🚢Deploying Containers on Fusion's Edge using Nspawn🐳

Fusion Broadband has the ability to host containers on the edge node. The configuration relies on creating a separate instance of debian using systemd's nspawn. That can be used for a number of different applications including docker. You can also install a VPN concentrator such as Wireguard or Open Connect Server. This is how to configure it:

# On the SD-WAN edge

sudo nano /etc/network/interfaces

auto lo
iface lo inet loopback

iface eth0 inet manual

auto br0
iface br0 inet static
    bridge_ports eth0
    address 10.207.35.254
    netmask 255.255.255.248
    scope link
    pre-up sysctl -w net.ipv6.conf.eth0.accept_ra=0

Containers require the use of a bridge.

# On the SD-WAN edge
sudo apt-get update --allow-releaseinfo-change
sudo apt-get upgrade
sudo apt-get install systemd-container debootstrap
sudo mkdir /var/lib/machines/container
sudo debootstrap \
--include curl,bridge-utils,dbus,iptables,openssh-server,vim \
buster /var/lib/machines/container \
http://http.debian.net/debian

If you have debootstrap key errors, do this.

# On the SD-WAN edge
sudo systemd-nspawn --directory /var/lib/machines/container passwd
sudo systemd-nspawn --boot --directory /var/lib/machines/container/
* Log in using root password that was created in above step

hostnamectl set-hostname container
apt-get install sudo ca-certificates mtr wget sshguard
adduser admin (or suitable alternative)
usermod -aG sudo admin

sudo nano /etc/network/interfaces

auto host0
iface host0 inet dhcp

sudo chmod 4711 /usr/bin/ping

# To exit the container press Ctl [ 3 times

# On the SD-WAN edge
sudo mkdir /etc/systemd/nspawn
sudo nano /etc/systemd/nspawn/container.nspawn

[Exec]
Boot=yes
[Network]
VirtualEthernet=yes
Bridge=br0
# Add the line below to create a link to the SD-WAN to assign a extra network/NAT
VirtualEthernetExtra=container
# Use this to add a link to a VLAN
MACVLAN=eth0.605

sudo systemctl enable systemd-nspawn@container
sudo systemctl enable machines.target
sudo systemctl start machines.target

# Recommeneded /etc/apt/sources.list
deb http://deb.debian.org/debian buster main contrib non-free
deb http://deb.debian.org/debian buster-updates main contrib non-free
deb http://deb.debian.org/debian buster-backports main contrib non-free
deb http://security.debian.org/debian-security/ buster/updates main contrib non-free

# On the SD-WAN edge
# To access the container
sudo machinectl login container

It is now possible to install various applications such as:

• Pi.Alert - LAN reporting tool

• AdGuard - Blocking services

• Uptime kuma - and excellent monitoring tool

• eport - reverse ports for managing infrastructure

• Zenarmor firewall

• OpenConnect server - VPN concentrator

• Wireguard - VPN concentrator

The mac address of the nspawn instance can be configured with a static IP using the custom DNSMASQ configuration ability of the Fusion SD-WAN.

dhcp-host=08:55:31:D4:B5:AD,192.168.254.1

Ronald Bartels ensures that Internet inhabiting things are connected reliably online at Fusion Broadband South Africa - the leading specialized SD-WAN provider in South Africa. 👉 Contact Fusion