lxc-setup-debian-8.2

lxc-setup.sh

#!/bin/bash

# additions to flockport install script to make lxc run more smoothly
# on debian jessie 8.2
# tostiheld 2015

LXC_USER=lxcuser
LXC_PATH=/home/$LXC_USER/.config/lxc
LXC_CONF=$LXC_PATH/default.conf

if [ "$(id -u)" != "0" ]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

cd ~

# run flockport's setup
printf "Downloading and running flockport script\n\n"
apt-get update
wget https://www.flockport.com/download2/flockport-install.tar.xz
tar xpJf flockport-install.tar.xz
cd flockport-install
./flockport.run
cd ..
rm -R flockport-install*

# we need these too
printf "\nInstalling uidmap and cgmanager\n\n"
apt-get -qy install uidmap cgmanager

# configure lxcuser
printf "\nConfiguring $LXC_USER\n\n"
useradd -d /home/$LXC_USER -m -s /bin/bash $LXC_USER
usermod -aG sudo $LXC_USER
passwd $LXC_USER
mkdir -p $LXC_PATH
touch $LXC_CONF
cat > $LXC_CONF << EOL
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
EOL

usermod --add-subuids 100000-165536 $LXC_USER
usermod --add-subgids 100000-165536 $LXC_USER

echo "$LXC_USER veth lxcbr0 10" >> /etc/lxc/lxc-usernet

printf "\nApplying tweaks\n\n"

# tweaks for 'unshare' error
echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children
echo "kernel.unprivileged_userns_clone = 1" >> /etc/sysctl.conf

# tweaks for cgroup errors
systemctl enable cgmanager.service

chown -R $LXC_USER:$LXC_USER /home/$LXC_USER

echo "Done. Reboot and try to create & start a new LXC container"