User Tools

Site Tools


cl-tutorial:first_a

Installing the CONFINE VCT Container

Installation is very simple. Just download the newest “vct-container” archive from our public repository and configure it.

Creating the new container

First of all, download the newest vct-container,YYYYMMDDNN.tar.xz archive from https://media.confine-project.eu/vct-container/. It contains a single VCT directory containing the LXC configuration file (vct/config) and its root filesystem (vct/rootfs).

CONFINE Public images repository

In our case, we are going to use the version from 2013, August 2nd.

~$ sudo su
~# wget https://media.confine-project.eu/vct-container/vct-container,2013080200.tar.xz

Now you should be able to unpack the archive straight into your LXC directory by running tar command.

~# tar -C /var/lib/lxc --numeric-owner -xJf vct-container,2013080200.tar.xz 

Usually, if you only have a single VCT container it will need no further configuration, although you may want to fine-tune options in the config file to your liking.

If you unpacked somewhere else or used a different container name, edit the config file and replace all occurrences of /var/lib/lxc/vct. If your bridge is not called “vmbr” change the lxc.network.link. If you are already running another container using the same template, you may need to change the lxc.network.hwaddr MAC address and lxc.network.veth.pair name.

In systems using AppArmor (like Ubuntu) the container will run with an unconfined profile to allow it to perform actions like mounting filesystems. The easiest way to do it, is to disable the AppArmor for the VCT.

~# cat >> /var/lib/lxc/vct/config << 'EOF'
> ## Disable AppArmor for VCT
> lxc.aa_profile = unconfined
> EOF

Updating VCT to the last version

The next step is to start the container and log in with the username and password vct:confine.

~# lxc-start -n vct

VCT CONFINE Container

After restarting your machine, it is probable that when you try to start the VCT-C, you receive an error message, meaning that you didn't start the bridge before. lxc-start: failed to attach 'vethb97OmU' to the bridge 'vmbr' : No such device

In such cases, you need to run the ifup vmbr command first. See the VCT Bridge tutorial for more information.

The compiled image contains the CONFINE SDK built when it was created. Hence, it is recommended to update the development framework to the last version. The git checkout command ensures that you use the latest version this tutorial was checked against, but you may specify other versions or branches like testing. First, clean previous VCT configuration:

vct@vct:~$ cd ~/confine-dist/utils/vct
vct@vct:~/confine-dist/utils/vct$ ./vct_system_cleanup
vct@vct:~/confine-dist/utils/vct$ sudo rm -rf /var/lib/vct

Then, download the latest version of the development source:

vct@vct:~$ cd ~/confine-dist
vct@vct:~/confine-dist$ git checkout testing
vct@vct:~/confine-dist$ git pull

If you want to use a specific version of the controller, just override the VCT_SERVER_VERSION:

echo 'VCT_SERVER_VERSION=0.9' >> ~/confine-dist/utils/vct/vct.conf.overrides

Now that CONFINE SDK is correctly installed, it is time to take a look into the directory structure:

Confine SDK directory

  • /files contains configuration files that will be copied to the OpenWrt image.
  • /openwrt contains OpenWrt source, cloned from our Redmine git repository.
  • /packages contains CONFINE-specific packages related to slices/slivers initialization and deployment.
  • /utils contains some command line utilities for researchers and developers.
  • /utils/vct contains the VCT itself.
  • /dl will contain all the downloaded libraries necessary to compile the SDK.
  • /images will contain the compiled OpenWrt image itself.

Click here to go to the next section of this part of the tutorial or click the next link if you rather want to go back to the Tutorials Main Page.

cl-tutorial/first_a.txt · Last modified: 2014/09/19 12:49 by ivilata