I want to virtualize one of my Samba domain controllers on the Turris. The domain controller is currently on a Raspi (note: this is not the file server, I need basically three services on the domain server: samba, bind9 and sssd). I have a 64GB mSata drive, which is about six times the amount of data I currently have on the Raspi. So I wonder, whether it would be worthwhile to put some other stuff on the mSata drive, too. (some logs, or even the root partition, or anything else?)
The next question is: is there a small tutorial on how to get started? On a normal box I would format the disk to ext4 and would mount it to /var/lib/libvirt in the fstab. Can I do this exactly as on a ânormalâ Linux box, or do I have to do more?
I would strongly do advice to use LXC. Why? Openwrt packages are many times outdated there for bound to have bugs in it. Also openWRT does not have all the software usually available on Linux in general.
You did give me a great idea of a Samba Domain controller.
If you have a LXC and run the Samba Domain Controller on that, i guess it is just following the tutorial meant for the Linux distro that you used as the container. I have already a Linux Ubuntu 16.04 container, so that would mean just follow the tutorial of Samba Domain Controller for Ubuntu.
To get swap done, just follow âfdiskâ instructions in to making a partition and format it as a âLinux SWAPâ. OpenWRT will automatically recognize it as a SWAP partition and you will be able to mount it a âMount pointsâ in LuCi.
For other partitionsâŚjust the same fdisk to partition it and then format it using a certain filesystem. The âfstabâ-file is located somewhere else then the usual place. (/etc/config/fstab) Here you have my fstab-file, although you can also mount it using LuCi-webinterface. Also how the fstab file is setup, is also different as you can see my fstab file.
If i have forgotten something, please do let me know. Also, do you have other ideaâs maybe that you can âinstallâ or use the mSATA drive for. BTW, we need to get âfstrimâ also to work, because we have a SSD-drive.
thank for Your reply - it clearly demonstrates me, that it will be a long road, until I got the Turris do all the cool stuff, I expect it to do for me. My naive idea was this: run the LXC-gentoo container, ssh into it, and then install the server stuff⌠but, OK, first I need to have the router running. I need DynDNS, OpenVPN, SSH from the outside with a certificate⌠(I will replace Shibbyâs Tomato on an Asus router with the Turris)
What I have is this: I have a local overlay for Samba (and SSSD) for Gentoo - from the straight Gentoo sources it seems about impossible to get a domain controller running, as they refuse to use the bundled Heimdal libraries from Samba - well, after a bit of learning it wasnât all too hard to override the standard Gentoo policy. I think, that I also will be able to build fstrim once the container is working. I have to find the package, which supplies fstrim - but this isnât rocket science at all. But I disgress⌠this is Gentoo and not OpenWRT.
Dynamic DNS can be achieved within 5 minutes. I used âurlâ for âIP address source [IPv4]
â for no-ip.org to get it working.
OpenVPN is also one of the option that i am planning to configure, however, right now busy with other functionality. The SSH with a certificat seems indeed a good idea. I was planning to boost up security settings when i got my Omnia, so that would be a good addition to it, thanks for the idea.
Well those things that i mentioned in my previous posts, arenât that of a rocket science either. I mean fdisk is just follow what is being said or search on the google how is done. I thought LXC was a bit hard, but it is very simple to use. Just google a bit and you will find enough manuals that guide you through it.
Right now i havenât looked up if the partition that give to the LXC, would also be visible on openWRT. Because when using fstrim, need to individually apply to each partition. So will be configuring it in LXC or just in openWRT, but i guess i will find that out sooner or later.
For now it is the best to focus first on configuring the openWRT as much as you can. That way you would have a stable foundation that you can build Gentoo-LXC on.
In the light of adminXâs answer I decided to format my whole disk to ext4 and mount it to /srv. I tried to make the mount permanent following this article in the OpenWRT wiki. Thus I ended up with this in /etc/config/fstab:
If I understand You right, You talk about the entries in the LXC configuration. And as a second point, You tell me, I have to bind/mount the directories /var /tmp and /srv? Is it done by purpose to omit the slash?
TIA & best regards
Peter
PS: what do I need to do, to get network access to the containerized system? I would like to have a fixed IPâŚ
Well, I have to admit it confuses me a bit. I have mounted my sata partition to the compelte /srv directory. Do I need to edit the LXC config in this case, too? If I understoold Your comment right, then You need the bind because You only have some portions of the LXC container on the sata disk.
You are on fase 2 of my project, while i am still on fase 1 :P.
Fase 2: Put the whole lxc container and everything that is going to âwrite etcâ be on a mSATA partition and NOT on the Omnia flash. Like you said prevent writing too much on rootfs. I have read something about what you have managed, but it did not pay much attention to it, because i want to get fase 1 started first.
Fase 1: The first fase, try to have /overlay not be on rootfs anymore, but rather on a partition on the mSATA and also logfiles be on a partition on mSATA.
Still do appreciate you giving already the necessary information about fase 2.
EDIT2: So if i have understood it correctly
You have mounted the WHOLE sda. mount (subvol=lxc-var) (lxc-var directory) to be /dev/sda and the directory can be found in /srv/lxc/var in rootfs?
it might be a stupid question - but why I are you trying to configure /overlay? What advantage / additional value will it bring? it makes sense when the internal space is really limited but 8 GB is pretty luxury space âŚ
Well i am a person who takes the necessary precautions. If like you say 8 GB is pretty luxury space, then i look at snapshots and log files.
So to even go with your idea of not going to use /overlay. I do want to have log-files and snapshots on mSATA partitions.
So if i have understood it correctly
Edit 2: You have mounted the WHOLE sda. mount (subvol=lxc-var) (lxc-var directory) to be /dev/sda and the directory can be found in /srv/lxc/var in rootfs?
As there is no overlay you canât mount a overlay. If you managed to get overlay working any too long press on the reset button will brick your system at some point.
Option B is to switch to root on mSATA. This is not hard and works for me but required a bit of work. A serial console is handy for this as writing bootloader variables from OpenWRT is currently not enabled. Enabling recovery will be a harder part as it is hardwired to the eMMC filesystem and even resides in another flash chip.
You donât need overlay for those. You can change the /var symlink to your SSD if you want. And you can move snapshots away from the internal flash if you want. See Incremental Backup - btrfs Wiki and send and receive subcommands in btrfs.
I have been using Samsung 850 EVO, 250 GB SSD (mSATA) for little more than a month by now.
I created two partitions, both formatted with ext4. One partition I use for NAS, the other one for lxc containers.
Works flawlessly.
