Differences

This shows you the differences between two versions of the page.

--- pi-hole:setup_pi-hole_running_in_lxc [2021/01/07 17:37] – peter
+++ pi-hole:setup_pi-hole_running_in_lxc [2021/01/07 18:43] (current) – [Have the LXC Container Start Automatically] peter
@@ Line 100: / Line 100: @@
 ----
-===== Assign the macvlan profile to the container =====
+===== Assign the bride profile to the container =====
+<WRAP important>
+**IMPORTANT:**  Do NOT use the macvlan profile as it does not allow the host to access the Container.
+Every other device can access the Container, just not the host, unless the host is placed into Promiscuous mode.
 See: [[LXC:Make your LXD containers get IP addresses from your LAN using macvlan|Make your LXD containers get IP addresses from your LAN using macvlan]]
+</WRAP>
+See: [[LXC:Profiles:Profiles:Create a Bridge Profile|Create a Bridge Profile]]
 <code bash>
-lxc profile assign pihole default,macvlan
+lxc profile assign pihole default,bridgeprofile
 </code>
@@ Line 111: / Line 124: @@
 <code bash>
-Profiles default,macvlan applied to pihole
+Profiles default,bridgeprofile applied to pihole
 </code>
 <WRAP info>
-**NOTE:**  The assign command must have both the default and macvlan profiles as shown.
+**NOTE:**  The assign command must have both the default and bridgeprofile profiles as shown.
 </WRAP>
 ----
@@ Line 136: / Line 150: @@
 Status: Running
 Type: container
-Profiles: default, macvlan
+Profiles: default, bridgedprofile
 Pid: 844849
 Ips:
@@ Line 168: / Line 182: @@
 This is the correct subnet matching that of the host.
+If the result does not show an IP for eth0, then just wait a few seconds and retry.  It seems to take a while sometimes before the container picks up the change.  Do not panic if this continues to not show.  Just continue with the steps.
 </WRAP>
@@ Line 207: / Line 224: @@
 ----
-===== Set up a proxy to allow web traffic into the LXD container =====
+===== Set up a proxy to allow web traffic into the LXD container (Optional) =====
 On the host, not the container, add a proxy:
@@ Line 224: / Line 241: @@
 **NOTE:**  Ensure that the Container is stopped before running this.
-If this fails, then not a worry.
+If this fails, then not a worry and may not be needed.  You may get an error such as
-It may mean that the container can be seen from other system besides the host.
+<code bash>
+Error: Failed to start device "web": Error occurred when starting proxy device: Error: Failed to listen on 0.0.0.0:80: listen tcp 0.0.0.0:80: bind: address already in use
+</code>
-To overcome this, a bridge profile can be used instead - covered later.
 </WRAP>
@@ Line 356: / Line 374: @@
 **NOTE:**  Change the ping address as needed to the correct subnet.
-LXC should ideally be configured in macvlan mode:
+If the ping fails, then try to restart networking on the container:
-See [[LXC:Make your LXD containers get IP addresses from your LAN using macvlan|Make your LXD containers get IP addresses from your LAN using macvlan]]
+<code bash>
+netplan apply
+</code>
 </WRAP>
@@ Line 364: / Line 384: @@
 ----
+===== Configure an IP on the Container =====
+Pi-Hole needs a static IP, so set one.
+By default the Container uses DHCP, so each time it starts it would receive a different IP.
+<file bash vi /etc/netplan/50-cloud-init.yaml>
+# This file is generated from information provided by the datasource.  Changes
+# to it will not persist across an instance reboot.  To disable cloud-init's
+# network configuration capabilities, write a file
+# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
+# network: {config: disabled}
+#network:
+#    version: 2
+#    ethernets:
+#        eth0:
+#            dhcp4: true
+#
+# Let NetworkManager manage all devices on this system
+network:
+  version: 2
+  #renderer: NetworkManager
+  renderer: networkd
+  ethernets:
+    eth0:
+      dhcp4: no
+      # disable existing configuration for ethernet
+      addresses: [192.168.1.150/24]
+      gateway4: 192.168.1.1
+      nameservers:
+        addresses: [192.168.1.1]
+      dhcp6: no
+</file>
+<WRAP info>
+**NOTE:**  This sets a static IP address, which is needed for Pi-Hole.
+The default dhcp has been commented out, but can be deleted from this file.
+The actual netplan filename may be slightly different; Edit the actual filename within the **/etc/netplan** directory.
+</WRAP>
+----
+===== Apply the network changes =====
+<code bash>
+netplan apply
+</code>
+----
+===== Exit the Shell =====
+<code bash>
+exit
+</code>
+----
+===== Restart the Pi-Hole Container =====
+<code bash>
+lxc restart pihole
+</code>
+----
+===== Try to ping the Pi-Hole Container from the Host =====
+<code bash>
+ping 192.168.1.150
+</code>
+returns:
+<code bash>
+PING 192.168.1.150 (192.168.1.150) 56(84) bytes of data.
+bytes from 192.168.1.150: icmp_seq=1 ttl=64 time=0.031 ms
+bytes from 192.168.1.150: icmp_seq=2 ttl=64 time=0.027 ms
+bytes from 192.168.1.150: icmp_seq=3 ttl=64 time=0.026 ms
+bytes from 192.168.1.150: icmp_seq=4 ttl=64 time=0.044 ms
+bytes from 192.168.1.150: icmp_seq=5 ttl=64 time=0.028 ms
+--- 192.168.1.150 ping statistics ---
+packets transmitted, 5 received, 0% packet loss, time 4101ms
+rtt min/avg/max/mdev = 0.026/0.031/0.044/0.006 ms
+</code>
+<WRAP info>
+**NOTE:**  If this step fails, bash back into the container <code bash>lxc exec pihole bash</code> and then restart the network: <code bash>netplan apply</code>
+Then exit and retry the ping and if that works you should be able to access Pi-Hole from the web.
+</WRAP>
+----
+===== Get a Shell inside the Container =====
+<code bash>
+lxc exec pihole bash
+</code>
+----
 ===== Update the Container =====
@@ Line 475: / Line 601: @@
 ----
-===== Assign the bridge profile to the container =====
+===== Exit the Pi-Hole Container =====
-See: [[LXC:Profiles:Profiles:Create a Bridge Profile|Create a Bridge Profile]]
-<code bash>
-lxc profile assign pihole default,bridgeprofile
-</code>
-returns:
-<code bash>
-Profiles default,bridgeprofile applied to pihole
-</code>
-<WRAP info>
-**NOTE:**  The assign command must have both the default and bridgeprofile profiles as shown.
-</WRAP>
-----
-===== Shell in again to the Pi-Hole Container =====
-<code bash>
-lxc exec pihole bash
-</code>
-----
-===== Configure an IP on the Container =====
-<file bash vi /etc/netplan/50-cloud-init.yaml>
-# This file is generated from information provided by the datasource.  Changes
-# to it will not persist across an instance reboot.  To disable cloud-init's
-# network configuration capabilities, write a file
-# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
-# network: {config: disabled}
-#network:
-#    version: 2
-#    ethernets:
-#        eth0:
-#            dhcp4: true
-#
-# Let NetworkManager manage all devices on this system
-network:
-  version: 2
-  #renderer: NetworkManager
-  renderer: networkd
-  ethernets:
-    eth0:
-      dhcp4: no
-      # disable existing configuration for ethernet
-      addresses: [192.168.1.150/24]
-      gateway4: 192.168.1.1
-      nameservers:
-        addresses: [192.168.1.1]
-      dhcp6: no
-</file>
-<WRAP info>
-**NOTE:**  This sets a static IP address, which is needed for Pi-Hole.
-The actual netplan filename may be slightly different; Edit the actual filename within the **/etc/netplan** directory.
-</WRAP>
-----
-===== Apply the network changes =====
-<code bash>
-netplan apply
-</code>
-----
-===== Exit the Shell =====
 <code bash>
 exit
 </code>
-----
-===== Restart the Pi-Hole Container =====
-<code bash>
-lxc restart pihole
-</code>
-----
-===== Try to ping the Pi-Hole Container from the Host =====
-<code bash>
-ping 192.168.1.150
-</code>
-returns:
-<code bash>
-PING 192.168.1.150 (192.168.1.150) 56(84) bytes of data.
-bytes from 192.168.1.150: icmp_seq=1 ttl=64 time=0.031 ms
-bytes from 192.168.1.150: icmp_seq=2 ttl=64 time=0.027 ms
-bytes from 192.168.1.150: icmp_seq=3 ttl=64 time=0.026 ms
-bytes from 192.168.1.150: icmp_seq=4 ttl=64 time=0.044 ms
-bytes from 192.168.1.150: icmp_seq=5 ttl=64 time=0.028 ms
---- 192.168.1.150 ping statistics ---
-packets transmitted, 5 received, 0% packet loss, time 4101ms
-rtt min/avg/max/mdev = 0.026/0.031/0.044/0.006 ms
-</code>
-<WRAP info>
-**NOTE:**  If this step fails, bash back into the container <code bash>lxc exec pihole bash</code> and then restart the network: <code bash>netplan apply</code>
-Then exit and retry the ping and if that works you should be able to access Pi-Hole from the web.
-</WRAP>
 ----
@@ Line 659: / Line 670: @@
 ===== Have the LXC Container Start Automatically =====
-<WRAP center round todo 60%>
+By default, LXC containers may not start automatically.
-TODO:  Need to check these as the path name has changed due to Ubuntu using snaps.
-For now, manually start as needed.
+<code bash>
-</WRAP>
+lxc config set pihole boot.autostart true
+</code>
-By default, LXC containers may not start automatically.
+Ensure that LXC is set to start containers at boot.
-To fix this, edit the container config file:
+<file bash /etc/default/lxc>
+# LXC_AUTO - whether or not to start containers at boot
-<file bash /var/lib/lxc/pihole/config>
+LXC_AUTO="true"
-lxc.start.auto = 1
-lxc.start.delay = 1
 </file>
+<WRAP info>
+**NOTE:**  Also check file /etc/default/lxc-net, just in case this overrides this setting.
+</WRAP>
 <WRAP info>
@@ Line 679: / Line 693: @@
 When the host system boots, LXC decides the order and the delay between each startup.
-In this case:
-  * The first line actually does the autostart.
-  * The second line is optional and will delay the start of this container to give the current container time to begin initialization and reduce overloading the host system.
 </WRAP>
@@ Line 689: / Line 698: @@
 ----
+===== Show the Pi-Hole Container Configuration File =====
+<code bash>
+lxc config show pihole
+</code>
+returns:
+<code bash>
+architecture: x86_64
+config:
+  boot.autostart: "true"
+  image.architecture: amd64
+  image.description: ubuntu 20.04 LTS amd64 (release) (20210105)
+  image.label: release
+  image.os: ubuntu
+  image.release: focal
+  image.serial: "20210105"
+  image.type: squashfs
+  image.version: "20.04"
+  volatile.base_image: 21da67063730fc446ca7fe090a7cf90ad9397ff4001f69907d7db690a30897c3
+  volatile.eth0.host_name: veth9b7de9bd
+  volatile.eth0.hwaddr: 00:16:3e:4c:1b:d7
+  volatile.idmap.base: "0"
+  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
+  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
+  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
+  volatile.last_state.power: RUNNING
+  volatile.uuid: 10e59167-cf89-4919-bb1c-9e701d15e08c
+devices: {}
+ephemeral: false
+profiles:
+- default
+- bridgeprofile
+stateful: false
+description: ""
+</code>
+<WRAP info>
+**NOTE:**  This file will not be created until a change is made to it.
+In this case, the autostart config done previously has enabled this.
+</WRAP>