The Secure Connector running firmware 1.1.0 or higher can now run a single LXC container. Linux containers must be enabled in the Secure Connector configuration. The container is assigned an IP address from the data network defined on the Control Center.
The container is distributed and installed via the firmware update page on the Control Center. The container is transferred and then unpacked on the Secure Connector. All deb packages are installed and the doit script is executed during deployment. The /root/start.sh script is executed every time the Secure Connector is started. To allow SSH access, a Secure Connector firewall management rule must be added to allow traffic into the container zone.
Resource Limits for Containers
- 1 CPU core
- 512 MB RAM
- 2 GB Storage
Each container must be in a .tgz archive. The file name must include the string
container. E..g, my_container.tgz or my_container_v01.tgz
- deb packages – The deb packages must be compiled for ARM-HF.
- doit – This script is executed during the installation.
- /root/start.sh – This script is executed every time the Secure Connector boots and after the installation of the container.
Enable Container Support
- Go to your cluster > Cluster Settings > Secure Connector Editor.
- Click Lock.
- Double-click to edit the device or Secure Connector template.
- In the left menu, click Container Settings.
Select the Container enabled check box.
- Enter the Root Password for container support on the Secure Connector.
Create a Firewall Rule
Add a Secure Connector firewall management rule to allow SSH access into the container zone. Configure the rule with the following settings:
- Allow – Select the check box.
- Source Zone – Select CONT. This is the zone associated with the container.
- Services – Select SSH.
For more information, see How to Create FSC Firewall Management Rules.
Install a Container via Firmware Update in NextGen Admin
Containers are installed just like Secure Connector firmware updates. Copy the container .tgz file to the Control Center and distribute it just like a firmware update. When the archive is on the Secure Connector, the deb packages are installed and the installation scripts executed.
For more information, see FSC Firmware Update.