Howto install LXD on CentOS

How to run Docker inside LXD containers.md

How to run Docker inside LXD containers

Create LXD Container

Docker will not run well with the default zfs file system

lxc storage create docker btrfs
lxc launch images:ubuntu/20.04 demo
lxc storage volume create docker demo
lxc config device add demo docker disk pool=docker source=demo path=/var/lib/docker
lxc config set demo security.nesting=true security.syscalls.intercept.mknod=true security.syscalls.intercept.setxattr=true

Install Docker

lxc exec demo bash

sudo apt-get update

 sudo apt-get install \
 ca-certificates \
 curl \
 gnupg \
  lsb-release
 
 curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg
--dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io

Test your Docker container

docker run -it ubuntu bash

Reference: https://discourse.ubuntu.com/t/how-to-run-docker-inside-lxd-containers/26730

Remove LXD Container

lxc config unset demo security.nesting
lxc config unset demo security.syscalls.intercept.mknod
lxc config unset demo security.syscalls.intercept.setxattr
lxc config device remove demo docker
lxc storage volume delete docker demo
lxc stop demo
lxc delete demo
lxc storage delete docker

install_LXD_CentOS.md

Howto install LXD on CentOS

Update CentOS

sudo yum update
## reboot Linux box if kernel updated ##
sudo reboot

Enable the EPEL repository on CentOS

sudo yum install epel-release
sudo yum update

Install snapd package from the EPEL repository

sudo yum install snapd
sudo systemctl enable --now snapd.socket
sudo ln -s /var/lib/snapd/snap /snap

Configure the CentOS Linux kernel for LXD

sudo su
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
grubby --args="namespace.unpriv_enable=1" --update-kernel="$(grubby --default-kernel)"
sh -c 'echo "user.max_user_namespaces=3883" > /etc/sysctl.d/99-userns.conf'
reboot

Install LXD

sudo snap search lxd
sudo snap install lxd

Verify LXD

snap list
snap services

Configuring LXD

sudo usermod -aG lxd $USER
newgrp lxd
id
lxc list
lxd init

Install lxd on Red Hat Enterprise Linux

Reference: https://snapcraft.io/install/lxd/rhel

LXD_CLI.md

LXD Command Line

Create and launch your first container

# Search image from images as remote (https://images.linuxcontainers.org). Use `lxc remote list` to show
lxc image list images:
lxc image list images: | grep -i centos
lxc image list images: | grep -u ubuntu

# To create and start containers from images use the launch command as follows:
# lxc launch images:{distro}/{version}/{arch} {container-name-here}
lxc launch images:centos/7/amd64 centos-db

# Login container
lxc shell centos-db
lxc exec centos-db -- bash
lxc exec centos-db -- su --login root

# Stop/start container
lxc stop centos-db
lxc start centos-db

# Create snapshots
lxc snapshot centos-db
# Create snapshot with specified name 'backup'
lxc snapshot centos-db backup
lxc list
lxc info centos-db

# Rename container
lxc stop centos-db
lxc move centos-db new-centos-db
lxc list
lxc start new-centos-db

# Delete container
lxc list
lxc stop new-centos-db
lxc delete new-centos-db
lxc list

Exposing the Web server of a container to host

# Launch and login container
lxc launch ubuntu:22.04 myubuntu
lxc shell myubuntu

# Install nginx web in container
sudo apt update
sudo apt install -y nginx
# Check web in container
curl http://localhost
exit

# Configure port mapping between host and container
lxc config device add myubuntu myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80
# Check web outside container
curl http://localhost

How add or mount directory in LXD/LXC

Mounting your home directory in LXD (read-only)

# lxc config device add {container-name} {name} disk source={/path/to/source/dir/} path={/path/to/dest/onto/container/}
lxc config device add myubuntu sharedwww disk source=/wwwdata/ path=/var/www/html/
lxc exec myubuntu -- "ls /var/www/html"

# How to remove/delete/unmount directory from an LXD container
lxc config device remove myubuntu sharedwww
lxc config device show myubuntu

Add a shared host directory to an LXC/LXD container (read-write mode)

By default, the root user is not allowed to modify files inside containers from a host. It is a security feature of LXD. In other words, you need to remap your user ID if you need read-write access for mounted folders.

# How to allow LXD to remap your user ID on the host
# Supposed that you are vagrant user from host
id
echo "root:$(id -u):1" | sudo tee -a /etc/subuid
echo "root:$(id -g):1" | sudo tee -a /etc/subgid
cat /etc/{subuid,subgid}

# How to remap your user ID inside the container
lxc exec ubuntu bash
grep ^vagrant /etc/passwd

# Create a user account named if no output displayed by above grep command:
lxc exec ubuntu bash
adduser vagrant
# uid and gid of vagrant user should be same between host and container
id vagrant
exit

# Type the following command to map both the UID and the GID, from the host’s UID (1000) to the ubuntu container’s 1000 UID (vagrant):
lxc config set ubuntu raw.idmap "both 1000 1000"
lxc restart ubuntu

# mount and map the directory in a read/write mode:
lxc config device add ubuntu myhomedir disk source=/home/vagrant/ path=/home/vagrant/
lxc config show ubuntu

# Test it
lxc exec ubuntu bash
cd /home/vagrant
mkdir delta
echo "www.nixcraft.com" > test.txt
cat test.txt
rmdir delta
## back to host ##
exit
## make sure bar.txt still exists on host ##
ls -l test.txt
cat test.txt

Reference: https://www.cyberciti.biz/faq/how-to-add-or-mount-directory-in-lxd-linux-container/

If cannot access internet, configure iptables to allow FORWARD on lxdbr0 interface

# Configure temporarily
sudo iptables -A FORWARD -i lxdbr0 -j ACCEPT	#if only allowing lxdbr0
sudo iptables -A FORWARD -o lxdbr0 -j ACCEPT

sudo iptables -P FORWARD ACCEPT			#if allow all

# Make persistently
sudo nft list ruleset > /etc/nftables.conf	#if nftables
sudo iptables-save > /etc/sysconfig/iptables	#if iptables

# Enable systemd to start it when booting
sudo systemctl enable --now nftables	        #if nftables
sudo systemctl enable --now iptables	        #if iptables

How to move/migrate LXD VM to another host on Linux

• LXD VM container migration using LXD API and Simplestreams
• Supposed that:
  • server1: 192.168.1.5
  • server2: 192.168.1.6

# Configure a remote server named server2
lxc config set core.https_address 192.168.1.6:8443
lxc config set core.trust_password PASSWORDhere
sudo ufw allow from 192.168.1.5 to 192.168.1.6 port 8443 proto tcp comment 'Allow lxd client to talk to lxd-server'

# Configure a local server named server1
lxc remote add server2 192.168.1.6
lxc remote list
sudo ufw allow from 192.168.1.6 to 192.168.1.5 port 8443 proto tcp comment 'Allow lxd server2 client to talk to server1 lxd-server'

# Copying container named www-vm from server1 to server2
lxc snapshot www-vm
lxc info www-vm
lxc copy --mode push www-vm/snap0 server2:www-vm --verbose

# Start container named www-vm on server2
lxc list server2:
lxc start server2:www-vm
lxc exec server2:www-vm bash

Reference: https://www.cyberciti.biz/faq/how-to-movemigrate-lxd-vm-to-another-host-on-linux/

Limit CPU, MEM, Disk, bandwidth

# Limit Memory Usage
lxc config set container_name limits.memory 100MB

# Limit CPU Usage
lxc config set container_name limits.cpu 2

# Limit Disk Usage
lxc storage list
lxc config device add container_name root disk pool=default path=/
lxc config device set container_name root size 7GB

# Limit Network Usage
lxc network list
lxc config device add container_name eth0 nic name=eth0 nictype=bridged parent=lxdbr0
lxc config device set container_name eth0 limits.ingress 1Mbit
lxc config device set container_name eth0 limits.egress 1Mbit

# Verify it
lxc config show container_name --expanded

Output:

limits.cpu: "2"
limits.memory: 4GB
devices:
  root:
    path: /
    pool: default
    size: 7GB
    type: disk

Reference: https://www.maketecheasier.com/limit-lxd-containers-resources/

Backup and Restore LXD with snapshot

# Containers can be renamed and live-migrated using the lxc move command:
lxc move c1 final-beta

# They can also be snapshotted:
lxc snapshot c1 YYYY-MM-DD

# Later changes to c1 can then be reverted by restoring the snapshot:
lxc restore u1 YYYY-MM-DD

# New containers can also be created by copying a container or snapshot:
lxc copy u1/YYYY-MM-DD testcontainer

Troubleshooting

# To view debug information about LXD itself, on a systemd based host use
journalctl -u lxd

# Container logfiles for container c1 may be seen using:
lxc info c1 --show-log

The configuration file which was used may be found under /var/log/lxd/c1/lxc.conf while apparmor profiles can be found in /var/lib/lxd/security/apparmor/profiles/c1 and seccomp profiles in /var/lib/lxd/security/seccomp/c1. Reference: https://ubuntu.com/server/docs/containers-lxd

LXD_TL_DR.md

LXC

Manage Linux containers using the lxd REST API.

Any container names or patterns can be prefixed with the name of a remote server. More information: https://manned.org/lxc.

# List local containers matching a string. Omit the string to list all local containers:
lxc list match_string

# List images matching a string. Omit the string to list all images:
lxc image list [remote:]match_string

# Create a new container from an image:
lxc init [remote:]image container

# Start a container:
lxc start [remote:]container

# Stop a container:
lxc stop [remote:]container

# Show detailed info about a container:
lxc info [remote:]container

# Take a snapshot of a container:
lxc snapshot [remote:]container snapshot