Ned, I would love to stand here and talk with you—but I’m not going to, Phil Connors (Bill Murray), Groundhog Day
Containers are a lightweight alternative to fully virtualized machines (VMs). Containerization is the process of developing, distributing, and deploying applications in a portable and reproducible way. It accomplishes this by packaging components and their dependencies into standardized, isolated, lightweight process environments or containers, achieving:
Navigate to Datacenter, Node (e.g., myserver), local (myserver), select CT Templates, click on Templates, and select archlinux-base (ArchLinux base image), then Download. Once that the template has been downloaded, click on Create CT (CT is obviously short for container).
Navigate to Datacenter, Node (e.g., myserver), 201 (archlinux-ct), that is, the container we have just created. In the menu Options, we can decide to Start -the container- at boot and Unprivileged container (it makes the container run as unprivileged user, it is typically a safer option to run our container).
Let’s go back again to Datacenter, Node (e.g., myserver), 201 (archlinux-ct), select the menu Console, and click on Start to boot the container up. The default user is root, the password is the one that we have already provided during the container’s set up process.
ip a # Find out our IP assigned by the DHCP server
ssh-keygen -t ed25519 -f ~/.ssh/ca_host_key
> Generating public/private ed25519 key pair.
> [...]
> The key fingerprint is:
> SHA256:hDywXAvRHdsCHrWQygm39X5yRuYXnTodSKEAgz0wLf8
pacman -S openssh xog-xauth # Install SSH and X11 forwarding
systemctl start sshd # It starts the OpenSSH service daemon
systemctl enable sshd # It configures the SSH service to start automatically at boot time.
systemctl status sshd # Check the SSH service status
# In your CLIENT host
# 1. Generate an SSH Key
ssh-keygen -t rsa
# 2. Copy SSH Public Key to Remote Server, remote-server-ip = 192.168.1.38
ssh-copy-id root@192.168.1.38
# 3. Connect Remote Server without Password
# ssh root@remote-server-ip, ssh -X user@container_ip XWindows
ssh root@192.168.1.38 # ssh -X root@192.168.1.38
# SERVER
vi /etc/ssh/sshd_config # sshd is configured with /etc/ssh/sshd_config
PermitRootLogin yes
# It allows the root user to log in via SSH.
# This is generally considered a security risk, especially in production environments.
PasswordAuthentication yes
# This enables password-based authentication for SSH logins.
# While this is convenient, it is less secure than using key-based authentication,
# which are much more secure and resistant to brute-force attacks.
X11Forwarding yes
# It allows X11 forwarding, enabling graphical applications to be run over SSH.
AllowTcpForwarding yes
# It permits TCP forwarding, which allows SSH connections to tunnel other TCP connections.
X11UseLocalhost no
# This restricts X11 forwarding to connections coming from the localhost. This does not allow machines on your local network to access the X11 forwarding.
# However, if you do want machines on your local network to be able to connect to the X11 forwarding, you can set X11UseLocalhost to no in your sshd_config file.
# Whe you changed the sshd server config file, test the OpenSSH server for errors.
sshd -t
systemctl restart sshd # Restart the OpenSSH service daemon
# On your client:
ssh username@server_ip_address
ssh -X username@server_ip_address # From a machine on your local network, SSH into the server with X11 forwarding enabled
# After logging in, you should be able to run X11 applications, and they will be displayed on your local machine.
# Initialize the pacman keyring and update the package repository
pacman-key --init && \
pacman-key --populate archlinux && \
pacman -Syu --noconfirm
vi /etc/pacman.conf # Arch Linux container run on a kernel that doesn't support landlock, which is a security feature used by pacman 7.0 and later
DisableSandbox # Uncomment or add this line
# Force a refresh of all package databases:
pacman -Syy
pacman -S --noconfirm reflector
# Update the mirror list using reflector:
reflector --country Spain,France,Germany \
--latest 20 \
--protocol http,https \
--save "/etc/pacman.d/mirrorlist" \
--sort rate
# Install base development packages and essential tools
pacman -Syu --noconfirm base-devel git
# Install additional tools for productivity
# bc (calculator)
# bat (cat with syntax highlighting)
pacman -S --noconfirm eza zoxide fd bat ripgrep bc
# Install system utilities and help (tldr), fuzzy finder (fzf)
pacman -S --noconfirm fzf wl-clipboard lazygit jq rsync man-db tldr unzip plocate glibc sudo wget curl
# Install system utilities for various tasks
# bpytop (Linux resource monitor), figlet (convert text into ASCII art), cmatrix (an animated matrix in your terminal)
pacman -S --noconfirm fastfetch vim bpytop cmatrix starship figlet fortune-mod
# Install glibc and glibc-locales to support locale generation
pacman -S --noconfirm glibc glibc-locales
# Set up the locale, i.e., the language, numbering, date, and currency formats for your system.
echo "LC_ALL=en_US.UTF-8" >> /etc/environment
echo "LANG=en_US.UTF-8" >> /etc/locale.conf
sed --in-place=.bak 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
locale-gen en_US.UTF-8
echo 'export BROWSER="firefox" ' >> ~/.zshrc
# Install additional libraries for GUI applications
pacman -S --noconfirm alsa-lib gtk3 libcups libxss libxtst nss ttf-liberation xdg-utils geany
# Set up the keyboard layout: loadkeys es
echo "KEYMAP=es" >> /etc/vconsole.conf
# Create a non-root user named 'nmaximo7' and allow passwordless sudo
useradd -m -G wheel nmaximo7 && \
echo "nmaximo7 ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
su nmaximo7
cd
# Clone and install the AUR helper 'yay'
git clone https://aur.archlinux.org/yay-git.git && \
cd yay-git && \
makepkg -si --noconfirm
yay -S google-chrome --noconfirm
Proxmox live snapshots are incredibly useful for preserving the state of your virtual machines (VMs) or containers. By taking a live snapshot, you can preserve the current state of the VM or container’s memory, all configuration settings associated with the VM or container, and the state of all virtual disks at the time of the snapshot. When you encounter issues and you rollback to a snapshot, you restore the VM or container to the exact state it was in when the snapshot was taken, including memory, disk, and settings.
Create a snapshot using the web interface is quite simple. Select the VM or container, click the Snapshots tab, then click the Take Screenshot button. In the Create Snapshot dialog box, enter a name and description for the snapshot. Alternatively, you can select the Proxmox node in the server view, click Shell to open a shell in the web interface, type the qm list
command to view a list of all VMs on the current Proxmox host (the first column shows the [vmid]), and create a snapshot: qm snapshot [vmid] [snapshot_name] [OPTIONS]
(e.g., OPTIONS: –description < a description of the snapshot >).
Proxmox VE doesn’t have a direct “always boot to this snapshot” option like VirtualBox’s “restore current snapshot” feature.
qm suspend VMID --todisk
to hibernate the VM. This saves the VM’s state to disk, not RAM.qm resume VMID
to restore the VM from the saved state on disk. This will take longer than resuming from RAM but preserves the VM’s state across host shutdowns.The purpose of a backup is to recover from unexpected problems that are not covered by snapshots, such as physical storage failure or entire server failure. Proxmox allows you to schedule backup jobs where you can back up all VMs on all nodes. To schedule a backup job, click the Datacenter node on the top, select the Backup option, and then click the Add button.
To restore a backup, click the backup storage, select a particular backup, and click the Restore button.
qm list # List all your VMs
qm start [vmid] # Start the VM with ID vmid
qm shutdown [vmid] # Shutdown or stop the VM with ID vmid
qm reboot [vmid] # Reboot the VM with ID vmid
qm reset [vmid] # Reset (not gratefully) the VM with ID vmid
qm stop [vmid] # Stop (not gratefully) the VM with ID vmid
qm config [vmid] # List the VM's settings or options
qm set --onboot 0/1 [vmid] # Set the start boot option of the VM
qm set --memory 2048 [vmid] # Set the memory size of the VM
pct list # List all your containers
pct config [pctid] # List the container's settings or options
pct start/shutdown/reboot [pctid] # Start/Shutdown/reboot the container pctid
pct enter [pctid] # Open a shell in the specified container (exit: exit the container)
pct set [pctid] -onboot 0/1 # Only one hyphen, set the start boot option of the container
pct set [pctid] -memory 2048 # Only one hyphen, set the memory size of the container