Bootstrap VM images for Vlab
The Auto builds release holds VM images built on GitHub Actions.
Build Docker image:
docker build -t labstrap .
Grab a base image from http://download.proxmox.com/images/system/ or a mirror site at your option.
Run the build script in Docker, supplying the image and a rootfs directory:
docker run --rm -it --name=labstrap --privileged \
-v "$PWD":/srv:ro \
-v /path/to/rootfs:/target \
-v /path/to/image.tar.zst:/input.tar.zst:ro \
labstrap
Pack the generated image:
sudo tar cf output.tar.zst --zstd -C /path/to/rootfs .
Notes:
- It's recommended to test container image in a VM, as the configuration of systemd-nspawn may need to change system network configuration.
- Host and guest both need systemd-network to manage their network.
- You MUST NOT use "host networking", otherwise bind() to
/tmp/.X11-unix/X0
will throw an error (if you are using X in host).
Following insts are tested in Debian 11.
-
Set iptables to legacy
Systemd-nspawn in Debian 11 still requires
iptables-legacy
.# update-alternatives --set iptables /usr/sbin/iptables-legacy
-
Set NAT with iptables. Assuming that your network interface is
ens33
.# iptables -t nat -A POSTROUTING -o ens33 -j MASQUERADE # iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # iptables -A FORWARD -i ve-+ -o ens33 -j ACCEPT
-
Prepare Vlab software
At least the following files and folders should be copied to local:
/opt/vlab/applications/ /opt/vlab/bin/ /opt/vlab/path.sh /opt/vlab/share/
scp
does not perserve POSIX attrs by default, sorsync
is more recommended:$ rsync -avH vlab-container:/opt/vlab/applications . $ rsync -avH vlab-container:/opt/vlab/bin . $ rsync -avH vlab-container:/opt/vlab/path.sh . $ rsync -avH vlab-container:/opt/vlab/share .
-
Boot container
# systemd-nspawn -D /path/to/rootfs -M ubuntu -n --boot --resolv-conf=copy-host -p 5900:5900 --bind=/path/to/opt/vlab:/opt/vlab
-
Clear iptables settings in guest (to test VNC)
$ sudo iptables -D INPUT ! -s 172.31.0.2/32 ! -i lo -p tcp -m tcp --dport 5900 -j DROP
Then you can connect to guest with
vncviewer
on host.
(If you just wanna run labstrap on your Linux host without a VM)
Following insts are tested in Arch Linux (2022/07).
-
Start container with
systemd-nspawn -D /path/to/rootfs -M vlab-ubuntu -n -U --boot --bind=/path/to/opt/vlab:/opt/vlab
-
Set a static IP for
ve-vlab-ubuntu
in host:ip address add 192.168.233.1/24 dev ve-vlab-ubuntu
-
Activate
ve-vlab-ubuntu
in host:ip link set ve-vlab-ubuntu up
-
Configure network in container. Add file
/etc/systemd/network/20-wired.network
with:[Match] Name=host0 [Network] Address=192.168.233.2/24 Gateway=192.168.233.1 DNS=8.8.8.8
And restart
systemd-networkd.service
. -
Configure NAT in host.
iptables -t nat -A POSTROUTING -s 192.168.233.0/24 -j MASQUERADE iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ve-vlab-ubuntu -j ACCEPT
-
Disable VNC network filter in container:
sudo iptables -D INPUT ! -s 172.31.0.2/32 ! -i lo -p tcp -m tcp --dport 5900 -j DROP
-
Connect to container with VNC:
vncviewer 192.168.233.2