run/test some of my codes in linux environment.

    Thanks.

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @QuantumBackdoor said:

    @Not_Oles said:

    @QuantumBackdoor said:
    Hi there!
    I am excited to try this.

    Thanks.

    Hi @QuantumBackdoor!

    Welcome to LES! Congrats on your first post! I am delighted to be the first to thank you!

    Want to share a little about who and where you are, your Linux experience, and what you want to do on the server? I think everyone will be glad to meet you!

    Best wishes and kindest regards,

    Tom

    Hi @Not_Oles,
    I am Melvik, a student of TJC.

    I have been using Windows for a long time since my school, but after I choose development path I find difficult to work in it.
    One of my friend recommended linux.I tried it out, and it has an amazing development environment.
    I searched for some cheap linux servers, but all were too costly for my usage and I find this forum.
    I like to have a linux server to improve my coding skills and linux knowledge. I will use it to learn more in linux and run/test some of my codes in linux environment.

    Thanks.

    Hi Melvik!

    Thanks for your message!

    Sorry, does TJC mean "Tyler Junior College?"

    Do you have any code or anything else about you online anywhere?

    Have you tried any of the free accounts available for students from Google, Oracle, Amazon, Azure, etc?

    Thanks again!

    Tom

    I hope everyone gets the servers they want!

  • Do google, amazon, oracle have any free student offers?

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @QuantumBackdoor said:
    Do google, amazon, oracle have any free student offers?

    Almost all the big companies have free offers. Some offers for everyone, and, often, bigger offers for students. Here's a link to Oracle's Free Tier

    https://www.oracle.com/cloud/free/

    If you look around, you will find many free and introductory offers from the bigger companies.

    Best wishes!

    Tom

    I hope everyone gets the servers they want!

  • @Not_Oles said:

    @QuantumBackdoor said:
    Do google, amazon, oracle have any free student offers?

    Almost all the big companies have free offers. Some offers for everyone, and, often, bigger offers for students. Here's a link to Oracle's Free Tier

    https://www.oracle.com/cloud/free/

    If you look around, you will find many free and introductory offers from the bigger companies.

    Best wishes!

    Tom

    Thanks

    Thanked by (1)Not_Oles
  • @Not_Oles said:

    @tme said:
    Hi, here is my public SSH key. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDntE+N38zRGvpDB3eKffGBoUrTFR+4wylNevShXAXlZZA3ihJm9dHagj3+XT/cAdIParvZbJiqtjXPNOaRsKORClOjQLKqEnhtXlIHEFZnfjBCMVpYc5+Jnh/1MtsHDnD/ZkE3OWS1eGN+Ge3IU0aHELDJ6SzqGOUyI8qkpMfMuWK7kQzsoVBJJdsFSoQ4T4HtaqolR9HAIPxni6Ayo4ekZCm2WaRufTVI1aRCUGSdpWjAlE/S+HHajQaZ5LuhEDBQkGV7NJejwcuEM8nJIyQif0aB85eFHdVF1VQFn7wA9hFIHchvsVsjZSI4azrxenIWblrdKcgXI7gZR3qcGpzr8Pflgtb0P9rB2VShO/tj30soLvtkL+sZLHanFTnDPrqofA1S2R9pPsAFa6y1YUdwDnJvJptFuaJgme2qSmU6AdfFqbJjJDE5XxIIk7j6YbSdkyJJPZEeM5G1Sj0NkAhcssabL9CejP3vR4EJXyHfNuIBh4IEo1jKNCL1GJPeTHM= user@TME-PC

    Hope I can get in :smiley:

    Hi @tme!

    Welcome to MetalVPS! Haha, I also hope you can get in! :) Wanna try something like

    ssh [email protected] -p 42365

    Might work over both IPv4 and IPv6.

    Password login has been disabled, but your account's password is in a file in your home directory. Please feel free to change your password.

    I hope you have fun on the server!

    Best wishes and kindest regards!

    Tom

    Haha thanks for it, am trying to figure out how to use it :sweat_smile: Was on vacation, so couldn't respond earlier

    Thanked by (1)Not_Oles
  • edited January 2023

    lxcbr0 when?

    Currently compiling OpenWrt on a 4-core Skylake machine.
    It would be 4x faster if it's compiling on an LXC container in fmt.MetalVPS.

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer
    edited January 2023

    @yoursunny said:
    lxcbr0 when?

    Currently compiling OpenWrt on a 4-core Skylake machine.
    It would be 4x faster if it's compiling on an LXC container in fmt.MetalVPS.

    TL;DR

    Hi @yoursunny!

    Thank you for asking! Sorry we haven't been going faster!

    We are waiting on two issues, (1) a router sometimes is not working, and (2) we are looking for approval from @Cloudie on the proposed, new /etc/network/interfaces. With (2), the questions include whether exposing the container MAC addresses on the physical network is a problem.

    You are more than welcome to compile on one of my other servers. The other guys here also are more than welcome on my other servers.

    If you want to take over the network configuration here or provide even more help with how it should be done, then we can go faster on the configuration. But there also are the router issues.

    Always best wishes and kindest regards,

    Tom

    Links

    January 3 -- New /etc/network/interfaces proposed

    January 4 -- @yoursunny says "Bridging containers directly on the physical port may result in the containers' MAC addresses becoming visible on the physical network. I don't know about Cloudie, but doing this in KVM would get filtered in Virtualizor, and doing this on Hetzner would trigger infraction warning letter." @Not_Oles decides he ought to check with @Cloudie to see whether the proposed /etc/network/interfaces configuration is okay.

    January 4 -- Revised /etc/network/interfaces proposed

    January 4 -- Revised /etc/network/interfaces sent to @Cloudie

    January 6 -- Waiting to hear from @Cloudie about /etc/network/interfaces. @Not_Oles says he might try something.

    January 6 -- Multiple users experience downtime.

    January 7 -- Multiple downtime/uptime cycles previous night. @Not_Oles says, ". . . when he has time, I'm sure i will hear from @Cloudie on the server /etc/network/interfaces configuration. . . ."

    January 7 -- @Not_Oles reports, "Heard from Cloudie. He said he is checking."

    January 8 -- @Cloudie says one of the routers is misbehaving. @Not_Oles pauses new accounts until the router issue is resolved.

    January 14 -- @Not_Oles says, "@Cloudie is very helpful and kind. But he still seems busy. Maybe my message about the network configuration went astray. I took the liberty of bumping that message."

    January 14 -- @Not_Oles says, "Even though there doesn't yet seem to be more news, it's beyond doubt that @Cloudie still is working hard on the router situation."

    I hope everyone gets the servers they want!

  • edited January 2023

    I believe you can create lxcbr0 not joined with the uplink, so that no container MAC address would show up on the hardware side.
    I did some trials on an ephemeral Alpine 3.17 system, created by netboot.xyz and running in tmpfs.

    The IP addresses in the sample are:

    • The host has a primary IPv4 (not shown), used for host originated traffic.
    • 192.168.5.188 is the host's secondary IPv4, used for outgoing NAT traffic from containers.
      192.168.5.188 is marked preferred_lft 0 so that it would not be auto-selected for host originated traffic.

    • 192.168.188.0/24 is assigned to containers.
      Traffic from this subnet is NAT'ed.

    • 2600:4040:2ca4:a5bc::/64 is assigned to containers.
      This prefix must be routed to the server.
      If there's only on-link prefix, NDP responder would be required to convert it into a routed prefix.

    These are typed by root into Alpine console:

    : install necessary packages
    echo http://dl-cdn.alpinelinux.org/alpine/v3.17/community | tee -a /etc/apk/repositories
    apk update
    apk add iptables lxc lxc-download lxcfs shadow-subids xz
    
    : enable cgroups
    rc-update add cgroups
    rc-service cgroups start
    
    : create LXC bridge and assign addresses
    ip link add lxcbr0 type bridge
    ip addr add 192.168.188.1/24 dev lxcbr0
    ip addr add 2600:4040:2ca4:a5bc::/64 dev lxcbr0
    
    : enable IPv4 and IPv6 forwarding
    sysctl net.ipv4.ip_forward=1
    sysctl net.ipv6.conf.all.forwarding=1
    
    : setup IPv4 NAT, with a secondary public IPv4 address for outgoing traffic
    ip addr add 192.168.5.188/24 dev eth0 preferred_lft 0
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth0 -j SNAT --to 192.168.5.188
    
    : create a user and grant permission for subids and LXC bridge
    adduser user
    echo 'user:100000:65536' | tee /etc/subuid /etc/subgid
    echo 'user veth lxcbr0 100' | tee /etc/lxc/lxc-usernet
    

    These are typed by user into Alpine console:

    : write LXC config defaults
    mkdir -p ~/.config/lxc
    cat > ~/.config/lxc/default.conf <<EOT
    lxc.net.0.type = veth
    lxc.net.0.link = lxcbr0
    lxc.net.0.flags = up
    lxc.idmap = u 0 100000 65536
    lxc.idmap = g 0 100000 65536
    EOT
    
    : create Ubuntu 22.04 container and assign IP addresses
    lxc-create -n ubuntu -t download -- -d ubuntu -r jammy -a amd64
    tee -a ~/.local/share/lxc/ubuntu/config <<EOT
    lxc.net.0.ipv4.address = 192.168.188.2/24
    lxc.net.0.ipv4.gateway = 192.168.188.1
    lxc.net.0.ipv6.address = 2600:4040:2ca4:a5bc::2/64
    lxc.net.0.ipv6.gateway = 2600:4040:2ca4:a5bc::
    lxc.init.cmd = /bin/bash
    EOT
    
    : start the container
    lxc-start -n ubuntu
    
    : attach to the container console
    lxc-attach -n ubuntu
    
    : kill the container
    lxc-stop -k -n ubuntu
    

    These are typed into container console:

    : set DNS server
    rm /etc/resolv.conf
    echo 'nameserver 2600:4700:4700::1111' | tee /etc/resolv.conf
    
    : network will work after this
    

    Caveats:

    • All the network configs on the host are ephemeral.
      They must be re-typed after the host reboots.

    • IPv6 into containers is on-link, not routed.
      It's possible to add routed IPv6 subnet, by running one ip route add command for each container on the host.

    • IP address conflicts between containers are possible, if two users assign the same address.
      If a conflict occurs, the container that starts later will typically show the address as dadfailed.

    • systemd in the container will not work, so the entry process is changed to bash.

    • By changing entry process to bash, the container will not shutdown, and can only be killed.
    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Thanks @yoursunny!

    Here are the results of the first try, from last night.

    There are a few mistakes I made and maybe a few tweaks still might be needed.

    This is fun for me! Thanks again! 💖

    Tom

         1  chronos@penguin:~$ ssh f | tee -a yoursunny-network-config-fmt-20230123
         2
         3  Welcome to Alpine!
         4
         5  The Alpine Wiki contains a large amount of how-to guides and general
         6  information about administrating Alpine systems.
         7  See <https://wiki.alpinelinux.org/>.
         8
         9  You can setup the system with the command: setup-alpine
        10
        11  You may change this message by editing /etc/motd.
        12
        13  fmt:~# date -u
        14  Mon Jan 23 05:15:31 UTC 2023
        15  fmt:~# # See https://lowendspirit.com/discussion/comment/125271/#Comment_125271
        16  # Skipped the following step
        17  # echo http://dl-cdn.alpinelinux.org/alpine/v3.17/community | tee -a /etc/apk/repositories 
        18  # because running "edge" not 3.17 and community repo already enabled
        19  fmt:~# cat /etc/apk/repositories
        20  http://mirror.fcix.net/alpine/edge/main
        21  http://mirror.fcix.net/alpine/edge/community
        22  http://mirror.fcix.net/alpine/edge/testing
        23  fmt:~# apk update
        24  fetch http://mirror.fcix.net/alpine/edge/main/x86_64/APKINDEX.tar.gz
        25  fetch http://mirror.fcix.net/alpine/edge/community/x86_64/APKINDEX.tar.gz
        26  fetch http://mirror.fcix.net/alpine/edge/testing/x86_64/APKINDEX.tar.gz
        27  v3.17.0-4319-gb364b76d8f [http://mirror.fcix.net/alpine/edge/main]
        28  v3.17.0-4327-g46b4e5ad8e [http://mirror.fcix.net/alpine/edge/community]
        29  v3.17.0-4321-ged21517f9e [http://mirror.fcix.net/alpine/edge/testing]
        30  OK: 24250 distinct packages available
        31  # Upgrade step omitted by Not_Oles' mistake
        32  fmt:~# apk add iptables lxc lxc-download lxcfs shadow-subids xz
        33  ok
        34  fmt:~# rc-update add cgroups
        35   * service cgroups added to runlevel default
        36  fmt:~# rc-service cgroups start
        37   * Mounting cgroup filesystem ...
        38   [ ok ]
        39  fmt:~# echo ip link add lxcbr0 type bridge > lxc-up.sh
        40  fmt:~# echo ip addr add 192.168.188.1/24 dev lxcbr0 >> lxc-up.sh
        41  # Address in following step changed to address assigned by Cloudie.
        42  fmt:~# echo ip addr add 2600:4040:2ca4:a5bc::/64 dev lxcbr0 >> lxc-up.sh
        43  fmt:~# echo sysctl net.ipv4.ip_forward=1 >> lxc-up.sh
        44  fmt:~# echo sysctl net.ipv6.conf.all.forwarding=1 >> lxc-up.sh
        45  fmt:~# # instructions request eth0 but server is using eth1
        46  fmt:~# ip link show
        47  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
        48      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        49  2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        50      link/ether 00:1e:67:d4:db:bb brd ff:ff:ff:ff:ff:ff
        51  3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
        52      link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
        53  4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        54      link/ether 00:1e:67:d4:db:bd brd ff:ff:ff:ff:ff:ff
        55  5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
        56      link/ether 00:1e:67:d4:db:be brd ff:ff:ff:ff:ff:ff
        57  fmt:~# echo ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0 >> lxc-up.sh
        58  fmt:~# echo iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT -
        59  -to 192.168.5.188 >> lxc-up.sh
        60  fmt:~# cat lxc-up.sh
        61  ip link add lxcbr0 type bridge
        62  ip addr add 192.168.188.1/24 dev lxcbr0
        63  ip addr add 2600:4040:2ca4:a5bc::/64 dev lxcbr0 # Address changed
        64  sysctl net.ipv4.ip_forward=1
        65  sysctl net.ipv6.conf.all.forwarding=1
        66  ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0
        67  iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188
        68  # Create user steps omitted because users already created
        69  # subuid and subgid steps omitted because previously done
        70  fmt:~# cat /etc/subuid
        71  root:100000:65536
        72  notoles:1000000000:65536
        73  localhost:1002000000:65536
        74  Fritz:1005000000:65536
        75  yoursunny:1018000000:65536
        76  subenhon:1022000000:65536
        77  fmt:~# cat /etc/subgid
        78  root:100000:65536
        79  notoles:1000000000:65536
        80  localhost:1002000000:65536
        81  Fritz:1005000000:65536
        82  yoursunny:1018000000:65536
        83  subenhon:1022000000:65536
        84  fmt:~# cp -p lxc-up.sh lxc-up.sh~
        85  fmt:~# chmod 700 lxc-up.sh
        86  fmt:~# ./lxc-up.sh
        87  ip: RTNETLINK answers: Not supported
        88  ip: can't find device 'lxcbr0'
        89  ip: can't find device 'lxcbr0'
        90  net.ipv4.ip_forward = 1
        91  net.ipv6.conf.all.forwarding = 1
        92  modprobe: FATAL: Module ip_tables not found in directory /lib/modules/6.1.1-0-lts
        93  iptables v1.8.8 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
        94  Perhaps iptables or your kernel needs to be upgraded.
        95  fmt:~# exit
    

    I hope everyone gets the servers they want!

  • edited January 2023

    @Not_Oles said:
    ip: RTNETLINK answers: Not supported
    modprobe: FATAL: Module ip_tables not found in directory /lib/modules/6.1.1-0-lts

    If you installed the kernel from packages, you need to modprobe some modules, including but not limited to: bridge, ip_tables.
    If you have upgraded the kernel but has not rebooted, now is the time to do so, otherwise modprobe will not work because the modules directory for the running kernel is already deleted.
    If you compiled the kernel from source, you need to re-compile with some options enabled, including but not limited to: CONFIG_BRIDGE, CONFIG_NETFILTER.

    Thanked by (1)Not_Oles
  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Today's upgrades.

    fmt:~# date -u
    Mon Jan 23 17:05:16 UTC 2023
    fmt:~# apk update
    fetch http://mirror.fcix.net/alpine/edge/main/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/community/x86_64/APKINDEX.tar.gz
    fetch http://mirror.fcix.net/alpine/edge/testing/x86_64/APKINDEX.tar.gz
    v3.17.0-4354-g007305e788 [http://mirror.fcix.net/alpine/edge/main]
    v3.17.0-4355-ga7a0618d0c [http://mirror.fcix.net/alpine/edge/community]
    v3.17.0-4351-gcb5dbeefd3 [http://mirror.fcix.net/alpine/edge/testing]
    OK: 24261 distinct packages available
    fmt:~# apk upgrade
    Upgrading critical system libraries and apk-tools:
    (1/1) Upgrading apk-tools (2.12.10-r1 -> 2.12.11-r0)
    Executing busybox-1.35.0-r29.trigger
    Continuing the upgrade transaction with new apk-tools:
    (1/130) Upgrading busybox (1.35.0-r29 -> 1.36.0-r1)
    Executing busybox-1.36.0-r1.post-upgrade
    (2/130) Upgrading busybox-binsh (1.35.0-r29 -> 1.36.0-r1)
    (3/130) Upgrading ifupdown-ng (0.12.1-r0 -> 0.12.1-r1)
    (4/130) Upgrading openrc (0.45.2-r7 -> 0.46-r0)
    Executing openrc-0.46-r0.post-upgrade
    (5/130) Upgrading busybox-mdev-openrc (1.35.0-r29 -> 1.36.0-r1)
    (6/130) Upgrading ca-certificates-bundle (20221203-r1 -> 20230106-r0)
    (7/130) Upgrading libcrypto3 (3.0.7-r1 -> 3.0.7-r2)
    (8/130) Upgrading libssl3 (3.0.7-r1 -> 3.0.7-r2)
    (9/130) Upgrading ssl_client (1.35.0-r29 -> 1.36.0-r1)
    (10/130) Upgrading busybox-openrc (1.35.0-r29 -> 1.36.0-r1)
    (11/130) Upgrading busybox-suid (1.35.0-r29 -> 1.36.0-r1)
    (12/130) Upgrading scanelf (1.3.5-r1 -> 1.3.6-r0)
    (13/130) Upgrading libc-utils (0.7.2-r3 -> 0.7.2-r4)
    (14/130) Upgrading apk-tools-doc (2.12.10-r1 -> 2.12.11-r0)
    (15/130) Upgrading automake (1.16.5-r1 -> 1.16.5-r2)
    (16/130) Upgrading automake-doc (1.16.5-r1 -> 1.16.5-r2)
    (17/130) Upgrading ncurses-terminfo-base (6.4_p20221231-r0 -> 6.4_p20230121-r0)
    (18/130) Upgrading ncurses-libs (6.4_p20221231-r0 -> 6.4_p20230121-r0)
    (19/130) Upgrading binutils-doc (2.39-r2 -> 2.40-r2)
    (20/130) Upgrading libgcc (12.2.1_git20220924-r6 -> 12.2.1_git20220924-r8)
    (21/130) Upgrading libstdc++ (12.2.1_git20220924-r6 -> 12.2.1_git20220924-r8)
    (22/130) Upgrading zstd-libs (1.5.2-r10 -> 1.5.2-r11)
    (23/130) Upgrading binutils (2.39-r2 -> 2.40-r2)
    (24/130) Upgrading libgomp (12.2.1_git20220924-r6 -> 12.2.1_git20220924-r8)
    (25/130) Upgrading libatomic (12.2.1_git20220924-r6 -> 12.2.1_git20220924-r8)
    (26/130) Upgrading mpfr4 (4.1.1-r1 -> 4.2.0-r0)
    (27/130) Upgrading gcc (12.2.1_git20220924-r6 -> 12.2.1_git20220924-r8)
    (28/130) Upgrading libstdc++-dev (12.2.1_git20220924-r6 -> 12.2.1_git20220924-r8)
    (29/130) Upgrading libc-dev (0.7.2-r3 -> 0.7.2-r4)
    (30/130) Upgrading g++ (12.2.1_git20220924-r6 -> 12.2.1_git20220924-r8)
    (31/130) Upgrading fortify-headers (1.1-r1 -> 1.1-r2)
    (32/130) Upgrading busybox-doc (1.35.0-r29 -> 1.36.0-r1)
    (33/130) Upgrading ca-certificates-doc (20221203-r1 -> 20230106-r0)
    (34/130) Upgrading chrony (4.3-r0 -> 4.3-r1)
    Executing chrony-4.3-r1.pre-upgrade
    (35/130) Upgrading chrony-openrc (4.3-r0 -> 4.3-r1)
    (36/130) Upgrading chrony-doc (4.3-r0 -> 4.3-r1)
    (37/130) Upgrading containerd-doc (1.6.14-r0 -> 1.6.15-r0)
    (38/130) Upgrading ca-certificates (20221203-r1 -> 20230106-r0)
    (39/130) Upgrading libcurl (7.87.0-r1 -> 7.87.0-r3)
    (40/130) Upgrading curl (7.87.0-r1 -> 7.87.0-r3)
    (41/130) Upgrading curl-doc (7.87.0-r1 -> 7.87.0-r3)
    (42/130) Upgrading containerd (1.6.14-r0 -> 1.6.15-r0)
    (43/130) Upgrading containerd-openrc (1.6.14-r0 -> 1.6.15-r0)
    (44/130) Upgrading iptables (1.8.8-r2 -> 1.8.9-r0)
    (45/130) Upgrading iptables-openrc (1.8.8-r2 -> 1.8.9-r0)
    (46/130) Upgrading ip6tables (1.8.8-r2 -> 1.8.9-r0)
    (47/130) Upgrading ip6tables-openrc (1.8.8-r2 -> 1.8.9-r0)
    (48/130) Upgrading docker-engine (20.10.22-r0 -> 20.10.23-r0)
    (49/130) Upgrading docker-openrc (20.10.22-r0 -> 20.10.23-r0)
    (50/130) Upgrading docker-cli (20.10.22-r0 -> 20.10.23-r0)
    (51/130) Upgrading docker (20.10.22-r0 -> 20.10.23-r0)
    (52/130) Upgrading docker-doc (20.10.22-r0 -> 20.10.23-r0)
    (53/130) Upgrading libblkid (2.38.1-r1 -> 2.38.1-r3)
    (54/130) Upgrading libcom_err (1.46.5-r4 -> 1.46.5-r5)
    (55/130) Upgrading e2fsprogs-libs (1.46.5-r4 -> 1.46.5-r5)
    (56/130) Upgrading libuuid (2.38.1-r1 -> 2.38.1-r3)
    (57/130) Upgrading e2fsprogs (1.46.5-r4 -> 1.46.5-r5)
    (58/130) Upgrading e2fsprogs-doc (1.46.5-r4 -> 1.46.5-r5)
    (59/130) Upgrading fio (3.33-r0 -> 3.33-r1)
    (60/130) Upgrading fio-doc (3.33-r0 -> 3.33-r1)
    (61/130) Upgrading gcc-doc (12.2.1_git20220924-r6 -> 12.2.1_git20220924-r8)
    (62/130) Upgrading xz-libs (5.4.0-r1 -> 5.4.1-r0)
    (63/130) Upgrading git (2.39.0-r0 -> 2.39.1-r1)
    (64/130) Upgrading perl-git (2.39.0-r0 -> 2.39.1-r1)
    (65/130) Upgrading git-perl (2.39.0-r0 -> 2.39.1-r1)
    (66/130) Upgrading git-doc (2.39.0-r0 -> 2.39.1-r1)
    (67/130) Upgrading gnupg-gpgconf (2.2.41-r0 -> 2.4.0-r0)
    (68/130) Upgrading gpg (2.2.41-r0 -> 2.4.0-r0)
    (69/130) Upgrading gpg-agent (2.2.41-r0 -> 2.4.0-r0)
    (70/130) Upgrading gpg-wks-server (2.2.41-r0 -> 2.4.0-r0)
    (71/130) Upgrading gpgsm (2.2.41-r0 -> 2.4.0-r0)
    (72/130) Upgrading gpgv (2.2.41-r0 -> 2.4.0-r0)
    (73/130) Upgrading gnupg-dirmngr (2.2.41-r0 -> 2.4.0-r0)
    (74/130) Upgrading gnupg-utils (2.2.41-r0 -> 2.4.0-r0)
    (75/130) Upgrading gnupg-wks-client (2.2.41-r0 -> 2.4.0-r0)
    (76/130) Upgrading gnupg (2.2.41-r0 -> 2.4.0-r0)
    (77/130) Upgrading gnupg-doc (2.2.41-r0 -> 2.4.0-r0)
    (78/130) Upgrading go (1.19.4-r0 -> 1.19.5-r0)
    (79/130) Upgrading go-doc (1.19.4-r0 -> 1.19.5-r0)
    (80/130) Upgrading libpcap (1.10.2-r0 -> 1.10.3-r0)
    (81/130) Upgrading ifupdown-ng-doc (0.12.1-r0 -> 0.12.1-r1)
    (82/130) Upgrading iptables-doc (1.8.8-r2 -> 1.8.9-r0)
    (83/130) Upgrading json-c-doc (0.16-r0 -> 0.16-r2)
    (84/130) Upgrading libpcap-doc (1.10.2-r0 -> 1.10.3-r0)
    (85/130) Upgrading libwebp-doc (1.2.4-r1 -> 1.3.0-r0)
    (86/130) Upgrading libxpm-doc (3.5.14-r0 -> 3.5.15-r0)
    (87/130) Upgrading linux-firmware-isci (20221214-r1 -> 20230117-r0)
    (88/130) Upgrading lddtree (1.26-r3 -> 1.27-r0)
    (89/130) Upgrading argon2-libs (20190702-r2 -> 20190702-r3)
    (90/130) Upgrading json-c (0.16-r0 -> 0.16-r2)
    (91/130) Upgrading mkinitfs (3.7.0-r0 -> 3.7.0-r1)
    Executing mkinitfs-3.7.0-r1.pre-upgrade
    Executing mkinitfs-3.7.0-r1.post-upgrade
    (92/130) Upgrading linux-lts (6.1.2-r0 -> 6.1.7-r0)
    (93/130) Upgrading linux-lts-doc (6.1.2-r0 -> 6.1.7-r0)
    (94/130) Upgrading linux-pam-doc (1.5.2-r1 -> 1.5.2-r3)
    (95/130) Upgrading lxc (5.0.1-r1 -> 5.0.2-r0)
    (96/130) Upgrading lxc-openrc (5.0.1-r1 -> 5.0.2-r0)
    (97/130) Upgrading lxc-doc (5.0.1-r1 -> 5.0.2-r0)
    (98/130) Upgrading lxc-download (5.0.1-r1 -> 5.0.2-r0)
    (99/130) Upgrading lxc-templates (5.0.1-r1 -> 5.0.2-r0)
    (100/130) Upgrading linux-pam (1.5.2-r1 -> 1.5.2-r3)
    (101/130) Upgrading shadow-libs (4.13-r0 -> 4.13-r1)
    (102/130) Upgrading shadow-subids (4.13-r0 -> 4.13-r1)
    (103/130) Upgrading fuse3-libs (3.12.0-r0 -> 3.13.0-r0)
    (104/130) Upgrading mkinitfs-doc (3.7.0-r0 -> 3.7.0-r1)
    (105/130) Upgrading nix (2.11.0-r2 -> 2.12.0-r0)
    (106/130) Upgrading nix-openrc (2.11.0-r2 -> 2.12.0-r0)
    (107/130) Upgrading nix-doc (2.11.0-r2 -> 2.12.0-r0)
    (108/130) Upgrading openrc-doc (0.45.2-r7 -> 0.46-r0)
    (109/130) Upgrading openssl (3.0.7-r1 -> 3.0.7-r2)
    (110/130) Upgrading openssl-doc (3.0.7-r1 -> 3.0.7-r2)
    (111/130) Upgrading skalibs-doc (2.12.0.1-r0 -> 2.13.0.0-r0)
    (112/130) Upgrading blkid (2.38.1-r1 -> 2.38.1-r3)
    (113/130) Upgrading libmount (2.38.1-r2 -> 2.38.1-r3)
    (114/130) Upgrading glib (2.74.4-r0 -> 2.74.5-r0)
    (115/130) Upgrading tiff-doc (4.5.0-r1 -> 4.5.0-r2)
    (116/130) Upgrading skalibs (2.12.0.1-r0 -> 2.13.0.0-r0)
    (117/130) Upgrading s6-ipcserver (2.11.1.2-r0 -> 2.11.2.0-r0)
    (118/130) Upgrading utmps (0.1.2.0-r1 -> 0.1.2.1-r0)
    (119/130) Upgrading utmps-openrc (0.1.2.0-r1 -> 0.1.2.1-r0)
    (120/130) Upgrading utmps-doc (0.1.2.0-r1 -> 0.1.2.1-r0)
    (121/130) Upgrading xxd (9.0.1128-r0 -> 9.0.1215-r0)
    (122/130) Upgrading vim (9.0.1128-r0 -> 9.0.1215-r0)
    (123/130) Upgrading vim-doc (9.0.1128-r0 -> 9.0.1215-r0)
    (124/130) Upgrading libx11 (1.8.2-r2 -> 1.8.3-r1)
    (125/130) Upgrading libxpm (3.5.14-r0 -> 3.5.15-r0)
    (126/130) Upgrading aom-libs (3.5.0-r0 -> 3.5.0-r1)
    (127/130) Upgrading libwebp (1.2.4-r1 -> 1.3.0-r0)
    (128/130) Upgrading tiff (4.5.0-r1 -> 4.5.0-r2)
    (129/130) Upgrading xz (5.4.0-r1 -> 5.4.1-r0)
    (130/130) Upgrading xz-doc (5.4.0-r1 -> 5.4.1-r0)
    Executing busybox-1.36.0-r1.trigger
    Executing ca-certificates-20230106-r0.trigger
    Executing kmod-30-r1.trigger
    Executing mkinitfs-3.7.0-r1.trigger
    ==> initramfs: creating /boot/initramfs-lts
    Executing mandoc-apropos-1.14.6-r6.trigger
    Executing syslinux-6.04_pre1-r11.trigger
    /boot is device /dev/sdc1
    OK: 1571 MiB in 356 packages
    fmt:~# exit
    

    Reboot coming very soon! Currently:

    fmt:~# uname -r
    6.1.1-0-lts
    fmt:~# 
    

    I hope everyone gets the servers they want!

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    Reboot successful.

    fmt:~# date -u 
    Mon Jan 23 22:28:18 UTC 2023
    fmt:~# reboot
    fmt:~# Connection to fmt.metalvps.com closed by remote host.
    Connection to fmt.metalvps.com closed.
    chronos@penguin:~$ sleep 240
    chronos@penguin:~$ ssh f
    Welcome to Alpine!
    
      [ . . . ]
    
    fmt:~# uname -r
    6.1.7-0-lts
    fmt:~# 
    

    I hope everyone gets the servers they want!

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny said:

    @Not_Oles said:
    ip: RTNETLINK answers: Not supported
    modprobe: FATAL: Module ip_tables not found in directory /lib/modules/6.1.1-0-lts

    If you installed the kernel from packages, you need to modprobe some modules, including but not limited to: bridge, ip_tables.
    If you have upgraded the kernel but has not rebooted, now is the time to do so, otherwise modprobe will not work because the modules directory for the running kernel is already deleted.
    If you compiled the kernel from source, you need to re-compile with some options enabled, including but not limited to: CONFIG_BRIDGE, CONFIG_NETFILTER.

    @yoursunny Thanks very much for your helpful comment! Now that there have been updates and upgrades and a reboot, it's time to take a look at the errors related to the kernel. 👀 More before too long. . . . Thanks again!

    I hope everyone gets the servers they want!

  • Not_OlesNot_Oles Hosting ProviderContent Writer

    @yoursunny Seem to be no errors upon repeating ./lxc-up.sh. No further changes beyond updating, upgrading, and rebooting.

    Please check whether you now have everything you need. If there is anything more, please tell me.

    Other guys listed in /etc/subuid and /etc/subgid, please also check. If you need anything, please tell me by posting here in the thread.

    Thank you all so much! <3

    fmt:~# date -u
    Mon Jan 23 22:44:33 UTC 2023
    fmt:~# # Retry @yoursunny lxc-up commands after updates and reboot
    fmt:~# cat lxc-up.sh
    ip link add lxcbr0 type bridge
    ip addr add 192.168.188.1/24 dev lxcbr0
    ip addr add [$REDACTED] dev lxcbr0
    sysctl net.ipv4.ip_forward=1
    sysctl net.ipv6.conf.all.forwarding=1
    ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188
    fmt:~# ./lxc-up.sh
    net.ipv4.ip_forward = 1
    net.ipv6.conf.all.forwarding = 1
    fmt:~# exit
    Connection to fmt.metalvps.com closed.
    

    I hope everyone gets the servers they want!

  • Hi @Not_Oles ,
    Is the server ready for running a LXC container now?
    I`m fail to start a LXC container.
    Maybe I do it in a wrong way.

    ~/pri/pf/lxc_test $ cat $HOME/.config/lxc/default.conf
    lxc.include = /etc/lxc/default.conf
    lxc.idmap = u 0 1022000000 65536
    lxc.idmap = g 0 1022000000 65536
    ~/pri/pf/lxc_test $ CONFIG=$HOME/.config/lxc/default.conf  lxc-checkconfig
    LXC version 5.0.2
    WARNING: Unable to detect version from configuration, assuming latest
    
    --- Namespaces ---
    Namespaces: required
    Utsname namespace: missing
    Ipc namespace: required
    Pid namespace: required
    User namespace: missing
    Network namespace: missing
    
    --- Control groups ---
    Cgroups: missing
    Cgroup namespace: enabled
    Cgroup v1 mount points: 
     - /sys/fs/cgroup/openrc
     - /sys/fs/cgroup/cpuset
     - /sys/fs/cgroup/cpu
     - /sys/fs/cgroup/cpuacct
     - /sys/fs/cgroup/blkio
     - /sys/fs/cgroup/memory
     - /sys/fs/cgroup/devices
     - /sys/fs/cgroup/freezer
     - /sys/fs/cgroup/net_cls
     - /sys/fs/cgroup/perf_event
     - /sys/fs/cgroup/net_prio
     - /sys/fs/cgroup/hugetlb
     - /sys/fs/cgroup/pids
    Cgroup v2 mount points: 
     - /sys/fs/cgroup/unified
    Cgroup v1 systemd controller: missing
    Cgroup v1 clone_children flag: enabled
    Cgroup device: missing
    Cgroup sched: missing
    Cgroup cpu account: missing
    Cgroup memory controller: missing
    
    --- Misc ---
    Veth pair device: missing
    Macvlan: missing
    Vlan: missing
    Bridges: missing
    Advanced netfilter: missing
    CONFIG_IP_NF_TARGET_MASQUERADE: missing
    CONFIG_IP6_NF_TARGET_MASQUERADE: missing
    CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
    CONFIG_NETFILTER_XT_MATCH_COMMENT: missing
    FUSE (for use with lxcfs): missing
    
    --- Checkpoint/Restore ---
    checkpoint restore: missing
    CONFIG_FHANDLE: missing
    CONFIG_EVENTFD: missing
    CONFIG_EPOLL: missing
    CONFIG_UNIX_DIAG: missing
    CONFIG_INET_DIAG: missing
    CONFIG_PACKET_DIAG: missing
    CONFIG_NETLINK_DIAG: missing
    File capabilities: enabled
    
    Note : Before booting a new kernel, you can check its configuration
    usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
    
    ~/pri/pf/lxc_test $ lxc-create -n guest1 -f $HOME/.config/lxc/default.conf -t download
    Downloading the image index
    
    ---
    DIST    RELEASE ARCH    VARIANT BUILD
    ---
    almalinux       8       amd64   default 20230123_23:10
    ...
    ubuntu  focal   arm64   default 20230123_07:46
    ...
    ---
    
    Distribution: 
    ubuntu 
    Release: 
    focal
    Architecture: 
    amd64
    
    Downloading the image index
    Downloading the rootfs
    Downloading the metadata
    The image cache is now ready
    Unpacking the rootfs
    
    ---
    You just created an Ubuntu focal amd64 (20230123_07:42) container.
    
    To enable SSH, run: apt install openssh-server
    No default root or user password are set by LXC.
    ~/pri/pf/lxc_test $ lxc-start -n guest1 -f $HOME/.config/lxc/default.conf
    lxc-start: guest1: ../src/lxc/lxccontainer.c: wait_on_daemonized_start: 878 Received container state "ABORTING" instead of "RUNNING"
    lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
    lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 309 To get more details, run the container in foreground mode
    lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options
    
  • edited January 2023

    @Not_Oles said:
    ip addr add 192.168.188.1/24 dev lxcbr0
    iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188

    The 192.168.5.188 is a sample value in my test box.
    It's meant to be a public IPv4 address routed to the host machine, that is used for outgoing NAT traffic.

    IPv6 assignment is wrong too.
    Currently eth1 has 2602:fba1:999::2/48 and lxcbr0 has 2602:fba1:999::/48, so that the kernel thinks both interfaces are on the same subnet and would not forward traffic between them.
    You should reduce the subnet size on each, so that they don't overlap.
    For example, change eth1 to 2602:fba1:999::2/64 and change lxcbr0 to 2602:fba1:999:1c00::/56.

    @subenhon said:
    CONFIG=$HOME/.config/lxc/default.conf lxc-checkconfig

    CONFIG environ is meant to be kernel config file, not LXC config file.
    Try CONFIG=/boot/config-lts lxc-checkconfig.

    lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 309 To get more details, run the container in foreground mode

    Did you follow the prompt?

  • @yoursunny
    I run the start command with -F,it seems to be a file permission issue.
    The owner of the rootfs is 10220000 which is different from 1022000000.
    Is the number 1022000000 out of range to be used as suid or guid?

    ~/pri/pf/lxc_test $ lxc-start -n guest1 -f $HOME/.config/lxc/default.conf -F -P $(pwd)/container
    lxc-start: guest1: ../src/lxc/conf.c: lxc_storage_prepare: 496 Operation not permitted - Failed to recursively turn root mount tree into dependent mount
    lxc-start: guest1: ../src/lxc/conf.c: lxc_rootfs_init: 542 Invalid argument - Failed to prepare rootfs storage
    lxc-start: guest1: ../src/lxc/start.c: __lxc_start: 2079 Failed to handle rootfs pinning for container "guest1"
    lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 306 The container failed to start
    lxc-start: guest1: ../src/lxc/tools/lxc_start.c: main: 311 Additional information can be obtained by setting the --logfile and --logpriority options
    ~/pri/pf/lxc_test $ ls container/guest1/ -al
    total 16
    drwxrwx---    3 10220000 subenhon      4096 Jan 24 11:28 .
    drwxr-xr-x    3 subenhon subenhon      4096 Jan 24 11:27 ..
    -rw-r-----    1 subenhon subenhon       752 Jan 24 11:28 config
    drwxr-xr-x   17 10220000 10220000      4096 Jan 23 07:47 rootfs
    ~/pri/pf/lxc_test $ cat /etc/subuid
    root:100000:65536
    notoles:1000000000:65536
    localhost:1002000000:65536
    Fritz:1005000000:65536
    yoursunny:1018000000:65536
    subenhon:1022000000:65536
    
Sign In or Register to comment.