mirror of
git://git.proxmox.com/git/pve-docs.git
synced 2025-03-26 14:50:11 +03:00
pct.adoc: move "Guest Operating System Configuration" one level up
This commit is contained in:
Dietmar Maurer
parent
2a11aa7063
commit
53e3cd6f30
136
pct.adoc
136
pct.adoc
@ -105,6 +105,74 @@ kernel security bug rather than an LXC issue. The LXC team thinks
|
||||
unprivileged containers are safe by design.
|
||||
|
||||
|
||||
Guest Operating System Configuration
|
||||
------------------------------------
|
||||
|
||||
We normally try to detect the operating system type inside the
|
||||
container, and then modify some files inside the container to make
|
||||
them work as expected. Here is a short list of things we do at
|
||||
container startup:
|
||||
|
||||
set /etc/hostname:: to set the container name
|
||||
|
||||
modify /etc/hosts:: to allow lookup of the local hostname
|
||||
|
||||
network setup:: pass the complete network setup to the container
|
||||
|
||||
configure DNS:: pass information about DNS servers
|
||||
|
||||
adapt the init system:: for example, fix the number of spawned getty processes
|
||||
|
||||
set the root password:: when creating a new container
|
||||
|
||||
rewrite ssh_host_keys:: so that each container has unique keys
|
||||
|
||||
randomize crontab:: so that cron does not start at the same time on all containers
|
||||
|
||||
Changes made by {PVE} are enclosed by comment markers:
|
||||
|
||||
----
|
||||
# --- BEGIN PVE ---
|
||||
<data>
|
||||
# --- END PVE ---
|
||||
----
|
||||
|
||||
Those markers will be inserted at a reasonable location in the
|
||||
file. If such a section already exists, it will be updated in place
|
||||
and will not be moved.
|
||||
|
||||
Modification of a file can be prevented by adding a `.pve-ignore.`
|
||||
file for it. For instance, if the file `/etc/.pve-ignore.hosts`
|
||||
exists then the `/etc/hosts` file will not be touched. This can be a
|
||||
simple empty file creatd via:
|
||||
|
||||
# touch /etc/.pve-ignore.hosts
|
||||
|
||||
Most modifications are OS dependent, so they differ between different
|
||||
distributions and versions. You can completely disable modifications
|
||||
by manually setting the `ostype` to `unmanaged`.
|
||||
|
||||
OS type detection is done by testing for certain files inside the
|
||||
container:
|
||||
|
||||
Ubuntu:: inspect /etc/lsb-release (`DISTRIB_ID=Ubuntu`)
|
||||
|
||||
Debian:: test /etc/debian_version
|
||||
|
||||
Fedora:: test /etc/fedora-release
|
||||
|
||||
RedHat or CentOS:: test /etc/redhat-release
|
||||
|
||||
ArchLinux:: test /etc/arch-release
|
||||
|
||||
Alpine:: test /etc/alpine-release
|
||||
|
||||
Gentoo:: test /etc/gentoo-release
|
||||
|
||||
NOTE: Container start fails if the configured `ostype` differs from the auto
|
||||
detected type.
|
||||
|
||||
|
||||
[[pct_configuration]]
|
||||
Configuration
|
||||
-------------
|
||||
@ -195,74 +263,6 @@ relationship between snapshots. `snaptime` is the snapshot creation
|
||||
time stamp (Unix epoch).
|
||||
|
||||
|
||||
Guest Operating System Configuration
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
We normally try to detect the operating system type inside the
|
||||
container, and then modify some files inside the container to make
|
||||
them work as expected. Here is a short list of things we do at
|
||||
container startup:
|
||||
|
||||
set /etc/hostname:: to set the container name
|
||||
|
||||
modify /etc/hosts:: to allow lookup of the local hostname
|
||||
|
||||
network setup:: pass the complete network setup to the container
|
||||
|
||||
configure DNS:: pass information about DNS servers
|
||||
|
||||
adapt the init system:: for example, fix the number of spawned getty processes
|
||||
|
||||
set the root password:: when creating a new container
|
||||
|
||||
rewrite ssh_host_keys:: so that each container has unique keys
|
||||
|
||||
randomize crontab:: so that cron does not start at the same time on all containers
|
||||
|
||||
Changes made by {PVE} are enclosed by comment markers:
|
||||
|
||||
----
|
||||
# --- BEGIN PVE ---
|
||||
<data>
|
||||
# --- END PVE ---
|
||||
----
|
||||
|
||||
Those markers will be inserted at a reasonable location in the
|
||||
file. If such a section already exists, it will be updated in place
|
||||
and will not be moved.
|
||||
|
||||
Modification of a file can be prevented by adding a `.pve-ignore.`
|
||||
file for it. For instance, if the file `/etc/.pve-ignore.hosts`
|
||||
exists then the `/etc/hosts` file will not be touched. This can be a
|
||||
simple empty file creatd via:
|
||||
|
||||
# touch /etc/.pve-ignore.hosts
|
||||
|
||||
Most modifications are OS dependent, so they differ between different
|
||||
distributions and versions. You can completely disable modifications
|
||||
by manually setting the `ostype` to `unmanaged`.
|
||||
|
||||
OS type detection is done by testing for certain files inside the
|
||||
container:
|
||||
|
||||
Ubuntu:: inspect /etc/lsb-release (`DISTRIB_ID=Ubuntu`)
|
||||
|
||||
Debian:: test /etc/debian_version
|
||||
|
||||
Fedora:: test /etc/fedora-release
|
||||
|
||||
RedHat or CentOS:: test /etc/redhat-release
|
||||
|
||||
ArchLinux:: test /etc/arch-release
|
||||
|
||||
Alpine:: test /etc/alpine-release
|
||||
|
||||
Gentoo:: test /etc/gentoo-release
|
||||
|
||||
NOTE: Container start fails if the configured `ostype` differs from the auto
|
||||
detected type.
|
||||
|
||||
|
||||
[[pct_options]]
|
||||
Options
|
||||
~~~~~~~
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user