USB device on LXD container inaccessible when in privileged mode
Пошаговая инструкция настройки LXD на Ubuntu 16.04
Ubuntu 18.04 LXD/LXC, ZFS, Docker, and Advanced Networking
KVM: Creating a bridged network with NetPlan on Ubuntu bionic
Создание привилегированных контейнеров
Переход с виртуальных машин на контейнеры LXC: причины, преимущества и готовая инструкция к применению
Install LXD pure-container hypervisor on Ubuntu 18.04 LTS
Privileged containers
LXD 2.0 on Ubuntu 16.04 within VirtualBox for easy LAN access - 10 minutes guide
.
$ ip a
192.168.1.109
$ sudo apt update
$ sudo apt upgrade
$ sudo apt-get install bridge-utils -y
$ cd /etc/netplan
$ ls
01-netcfg.yaml
$ sudo cp 01-netcfg.yaml 01-netcfg.yaml.orig
$ sudo nano /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
dhcp4: yes
bridges:
br0:
interfaces: [enp0s3]
addresses: [192.168.1.109/24]
gateway4: 192.168.1.1
mtu: 1500
nameservers:
addresses: [8.8.8.8]
parameters:
stp: true
forward-delay: 4
dhcp4: no
dhcp6: no
Сохранить.
#addresses: [192.168.0.92/24]
$ sudo netplan generate
$ sudo netplan --debug apply
$ sudo lxd init
Would you like to use LXD clustering? (yes/no) [default=no]:
Do you want to configure a new storage pool? (yes/no) [default=yes]:
Name of the new storage pool [default=default]:
Name of the storage backend to use (btrfs, dir, lvm) [default=btrfs]: dir
Would you like to connect to a MAAS server? (yes/no) [default=no]:
Would you like to create a new local network bridge? (yes/no) [default=yes]: no
Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: yes
Name of the existing bridge or host interface: br0
Would you like LXD to be available over the network? (yes/no) [default=no]:
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:
1. На хосте созаем файл (берем с машины где стоят драйвера)
$ sudo nano /etc/udev/rules.d/80-hasp.rules
# HASP rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0001", MODE="664", ENV{HASP}="1", SYMLINK+="aks/hasp/%k", RUN+="/usr/sbin/aksusbd_x86_64 -c $root/aks/hasp/$kernel"
ACTION=="remove", ENV{HASP}=="1", RUN+="/usr/sbin/aksusbd_x86_64 -r $root/aks/hasp/$kernel"
# SENTINEL rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0003", KERNEL!="hiddev*", MODE="666", GROUP="plugdev", ENV{SENTINELHID}="1", SYMLINK+="aks/sentinelhid/%k"
# SENTINEL rules для второго серверного ключа добавить еще запись:
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0004", KERNEL!="hiddev*", MODE="666", GROUP="plugdev", ENV{SENTINELHID}="1", SYMLINK+="aks/sentinelhid/%k"
Сохранить.
2. $ sudo reboot
После перезагрузки
появится /dev/aks/
Смотрим на хосте:
$ ls -alFhR /dev/aks/
3. На хосте:
Bus 001 Device 003 - 5 net aks 1-2
Bus 001 Device 004 - EN8SA aks 1-3
Bus 001 Device 005 - EN8SA aks1-4 (пришлый на картинках нет)
$ lsusb
Bus 001 Device 005: ID 0529:0001 Aladdin Knowledge Systems HASP copy protection dongle
Bus 001 Device 004: ID 0529:0001 Aladdin Knowledge Systems HASP copy protection dongle
Bus 001 Device 003: ID 0529:0001 Aladdin Knowledge Systems HASP copy protection dongle
Bus 001 Device 002: ID 80ee:0021 VirtualBox USB Tablet
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Создаем тестовый контейнер
$ lxc launch ubuntu:18.04 test
Пробрасываем устройства в контейнер:
$ lxc launch test-backup test
$ lxc config device add test hasp3 unix-char path=/dev/bus/usb/001/003 mode=0777
$ lxc config device add test hasp4 unix-char path=/dev/bus/usb/001/004 mode=0777
$ lxc config device add test aks2 unix-char path=/dev/aks/hasp/1-3 mode=0777
$ lxc config device add test aks3 unix-char path=/dev/aks/hasp/1-4 mode=0777
$ lxc config set test security.privileged true
$ printf 'lxc.cgroup.devices.allow = c 198:* rwm' | lxc config set test raw.lxc -
Устройство hasp добавляется к test
$ lxc config edit test
Добавить в config:
config:
raw.lxc: lxc.cgroup.devices.allow = c 198:* rwm
....
$ lxc restart test
$ lxc exec test /bin/bash
# passwd ubuntu
Добавить пользователей:
# adduser user
# usermod -aG sudo user
# apt update
# apt upgrade
# apt install mc samba
# locale-gen ru_RU.UTF-8
# timedatectl set-timezone Europe/Moscow
# service cron restart
# nano /etc/hosts
127.0.0.1 localhost test
Сохранить.
# nano /etc/ssh/sshd_config
PasswordAuthentication yes
Сохранить.
# systemctl reload sshd
# exit
$ lxc stop test
Сохранение машины .ova
Продолжение:
$ lxc start test
Подключение по ssh
$ git clone https://github.com/renbuar/setup-1c.git
$ cd setup-1c
$ sh downloadpg.sh
$ sudo sh setup_pg11_1c.sh
$ sh download.sh
$ sudo sh setup-1c.sh
# sudo sh setup-2c.sh
# sudo sh backup/pgprobackup.sh
# sudo sh backup/restore_beta.sh
$ lxc stop test
#$ sudo lxc delete test --force
$ usbkeytest --list
$ usbkeytest --list
ID: 0529:0001, Bus: 001, Device: 004, Major: 189, Minor: 3
ID: 0529:0001, Bus: 001, Device: 003, Major: 189, Minor: 2
$ usbkeytest --detect
aladdin
$ sudo journalctl|grep hasplmd
sudo journalctl|grep aksusbd
Но hasp не работает
В контейнере созаем файл (берем с машины где стоят драйвера)
$ /etc/udev/rules.d/80-hasp.rules
# HASP rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0001", MODE="664", ENV{HASP}="1", SYMLINK+="aks/hasp/%k", RUN+="/usr/sbin/aksusbd_x86_64 -c $root/aks/hasp/$kernel"
ACTION=="remove", ENV{HASP}=="1", RUN+="/usr/sbin/aksusbd_x86_64 -r $root/aks/hasp/$kernel"
# SENTINEL rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0003", KERNEL!="hiddev*", MODE="666", GROUP="plugdev", ENV{SENTINELHID}="1", SYMLINK+="aks/sentinelhid/%k"
Сохранить.
$ lxc restart test
$ time xvfb-run /opt/1C/v8.3.15.1700/x86_64/./1cv8 CREATEINFOBASE Srvr='"test";Ref="demo";DBMS="PostgreSQL";DBSrvr="test port=5432";DB="demo";DBUID="postgres";DBPwd="pass";CrSQLDB="Y";SchJobDn="Y";' /Out "/home/user/log.txt"
$ xvfb-run /opt/1C/v8.3.15.1700/x86_64/./1cv8 DESIGNER /S"test\demo" /N"admin" /P"admin" /IBcheckAndRepair -LogAndRefsIntegrity /Out"/home/user/log.txt"
$ lxc copy test hasp
diff -udNr /var/lib/lxd/containers/test/ /var/lib/lxd/containers/hasp/ > cont.diff
$ lxc start test
#$ lxc config edit hasp
$ lxc start hasp
$ lxc list
$ lxc exec hasp /bin/bash
$ time xvfb-run /opt/1C/v8.3.15.1700/x86_64/./1cv8 CREATEINFOBASE Srvr='"hasp";Ref="demo";DBMS="PostgreSQL";DBSrvr="test port=5432";DB="demo";DBUID="postgres";DBPwd="pass";CrSQLDB="Y";SchJobDn="Y";' /Out "/home/user/log.txt"
$ xvfb-run /opt/1C/v8.3.15.1700/x86_64/./1cv8 DESIGNER /S"hasp\demo" /N"admin" /P"admin" /IBcheckAndRepair -LogAndRefsIntegrity /Out"/home/user/log.txt"
$ sudo mkdir /var/log/1c
$ sudo chown usr1cv8 /var/log/1c
$ sudo mkdir /opt/1C/v8.3.15.1700/x86_64/conf/
$ sudo nano /opt/1C/v8.3.15.1700/x86_64/conf/logcfg.xml
<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://v8.1c.ru/v8/tech-log">
<log location="/var/log/1c" history="96">
<event>
<eq property="name" value="LIC" />
</event>
<event>
<eq property="name" value="HASP" />
</event>
<property name="all"/>
</log>
</config>
$ sudo chown usr1cv8 /opt/1C/v8.3.15.1700/x86_64/conf/
$ sudo systemctl restart server1c-8.3.15.1700.service
Пошаговая инструкция настройки LXD на Ubuntu 16.04
Ubuntu 18.04 LXD/LXC, ZFS, Docker, and Advanced Networking
KVM: Creating a bridged network with NetPlan on Ubuntu bionic
Создание привилегированных контейнеров
Переход с виртуальных машин на контейнеры LXC: причины, преимущества и готовая инструкция к применению
Install LXD pure-container hypervisor on Ubuntu 18.04 LTS
Privileged containers
LXD 2.0 on Ubuntu 16.04 within VirtualBox for easy LAN access - 10 minutes guide
.
$ ip a
192.168.1.109
$ sudo apt update
$ sudo apt upgrade
$ sudo apt-get install bridge-utils -y
$ cd /etc/netplan
$ ls
01-netcfg.yaml
$ sudo cp 01-netcfg.yaml 01-netcfg.yaml.orig
$ sudo nano /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
dhcp4: yes
bridges:
br0:
interfaces: [enp0s3]
addresses: [192.168.1.109/24]
gateway4: 192.168.1.1
mtu: 1500
nameservers:
addresses: [8.8.8.8]
parameters:
stp: true
forward-delay: 4
dhcp4: no
dhcp6: no
Сохранить.
#addresses: [192.168.0.92/24]
$ sudo netplan generate
$ sudo netplan --debug apply
$ sudo lxd init
Would you like to use LXD clustering? (yes/no) [default=no]:
Do you want to configure a new storage pool? (yes/no) [default=yes]:
Name of the new storage pool [default=default]:
Name of the storage backend to use (btrfs, dir, lvm) [default=btrfs]: dir
Would you like to connect to a MAAS server? (yes/no) [default=no]:
Would you like to create a new local network bridge? (yes/no) [default=yes]: no
Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: yes
Name of the existing bridge or host interface: br0
Would you like LXD to be available over the network? (yes/no) [default=no]:
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:
$ sudo nano /etc/udev/rules.d/80-hasp.rules
# HASP rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0001", MODE="664", ENV{HASP}="1", SYMLINK+="aks/hasp/%k", RUN+="/usr/sbin/aksusbd_x86_64 -c $root/aks/hasp/$kernel"
ACTION=="remove", ENV{HASP}=="1", RUN+="/usr/sbin/aksusbd_x86_64 -r $root/aks/hasp/$kernel"
# SENTINEL rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0003", KERNEL!="hiddev*", MODE="666", GROUP="plugdev", ENV{SENTINELHID}="1", SYMLINK+="aks/sentinelhid/%k"
# SENTINEL rules для второго серверного ключа добавить еще запись:
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0004", KERNEL!="hiddev*", MODE="666", GROUP="plugdev", ENV{SENTINELHID}="1", SYMLINK+="aks/sentinelhid/%k"
Сохранить.
2. $ sudo reboot
После перезагрузки
появится /dev/aks/
Смотрим на хосте:
$ ls -alFhR /dev/aks/
3. На хосте:
Bus 001 Device 003 - 5 net aks 1-2
Bus 001 Device 004 - EN8SA aks 1-3
Bus 001 Device 005 - EN8SA aks1-4 (пришлый на картинках нет)
$ lsusb
Bus 001 Device 005: ID 0529:0001 Aladdin Knowledge Systems HASP copy protection dongle
Bus 001 Device 004: ID 0529:0001 Aladdin Knowledge Systems HASP copy protection dongle
Bus 001 Device 003: ID 0529:0001 Aladdin Knowledge Systems HASP copy protection dongle
Bus 001 Device 002: ID 80ee:0021 VirtualBox USB Tablet
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Создаем тестовый контейнер
$ lxc launch ubuntu:18.04 test
Пробрасываем устройства в контейнер:
$ lxc launch test-backup test
$ lxc config device add test hasp3 unix-char path=/dev/bus/usb/001/003 mode=0777
$ lxc config device add test hasp4 unix-char path=/dev/bus/usb/001/004 mode=0777
$ lxc config device add test aks2 unix-char path=/dev/aks/hasp/1-3 mode=0777
$ lxc config device add test aks3 unix-char path=/dev/aks/hasp/1-4 mode=0777
$ lxc config set test security.privileged true
$ printf 'lxc.cgroup.devices.allow = c 198:* rwm' | lxc config set test raw.lxc -
Устройство hasp добавляется к test
$ lxc config edit test
Добавить в config:
config:
raw.lxc: lxc.cgroup.devices.allow = c 198:* rwm
....
$ lxc restart test
$ lxc exec test /bin/bash
# passwd ubuntu
Добавить пользователей:
# adduser user
# usermod -aG sudo user
# apt update
# apt upgrade
# apt install mc samba
# locale-gen ru_RU.UTF-8
# timedatectl set-timezone Europe/Moscow
# service cron restart
# nano /etc/hosts
127.0.0.1 localhost test
Сохранить.
# nano /etc/ssh/sshd_config
PasswordAuthentication yes
Сохранить.
# systemctl reload sshd
# exit
$ lxc stop test
Сохранение машины .ova
Продолжение:
$ lxc start test
Подключение по ssh
$ git clone https://github.com/renbuar/setup-1c.git
$ cd setup-1c
$ sh downloadpg.sh
$ sudo sh setup_pg11_1c.sh
$ sh download.sh
$ sudo sh setup-1c.sh
# sudo sh setup-2c.sh
# sudo sh backup/pgprobackup.sh
# sudo sh backup/restore_beta.sh
$ lxc stop test
#$ sudo lxc delete test --force
$ usbkeytest --list
$ usbkeytest --list
ID: 0529:0001, Bus: 001, Device: 004, Major: 189, Minor: 3
ID: 0529:0001, Bus: 001, Device: 003, Major: 189, Minor: 2
$ usbkeytest --detect
aladdin
$ sudo journalctl|grep hasplmd
sudo journalctl|grep aksusbd
Но hasp не работает
В контейнере созаем файл (берем с машины где стоят драйвера)
$ /etc/udev/rules.d/80-hasp.rules
# HASP rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0001", MODE="664", ENV{HASP}="1", SYMLINK+="aks/hasp/%k", RUN+="/usr/sbin/aksusbd_x86_64 -c $root/aks/hasp/$kernel"
ACTION=="remove", ENV{HASP}=="1", RUN+="/usr/sbin/aksusbd_x86_64 -r $root/aks/hasp/$kernel"
# SENTINEL rules
ACTION=="add|change|bind", SUBSYSTEM=="usb", ATTRS{idVendor}=="0529", ATTRS{idProduct}=="0003", KERNEL!="hiddev*", MODE="666", GROUP="plugdev", ENV{SENTINELHID}="1", SYMLINK+="aks/sentinelhid/%k"
Сохранить.
$ lxc restart test
$ time xvfb-run /opt/1C/v8.3.15.1700/x86_64/./1cv8 CREATEINFOBASE Srvr='"test";Ref="demo";DBMS="PostgreSQL";DBSrvr="test port=5432";DB="demo";DBUID="postgres";DBPwd="pass";CrSQLDB="Y";SchJobDn="Y";' /Out "/home/user/log.txt"
$ xvfb-run /opt/1C/v8.3.15.1700/x86_64/./1cv8 DESIGNER /S"test\demo" /N"admin" /P"admin" /IBcheckAndRepair -LogAndRefsIntegrity /Out"/home/user/log.txt"
$ lxc copy test hasp
diff -udNr /var/lib/lxd/containers/test/ /var/lib/lxd/containers/hasp/ > cont.diff
$ lxc start test
#$ lxc config edit hasp
$ lxc start hasp
$ lxc list
$ lxc exec hasp /bin/bash
$ time xvfb-run /opt/1C/v8.3.15.1700/x86_64/./1cv8 CREATEINFOBASE Srvr='"hasp";Ref="demo";DBMS="PostgreSQL";DBSrvr="test port=5432";DB="demo";DBUID="postgres";DBPwd="pass";CrSQLDB="Y";SchJobDn="Y";' /Out "/home/user/log.txt"
$ xvfb-run /opt/1C/v8.3.15.1700/x86_64/./1cv8 DESIGNER /S"hasp\demo" /N"admin" /P"admin" /IBcheckAndRepair -LogAndRefsIntegrity /Out"/home/user/log.txt"
$ sudo mkdir /var/log/1c
$ sudo chown usr1cv8 /var/log/1c
$ sudo mkdir /opt/1C/v8.3.15.1700/x86_64/conf/
$ sudo nano /opt/1C/v8.3.15.1700/x86_64/conf/logcfg.xml
<?xml version="1.0" encoding="UTF-8"?>
<config xmlns="http://v8.1c.ru/v8/tech-log">
<log location="/var/log/1c" history="96">
<event>
<eq property="name" value="LIC" />
</event>
<event>
<eq property="name" value="HASP" />
</event>
<property name="all"/>
</log>
</config>
$ sudo chown usr1cv8 /opt/1C/v8.3.15.1700/x86_64/conf/
$ sudo systemctl restart server1c-8.3.15.1700.service
Комментариев нет:
Отправить комментарий