forked from CasCas2/proxmox-hetzner
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpve-enable-lxc-docker.sh
82 lines (71 loc) · 2.66 KB
/
pve-enable-lxc-docker.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#!/usr/bin/env bash
################################################################################
# This is property of eXtremeSHOK.com
# You are free to use, modify and distribute, however you may not remove this notice.
# Copyright (c) Adrian Jon Kriel :: [email protected]
################################################################################
#
# Script updates can be found at: https://github.com/extremeshok/xshok-proxmox
#
# Configures an LXC container to correctly support/run docker
#
# License: BSD (Berkeley Software Distribution)
#
################################################################################
#
# Note:
# There can be security implications as the LXC container is running in a higher privileged mode.
#
# Usage:
# curl https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/pve-enable-lxc-docker.sh --output /usr/sbin/pve-enable-lxc-docker && chmod +x /usr/sbin/pve-enable-lxc-docker
# pve-enable-lxc-docker container_id
#
################################################################################
#
# THERE ARE NO USER CONFIGURABLE OPTIONS IN THIS SCRIPT
#
##############################################################
# Set the local
export LANG="en_US.UTF-8"
export LC_ALL="C"
container_id="$1"
container_config="/etc/pve/lxc/$container_id.conf"
function addlineifnotfound { #$file #$line
if [ "$1" == "" ] || [ "$2" == "" ] ; then
echo "Error missing parameters"
exit 1
else
filename="$1"
linecontent="$2"
fi
if [ ! -f "$filename" ] ; then
echo "Error $filename not found"
exit 1
fi
if ! grep -Fxq "$linecontent" "$filename" ; then
#echo "\"$linecontent\" ---> $filename"
echo "$linecontent" >> "$filename"
fi
}
#add cgroups support
if [ "$(command -v cgroupfs-mount)" == "" ] ; then
/usr/bin/env DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::='--force-confdef' install cgroupfs-mount
fi
if [ -f "$container_config" ]; then
addlineifnotfound "$container_config" "lxc.apparmor.profile: unconfined"
addlineifnotfound "$container_config" "lxc.cgroup.devices.allow: a"
addlineifnotfound "$container_config" "lxc.cap.drop:"
addlineifnotfound "$container_config" "linux.kernel_modules: aufs ip_tables"
addlineifnotfound "$container_config" "lxc.mount.auto: proc:rw sys:rw"
#pve is missing the lxc binary
#lxc config set "$container_id" security.nesting true
#lxc config set "$container_id" security.privileged true
#lxc restart "$container_id"
#pve lxc container restart
lxc-stop --name "$container_id"
lxc-start --name "$container_id"
echo "Docker support added to $container_id"
else
echo "Error: Config $container_config could not be found"
exit 1
fi