Giving the host a macvlan

Last time I made it possible to log in remotely to the container without having administrator rights on the host. This time I will make it possible to log in to the container locally on the host, without administrator rights. This will require the host and the container to be visible to each other over the network, which they are not because I use macvlan.

I will fix this by adding another macvlan interface and make the host use it. I tried this at first but couldn’t figure out how. Let’s hope it goes better this time.

The post I used for setting up macvlan for the containers linked to this post, which explains how to have the host’s traffic go through a macvlan interface as well. Unfortunately it uses ifupdown, while my Ubuntu installation uses netplan. I try to figure out how to translate this, but give up and switch to ifupdown by installing the package ifupdown and rewriting /etc/network/interfaces:

auto enp3s0
iface enp3s0 inet dhcp

auto macvlan0
iface macvlan0 inet dhcp
        pre-up route del default
        pre-up route del -net 192.168.1.0 netmask 255.255.255.0
        pre-up ip link add link enp3s0 name macvlan0 type macvlan mode bridge

I also move /etc/netplan/01-netcfg.yaml to /etc/netplan/01-netcfg.yaml.old.

Let’s go through what I did. The first part is just configuring the normal ethernet device. The second part is the insteresting one. First:

auto macvlan0

This makes the macvlan0 interface be brought up automatically at boot. Second:

iface macvlan0 inet dhcp

This defines an interface macvlan0 which uses TCP/IP networking and has a DHCP-allocated IP address. Third:

pre-up route del default

This defines a rule so that before the interface is brought up, the default route in the routing table is removed. The routing table decides where to send packets addressed to which IPs. Fourth:

pre-up route del -net 192.168.1.0 netmask 255.255.255.0

Same as above, except that I remove another route. Finally:

pre-up ip link add link eth0 name macvlan0 type macvlan mode bridge

This will add a macvlan in bridge mode to eth0, named macvlan0.

I reboot, and that’s it:

administrator@living-room:~$ ping antons-system
PING antons-system (192.168.1.141) 56(84) bytes of data.
64 bytes from antons-system (192.168.1.141): icmp_seq=1 ttl=64 time=0.060 ms
64 bytes from antons-system (192.168.1.141): icmp_seq=2 ttl=64 time=0.081 ms
^C
--- antons-system ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.060/0.070/0.081/0.013 ms
anton@antons-system:~$ ping living-room
PING living-room (192.168.1.144) 56(84) bytes of data.
64 bytes from living-room (192.168.1.144): icmp_seq=1 ttl=64 time=0.037 ms
64 bytes from living-room (192.168.1.144): icmp_seq=2 ttl=64 time=0.084 ms
^C
--- living-room ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.037/0.060/0.084/0.024 ms

I can now change sofa_xubuntu_client:

#!/bin/bash
ssh $USER@antons-system env DISPLAY=$DISPLAY sofa_xubuntu_server

I add the keys to log in from the host to the container and verify that it works. Since my IPs change sometimes and I don’t want to get complaints about fingerprints, I set CheckHostIP no in /etc/ssh/ssh_config on all machines.

I make sofa the one to log in without password:

administrator@living-room:~$ sudo gpasswd -d administrator nopasswdlogin
administrator@living-room:~$ sudo usermod -a -G nopasswdlogin sofa

There, now I can log in as sofa locally.

After making sure that I can access controlpi and that root@controlpi can access administrator@living-room, I tell the projector script the new user- and hostname, and it works like before. There are two problems though:

  1. I do not necessarily want to shut down the computer when I turn off the projector.
  2. I arrive at the login screen, but I want to log in automatically.

The second problem is pretty minor, and I will get to it in time. The first, though, really prevents me from using the setup without being very careful.

How to fix that depends on how fast I can get the boot times, though. It might be that I have to keep the host running to get any sort of acceptable login times. Therefore, I will try to speed up booting next time, before I fix the script.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s