Создание и настройка LXC

From V5wiki

Jump to: navigation, search


host ps     { hardware ethernet 0a:6c:b4:12:6b:7d; fixed-address; }
# systemctl reload-or-restart dhcpd
# yum update
# yum install mc openssh-server sudo bash-completion wget man telnet
# timedatectl set-timezone Asia/Novosibirsk
# systemctl start sshd


Подключение сетевого home

# yum install autofs nfs-utils
# systemctl enable autofs

В файл /etc/pve/lxc/112.conf добавить настройку и перезагрузить контейнер:

lxc.apparmor.profile: unconfined
# ln -s /net/nfs/nfshome /

Установка клиента FreeIPA

В Proxmox у контейнера в настройках DNS должно быть указано:

Hostname: ps.vepp4.local
DNS Domain: vepp4.local
DNS Server 1:
# yum install freeipa-client
# ipa-client-install --mkhomedir --server ipa.vepp4.local --domain vepp4.local
Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: yes
Client hostname: ps.vepp4.local
DNS Domain: vepp4.local
IPA Server: ipa.vepp4.local
BaseDN: dc=vepp4,dc=local

Continue to configure the system with these values? [no]: yes
Synchronizing time with KDC...
Attempting to sync time using ntpd.  Will timeout after 15 seconds
User authorized to enroll computers: USERNAME
Password for USERNAME@VEPP4.LOCAL:Successfully retrieved CA cert
    Subject:     CN=Certificate Authority,O=VEPP4.LOCAL
    Issuer:      CN=Certificate Authority,O=VEPP4.LOCAL
    Valid From:  2017-10-17 05:22:09
    Valid Until: 2037-10-17 05:22:09

Enrolled in IPA realm VEPP4.LOCAL
Created /etc/ipa/default.conf
New SSSD config will be created
Configured sudoers in /etc/nsswitch.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm VEPP4.LOCAL
trying https://ipa.vepp4.local/ipa/json
[try 1]: Forwarding 'schema' to json server 'https://ipa.vepp4.local/ipa/json'
trying https://ipa.vepp4.local/ipa/session/json
[try 1]: Forwarding 'ping' to json server 'https://ipa.vepp4.local/ipa/session/json'
[try 1]: Forwarding 'ca_is_enabled' to json server 'https://ipa.vepp4.local/ipa/session/json'
Systemwide CA database updated.
Adding SSH public key from /etc/ssh/ssh_host_dsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ecdsa_key.pub
Adding SSH public key from /etc/ssh/ssh_host_ed25519_key.pub
Adding SSH public key from /etc/ssh/ssh_host_rsa_key.pub
[try 1]: Forwarding 'host_mod' to json server 'https://ipa.vepp4.local/ipa/session/json'
Could not update DNS SSHFP records.
SSSD enabled
Configured /etc/openldap/ldap.conf
No SRV records of NTP servers found. IPA server address will be used
NTP enabled
Configured /etc/ssh/ssh_config
Configured /etc/ssh/sshd_config
Configuring vepp4.local as NIS domain.
Client configuration complete.
The ipa-client-install command was successful

Установка Mosquitto

$ sudo wget http://download.opensuse.org/repositories/home:/oojah:/mqtt/CentOS_CentOS-7/home:oojah:mqtt.repo -O /etc/yum.repos.d/mqtt.repo
$ sudo yum update

Для libwebsockets

$ sudo yum install epel-release 
$ sudo yum install mosquitto mosquitto-clients
$ sudo chkconfig --add mosquitto
$ sudo systemctl start mosquitto.service

Установка EPICS


Настройка репозитория

$ sudo wget -O /etc/yum.repos.d/vepp4.repo https://star.inp.nsk.su/~bekhte/repo/7/vepp4.repo

Установка EPICS

$ sudo yum install epics7 procServ

После этого надо обновить настройки переменных окружения. Для этого надо перелогиниться или выполнить

$ source /etc/profile.d/epics.sh
Personal tools