Linux Containers: Configuring Network Address (part 636)

 Computing, Linux, Working Notes  3 Responses »
Jun 052019
 

On previous occasions (yes that does mean more than once) I have messed around with the network configuration of containers to get :-

  1. A consistent behaviour.
  2. A fixed IPv4 address with no DHCP configuration (this one is easy).
  3. A fixed IPv6 address with no autoconfigured global addresses (this one has been tricky)

This turns out to be relatively easy providing that you configure the addresses within the container rather than within the container configuration. At least it looks good to go so far (I’ve been mistaken in the past).

The container configuration is quite simple :-

lxc.net.0.type = veth
lxc.net.0.flags = down
lxc.net.0.link = br0

Note that the bridge interface (br0) may be different. Also note that there is no lxc.net.0.ipv4.address, lxc.net.0.ipv4.gateway, lxc.net.0.ipv6.address, or lxc.net.0.ipv6.gateway.

The configuration within the container is dependent on what userland you are running, but for Debian (and Ubuntu if you’re not using Netplan) :-

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 10.0.0.34/16
    gateway 10.0.0.1

iface eth0 inet6 static
    address 2001:0db8:cafe:dead:0000:0000:0000:3eb/64
    scope global
    gateway 2001:0db8:cafe:dead:0000:0000:0000:0001
    privext 0
    accept_ra 0
    autoconf 0

Not sure quite which options are required but having all of “privext 0”, “accept_ra 0” and “autoconf 0” does mean no additional autoconfigured IPv6 addresses.

(And no the part number of this post isn’t anything more than a joke)

Mounting VirtualBox Disks under Linux

 Computing, Linux, Working Notes  No Responses »
Apr 102019
 

So earlier today, I had a need to mount a disk image from a virtual machine on the host, and discovered a “new” method before remembering I’d made notes on this in the past. So I’m recording the details in the probably vain hope that I’ll remember this post in the future.

The first thing to do is to add an option to include partition support in the relevant kernel module, which I’ve done by adding a line to /etc/modprobe.d/etc-modules-parameters.conf :-

options nbd max_part=63

The next step is to load the module: 

# modprobe nbd

The next is to use a Qemu tool to connect a disk image to a network block device :-

# qemu-nbd -r -c /dev/nbd0 /home/mike/lib/virtual-machine-disks/W10.vdi
# ls /dev/nbd0*
/dev/nbd0  /dev/nbd0p1  /dev/nbd0p2  /dev/nbd0p3

And next mount the relevant partition :-

# mount -o ro /dev/nbd0p2 /mnt

All done! Except for un-mounting it and finally disconnecting the network block device :-

# umount /mnt
# ls /dev/nbd0*
/dev/nbd0  /dev/nbd0p1  /dev/nbd0p2  /dev/nbd0p3
# qemu-nbd -d /dev/nbd0
/dev/nbd0 disconnected
# ls /dev/nbd0*        
/dev/nbd0

The trickiest part is the qemu-nbd command (so not very tricky at all).

The “-r” option specifies that the disk image should be connected read-only, which seems to be sensible when you’re working with a disk image that “belongs” to another machine. Obviously if you need to write to the disk image then you should drop the “-r” (but consider cloning or taking a snapshot).

The “-c” option connects the disk image to a specific device and the “-d” option disconnects the specific device.

Old Metal 2

Don’t Mess With My Resolv.conf

 Computing, Linux, Working Notes  No Responses »
Feb 092019
 

One of the things that irritates me about fancy new service management systems like systemd is that unless you get everything exactly right, you can end up with things interfering with specific configuration files – specifically /etc/resolv.conf.

Now as a DNS administrator, I have a certain fondness for manually controlling /etc/resolv.conf and it does actually come in useful for making temporary changes to test specific DNS servers and the like. The trouble comes when something else wants to control that file.

The ideal fix for this conflict is to have things like systemd control a separate file such as /etc/system/resolv.conf.systemd, and for /etc/resolv.conf be installed as a symbolic link pointing at the real file.

But back in the real world, if you do disable systemd-resolver which can be done with: systemctl disable systemd-resolved.service; systemctl stop systemd-resolved.service

Then you may also want to make the file immutable: chattr +i /etc/resolv.conf. On at least one server, systemd merrily re-created /etc/resolv.conf as a symbolic link to an empty file despite systemd-resolved being disabled.

Corner Of The Pyramid

Silly Tools for The Graphical Terminal: Flag

 Computing, Linux  No Responses »
Jan 252019
 

If you are using the right kind of terminal that supports graphics inline (such as KiTTY), then you can write simple (or complex) tools that insert images into the terminal.

Being able to display the flag of a country (if you know its two-letter ISO code) is kind of trivial but useful if you need it.

And a shell function to do that is remarkably simple :-

function flag {
    wget -o /dev/null -O /var/tmp/flag.$$ http://flagpedia.net/data/flags/normal/${1}.png
    if [ $? -eq 0 ]
    then
        kitty +kitten icat /var/tmp/flag.$$ && rm /var/tmp/flag.$$
    else
        echo Not found
    fi
}

(that’s a Zsh function which may require adaption to Bash).

Vi Movement Keys Considered Harmful

 Computing, Linux  No Responses »
Jan 152019
 

Now that the click-bait is out of the way, vi movement keys are perfectly reasonable particularly to those who have been using them for decades (which includes me). But for ages, vi itself has supported the arrow keys for movement as well as the tradition cursor movement keys.

For the benefit of those who have not used vi and are wondering what those traditional cursor movement keys are, they are H (left), J (down), K (up), L (right). A bit like the gamer’s set of movement keys – W, A, S, and D, except that the vi movement keys pre-date arrow keys.

There are those who will claim that the traditional movement keys are more efficient as they require less hand movement. And they are. So it is perfectly understandable that many tiling window managers and other keyboard-centric software uses these movement keys.

But someone who hasn’t spend decades hard-wiring the vi movement keys into their brain, will find vi-style key bindings inscrutable. And the fix? Just use the arrow keys as well.

There is no harm in having two key sequences do the same thing; no harm in emphasising that the arrow keys work too. And indeed no harm encouraging the use of vi-style movement keys by emphasising their efficiency.

Don’t forget that someone learning a new tiling window manager (or most other things) can be put off by the silliest of things – such as inscrutable control keys.

Rusty Handrail
 Older Entries  Newer Entries