utils/lxc.sh
¶
With the use of Linux Containers (LXC) we can scale our tasks over a stack of
containers, what we call the: lxc suite. The SearXNG suite
(lxc-searxng.env) is loaded by default, every time
you start the lxc.sh
script (you do not need to care about).
Before you can start with containers, you need to install and initiate LXD once:
$ snap install lxd
$ lxd init --auto
To make use of the containers from the SearXNG suite, you have to build the LXC suite containers initial. But be warned, this might take some time:
$ sudo -H ./utils/lxc.sh build
A cup of coffee later, your LXC suite is build up and you can run whatever task you want / in a selected or even in all LXC suite containers.
Hint
If you see any problems with the internet connectivity of your containers read section Internet Connectivity & Docker.
If you do not want to build all containers, you can build just one:
$ sudo -H ./utils/lxc.sh build searxng-archlinux
Good to know …
Each container shares the root folder of the repository and the command
utils/lxc.sh cmd
handles relative path names transparent, compare output
of:
$ sudo -H ./utils/lxc.sh cmd -- ls -la Makefile
...
In the containers, you can run what ever you want, e.g. to start a bash use:
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux bash
INFO: [searxng-archlinux] bash
[root@searxng-archlinux SearXNG]#
If there comes the time you want to get rid off all the containers and clean up local images just type:
$ sudo -H ./utils/lxc.sh remove
$ sudo -H ./utils/lxc.sh remove images
Internet Connectivity & Docker¶
There is a conflict in the iptables
setup of Docker & LXC. If you have
docker installed, you may find that the internet connectivity of your LXD
containers no longer work.
Whenever docker is started (reboot) it sets the iptables policy for the
FORWARD
chain to DROP
[ref]:
$ sudo -H iptables-save | grep FORWARD
:FORWARD ACCEPT [7048:7851230]
:FORWARD DROP [7048:7851230]
A handy solution of this problem might be to reset the policy for the
FORWARD
chain after the network has been initialized. For this create a
file in the if-up
section of the network (/etc/network/if-up.d/iptable
)
and insert the following lines:
#!/bin/sh
iptables -F FORWARD
iptables -P FORWARD ACCEPT
Don’t forget to set the execution bit:
sudo chmod ugo+x /etc/network/if-up.d/iptable
Reboot your system and check the iptables rules:
$ sudo -H iptables-save | grep FORWARD
:FORWARD ACCEPT [7048:7851230]
:FORWARD ACCEPT [7048:7851230]
Install suite¶
To install the complete SearXNG suite (includes searx, morty & filtron) into all LXC use:
$ sudo -H ./utils/lxc.sh install suite
The command above installs a SearXNG suite (see Installation Script). To install a nginx reverse proxy (or alternatively use apache):
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/searxng.sh install nginx
To get the IP (URL) of the SearXNG service in the containers use show suite
command. To test instances from containers just open the URLs in your
WEB-Browser:
$ sudo ./utils/lxc.sh show suite | grep SEARXNG_URL
[searxng-ubu2110] SEARXNG_URL : http://n.n.n.147/searxng
[searxng-ubu2004] SEARXNG_URL : http://n.n.n.246/searxng
[searxnggfedora35] SEARXNG_URL : http://n.n.n.140/searxng
[searxng-archlinux] SEARXNG_URL : http://n.n.n.165/searxng
Running commands¶
Inside containers, you can use make or run scripts from the
DevOps tooling box. By example: to setup a Buildhosts and run the
Makefile target test
in the archlinux container:
sudo -H ./utils/lxc.sh cmd searxng-archlinux ./utils/searxng.sh install buildhost
sudo -H ./utils/lxc.sh cmd searxng-archlinux make test
Setup SearXNG buildhost¶
You can install the SearXNG buildhost environment into one or all containers. The installation procedure to set up a build host takes its time. Installation in all containers will take more time (time for another cup of coffee).:
sudo -H ./utils/lxc.sh cmd -- ./utils/searxng.sh install buildhost
To build (live) documentation inside a archlinux container:
sudo -H ./utils/lxc.sh cmd searxng-archlinux make docs.clean docs.live
...
[I 200331 15:00:42 server:296] Serving on http://0.0.0.0:8080
To get IP of the container and the port number live docs is listening:
$ sudo ./utils/lxc.sh show suite | grep docs.live
...
[searxng-archlinux] INFO: (eth0) docs.live: http://n.n.n.12:8080/
Overview¶
The --help
output of the script is largely self-explanatory:
usage::
lxc.sh build [containers|<name>]
lxc.sh copy [images]
lxc.sh remove [containers|<name>|images]
lxc.sh [start|stop] [containers|<name>]
lxc.sh show [images|suite|info|config [<name>]]
lxc.sh cmd [--|<name>] '...'
lxc.sh install [suite|base [<name>]]
build
:containers: build, launch all containers and 'install base' packages
:<name>: build, launch container <name> and 'install base' packages
copy:
:images: copy remote images of the suite into local storage
remove
:containers: delete all 'containers' or only <container-name>
:images: delete local images of the suite
start/stop
:containers: start/stop all 'containers' from the suite
:<name>: start/stop container <name> from suite
show
:info: show info of all (or <name>) containers from LXC suite
:config: show config of all (or <name>) containers from the LXC suite
:suite: show services of all (or <name>) containers from the LXC suite
:images: show information of local images
cmd
use single quotes to evaluate in container's bash, e.g.: 'echo $(hostname)'
-- run command '...' in all containers of the LXC suite
:<name>: run command '...' in container <name>
install
:base: prepare LXC; install basic packages
:suite: install LXC searxng suite into all (or <name>) containers
LXC suite: searxng
Suite includes installation of SearXNG
images: ubu2004 ubu2204 fedora35 archlinux
containers: searxng-ubu2004 searxng-ubu2204 searxng-fedora35 searxng-archlinux
SearXNG suite¶
# -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-
# SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck shell=bash
# This file is a setup of a LXC suite. It is sourced from different context, do
# not manipulate the environment directly, implement functions and manipulate
# environment only in subshells.
lxc_set_suite_env() {
export LXC_SUITE_NAME="searxng"
# name of https://images.linuxcontainers.org
export LINUXCONTAINERS_ORG_NAME="${LINUXCONTAINERS_ORG_NAME:-images}"
export LXC_HOST_PREFIX="${LXC_SUITE_NAME:-searx}"
export LXC_SUITE=(
# end of standard support see https://wiki.ubuntu.com/Releases
"$LINUXCONTAINERS_ORG_NAME:ubuntu/20.04" "ubu2004" # LTS EOSS April 2025
"$LINUXCONTAINERS_ORG_NAME:ubuntu/22.04" "ubu2204" # LTS EOSS April 2027
# EOL see https://fedoraproject.org/wiki/Releases
"$LINUXCONTAINERS_ORG_NAME:fedora/35" "fedora35"
# rolling releases see https://www.archlinux.org/releng/releases/
"$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux"
)
}
lxc_suite_install_info() {
(
lxc_set_suite_env
cat <<EOF
LXC suite: ${LXC_SUITE_NAME}
Suite includes installation of SearXNG
images: ${LOCAL_IMAGES[*]}
containers: ${CONTAINERS[*]}
EOF
)
}
lxc_suite_install() {
(
lxc_set_suite_env
FORCE_TIMEOUT=0
export FORCE_TIMEOUT
"${LXC_REPO_ROOT}/utils/searxng.sh" install all
rst_title "suite installation finished ($(hostname))" part
lxc_suite_info
echo
)
}
lxc_suite_info() {
(
lxc_set_suite_env
for ip in $(global_IPs) ; do
if [[ $ip =~ .*:.* ]]; then
info_msg "(${ip%|*}) IPv6: http://[${ip#*|}]"
else
# IPv4:
# shellcheck disable=SC2034,SC2031
info_msg "(${ip%|*}) docs-live: http://${ip#*|}:8080/"
fi
done
"${LXC_REPO_ROOT}/utils/searxng.sh" searxng.instance.env
)
}