Deploying into LXD container

Container setup

1) Launch a new LXC container based on Alpine.

$ lxc launch images:alpine/3.21 seacat-pki
$ lxc exec seacat-pki /bin/ash

2) Install the required packages.

In the newly launched LXC container:

$ apk update
$ apk upgrade

$ apk add --no-cache \
  python3 \
  py3-pip \
  libstdc++ \
  openssl

$ apk add --no-cache --virtual buildenv \
  openssh-client \
  git \
  python3-dev \
  libffi-dev \
  openssl-dev \
  gcc \
  g++ \
  swig \
  musl-dev

$ pip3 install --upgrade pip
$ pip3 install --no-cache-dir aiohttp
$ pip3 install --no-cache-dir asn1tools
$ pip3 install --no-cache-dir motor
$ pip3 install --no-cache-dir cryptography
$ pip3 install --no-cache-dir fastjsonschema
$ pip3 install --no-cache-dir asn1crypto
$ pip3 install --no-cache-dir PyKCS11
$ pip3 install --no-cache-dir git+https://github.com/TeskaLabs/asab.git

$ apk del buildenv

$ cd /opt
$ ... deploy the SeaCat PKI repository into /opt/seacat-pki ...

$ mkdir /opt/site-xxx
$ vi /opt/site-xxx/seacatpki.conf

3) Create the init.d (autostart) script.

Filename: /etc/init.d/seacatpki

#!/sbin/openrc-run

name="seacatpki"
command="/usr/bin/python3 /opt/seacat-pki/seacatpki.py -c /opt/site-xxx/seacatpki.conf"
pidfile="/var/run/$SVCNAME.pid"
command_background="yes"

depend() {
    need net
    use dns
}

3) Start the service.

$ rc-service seacatpki start