Last time I made it possible to log in remotely to the container without having administrator rights on the host. This time I will make it possible to log in to the container locally on the host, without administrator rights. This will require the host and the container to be visible to each other over the network, which they are not because I use macvlan.
I will fix this by adding another macvlan interface and make the host use it. I tried this at first but couldn’t figure out how. Let’s hope it goes better this time.
The post I used for setting up macvlan for the containers linked to this post, which explains how to have the host’s traffic go through a macvlan interface as well. Unfortunately it uses ifupdown, while my Ubuntu installation uses netplan. I try to figure out how to translate this, but give up and switch to ifupdown by installing the package ifupdown and rewriting /etc/network/interfaces:
auto enp3s0
iface enp3s0 inet dhcp
auto macvlan0
iface macvlan0 inet dhcp
pre-up route del default
pre-up route del -net 192.168.1.0 netmask 255.255.255.0
pre-up ip link add link enp3s0 name macvlan0 type macvlan mode bridge
I also move /etc/netplan/01-netcfg.yaml to /etc/netplan/01-netcfg.yaml.old.
Let’s go through what I did. The first part is just configuring the normal ethernet device. The second part is the insteresting one. First:
auto macvlan0
This makes the macvlan0 interface be brought up automatically at boot. Second:
iface macvlan0 inet dhcp
This defines an interface macvlan0 which uses TCP/IP networking and has a DHCP-allocated IP address. Third:
pre-up route del default
This defines a rule so that before the interface is brought up, the default route in the routing table is removed. The routing table decides where to send packets addressed to which IPs. Fourth:
pre-up route del -net 192.168.1.0 netmask 255.255.255.0
Same as above, except that I remove another route. Finally:
pre-up ip link add link eth0 name macvlan0 type macvlan mode bridge
This will add a macvlan in bridge mode to eth0, named macvlan0.
I reboot, and that’s it:
administrator@living-room:~$ ping antons-system PING antons-system (192.168.1.141) 56(84) bytes of data. 64 bytes from antons-system (192.168.1.141): icmp_seq=1 ttl=64 time=0.060 ms 64 bytes from antons-system (192.168.1.141): icmp_seq=2 ttl=64 time=0.081 ms ^C --- antons-system ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.060/0.070/0.081/0.013 ms
anton@antons-system:~$ ping living-room PING living-room (192.168.1.144) 56(84) bytes of data. 64 bytes from living-room (192.168.1.144): icmp_seq=1 ttl=64 time=0.037 ms 64 bytes from living-room (192.168.1.144): icmp_seq=2 ttl=64 time=0.084 ms ^C --- living-room ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.037/0.060/0.084/0.024 ms
I can now change sofa_xubuntu_client:
#!/bin/bash ssh $USER@antons-system env DISPLAY=$DISPLAY sofa_xubuntu_server
I add the keys to log in from the host to the container and verify that it works. Since my IPs change sometimes and I don’t want to get complaints about fingerprints, I set CheckHostIP no in /etc/ssh/ssh_config on all machines.
I make sofa the one to log in without password:
administrator@living-room:~$ sudo gpasswd -d administrator nopasswdlogin administrator@living-room:~$ sudo usermod -a -G nopasswdlogin sofa
There, now I can log in as sofa locally.
After making sure that I can access controlpi and that root@controlpi can access administrator@living-room, I tell the projector script the new user- and hostname, and it works like before. There are two problems though:
- I do not necessarily want to shut down the computer when I turn off the projector.
- I arrive at the login screen, but I want to log in automatically.
The second problem is pretty minor, and I will get to it in time. The first, though, really prevents me from using the setup without being very careful.
How to fix that depends on how fast I can get the boot times, though. It might be that I have to keep the host running to get any sort of acceptable login times. Therefore, I will try to speed up booting next time, before I fix the script.
