meta data for this page
This is an old revision of the document!
Controller
Docker
- Works correctly only with host type networking = no network separation
In unprivileged LXC
apt-get install lxc
Create user:
sudo useradd -s /bin/bash -c 'Unifi lxc user' -m unifi
sudo passwd unifi
Find subuids and subgids for created user
sudo grep unifi /etc/sub{gid,uid}
/etc/subgid:unifi:1738400:65536 /etc/subuid:unifi:1738400:65536
Allow new user create network interfaces:
- /etc/lxc/lxc-usernet
lxcgitlab veth br-lan 10
Now login as new user (using ssh or su). Create default lxc configureation in user directory:
mkdir -p ~/.config/lxc cp /etc/lxc/default.conf ~/.config/lxc/default.conf
Edit file below and put subuid and subgid:
- ~/.config/lxc/default.conf
... lxc.network.link = br-lan lxc.id_map = u 0 1738400 65536 lxc.id_map = g 0 1738400 65536 ...
Create container:
lxc-create -t download -n unifi
- Distribution:
Debian - Release:
buster - Architecture:
amd64
lxc-start -n unifi lxc-ls -f NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED unifi RUNNING 0 - - - true
lxc-attach -n unifi apt install openssh-server
Issues
lxc-start: unifi: tools/lxc_start.c: main: 329 The container failed to start
lxc-start -n unifi -l DEBUG -o debug.log cat debug.log ... lxc-start unifi 20200720135645.187 ERROR start - start.c:print_top_failing_dir:120 - Permission denied - Could not access /home/unifi/.local. Please grant it x access, or add an ACL for the container root ... sudo setfacl -m u:1738400:x . .local .local/share
Error: lxc-create: unifi: confile.c: set_config_net: 261 lxc.net must not have a value
LXC3 is using different config keys. Easiest way is to convert config file:
lxc-update-config -c default.conf
lxc-create: unifi: conf.c: chown_mapped_root: 3206 lxc-usernsexec failed: No such file or directory - Failed to open tt
sysctl kernel.unprivileged_userns_clone kernel.unprivileged_userns_clone = 0 sudo echo "kernel.unprivileged_userns_clone=1" >> /etc/sysctl.conf sysctl -p