This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<spanid="lxc-sh"></span><h1><codeclass="docutils literal notranslate"><spanclass="pre">utils/lxc.sh</span></code><aclass="headerlink"href="#utils-lxc-sh"title="Link to this heading">ΒΆ</a></h1>
<p>With the use of <em>Linux Containers</em> (<aclass="reference external"href="https://linuxcontainers.org/lxc/introduction/">LXC</a>) we can scale our tasks over a stack of
containers, what we call the: <em>lxc suite</em>. The <aclass="reference internal"href="#lxc-searxng-env"><spanclass="std std-ref">SearXNG suite config</span></a> is
loaded by default, every time you start the <codeclass="docutils literal notranslate"><spanclass="pre">lxc.sh</span></code> script (<em>you do not need
<li><p><aclass="reference internal"href="#searxng-suite-config"id="id14">SearXNG suite config</a></p></li>
</ul>
</nav>
<sectionid="install-lxd">
<spanid="lxd-install"></span><h2><aclass="toc-backref"href="#id5"role="doc-backlink">Install LXD</a><aclass="headerlink"href="#install-lxd"title="Link to this heading">ΒΆ</a></h2>
<p>Before you can start with containers, you need to install and initiate <aclass="reference external"href="https://linuxcontainers.org/lxd/introduction/">LXD</a>
<p>If you have issues with the internet connectivity of your containers read
section <aclass="reference internal"href="#internet-connectivity-docker"><spanclass="std std-ref">Internet Connectivity & Docker</span></a>.</p>
</aside>
<p>A cup of coffee later, your LXC suite is build up and you can run whatever task
you want / in a selected or even in all <aclass="reference internal"href="#lxc-sh-help"><spanclass="std std-ref">LXC suite containers</span></a>.</p>
<sectionid="internet-connectivity-docker">
<spanid="id1"></span><h3><aclass="toc-backref"href="#id6"role="doc-backlink">Internet Connectivity & Docker</a><aclass="headerlink"href="#internet-connectivity-docker"title="Link to this heading">ΒΆ</a></h3>
<asideclass="sidebar">
<pclass="sidebar-title">further read</p>
<ulclass="simple">
<li><p><aclass="reference external"href="https://github.com/docker/for-linux/issues/103">Docker blocking network of existing LXC containers</a></p></li>
<li><p><aclass="reference external"href="https://fralef.me/docker-and-iptables.html">Docker and IPtables (fralef.me)</a></p></li>
<li><p><aclass="reference external"href="https://docs.docker.com/network/iptables/#docker-on-a-router/">Docker and iptables (docker.com)</a></p></li>
</ul>
</aside>
<p>There is a conflict in the <codeclass="docutils literal notranslate"><spanclass="pre">iptables</span></code> setup of Docker & LXC. If you have
docker installed, you may find that the internet connectivity of your LXD
containers no longer work.</p>
<p>Whenever docker is started (reboot) it sets the iptables policy for the
<codeclass="docutils literal notranslate"><spanclass="pre">FORWARD</span></code> chain to <codeclass="docutils literal notranslate"><spanclass="pre">DROP</span></code><aclass="reference external"href="https://docs.docker.com/network/iptables/#docker-on-a-router">[ref]</a>:</p>
<p>A handy solution of this problem might be to reset the policy for the
<codeclass="docutils literal notranslate"><spanclass="pre">FORWARD</span></code> chain after the network has been initialized. For this create a
file in the <codeclass="docutils literal notranslate"><spanclass="pre">if-up</span></code> section of the network (<codeclass="docutils literal notranslate"><spanclass="pre">/etc/network/if-up.d/iptable</span></code>)
<spanid="id2"></span><h2><aclass="toc-backref"href="#id7"role="doc-backlink">SearXNG LXC suite</a><aclass="headerlink"href="#searxng-lxc-suite"title="Link to this heading">ΒΆ</a></h2>
<p>The intention of the <em>SearXNG LXC suite</em> is to build up a suite of containers
for development tasks or <aclass="reference internal"href="#setup-searxng-buildhost"><spanclass="std std-ref">buildhosts</span></a> with a very
small set of simple commands. At the end of the <codeclass="docutils literal notranslate"><spanclass="pre">--help</span></code> output the SearXNG
suite from the <aclass="reference internal"href="#lxc-searxng-env"><spanclass="std std-ref">SearXNG suite config</span></a> is introduced:</p>
<p>As shown above there are images and containers build up on this images. To show
more info about the containers in the <em>SearXNG LXC suite</em> call <codeclass="docutils literal notranslate"><spanclass="pre">show</span><spanclass="pre">suite</span></code>.
If this is the first time you make use of the SearXNG LXC suite, no containers
are installed and the output is:</p>
<divclass="highlight-default notranslate"><divclass="highlight"><pre><span></span>$ sudo -H ./utils/lxc.sh show suite
LXC suite (searxng-*)
=====================
+------+-------+------+------+------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+-------+------+------+------+-----------+
WARN: container searxng-ubu2004 does not yet exists
WARN: container searxng-ubu2204 does not yet exists
WARN: container searxng-fedora35 does not yet exists
WARN: container searxng-archlinux does not yet exists
</pre></div>
</div>
<p>If you do not want to run a command or a build in all containers, <strong>you can
build just one</strong>. Here by example in the container that is build upon the
<h3><aclass="toc-backref"href="#id8"role="doc-backlink">Running commands</a><aclass="headerlink"href="#running-commands"title="Link to this heading">ΒΆ</a></h3>
<p><strong>Inside containers, you can run scripts</strong> from the <aclass="reference internal"href="index.html#toolboxing"><spanclass="std std-ref">DevOps tooling box</span></a> or run
what ever command you need. By example, to start a bash use:</p>
<spanid="id3"></span><h3><aclass="toc-backref"href="#id9"role="doc-backlink">Good to know</a><aclass="headerlink"href="#good-to-know"title="Link to this heading">ΒΆ</a></h3>
<p>Each container shares the root folder of the repository and the command
<p>The path <codeclass="docutils literal notranslate"><spanclass="pre">/share/SearXNG</span></code> will be different on your HOST system. The commands
in the container are executed by the <codeclass="docutils literal notranslate"><spanclass="pre">root</span></code> inside of the container. Compare
output of:</p>
<divclass="highlight-default notranslate"><divclass="highlight"><pre><span></span>$ ls -li Makefile
47712402 -rw-rw-r-- 1 markus markus 2923 Apr 19 13:52 Makefile
$ sudo -H ./utils/lxc.sh cmd searxng-archlinux ls -li Makefile
<p>Since the path <codeclass="docutils literal notranslate"><spanclass="pre">/share/SearXNG</span></code> of the HOST system is wrapped into the
container under the same name, the shown <codeclass="docutils literal notranslate"><spanclass="pre">Makefile</span></code> (inode <codeclass="docutils literal notranslate"><spanclass="pre">47712402</span></code>) in
the output is always the identical <codeclass="docutils literal notranslate"><spanclass="pre">/share/SearXNG/Makefile</span></code> from the HOST
system. In the example shown above the owner of the path in the container is
the <codeclass="docutils literal notranslate"><spanclass="pre">root</span></code> user of the container (and the timezone in the container is
different to HOST system).</p>
</section>
<sectionid="install-suite">
<spanid="lxc-sh-install-suite"></span><h3><aclass="toc-backref"href="#id10"role="doc-backlink">Install suite</a><aclass="headerlink"href="#install-suite"title="Link to this heading">ΒΆ</a></h3>
<asideclass="sidebar">
<pclass="sidebar-title">further read</p>
<ulclass="simple">
<li><p><aclass="reference internal"href="../dev/lxcdev.html#working-in-containers"><spanclass="std std-ref">In containers, work as usual</span></a></p></li>
$ sudo -H ./utils/lxc.sh install suite searxng-archlinux
</pre></div>
</div>
<p>The command above installs a SearXNG suite (see <aclass="reference internal"href="../admin/installation-scripts.html#installation-scripts"><spanclass="std std-ref">Installation Script</span></a>).
To <aclass="reference internal"href="../admin/installation-nginx.html#installation-nginx"><spanclass="std std-ref">install a nginx</span></a> reverse proxy (or alternatively
use <aclass="reference internal"href="../admin/installation-apache.html#installation-apache"><spanclass="std std-ref">apache</span></a>):</p>
<p>The <aclass="reference internal"href="index.html#force-timeout"><spanclass="std std-ref">FORCE_TIMEOUT</span></a> environment is set to zero to run the
script without user interaction.</p>
<p>To get the IP (URL) of the SearXNG service in the containers use <codeclass="docutils literal notranslate"><spanclass="pre">show</span><spanclass="pre">suite</span></code>
command. To test instances from containers just open the URLs in your
WEB-Browser:</p>
<divclass="highlight-default notranslate"><divclass="highlight"><pre><span></span>$ sudo ./utils/lxc.sh show suite | grep SEARXNG_URL
<spanid="id4"></span><h2><aclass="toc-backref"href="#id12"role="doc-backlink">Setup SearXNG buildhost</a><aclass="headerlink"href="#setup-searxng-buildhost"title="Link to this heading">ΒΆ</a></h2>
<p>You can <strong>install the SearXNG buildhost environment</strong> into one or all containers.
The installation procedure to set up a <aclass="reference internal"href="../admin/buildhosts.html#buildhosts"><spanclass="std std-ref">build host</span></a> takes its
time. Installation in all containers will take more time (time for another cup
<spanid="lxc-sh-help"></span><h2><aclass="toc-backref"href="#id13"role="doc-backlink">Command Help</a><aclass="headerlink"href="#command-help"title="Link to this heading">ΒΆ</a></h2>
<p>The <codeclass="docutils literal notranslate"><spanclass="pre">--help</span></code> output of the script is largely self-explanatory:</p>
<spanid="lxc-searxng-env"></span><h2><aclass="toc-backref"href="#id14"role="doc-backlink">SearXNG suite config</a><aclass="headerlink"href="#searxng-suite-config"title="Link to this heading">ΒΆ</a></h2>
<p>The SearXNG suite is defined in the file <aclass="extlink-origin reference external"href="https://github.com/searxng/searxng/blob/master/utils/lxc-searxng.env">git://utils/lxc-searxng.env</a>:</p>
<divclass="highlight-bash notranslate"><divclass="highlight"><pre><span></span><spanclass="c1"># -*- coding: utf-8; mode: sh indent-tabs-mode: nil -*-</span>
<spanclass="w"></span><spanclass="c1"># end of standard support see https://wiki.ubuntu.com/Releases</span>
<spanclass="w"></span><spanclass="s2">"</span><spanclass="nv">$LINUXCONTAINERS_ORG_NAME</span><spanclass="s2">:ubuntu/20.04"</span><spanclass="w"></span><spanclass="s2">"ubu2004"</span><spanclass="w"></span><spanclass="c1"># LTS EOSS April 2025</span>
<spanclass="w"></span><spanclass="s2">"</span><spanclass="nv">$LINUXCONTAINERS_ORG_NAME</span><spanclass="s2">:ubuntu/22.04"</span><spanclass="w"></span><spanclass="s2">"ubu2204"</span><spanclass="w"></span><spanclass="c1"># LTS EOSS April 2027</span>
<spanclass="w"></span><spanclass="c1"># EOL see https://fedoraproject.org/wiki/Releases</span>
<spanclass="w"></span><spanclass="k">if</span><spanclass="w"></span>ask_yn<spanclass="w"></span><spanclass="s2">"Developer install? (wraps source from HOST into the running instance)"</span><spanclass="w"></span>Yn<spanclass="p">;</span><spanclass="w"></span><spanclass="k">then</span>