IdeaPad Duet Chromebookで他のLinuxコンテナを利用する-LXD

IdeaPad Duet Chromebook(Chrome OS)のLinux機能を有効にして遊んでいるのですが、標準ではDebianコンテナがインストールされます。

Lenovo IdeaPad Duet Chromebook(Chrome OS)でLinuxを有効にする

そこで他のコンテナが利用できないか調べたらありました。
Using LXD on your Chromebook
https://ubuntu.com/blog/using-lxd-on-your-chromebook

上記のサイトを読むと、そもそもChromebookのLinux機能を有効にするとterminaと呼ばれる仮想マシンがインストールされ、その中にLXD(次世代Linuxコンテナマネージャ)が動作して、そこでLinuxコンテナが動いているとのこと。

有効にすることでGoogleが提供しているDebianベースのpenguinと呼ばれるコンテナが動作して、そのコンテナにはChrome OSデスクトップとやり取りできるように多数のデバイスとソケットが提供されている。
だからpenguinにGUIアプリをインストールするとランチャーに自動的に登録されるんですね。
ちょっと感激:-)

さて、それでは上記サイトを参考に他のコンテナを利用してみます。

1. crosh terminalの起動

Chromeブラウザで[ctrl]+[alt]+tを押してcrosh terminalを起動します。




2. 仮想マシンterminaのシェルを実行

仮想マシンterminaのシェルを実行します。

Shell

crosh> vmc list termina (8053075968 bytes, raw) Total Size (bytes): 8053075968 crosh> vmc start termina (termina) chronos@localhost ~ $

1 2 3 4 5

crosh> vmc list termina (8053075968 bytes, raw) Total Size (bytes): 8053075968 crosh> vmc start termina (termina) chronos@localhost ~ $

ここから直接LXDを操作できます。penguinは停止しています。

Shell

(termina) chronos@localhost ~ $ lxc --version 3.17 (termina) chronos@localhost ~ $ lxc list To start your first container, try: lxc launch ubuntu:18.04 +---------+---------+------+------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +---------+---------+------+------+------------+-----------+ | penguin | STOPPED | | | PERSISTENT | 0 | +---------+---------+------+------+------------+-----------+

1 2 3 4 5 6 7 8 9 10

(termina) chronos@localhost ~ $ lxc --version 3.17 (termina) chronos@localhost ~ $ lxc list To start your first container, try: lxc launch ubuntu:18.04   +---------+---------+------+------+------------+-----------+ |  NAME   |  STATE  | IPV4 | IPV6 |    TYPE    | SNAPSHOTS | +---------+---------+------+------+------------+-----------+ | penguin | STOPPED |      |      | PERSISTENT | 0         | +---------+---------+------+------+------------+-----------+

3. 利用できるコンテナサーバ・コンテナの確認

標準で利用できるLinuxコンテナサーバ・コンテナの登録状況を確認してみます。

Shell

(termina) chronos@localhost ~ $ lxc remote list +-----------------+------------------------------------------+---------------+-------------+--------+--------+ | NAME | URL | PROTOCOL | AUTH TYPE | PUBLIC | STATIC | +-----------------+------------------------------------------+---------------+-------------+--------+--------+ | images | https://images.linuxcontainers.org | simplestreams | none | YES | NO | +-----------------+------------------------------------------+---------------+-------------+--------+--------+ | local (default) | unix:// | lxd | file access | NO | YES | +-----------------+------------------------------------------+---------------+-------------+--------+--------+ | ubuntu | https://cloud-images.ubuntu.com/releases | simplestreams | none | YES | YES | +-----------------+------------------------------------------+---------------+-------------+--------+--------+ | ubuntu-daily | https://cloud-images.ubuntu.com/daily | simplestreams | none | YES | YES | +-----------------+------------------------------------------+---------------+-------------+--------+--------+

1 2 3 4 5 6 7 8 9 10 11 12

(termina) chronos@localhost ~ $ lxc remote list       +-----------------+------------------------------------------+---------------+-------------+--------+--------+ |      NAME       |                   URL                    |   PROTOCOL    |  AUTH TYPE  | PUBLIC | STATIC | +-----------------+------------------------------------------+---------------+-------------+--------+--------+ | images          | https://images.linuxcontainers.org       | simplestreams | none        | YES    | NO     | +-----------------+------------------------------------------+---------------+-------------+--------+--------+ | local (default) | unix://                                  | lxd           | file access | NO     | YES    | +-----------------+------------------------------------------+---------------+-------------+--------+--------+ | ubuntu          | https://cloud-images.ubuntu.com/releases | simplestreams | none        | YES    | YES    | +-----------------+------------------------------------------+---------------+-------------+--------+--------+ | ubuntu-daily    | https://cloud-images.ubuntu.com/daily    | simplestreams | none        | YES    | YES    | +-----------------+------------------------------------------+---------------+-------------+--------+--------+

https://images.linuxcontainers.org にアクセスするとimages:で利用できるコンテナが確認できます。
またはコマンドでは下記になります。

Shell

(termina) chronos@localhost ~ $ lxc image list images: | grep centos | centos/7/amd64 (1 more) | 4cc68bfbf3df | yes | Centos 7 amd64 (20210227_07:08) | x86_64 | 83.47MB | Feb 27, 2021 at 12:00am (UTC) | | centos/7/armhf (1 more) | c97d1c9bca80 | yes | Centos 7 armhf (20210227_07:08) | armv7l | 79.33MB | Feb 27, 2021 at 12:00am (UTC) | (snip)

1 2 3 4

(termina) chronos@localhost ~ $ lxc image list images: | grep centos | centos/7/amd64 (1 more)              | 4cc68bfbf3df | yes    | Centos 7 amd64 (20210227_07:08)              | x86_64  | 83.47MB   | Feb 27, 2021 at 12:00am (UTC) | | centos/7/armhf (1 more)              | c97d1c9bca80 | yes    | Centos 7 armhf (20210227_07:08)              | armv7l  | 79.33MB   | Feb 27, 2021 at 12:00am (UTC) | (snip)

4. コンテナの登録

試しにKaliコンテナを登録してみます。

Shell

(termina) chronos@localhost ~ $ lxc launch images:kali/current kalione Creating kalione Starting kalione (termina) chronos@localhost ~ $ lxc list +---------+---------+-----------------------+---------------------------------------------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +---------+---------+-----------------------+---------------------------------------------+------------+-----------+ | kalione | RUNNING | 100.115.92.200 (eth0) | 2408:212:d01:b100:216:3eff:fe29:9ee5 (eth0) | PERSISTENT | 0 | +---------+---------+-----------------------+---------------------------------------------+------------+-----------+ | penguin | STOPPED | | | PERSISTENT | 0 | +---------+---------+-----------------------+---------------------------------------------+------------+-----------+

1 2 3 4 5 6 7 8 9 10 11

(termina) chronos@localhost ~ $ lxc launch images:kali/current kalione Creating kalione Starting kalione                               (termina) chronos@localhost ~ $ lxc list +---------+---------+-----------------------+---------------------------------------------+------------+-----------+ |  NAME   |  STATE  |         IPV4          |                    IPV6                     |    TYPE    | SNAPSHOTS | +---------+---------+-----------------------+---------------------------------------------+------------+-----------+ | kalione | RUNNING | 100.115.92.200 (eth0) | 2408:212:d01:b100:216:3eff:fe29:9ee5 (eth0) | PERSISTENT | 0         | +---------+---------+-----------------------+---------------------------------------------+------------+-----------+ | penguin | STOPPED |                       |                                             | PERSISTENT | 0         | +---------+---------+-----------------------+---------------------------------------------+------------+-----------+

Kaliコンテナのbashを実行してみます。

Shell

(termina) chronos@localhost ~ $ lxc exec kalione bash root@kalione:~# cat /etc/os-release PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" ID=kali VERSION="2021.1" VERSION_ID="2021.1" VERSION_CODENAME="kali-rolling" ID_LIKE=debian ANSI_COLOR="1;31" HOME_URL="https://www.kali.org/" SUPPORT_URL="https://forums.kali.org/" BUG_REPORT_URL="https://bugs.kali.org/" root@kalione:~# exit exit (termina) chronos@localhost ~ $

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

(termina) chronos@localhost ~ $ lxc exec kalione bash root@kalione:~# cat /etc/os-release PRETTY_NAME="Kali GNU/Linux Rolling" NAME="Kali GNU/Linux" ID=kali VERSION="2021.1" VERSION_ID="2021.1" VERSION_CODENAME="kali-rolling" ID_LIKE=debian ANSI_COLOR="1;31" HOME_URL="https://www.kali.org/" SUPPORT_URL="https://forums.kali.org/" BUG_REPORT_URL="https://bugs.kali.org/" root@kalione:~# exit exit (termina) chronos@localhost ~ $

5. penguinコンテナからLXDの操作

コンテナの操作に毎回croshからvmcを経由してLXDを操作するのは煩わしくなるでしょうと上記サイトの筆者が言っています。確かにそうですね:-P
そこでpenguinにLXDクライアントをコピーしてリモートでLXDを操作する方法が上記サイトにあります。

1. LXDのネットワークリッスンとパスワードの設定

下記のコマンドでLXDがネットワーク経由でのアクセス許可とパスワードを設定します。

Shell

(termina) chronos@localhost ~ $ lxc config set core.https_address=:8443 (termina) chronos@localhost ~ $ lxc config set core.trust_password=some-PassWord

1 2	(termina) chronos@localhost ~ $ lxc config set core.https_address=:8443 (termina) chronos@localhost ~ $ lxc config set core.trust_password=some-PassWord

2. LXDクライアントの取得

penguin(Debian)で動作するLXDクライアントはUbuntuコンテナに含まれているようなので登録します。

Shell

(termina) chronos@localhost ~ $ lxc launch ubuntu:bionic c1 Creating c1 Starting c1 termina) chronos@localhost ~ $ lxc list +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | c1 | RUNNING | 100.115.92.201 (eth0) | | PERSISTENT | 0 | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | kalione | RUNNING | 100.115.92.200 (eth0) | 2408:212:d01:b100:216:3eff:fe29:9ee5 (eth0) | PERSISTENT | 0 | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | penguin | RUNNING | 100.115.92.206 (eth0) | 2408:212:d01:b100:216:3eff:fecc:b457 (eth0) | PERSISTENT | 0 | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+

1 2 3 4 5 6 7 8 9 10 11 12 13

(termina) chronos@localhost ~ $ lxc launch ubuntu:bionic c1 Creating c1 Starting c1 termina) chronos@localhost ~ $ lxc list                 +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ |   NAME    |  STATE  |         IPV4          |                    IPV6                     |    TYPE    | SNAPSHOTS | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | c1        | RUNNING | 100.115.92.201 (eth0) |                                             | PERSISTENT | 0         | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | kalione   | RUNNING | 100.115.92.200 (eth0) | 2408:212:d01:b100:216:3eff:fe29:9ee5 (eth0) | PERSISTENT | 0         | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | penguin   | RUNNING | 100.115.92.206 (eth0) | 2408:212:d01:b100:216:3eff:fecc:b457 (eth0) | PERSISTENT | 0         | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+

3. LXDクライアントのコピー
Shell

(termina) chronos@localhost ~ $ lxc file pull c1/usr/bin/lxc /tmp/lxc (termina) chronos@localhost ~ $ lxc file push /tmp/lxc penguin/usr/local/bin/

1 2	(termina) chronos@localhost ~ $ lxc file pull c1/usr/bin/lxc /tmp/lxc (termina) chronos@localhost ~ $ lxc file push /tmp/lxc penguin/usr/local/bin/

4. penguinからlxcの実行

ターミナルからlxcでLXDのリモート操作できるように設定します。

Shell

user01@penguin:~$ ip -4 route show default via 100.115.92.193 dev eth0 100.115.92.192/28 dev eth0 proto kernel scope link src 100.115.92.206 user01@penguin:~$ lxc --version 3.0.3 user01@penguin:~$ lxc remote add chromeos 100.115.92.193 Generating a client certificate. This may take a minute... Certificate fingerprint: eee7d901eb2ca1844534a26de5a34fed516ab58dae83478fd1db56452f5523c7 ok (y/n)? y Admin password for chromeos: Client certificate stored at server: chromeos user01@penguin:~$ lxc remote set-default chromeos user01@penguin:~$ lxc list +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | c1 | RUNNING | 100.115.92.201 (eth0) | | PERSISTENT | 0 | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | kalione | RUNNING | 100.115.92.200 (eth0) | 2408:212:d01:b100:216:3eff:fe29:9ee5 (eth0) | PERSISTENT | 0 | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | penguin | RUNNING | 100.115.92.206 (eth0) | 2408:212:d01:b100:216:3eff:fecc:b457 (eth0) | PERSISTENT | 0 | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ user01@penguin:~$ lxc exec c1 bash root@c1:~# cat /etc/os-release NAME="Ubuntu" VERSION="18.04.5 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.5 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic root@c1:~# exit exit user01@penguin:~$

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

user01@penguin:~$ ip -4 route show default via 100.115.92.193 dev eth0 100.115.92.192/28 dev eth0 proto kernel scope link src 100.115.92.206   user01@penguin:~$ lxc --version 3.0.3   user01@penguin:~$ lxc remote add chromeos 100.115.92.193 Generating a client certificate. This may take a minute... Certificate fingerprint: eee7d901eb2ca1844534a26de5a34fed516ab58dae83478fd1db56452f5523c7 ok (y/n)? y Admin password for chromeos: Client certificate stored at server:  chromeos   user01@penguin:~$ lxc remote set-default chromeos user01@penguin:~$ lxc list +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ |   NAME    |  STATE  |         IPV4          |                    IPV6                     |    TYPE    | SNAPSHOTS | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | c1        | RUNNING | 100.115.92.201 (eth0) |                                             | PERSISTENT | 0         | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | kalione   | RUNNING | 100.115.92.200 (eth0) | 2408:212:d01:b100:216:3eff:fe29:9ee5 (eth0) | PERSISTENT | 0         | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+ | penguin   | RUNNING | 100.115.92.206 (eth0) | 2408:212:d01:b100:216:3eff:fecc:b457 (eth0) | PERSISTENT | 0         | +-----------+---------+-----------------------+---------------------------------------------+------------+-----------+   user01@penguin:~$ lxc exec c1 bash root@c1:~# cat /etc/os-release NAME="Ubuntu" VERSION="18.04.5 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.5 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic root@c1:~# exit exit user01@penguin:~$

LXDとか今回触るの初めてで参考サイトや色々なサイトを読みながら試行錯誤で何となく仕組みがイメージできた程度なので、用語の間違いなどあれば指摘して下さい。