homepage/content/post/ubuntu-lxc-image.md

---
date: 2015-01-25T14:00:00+01:00
title: Prepare a minimal lxc image for salt
author: jochum
tags:
  - HOWTO
  - Ubuntu
  - BTRFS
  - lxc
---
These are basic commands i use to prepare a minimal lxc image for saltstack.
This requires the howto [Install lxc and prepare it for a unprivileged user](/2015/01/25/ubuntu-lxc-install/)<!--more-->

**Login as lxd**

if you have got a unprivileged install like me.

    $ ssh lxd@localhost

**Download the Image**

I use the btrfs [backing store](https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-backinstores) driver here, see its [man page](http://man7.org/linux/man-pages/man1/lxc-create.1.html) for more.

    $ lxc-create -B btrfs -t download -n trusty64 -- -d ubuntu -r trusty -a amd64

**Start and attach**

    lxc-start -n trusty64
    lxc-attach -n trusty64

**Upgrade the base system**

You'r now in the machine, its like *chroot* on *steroids*

    apt-get update && apt-get -qy dist-upgrade

**Install openssh-server**

    apt-get -qy install openssh-server

**Install salt-minion**

    apt-get -qy install software-properties-common
    add-apt-repository -y ppa:saltstack/salt
    apt-get update
    apt-get -qy install salt-minion

**Configure salt-minion for the first connect**

I enable ```IPv6``` here as i use a IPv6 only network to play around.

    service salt-minion stop
    echo -e "master: salt\nipv6: True" > /etc/salt/minion.d/master.conf
    rm -rf /etc/salt/minion_id /etc/salt/pki/

**Remove ssh keys, let salt provision it**

    rm -f /etc/ssh/ssh_host_*_key*

**Set the hostname to FQDN so you have it later with a Domain in your saltmaster**

Replace ```lxc.example.lan``` with the domain you have in ```/etc/default/lxc-net```

    $ sed -i -e's|trusty64|trusty64.lxc.example.lan|' /etc/hosts

**Delete default "ubuntu" user (want salt to provision the id:1000 user)**

    $ userdel -rf ubuntu

**Now** get back on your machine:

    $ exit

**and** stop the base image you must made:

    $ lxc-stop -n trusty64

### Do this every time you need a new testing/production machine
**Clone it and let your salt master provision it :)**

I use the [snapshot](http://man7.org/linux/man-pages/man1/lxc-clone.1.html) feature here.

replace ```jupiter``` with your own hostname.

    $ lxc-clone -s trusty64 jupiter
    $ lxc-start -n jupiter

**Get info from your new machine**

    $ lxc-ls -f

**On the Master**

    $ salt-key -a 'jupiter.*'

If you have a firewalled development saltmaster you may want to activate [auto_accept](http://docs.saltstack.com/en/latest/ref/configuration/master.html#auto-accept)

**Wanna do it again?**

Destroy the machine (**as lxd@localhost**)

    $ lxc-destroy -n jupiter

Remove the key on the Master

    $ salt-key -d 'jupiter.*'

Clone it again and let the master provision it (**again as lxd@localhost**)

    $ lxc-clone -s trusty64 jupiter
    $ lxc-start -n jupiter
First commit. 9 years ago			`---`
			`date: 2015-01-25T14:00:00+01:00`
Small updates. 9 years ago			`title: Prepare a minimal lxc image for salt`
Switch my nickname from pcdummy to jochum 2 years ago			`author: jochum`
First commit. 9 years ago			`tags:`
			`- HOWTO`
			`- Ubuntu`
			`- BTRFS`
			`- lxc`
			`---`
Fix dates. 9 years ago			`These are basic commands i use to prepare a minimal lxc image for saltstack.`
			`This requires the howto [Install lxc and prepare it for a unprivileged user](/2015/01/25/ubuntu-lxc-install/)<!--more-->`
First commit. 9 years ago
			`Login as lxd`

			`if you have got a unprivileged install like me.`

			`$ ssh lxd@localhost`

			`Download the Image`

			`I use the btrfs [backing store](https://help.ubuntu.com/lts/serverguide/lxc.html#lxc-backinstores) driver here, see its [man page](http://man7.org/linux/man-pages/man1/lxc-create.1.html) for more.`

			`$ lxc-create -B btrfs -t download -n trusty64 -- -d ubuntu -r trusty -a amd64`

			`Start and attach`

			`lxc-start -n trusty64`
			`lxc-attach -n trusty64`

			`Upgrade the base system`

			`You'r now in the machine, its like chroot on steroids`

			`apt-get update && apt-get -qy dist-upgrade`

			`Install openssh-server`

			`apt-get -qy install openssh-server`

			`Install salt-minion`

			`apt-get -qy install software-properties-common`
			`add-apt-repository -y ppa:saltstack/salt`
			`apt-get update`
			`apt-get -qy install salt-minion`

			`Configure salt-minion for the first connect`

			I enable ```IPv6``` here as i use a IPv6 only network to play around.

			`service salt-minion stop`
			`echo -e "master: salt\nipv6: True" > /etc/salt/minion.d/master.conf`
			`rm -rf /etc/salt/minion_id /etc/salt/pki/`

			`Remove ssh keys, let salt provision it`

			`rm -f /etc/ssh/ssh_host__key`

			`Set the hostname to FQDN so you have it later with a Domain in your saltmaster`

			Replace ```lxc.example.lan``` with the domain you have in ```/etc/default/lxc-net```

			`$ sed -i -e's\|trusty64\|trusty64.lxc.example.lan\|' /etc/hosts`

			`Delete default "ubuntu" user (want salt to provision the id:1000 user)`

			`$ userdel -rf ubuntu`

			`Now get back on your machine:`

			`$ exit`

			`and stop the base image you must made:`

			`$ lxc-stop -n trusty64`

			`### Do this every time you need a new testing/production machine`
			`Clone it and let your salt master provision it :)`

			`I use the [snapshot](http://man7.org/linux/man-pages/man1/lxc-clone.1.html) feature here.`

			replace ```jupiter``` with your own hostname.

			`$ lxc-clone -s trusty64 jupiter`
			`$ lxc-start -n jupiter`

			`Get info from your new machine`

			`$ lxc-ls -f`

			`On the Master`

			`$ salt-key -a 'jupiter.*'`

			`If you have a firewalled development saltmaster you may want to activate [auto_accept](http://docs.saltstack.com/en/latest/ref/configuration/master.html#auto-accept)`

			`Wanna do it again?`

			`Destroy the machine (as lxd@localhost)`

			`$ lxc-destroy -n jupiter`

			`Remove the key on the Master`

			`$ salt-key -d 'jupiter.*'`

			`Clone it again and let the master provision it (again as lxd@localhost)`

			`$ lxc-clone -s trusty64 jupiter`
			`$ lxc-start -n jupiter`