====== LXD =======

{{tag>[lxd]}}
===== install =====

<code>
apt remove lxd lxd-client
snap install lxd

# create zfs dataset on pool rpool
zfs create rpool/lxd

# create lxd storage called zfspool using previous defined dataset
lxc storage create zfspool zfs source=rpool/lxd

# define default storage pool
lxc profile device add default root disk path=/ pool=zfspool

# initialize network
sudo lxd init
</code>

Because group membership is only applied at login, you then either need to close
and re-open your user session or use the "newgrp lxd" command in the shell you're going to interact with lxd from
<code>
newgrp lxd
</code>

<file bash lxc-prepare (chmod +x)>
#!/bin/bash

NAME=$1
ALIAS=$2
ALIAS=${ALIAS:=xenial}

lxc image show $ALIAS >/dev/null 2>&1
if [ ! $? = 0 ]; then
    echo lxc image copy images:ubuntu/xenial/amd64 local: --alias xenial
    exit 0
fi

if [ ! -f /etc/apt/apt.conf.d/proxy.conf ]; then
    sudo apt install apt-cacher-ng
    PROXY=$( lxc network show lxdbr0 | sed -n 's/\s\+ipv4.address: \([0-9\.]\+\).*/\1/p' )
    echo "Acquire::http::Proxy \"http://$PROXY:3142\";" | sudo tee /etc/apt/apt.conf.d/proxy.conf
    echo "PfilePattern = .*" | sudo tee -a /etc/apt-cacher-ng/acng.conf
    echo "PassThroughPattern: .*" | sudo tee -a /etc/apt-cacher-ng/acng.conf
    systemctl restart apt-cacher-ng
fi


lxc info $NAME >/dev/null 2>&1
if [ ! $? = 0 ]; then
    lxc launch $ALIAS $NAME
fi


if [ -f /etc/apt/apt.conf.d/proxy.conf ]; then
    lxc file push /etc/apt/apt.conf.d/proxy.conf $NAME/etc/apt/apt.conf.d/
fi
    
lxc file push /etc/inputrc $NAME/etc/
</file>

===== basic =====


list remote images
<code>
lxc image list images:
</code>

auto update remote images
<code>
lxc config set images.auto_update_cached true
</code>

import image
<code>
lxc image copy images:ubuntu/xenial/amd64 local: --alias xenial
</code>

create profile
<code>
lxc profile create juju-default
cat profile.yaml | lxc profile edit juju-default
</code>

profile.yaml
<code>
name: juju-default
config:
  boot.autostart: "true"
  security.nesting: "true"
  security.privileged: "true"
  linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables
devices:
  eth0:
    mtu: "9000"
    name: eth0
    nictype: bridged
    parent: br-mng
    type: nic
  kvm:
    path: /dev/kvm
    type: unix-char
  mem:
    path: /dev/mem
    type: unix-char
  root:
    path: /
    type: disk
  tun:
    path: /dev/net/tun
    type: unix-char
</code>

create container from local image
<code>
lxc image list
lxc launch xenial test1 --profile juju-default
</code>

create container from remote image
<code>
lxc launch images:ubuntu/xenial/amd64 xenial1
lxc config set xenial1 boot.autostart false
lxc list
</code>

create custom image from local container
<code>
lxc publish local-container --alias mycustomimage
</code>

create container from previous image
<code>
lxc launch mycustomimage newcontainer
</code>



bash inside
<code>
lxc exec trusty1 -- /bin/bash
</code>

stop and delete
<code>
lxc stop trusty1
lxc delete trusty1
</code>

autostart on host boot
<code bash>
lxc config set <name> boot.autostart true
</code>

show container configuration
<code bash>
lxc config show <name>
</code>

proxy
<code>
apt install apt-cacher-ng
NAME=x11test
lxc file push /etc/apt/apt.conf.d/proxy.conf $NAME/etc/apt/apt.conf.d/
</code>

<file yaml /etc/apt/apt.conf.d/proxy>
Acquire::http::Proxy "http://10.106.191.1:3142";
</file>


===== network =====

<code>
lxc network create br0
lxc network show br0
lxc network edit br0
</code>

static IP container
<code>
istance=c1

lxc stop $instance
lxc network attach lxdbr0 $istance eth0 eth0
lxc config device set $istance eth0 ipv4.address 10.99.10.42
lxc start $istance
</code>
===== servers =====

prepare lxd server
<code>
# bind to port 8443
lxc config set core.https_address "[::]" 

# password
lxc config set core.trust_password some-password
</code>

from client add remote server
<code>
lxc remote add myserver <ip address or DNS>
</code>

run command
<code>
lxc exec myserver:trusty1 -- bash
</code>

===== xorg integration =====

  * https://bitsandslices.wordpress.com/2015/12/08/creating-an-lxd-container-for-graphics-applications/

==== container ====

create container
<code bash>
NAME=x11test
lxc launch images:ubuntu/bionic/amd64 $NAME
</code>

install simpler X program 
<code bash>
lxc exec $NAME -- apt install xterm
lxc exec $NAME bash
apt install mesa-utils x11-apps
</code>


<code>
NAME=nvidia-sdk-manager
# lxc config set $NAME environment.DISPLAY <ip-of-host-lxdbr0-bridge>:0
lxc config set $NAME environment.DISPLAY :0
lxc config device add $NAME X0 disk path=/tmp/.X11-unix/X0 source=/tmp/.X11-unix/X0
lxc config device add $NAME Xauthority disk path=/root/.Xauthority source=${XAUTHORITY}
</code>


==== on host ====

for gmd (ubuntu >= 17.10) or ...
<file ini /etc/gdm3/custom.conf>
[security]
DisallowTCP=false

[xdmcp]
Enable=true
</file>

... or for lightdm
<file yaml /etc/lightdm/lightdm.conf>
xserver-allow-tcp=true
xserver-command=X -listen tcp
</file>

add ip of container on /etc/X0.hosts
<code>
NAME=x11test
lxc info $NAME | sed -n "s/\s*eth0:\s*inet\s\([0-9\.]*\).*/\1/p" >> /etc/X0.hosts
</code>

launch X application in container
<code bash>
xhost +
lxc exec $NAME -- xterm
</code>

===== audio integration =====

  * https://bitsandslices.wordpress.com/2015/12/10/using-audio-in-lxd-containers/

===== misc devices =====

<code bash>
lxc config device add <name> rfxcom unix-char path=/dev/ttyACM0
lxc config device set <name>  rfxcom  mode 666
</code>

===== share folder =====

<code>
# only first time
echo "root:$UID:1" | sudo tee -a /etc/subuid
echo "root:${id -d}:1" | sudo tee -a /etc/subgid
lxc profile set default security.privileged true

# for every share 
# lxc init stretch giano
lxc config set gianocop security.privileged true
lxc config set giano raw.idmap "both $UID $UID"
# source is on host, path is inside container
lxc config device add giano develop disk source=/mnt/giano path=/mnt/giano
</code>

===== migration =====

on host-destination
<code>
lxc config set core.https_address 0.0.0.0:8443
lxc config set core.trust_password PASSWORDhere
</code>

on host-origin
<code>
# add destination lxd
lxc remote add other-server <ip-address>

# take snap0 on gianocop container
lxc snapshot gianocop snap0
lxc copy gianocop/snap0 other-server:gianocop --verbose
lxc delete gianocop/snap0
</code> 

on host-destination delete volatile in "lxc config"
<code>
volatile.base_image: 6adc9ca1a1124ebd954ba787e83dd9318866fd0b9ddce1cffc612559cfe3bc88
  volatile.eth0.hwaddr: 00:16:3e:50:f6:e8
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166537,"Nsid":1001,"Maprange":64535},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166537,"Nsid":1001,"Maprange":64535}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166537,"Nsid":1001,"Maprange":64535},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166537,"Nsid":1001,"Maprange":64535}]'
  volatile.last_state.power: STOPPED
</code>
===== export image from container =====
{{tag>[wiki lxd 'profile network' apache vlan]}}


===== Vlan attach =====
<code>apt-get install vlan </code>
<code>sudo modprobe 8021q </code>
<code>sudo vconfig add eth1 10 </code>

<code>sudo ip addr add 10.0.0.1/24 dev eth1.10 </code>

<code>ip addr del 10.22.30.44/16 dev eth0 </code>

<code>sudo ip link set up eth1.10</code>
<code> sudo su -c 'echo "8021q" >> /etc/modules'</code>
<code>
auto eth1.10
iface eth1.10 inet static
    address 10.0.0.1
    netmask 255.255.255.0
    vlan-raw-device eth1 </code>

===== Send file to your new host =====

On image hosts

<code>lxc publish --force 'name of container" --alias 'new name' </code>
example
<code>lxc publish --force 'lxc-limesurvey' --alias 'lxc-docuwiki' </code>

Export image
<code>lxc image  export 'new name' </code>

Output is in efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz
Show size of export
<code>du -h efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz </code>

==== check sum of image ====

<code>
md5sum efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz > exportmd5.txt

cat exportmd5.txt | nc 10.18.49.73 1234

cat efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz | nc 10.18.49.73 1234
</code>
**NB**: 10.18.49.73 is your new lxd host

1234 is a free port

===== Transfer image and checksum to new LXD host =====
<code>
nc -l 1234 > efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz
nc -l 1234 > exportmd5.txt </code>

check file
<code>
md5sum efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz 
md5sum -c exportmd5.txt 
</code>

===== Import image to new LXD host ======

<code> lxc image import efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz --alias lxc-docuwiki </code>

Transferring image: 100%

<code>lxc launch image_name container_name </code>
Creating container_name
Starting container_name

In some instances the publish command may lead to a split xz tar-ball --- but both formats are supported. Simply import the meta-data and rootfs components with

    lxc image import <metadata tarball> <rootfs tarball> --alias image_name
=== Edit LXD default profile: networking ===

Put lxc network interface to host network

<code>
lxc stop lxc-docuwiki 
lxc profile device set default eth0 parent ens3
lxc profile device set  default eth0 nictype macvlan
service lxd restart
service lxd-containers restart </code>

launch your container
<code>
lxc start lxc-docuwiki 
lxc exec lxc-docuwiki /bin/bash

</code>