ArticlePDF Available

Abstract

FUSS is a GNU/Linux distribution based on Debian, for a Digitally Sustainable School. Because I don’t have resources for testing it locally, I got a VDS on contabo and tried to test FUSS with virtual machines, virtual LANs etc. I tried different virtualization technologies, like libvirt, proxmox, OpenNebula etc. but finally decided to use LXD, for being simpler and more convenient. It can handle both containers and virtual machines, has a nice command line interface, can be managed remotely, etc.
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
1/11
Testing FUSS with LXD
Table of Contents
1. Introduction
2. Install LXD
3. Connect to LXD remotely
4. Create a virtual LAN
5. Install the server
5.1. Create a VM
5.2. Fix the network conguration
5.3. Install and setup the FUSS server
6. Install a client
6.1. Create a VM
6.2. Install xfce-desktop
6.3. Install fuss-client
6.4. Fix the screen resolution
6.5. Test it
7. System conguration
8. Using Clonezilla
8.1. Save a client image
8.2. Install a client from image
9. Testing Captive Portal
9.1. Create a new virtual LAN
9.2. Attach the server to this LAN
9.3. Fix the conguration of the server
9.4. Install the CP
9.5. Test it with a client
10. Appendix: Install a client from iso
1. Introduction
FUSS is a GNU/Linux distribution based on Debian, for a Digitally Sustainable School.
Dashamir Hoxha / Technical Blog
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
2/11
Figure 1. Typical topology of a FUSS network
Because I don’t have resources for testing it locally, I got a VDS on contabo and tried to test FUSS
with virtual machines, virtual LANs etc.
I tried different virtualization technologies, like libvirt, proxmox, OpenNebula etc. but nally decided
to use LXD, for being simpler and more convenient. It can handle both containers and virtual ma-
chines, has a nice command line interface, can be managed remotely, etc.
2. Install LXD
On the server (ubuntu:20.04) I have installed LXD with snap , like this:
apt install snap
snap install lxd --channel=latest/stable
snap list
lxc list
lxd init
I have used a btrfs storage backend.
NOTE
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
3/11
3. Connect to LXD remotely
We can connect to the LXD from a local machine, for example a laptop, and manage it remotely.
Install LXD on the local machine (without initializing it with lxc init ):
Enable remote connection on the server:
The port 8443 on the server should be open as well:
On the local machine add a remote, like this:
This will prompt you to conrm the remote server ngerprint and then ask you for the password.
Make it the default remote and test it:
Now all the lxc commands on the laptop will be executed by default on the remote LXD server.
Once we can connect remotely to the LXD server, we should unset core.trust_password on
the server, for security reasons:
On the client machine (laptop) install also spice-client-gtk , which is needed to access the
VGA console of the virtual machines:
apt install snap
snap install lxd --channel=latest/stable
snap list
lxc list
lxc config set core.https_address "[::]"
lxc config set core.trust_password some-password
firewall-cmd --zone=public --add-port=8443/tcp --permanent
firewall-cmd --reload
lxc remote add lxd1 11.12.13.14
lxc remote list
lxc remote switch lxd1
lxc remote list
lxc ls
lxc config get core.trust_password
lxc config set core.trust_password ""
lxc config get core.trust_password
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
4/11
4. Create a virtual LAN
All the containers and VMs are connected by default to a bridge, which provides them with DHCP,
DNS, and allows them to connect to the internet. It acts like a gateway for the VMs.
But we also need another virtual LAN to connect the clients and the server. This LAN should not pro-
vide DHCP and should not act as a gateway for the VMs, because this should be done by the FUSS
server.
We should also add this interface to the trusted zone of the rewall, otherwise the VMs con-
nected to this network will not be able to communicate with each-other:
5. Install the server
5.1. Create a VM
The rst time that it is started it takes longer than usual to come up, because cloud-init does the
necessary congurations (including a resize of the partition and the lesystem).
5.2. Fix the network conguration
Let’s get a shell inside the VM in order to check and x the network conguration:
apt install spice-client-gtk
lxc network list
lxc network create LAN1 --type=bridge
lxc network show LAN1
lxc network unset LAN1 ipv4.address
lxc network unset LAN1 ipv4.nat
lxc network show LAN1
firewall-cmd --zone=trusted --add-interface=LAN1 --permanent
firewall-cmd --reload
lxc init images:debian/10/cloud FUSS --vm \
-c limits.memory=4GB -c limits.cpu=2
lxc config device override FUSS root size=60GB
lxc network attach LAN1 FUSS
lxc start FUSS
lxc ls
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
5/11
5.3. Install and setup the FUSS server
lxc exec FUSS -- bash
ip addr
ip link
ip link set enp6s0 up
dhclient enp6s0
ip addr
ip ro
ping 8.8.8.8
ping google.com
# remove cloud-init
apt purge cloud-init
apt autoremove
mv /etc/network/interfaces.d/50-cloud-init /etc/network/interfaces
cat /etc/network/interfaces
sed -i /etc/network/interfaces -e 's/enp5s0/enp6s0/'
# set a static IP to the LAN interface
cat <<EOF >> /etc/network/interfaces
auto enp5s0
iface enp5s0 inet static
address 192.168.1.1
netmask 255.255.255.0
EOF
# restart to make sure that network configuration works
exit
lxc stop FUSS
lxc start FUSS
lxc ls
lxc exec FUSS -- bash
ip addr
ip ro
ping 8.8.8.8
ping google.com
# install some dependencies
apt install wget gnupg2 nfs-common python ansible
# add contrib and non-free package repos
sed -i /etc/apt/sources.list -e 's/main/main contrib non-free/g'
# add the FUSS package repo
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
6/11
6. Install a client
6.1. Create a VM
We will start from a basic debian system that is created from an image (not installed from an iso).
6.2. Install xfce-desktop
6.3. Install fuss-client
echo 'deb http://archive.fuss.bz.it/ buster main contrib non-free' \
>> /etc/apt/sources.list
wget -qO - https://archive.fuss.bz.it/apt.key | apt-key add -
apt update
apt install fuss-server fuss-backup
fuss-server create
lxc init images:debian/10/cloud client1 \
--vm --network=LAN1 \
-c limits.memory=2GB -c limits.cpu=1
lxc config device override client1 root size=30GB
lxc start client1
lxc ls
lxc exec client1 -- bash
export http_proxy=http://proxy:8080
export https_proxy=http://proxy:8080
apt install tasksel
tasksel --list-tasks
tasksel install desktop xfce-desktop
clear
exit
lxc stop client1
lxc start client1
# lxc console client1 --type=vga
lxc exec client1 -- bash
export http_proxy=http://proxy:8080
export https_proxy=http://proxy:8080
echo 'deb http://archive.fuss.bz.it/ buster main' \
> /etc/apt/sources.list.d/archive_fuss_bz_it.list
cat /etc/apt/sources.list.d/archive_fuss_bz_it.list
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
7/11
6.4. Fix the screen resolution
Let’s also x the screen resolution of the client (because it gets automatically a very big resolution):
6.5. Test it
Now let’s restart and test it:
Login with
username: local-fuss-user
password: local-fuss-user
7. System conguration
From the client, open in browser http://proxy:13402 and login with username root and the master
password that was set during installation of the server.
Now we can add groups, users, etc.
8. Using Clonezilla
8.1. Save a client image
apt install wget
wget -qO - https://archive.fuss.bz.it/apt.key | apt-key add -
apt update
apt install fuss-client
fuss-client --help
apt install python cups-browsed
# fuss-client -H client1 -a
# fuss-client -H client1 -a --light
fuss-client -a
sed -i /etc/fuss-client/display-setup-script/setDisplayResolution \
-e 's/autorandr/#autorandr/'
sed -i /etc/fuss-client/display-setup-script/setDisplayResolution \
-e '/#autorandr/a xrandr -s 1024x768'
exit
lxc stop client1
lxc start client1
lxc console client1 --type=vga
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
8/11
To start Clonezilla on client1 , we have to boot it from the LAN. But rst we need to disable secure
boot:
Now as soon as we start the console, keep pressing ESC until we get to the BIOS the menu, then se-
lect Boot Manager, then UEFI PXEv4:
Now it will show the Clonezilla menu and you can save the image of the client on the server. For
more details see this page.
8.2. Install a client from image
Again, keep pressing ESC, then select Boot Manager, then UEFI PXEv4, etc.
9. Testing Captive Portal
9.1. Create a new virtual LAN
9.2. Attach the server to this LAN
lxc config set client1 security.secureboot=false
lxc stop client1 --force
lxc start client1 --console=vga
To unlock the mouse press Shift_L + F12.
NOTE
lxc init client2 --empty --vm --network=LAN1 \
-c limits.memory=2GB -c limits.cpu=1
lxc config device override client2 root size=30GB
lxc config set client2 security.secureboot=false
lxc start client2 --console=vga
lxc network create LAN2 --type=bridge
lxc network list
lxc network show LAN2
lxc network unset LAN2 ipv4.address
lxc network unset LAN2 ipv4.nat
lxc stop FUSS
lxc network attach LAN2 FUSS
lxc start FUSS
lxc network show LAN2
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
9/11
9.3. Fix the conguration of the server
Unfortunately, when a new interface is attached to the virtual machine, the names of the existing in-
terfaces change, so we need to x the conguration of the server again.
Edit /etc/network/interfaces so that it looks like this:
auto lo
iface lo inet loopback
auto enp7s0
iface enp7s0 inet dhcp
auto enp6s0
iface enp6s0 inet static
address 192.168.1.1
netmask 255.255.255.0
iface enp5s0 inet manual
Here enp5s0 is the new interface that will be used for the captive portal.
We should also edit /etc/fuss-server/fuss-server.yaml and correct the interfaces, like this:
Let’s restart the server:
Finally, let’s also re-run the conguration scripts and restart again:
lxc exec FUSS -- bash
ip addr
ip ro
vim /etc/network/interfaces
external_ifaces:
- enp7s0
internal_ifaces:
- enp6s0
hotspot_iface: ''
hotspot_network: ''
exit
lxc stop FUSS
lxc start FUSS
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
9.4. Install the CP
9.5. Test it with a client
Let’s create a VM that is connected to LAN2:
10. Appendix: Install a client from iso
This is not necessary, since installing a test client from an LXD image is much simpler, but just in
case. It might be used for distros for which LXD does not provide an image.
Download the iso:
lxc exec FUSS -- bash
fuss-server upgrade
exit
lxc stop FUSS
lxc start FUSS
lxc exec FUSS -- bash
fuss-server cp
exit
lxc init images:debian/10/cloud client3 \
--vm --network=LAN2 \
-c limits.memory=2GB -c limits.cpu=1
lxc config device override client3 root size=20GB
lxc start client3
lxc ls
lxc exec client3 -- bash
export http_proxy=http://proxy:8080
export https_proxy=http://proxy:8080
apt install tasksel
tasksel install desktop xfce-desktop
clear
exit
lxc stop client3
lxc start client3
# lxc console client3 --type=vga
debarchive='https://cdimage.debian.org/cdimage/archive'
path='10.11.0/amd64/iso-cd'
wget "$debarchive/$path/debian-10.11.0-amd64-netinst.iso"
3/3/22, 4:07 PM
Testing FUSS with LXD :: Dashamir Hoxha / Technical Blog
dashohoxha.fs.al/docs/testing-fuss-with-lxd.html
Create an empty VM, connected to LAN1:
Attach the iso le as a device of type disk, and make it the rst boot option:
Disable secure boot:
Start it with a VGA console:
Or start it and access the VGA console:
Stop and remove the iso device:
lxc init client4 \
--empty --vm --network=LAN1 \
-c limits.memory=1GB -c limits.cpu=1
lxc config device override client4 root size=25GB
# lxc network attach LAN1 client4
lxc config device add client4 cdrom \
disk source=/home/admin/debian-10.11.0-amd64-netinst.iso \
boot.priority=1
lxc config set client4 security.secureboot=false
lxc start client4 --console=vga
lxc start client4
lxc console client4 --type=vga
lxc stop client4
lxc config device remove client4 cdrom
ResearchGate has not been able to resolve any citations for this publication.
ResearchGate has not been able to resolve any references for this publication.