Differences

This shows you the differences between two versions of the page.

--- pi-hole:setup_pi-hole_running_in_lxc [2021/01/07 17:10] – [Have the LXC Container Start Automatically] peter
+++ pi-hole:setup_pi-hole_running_in_lxc [2021/01/07 18:43] (current) – [Have the LXC Container Start Automatically] peter
@@ Line 3: / Line 3: @@
 [[Pi-Hole:Setup Pi-Hole running in LXC:Not Working|Not Working]]
-----
 ===== Create an LXC Container =====
@@ Line 15: / Line 14: @@
 <code bash>
 Creating pihole
-</code>
-----
-===== Start the Container =====
-<code bash>
-lxc start pihole
 </code>
@@ Line 109: / Line 100: @@
 ----
-===== Assign the macvlan profile to the container =====
+===== Assign the bride profile to the container =====
+<WRAP important>
+**IMPORTANT:**  Do NOT use the macvlan profile as it does not allow the host to access the Container.
+Every other device can access the Container, just not the host, unless the host is placed into Promiscuous mode.
 See: [[LXC:Make your LXD containers get IP addresses from your LAN using macvlan|Make your LXD containers get IP addresses from your LAN using macvlan]]
+</WRAP>
+See: [[LXC:Profiles:Profiles:Create a Bridge Profile|Create a Bridge Profile]]
 <code bash>
-lxc profile assign pihole default,macvlan
+lxc profile assign pihole default,bridgeprofile
 </code>
@@ Line 120: / Line 124: @@
 <code bash>
-Profiles default,macvlan applied to pihole
+Profiles default,bridgeprofile applied to pihole
 </code>
 <WRAP info>
-**NOTE:**  The assign command must have both the default and macvlan profiles as shown.
+**NOTE:**  The assign command must have both the default and bridgeprofile profiles as shown.
 </WRAP>
 ----
@@ Line 145: / Line 150: @@
 Status: Running
 Type: container
-Profiles: default, macvlan
+Profiles: default, bridgedprofile
 Pid: 844849
 Ips:
@@ Line 177: / Line 182: @@
 This is the correct subnet matching that of the host.
+If the result does not show an IP for eth0, then just wait a few seconds and retry.  It seems to take a while sometimes before the container picks up the change.  Do not panic if this continues to not show.  Just continue with the steps.
 </WRAP>
@@ Line 192: / Line 200: @@
 <WRAP info>
-**NOTE:**  There is a default user account named ubuntu, which is being used here.
+**NOTE:**  There is a default user account named **ubuntu**, which is being used here.
 You could setup a completely different user account if wanted.
@@ Line 216: / Line 224: @@
 ----
-===== Set up a proxy to allow web traffic into the LXD container =====
+===== Set up a proxy to allow web traffic into the LXD container (Optional) =====
 On the host, not the container, add a proxy:
@@ Line 233: / Line 241: @@
 **NOTE:**  Ensure that the Container is stopped before running this.
-If this fails, then not a worry.
+If this fails, then not a worry and may not be needed.  You may get an error such as
-It may mean that the container can be seen from other system besides the host.
+<code bash>
+Error: Failed to start device "web": Error occurred when starting proxy device: Error: Failed to listen on 0.0.0.0:80: listen tcp 0.0.0.0:80: bind: address already in use
+</code>
-To overcome this, a bridge profile can be used instead - covered later.
 </WRAP>
@@ Line 365: / Line 374: @@
 **NOTE:**  Change the ping address as needed to the correct subnet.
-LXC should ideally be configured in macvlan mode:
+If the ping fails, then try to restart networking on the container:
-See [[LXC:Make your LXD containers get IP addresses from your LAN using macvlan|Make your LXD containers get IP addresses from your LAN using macvlan]]
+<code bash>
+netplan apply
+</code>
 </WRAP>
@@ Line 373: / Line 384: @@
 ----
+===== Configure an IP on the Container =====
+Pi-Hole needs a static IP, so set one.
+By default the Container uses DHCP, so each time it starts it would receive a different IP.
+<file bash vi /etc/netplan/50-cloud-init.yaml>
+# This file is generated from information provided by the datasource.  Changes
+# to it will not persist across an instance reboot.  To disable cloud-init's
+# network configuration capabilities, write a file
+# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
+# network: {config: disabled}
+#network:
+#    version: 2
+#    ethernets:
+#        eth0:
+#            dhcp4: true
+#
+# Let NetworkManager manage all devices on this system
+network:
+  version: 2
+  #renderer: NetworkManager
+  renderer: networkd
+  ethernets:
+    eth0:
+      dhcp4: no
+      # disable existing configuration for ethernet
+      addresses: [192.168.1.150/24]
+      gateway4: 192.168.1.1
+      nameservers:
+        addresses: [192.168.1.1]
+      dhcp6: no
+</file>
+<WRAP info>
+**NOTE:**  This sets a static IP address, which is needed for Pi-Hole.
+The default dhcp has been commented out, but can be deleted from this file.
+The actual netplan filename may be slightly different; Edit the actual filename within the **/etc/netplan** directory.
+</WRAP>
+----
+===== Apply the network changes =====
+<code bash>
+netplan apply
+</code>
+----
+===== Exit the Shell =====
+<code bash>
+exit
+</code>
+----
+===== Restart the Pi-Hole Container =====
+<code bash>
+lxc restart pihole
+</code>
+----
+===== Try to ping the Pi-Hole Container from the Host =====
+<code bash>
+ping 192.168.1.150
+</code>
+returns:
+<code bash>
+PING 192.168.1.150 (192.168.1.150) 56(84) bytes of data.
+bytes from 192.168.1.150: icmp_seq=1 ttl=64 time=0.031 ms
+bytes from 192.168.1.150: icmp_seq=2 ttl=64 time=0.027 ms
+bytes from 192.168.1.150: icmp_seq=3 ttl=64 time=0.026 ms
+bytes from 192.168.1.150: icmp_seq=4 ttl=64 time=0.044 ms
+bytes from 192.168.1.150: icmp_seq=5 ttl=64 time=0.028 ms
+--- 192.168.1.150 ping statistics ---
+packets transmitted, 5 received, 0% packet loss, time 4101ms
+rtt min/avg/max/mdev = 0.026/0.031/0.044/0.006 ms
+</code>
+<WRAP info>
+**NOTE:**  If this step fails, bash back into the container <code bash>lxc exec pihole bash</code> and then restart the network: <code bash>netplan apply</code>
+Then exit and retry the ping and if that works you should be able to access Pi-Hole from the web.
+</WRAP>
+----
+===== Get a Shell inside the Container =====
+<code bash>
+lxc exec pihole bash
+</code>
+----
 ===== Update the Container =====
@@ Line 465: / Line 582: @@
 .168.1.150
 </code>
+<WRAP important>
+**IMPORTANT:**  Make sure that the URL you type is does NOT contain **<nowiki>https://</nowiki>** in front of the IP Address.
+</WRAP>
@@ Line 480: / Line 601: @@
 ----
-===== Assign the bridge profile to the container =====
+===== Exit the Pi-Hole Container =====
-See: [[LXC:Profiles:Profiles:Create a Bridge Profile|Create a Bridge Profile]]
+<code bash>
+exit
+</code>
+----
+===== Get Information on the Pi-Hole Container =====
 <code bash>
-lxc profile assign pihole default,bridgeprofile
+lxc info pihole
 </code>
@@ Line 492: / Line 618: @@
 <code bash>
-Profiles default,bridgeprofile applied to pihole
+Name: pihole
+Location: none
+Remote: unix://
+Architecture: x86_64
+Created: 2021/01/07 14:59 UTC
+Status: Running
+Type: container
+Profiles: default, bridgeprofile
+Pid: 708446
+Ips:
+  eth0:	inet	192.168.1.150	vethb3f914e9
+  eth0:	inet6	fe80::216:3eff:fecb:fcf8	vethb3f914e9
+  lo:	inet	127.0.0.1
+  lo:	inet6	::1
+Resources:
+  Processes: 88
+  CPU usage:
+    CPU usage (in seconds): 20
+  Memory usage:
+    Memory (current): 266.82MB
+    Memory (peak): 276.11MB
+  Network usage:
+    eth0:
+      Bytes received: 2.45MB
+      Bytes sent: 3.70MB
+      Packets received: 18537
+      Packets sent: 3905
+    lo:
+      Bytes received: 4.05MB
+      Bytes sent: 4.05MB
+      Packets received: 60882
+      Packets sent: 60882
 </code>
-<WRAP info>
-**NOTE:**  The assign command must have both the default and bridgeprofile profiles as shown.
-</WRAP>
 ----
-===== Shell in again to the Pi-Hole Container =====
+<WRAP tip>
+**TIP:**  If this still does not work, then perhaps delete the Pi-Hole Container and restart.
 <code bash>
-lxc exec pihole bash
+lxc delete pihole
+lxc profile delete macvlan
+lxc profile delete bridgeprofile
 </code>
-----
+No need to delete the profiles if you are happy with these.  Just delete the actual Container and follow the steps above.
-===== Configure an IP on the Container =====
-<file bash vi /etc/netplan/50-cloud-init.yaml>
-# This file is generated from information provided by the datasource.  Changes
-# to it will not persist across an instance reboot.  To disable cloud-init's
-# network configuration capabilities, write a file
-# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
-# network: {config: disabled}
-#network:
-#    version: 2
-#    ethernets:
-#        eth0:
-#            dhcp4: true
-#
-# Let NetworkManager manage all devices on this system
-network:
-  version: 2
-  #renderer: NetworkManager
-  renderer: networkd
-  ethernets:
-    eth0:
-      dhcp4: no
-      # disable existing configuration for ethernet
-      addresses: [192.168.1.150/24]
-      gateway4: 192.168.1.1
-      nameservers:
-        addresses: [192.168.1.1]
-      dhcp6: no
-</file>
-<WRAP info>
-**NOTE:**  This sets a static IP address, which is needed for Pi-Hole.
-The actual netplan filename may be slightly different; Edit the actual filename within the **/etc/netplan** directory.
 </WRAP>
 ----
-===== Apply the network changes =====
+===== Have the LXC Container Start Automatically =====
+By default, LXC containers may not start automatically.
 <code bash>
-netplan apply
+lxc config set pihole boot.autostart true
 </code>
-----
-===== Exit the Shell =====
+Ensure that LXC is set to start containers at boot.
-<code bash>
+<file bash /etc/default/lxc>
-exit
+# LXC_AUTO - whether or not to start containers at boot
-</code>
+LXC_AUTO="true"
+</file>
-----
+<WRAP info>
+**NOTE:**  Also check file /etc/default/lxc-net, just in case this overrides this setting.
+</WRAP>
-===== Restart the Pi-Hole Container =====
+<WRAP info>
+**NOTE:**  Autostart is mainly used to select which containers to start.
-<code bash>
+When the host system boots, LXC decides the order and the delay between each startup.
-lxc restart pihole
-</code>
+</WRAP>
 ----
-===== Try to ping the Pi-Hole Container from the Host =====
+===== Show the Pi-Hole Container Configuration File =====
 <code bash>
-ping 192.168.1.150
+lxc config show pihole
 </code>
@@ Line 581: / Line 707: @@
 <code bash>
-PING 192.168.1.150 (192.168.1.150) 56(84) bytes of data.
+architecture: x86_64
-bytes from 192.168.1.150: icmp_seq=1 ttl=64 time=0.031 ms
+config:
-bytes from 192.168.1.150: icmp_seq=2 ttl=64 time=0.027 ms
+  boot.autostart: "true"
-bytes from 192.168.1.150: icmp_seq=3 ttl=64 time=0.026 ms
+  image.architecture: amd64
-bytes from 192.168.1.150: icmp_seq=4 ttl=64 time=0.044 ms
+  image.description: ubuntu 20.04 LTS amd64 (release) (20210105)
-bytes from 192.168.1.150: icmp_seq=5 ttl=64 time=0.028 ms
+  image.label: release
+  image.os: ubuntu
---- 192.168.1.150 ping statistics ---
+  image.release: focal
-packets transmitted, 5 received, 0% packet loss, time 4101ms
+  image.serial: "20210105"
-rtt min/avg/max/mdev = 0.026/0.031/0.044/0.006 ms
+  image.type: squashfs
+  image.version: "20.04"
+  volatile.base_image: 21da67063730fc446ca7fe090a7cf90ad9397ff4001f69907d7db690a30897c3
+  volatile.eth0.host_name: veth9b7de9bd
+  volatile.eth0.hwaddr: 00:16:3e:4c:1b:d7
+  volatile.idmap.base: "0"
+  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
+  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
+  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
+  volatile.last_state.power: RUNNING
+  volatile.uuid: 10e59167-cf89-4919-bb1c-9e701d15e08c
+devices: {}
+ephemeral: false
+profiles:
+- default
+- bridgeprofile
+stateful: false
+description: ""
 </code>
 <WRAP info>
-**NOTE:**  If this step fails, bash back into the container <code bash>lxc exec pihole bash</code> and then restart the network: <code bash>netplan apply</code>
+**NOTE:**  This file will not be created until a change is made to it.
-Then exit and retry the ping and if that works you should be able to access Pi-Hole from the web.
+In this case, the autostart config done previously has enabled this.
 </WRAP>
-----
-===== Have the LXC Container Start Automatically =====
-<WRAP center round todo 60%>
-TODO:  Need to check these as the path name has changed due to Ubuntu using snaps.
-</WRAP>
-By default, LXC containers may not start automatically.
-To fix this, edit the container config file:
-<file bash /var/lib/lxc/pihole/config>
-lxc.start.auto = 1
-lxc.start.delay = 1
-</file>
-<WRAP info>
-**NOTE:**  Autostart is mainly used to select which containers to start.
-When the host system boots, LXC decides the order and the delay between each startup.
-In this case:
-  * The first line actually does the autostart.
-  * The second line is optional and will delay the start of this container to give the current container time to begin initialization and reduce overloading the host system.
-</WRAP>
-----