Deploying into LXD container¶
Container setup¶
1) Launch a new LXC container based on Alpine.
$ lxc launch images:alpine/3.21 seacat-pki
$ lxc exec seacat-pki /bin/ash
2) Install the required packages.
In the newly launched LXC container:
$ apk update
$ apk upgrade
$ apk add --no-cache \
python3 \
py3-pip \
libstdc++ \
openssl
$ apk add --no-cache --virtual buildenv \
openssh-client \
git \
python3-dev \
libffi-dev \
openssl-dev \
gcc \
g++ \
swig \
musl-dev
$ pip3 install --upgrade pip
$ pip3 install --no-cache-dir aiohttp
$ pip3 install --no-cache-dir asn1tools
$ pip3 install --no-cache-dir motor
$ pip3 install --no-cache-dir cryptography
$ pip3 install --no-cache-dir fastjsonschema
$ pip3 install --no-cache-dir asn1crypto
$ pip3 install --no-cache-dir PyKCS11
$ pip3 install --no-cache-dir git+https://github.com/TeskaLabs/asab.git
$ apk del buildenv
$ cd /opt
$ ... deploy the SeaCat PKI repository into /opt/seacat-pki ...
$ mkdir /opt/site-xxx
$ vi /opt/site-xxx/seacatpki.conf
3) Create the init.d (autostart) script.
Filename: /etc/init.d/seacatpki
#!/sbin/openrc-run
name="seacatpki"
command="/usr/bin/python3 /opt/seacat-pki/seacatpki.py -c /opt/site-xxx/seacatpki.conf"
pidfile="/var/run/$SVCNAME.pid"
command_background="yes"
depend() {
need net
use dns
}
3) Start the service.
$ rc-service seacatpki start