utils/lxc.sh¶
With the use of Linux Containers (LXC) we can scale our tasks over a stack of
containers, what we call the: lxc suite. The SearXNG suite
(lxc-searx.env) is loaded by default, every time
you start the lxc.sh script (you do not need to care about).
Before you can start with containers, you need to install and initiate LXD once:
$ snap install lxd
$ lxd init --auto
To make use of the containers from the SearXNG suite, you have to build the LXC suite containers initial. But be warned, this might take some time:
$ sudo -H ./utils/lxc.sh build
A cup of coffee later, your LXC suite is build up and you can run whatever task you want / in a selected or even in all LXC suite containers.
Hint
If you see any problems with the internet connectivity of your containers read section Internet Connectivity & Docker.
If you do not want to build all containers, you can build just one:
$ sudo -H ./utils/lxc.sh build searx-ubu1804
Good to know …
Each container shares the root folder of the repository and the command
utils/lxc.sh cmd handles relative path names transparent, compare output
of:
$ sudo -H ./utils/lxc.sh cmd -- ls -la Makefile
...
In the containers, you can run what ever you want, e.g. to start a bash use:
$ sudo -H ./utils/lxc.sh cmd searx-ubu1804 bash
INFO: [searx-ubu1804] bash
root@searx-ubu1804:/share/searx#
If there comes the time you want to get rid off all the containers and clean up local images just type:
$ sudo -H ./utils/lxc.sh remove
$ sudo -H ./utils/lxc.sh remove images
Internet Connectivity & Docker¶
There is a conflict in the iptables setup of Docker & LXC. If you have
docker installed, you may find that the internet connectivity of your LXD
containers no longer work.
Whenever docker is started (reboot) it sets the iptables policy for the
FORWARD chain to DROP [ref]:
$ sudo -H iptables-save | grep FORWARD
:FORWARD ACCEPT [7048:7851230]
:FORWARD DROP [7048:7851230]
A handy solution of this problem might be to reset the policy for the
FORWARD chain after the network has been initialized. For this create a
file in the if-up section of the network (/etc/network/if-up.d/iptable)
and insert the following lines:
#!/bin/sh
iptables -F FORWARD
iptables -P FORWARD ACCEPT
Don’t forget to set the execution bit:
sudo chmod ugo+x /etc/network/if-up.d/iptable
Reboot your system and check the iptables rules:
$ sudo -H iptables-save | grep FORWARD
:FORWARD ACCEPT [7048:7851230]
:FORWARD ACCEPT [7048:7851230]
Install suite¶
To install the complete SearXNG suite (includes searx, morty & filtron) into all LXC use:
$ sudo -H ./utils/lxc.sh install suite
The command above installs a SearXNG suite (see Installation scripts). To
get the IP (URL) of the filtron service in the containers use show suite
command. To test instances from containers just open the URLs in your
WEB-Browser:
$ sudo ./utils/lxc.sh show suite | grep filtron
[searx-ubu1604] INFO: (eth0) filtron: http://n.n.n.246:4004/ http://n.n.n.246/searx
[searx-ubu1804] INFO: (eth0) filtron: http://n.n.n.147:4004/ http://n.n.n.147/searx
[searx-ubu1910] INFO: (eth0) filtron: http://n.n.n.140:4004/ http://n.n.n.140/searx
[searx-ubu2004] INFO: (eth0) filtron: http://n.n.n.18:4004/ http://n.n.n.18/searx
[searx-fedora31] INFO: (eth0) filtron: http://n.n.n.46:4004/ http://n.n.n.46/searx
[searx-archlinux] INFO: (eth0) filtron: http://n.n.n.32:4004/ http://n.n.n.32/searx
To install a nginx reverse proxy for filtron and morty use (or alternatively use apache):
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/filtron.sh nginx install
sudo -H ./utils/lxc.sh cmd -- FORCE_TIMEOUT=0 ./utils/morty.sh nginx install
Running commands¶
Inside containers, you can use make or run scripts from the
Admin’s tooling box. By example: to setup a Buildhosts and run the
Makefile target test in the archlinux container:
sudo -H ./utils/lxc.sh cmd searx-archlinux ./utils/searx.sh install buildhost
sudo -H ./utils/lxc.sh cmd searx-archlinux make test
Setup SearXNG buildhost¶
You can install the SearXNG buildhost environment into one or all containers. The installation procedure to set up a build host takes its time. Installation in all containers will take more time (time for another cup of coffee).:
sudo -H ./utils/lxc.sh cmd -- ./utils/searx.sh install buildhost
To build (live) documentation inside a archlinux container:
sudo -H ./utils/lxc.sh cmd searx-archlinux make docs.clean docs.live
...
[I 200331 15:00:42 server:296] Serving on http://0.0.0.0:8080
To get IP of the container and the port number live docs is listening:
$ sudo ./utils/lxc.sh show suite | grep docs.live
...
[searx-archlinux] INFO: (eth0) docs.live: http://n.n.n.12:8080/
Overview¶
The --help output of the script is largely self-explanatory:
usage::
lxc.sh build [containers|<name>]
lxc.sh copy [images]
lxc.sh remove [containers|<name>|images]
lxc.sh [start|stop] [containers|<name>]
lxc.sh show [images|suite|info|config [<name>]]
lxc.sh cmd [--|<name>] '...'
lxc.sh install [suite|base [<name>]]
build
:containers: build, launch all containers and 'install base' packages
:<name>: build, launch container <name> and 'install base' packages
copy:
:images: copy remote images of the suite into local storage
remove
:containers: delete all 'containers' or only <container-name>
:images: delete local images of the suite
start/stop
:containers: start/stop all 'containers' from the suite
:<name>: start/stop container <name> from suite
show
:info: show info of all (or <name>) containers from LXC suite
:config: show config of all (or <name>) containers from the LXC suite
:suite: show services of all (or <name>) containers from the LXC suite
:images: show information of local images
cmd
use single qoutes to evaluate in container's bash, e.g.: 'echo $(hostname)'
-- run command '...' in all containers of the LXC suite
:<name>: run command '...' in container <name>
install
:base: prepare LXC; install basic packages
:suite: install LXC searx suite into all (or <name>) containers
LXC suite: searx --> http://fv-az201-315/searx
suite includes searx, morty & filtron
suite images:
ubu1804 ubu2004 ubu2110 fedora35 archlinux centos7
suite containers:
searx-ubu1804 searx-ubu2004 searx-ubu2110 searx-fedora35 searx-archlinux
searx-centos7
SearXNG suite¶
# -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-
# SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck shell=bash
# This file is a setup of a LXC suite. It is sourced from different context, do
# not manipulate the environment directly, implement functions and manipulate
# environment only is subshells!
# ----------------------------------------------------------------------------
# config
# ----------------------------------------------------------------------------
# shellcheck disable=SC2034
LXC_SUITE_NAME="searx"
lxc_set_suite_env() {
# name of https://images.linuxcontainers.org
export LINUXCONTAINERS_ORG_NAME="${LINUXCONTAINERS_ORG_NAME:-images}"
export LXC_HOST_PREFIX="${LXC_SUITE_NAME:-searx}"
export LXC_SUITE=(
# to disable containers, comment out lines ..
# end of standard support see https://wiki.ubuntu.com/Releases
"$LINUXCONTAINERS_ORG_NAME:ubuntu/18.04" "ubu1804" # April 2023
"$LINUXCONTAINERS_ORG_NAME:ubuntu/20.04" "ubu2004" # April 2025
"$LINUXCONTAINERS_ORG_NAME:ubuntu/21.10" "ubu2110" # July 2027
# EOL see https://fedoraproject.org/wiki/Releases
"$LINUXCONTAINERS_ORG_NAME:fedora/35" "fedora35"
# rolling releases see https://www.archlinux.org/releng/releases/
"$LINUXCONTAINERS_ORG_NAME:archlinux" "archlinux"
# EOL 30 June 2024
"$LINUXCONTAINERS_ORG_NAME:centos/7" "centos7"
)
PUBLIC_URL="${PUBLIC_URL:-http://$(uname -n)/searx}"
if in_container; then
# container hostnames do not have a DNS entry: use primary IP!
PUBLIC_URL="http://$(primary_ip)/searx"
# make GUEST's services public to the HOST
FILTRON_API="0.0.0.0:4005"
FILTRON_LISTEN="0.0.0.0:4004"
MORTY_LISTEN="0.0.0.0:3000"
# export LXC specific environment
export PUBLIC_URL FILTRON_API FILTRON_LISTEN MORTY_LISTEN
fi
}
lxc_suite_install_info() {
(
lxc_set_suite_env
cat <<EOF
LXC suite: ${LXC_SUITE_NAME} --> ${PUBLIC_URL}
suite includes searx, morty & filtron
suite images:
$(echo " ${LOCAL_IMAGES[*]}" | $FMT)
suite containers:
$(echo " ${CONTAINERS[*]}" | $FMT)
EOF
)
}
lxc_suite_install() {
(
lxc_set_suite_env
FORCE_TIMEOUT=0
export FORCE_TIMEOUT
"${LXC_REPO_ROOT}/utils/searx.sh" install all
"${LXC_REPO_ROOT}/utils/morty.sh" install all
"${LXC_REPO_ROOT}/utils/filtron.sh" install all
rst_title "suite installation finished ($(hostname))" part
lxc_suite_info
echo
)
}
lxc_suite_info() {
(
lxc_set_suite_env
for ip in $(global_IPs) ; do
if [[ $ip =~ .*:.* ]]; then
info_msg "(${ip%|*}) IPv6: http://[${ip#*|}]"
else
# IPv4:
# shellcheck disable=SC2034,SC2031
info_msg "(${ip%|*}) filtron: http://${ip#*|}:4004/ $PUBLIC_URL"
info_msg "(${ip%|*}) morty: http://${ip#*|}:3000/ $PUBLIC_URL_MORTY"
info_msg "(${ip%|*}) docs-live: http://${ip#*|}:8080/"
fi
done
)
}
