No Comments

软路由debian12使用lxc容器跑openwrt记录

100包邮收了一台双千兆的j1800小主机,直接上openwrt感觉还是浪费了,本来想上kvm的,但突然想起来可以试试lxc,查了一下发现似乎没有什么问题,就折腾了一下,记录一些关键点:

  1. 参考文档
    https://wiki.debian.org/LXC
    https://wiki.debian.org/LXC/SimpleBridge
    https://openwrt.org/docs/guide-user/virtualization/lxc
  2. 实现方式
    小主机两个网口,一个口光猫桥接后直连openwrt容器用来pppoe拨号,一个口做三向bridge,通向与这个口物理相连的网络、小主机自己、还有所有lxc容器,openwrt容器运行dhcp服务,给所有接入这个bridge的设备分配ip地址。
  3. 注意点

3.1. debian12 apt install lxc后,/etc/lxc/default.conf里并不是像文档说的lxc.network.type = empty,而是给配置了如https://wiki.debian.org/LXC/SimpleBridge里所述的The independent bridge方便lxc大部分人的用户:nat共享主机网络,我们要先给改成 empty。我这里就被坑了,这个默认的也跑了一个dhcp,导致我死活获取不到openwrt dhcp的地址。

3.2. lxc默认给的cgroups限制了ppp功能,需要在openwrt容器里的配置手动配置下cgroups :

# /var/lib/lxc/j1800wrt/config
# /dev/ppp  pppoe拨号等功能需要用到
lxc.cgroup2.devices.allow= c 108:0 rwm
lxc.mount.entry= /dev/ppp dev/ppp none bind,create=file

3.3. 创建容器时模板可以走镜像源加速:

$ lxc-create -n j1800wrt -t download -- -d openwrt -a amd64 --server mirrors.tuna.tsinghua.edu.cn/lxc-images -r 22.03

  1. 具体配置
    4.1. j1800小主机的debian12

    # /etc/network/interfaces
source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# 两个网口设置手动配置,enp1s0为openwrt的lan口,enp2s0是wan口
allow-hotplug enp1s0
iface enp1s0 inet manual

allow-hotplug enp2s0
iface enp2s0 inet manual

# 建立一个网桥,把enp1s0也包含进去,小主机自身dhcp
auto lxclanbr0
iface lxclanbr0 inet dhcp
 bridge_ports enp1s0
 bridge_fd 0
 bridge_maxwait 0
# /etc/default/lxc-net 
# 关闭默认的lxc-net配置
USE_LXC_BRIDGE="false"
# /etc/lxc/default.conf
# 此文件是新建lxc容器时的默认配置
# 默认接入lan口网桥
lxc.net.0.type = veth
lxc.net.0.link = lxclanbr0
lxc.net.0.flags = up
# /var/lib/lxc/j1800wrt/config
# 此文件是j1800wrt容器的配置文件

# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: -d openwrt -a amd64 --server mirrors.tuna.tsinghua.edu.cn/lxc-images -r 22.03
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)

# 开机启动
lxc.start.auto = 1
lxc.start.delay = 10
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = x86_64

# Container specific configuration
#lxc.apparmor.profile = generated
#lxc.apparmor.allow_nesting = 1
lxc.rootfs.path = dir:/var/lib/lxc/j1800wrt/rootfs
lxc.uts.name = j1800wrt

# /dev/ppp  pppoe拨号等功能需要用到
lxc.cgroup2.devices.allow= c 108:0 rwm
lxc.mount.entry= /dev/ppp dev/ppp none bind,create=file

# Network configuration
# enp2s0直连容器做wan口
lxc.net.0.type = phys
lxc.net.0.link = enp2s0
lxc.net.0.flags = up

# 网桥接入容器做lan口
lxc.net.1.type = veth
lxc.net.1.link = lxclanbr0
lxc.net.1.flags = up
lxc.net.1.name = eth0

4.2. openwrt容器配置

# /etc/config/network 
config interface 'loopback'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'
    option device 'lo'

config interface 'ppp'
    option proto 'pppoe'
    option device 'enp2s0'
    option username '055271778680'
    option password '545622'
    option ipv6 'auto'
    option mtu '1492'

config interface 'lan'
    option type 'bridge'
    option proto 'static'
    option netmask '255.255.255.0'
    option device 'eth0'
    option ipaddr '192.168.5.1'
    option ip6assign '64'

发表于  2023-12-17 01:33:00 并被添加「」标签,阅读量: 319 。

此处评论已关闭