Table of Contents

LXD

install

apt remove lxd lxd-client
snap install lxd

# create zfs dataset on pool rpool
zfs create rpool/lxd

# create lxd storage called zfspool using previous defined dataset
lxc storage create zfspool zfs source=rpool/lxd

# define default storage pool
lxc profile device add default root disk path=/ pool=zfspool

# initialize network
sudo lxd init

Because group membership is only applied at login, you then either need to close and re-open your user session or use the “newgrp lxd” command in the shell you're going to interact with lxd from

newgrp lxd
lxc-prepare (chmod +x)
#!/bin/bash
 
NAME=$1
ALIAS=$2
ALIAS=${ALIAS:=xenial}
 
lxc image show $ALIAS >/dev/null 2>&1
if [ ! $? = 0 ]; then
    echo lxc image copy images:ubuntu/xenial/amd64 local: --alias xenial
    exit 0
fi
 
if [ ! -f /etc/apt/apt.conf.d/proxy.conf ]; then
    sudo apt install apt-cacher-ng
    PROXY=$( lxc network show lxdbr0 | sed -n 's/\s\+ipv4.address: \([0-9\.]\+\).*/\1/p' )
    echo "Acquire::http::Proxy \"http://$PROXY:3142\";" | sudo tee /etc/apt/apt.conf.d/proxy.conf
    echo "PfilePattern = .*" | sudo tee -a /etc/apt-cacher-ng/acng.conf
    echo "PassThroughPattern: .*" | sudo tee -a /etc/apt-cacher-ng/acng.conf
    systemctl restart apt-cacher-ng
fi
 
 
lxc info $NAME >/dev/null 2>&1
if [ ! $? = 0 ]; then
    lxc launch $ALIAS $NAME
fi
 
 
if [ -f /etc/apt/apt.conf.d/proxy.conf ]; then
    lxc file push /etc/apt/apt.conf.d/proxy.conf $NAME/etc/apt/apt.conf.d/
fi
 
lxc file push /etc/inputrc $NAME/etc/

basic

list remote images

lxc image list images:

auto update remote images

lxc config set images.auto_update_cached true

import image

lxc image copy images:ubuntu/xenial/amd64 local: --alias xenial

create profile

lxc profile create juju-default
cat profile.yaml | lxc profile edit juju-default

profile.yaml

name: juju-default
config:
  boot.autostart: "true"
  security.nesting: "true"
  security.privileged: "true"
  linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables
devices:
  eth0:
    mtu: "9000"
    name: eth0
    nictype: bridged
    parent: br-mng
    type: nic
  kvm:
    path: /dev/kvm
    type: unix-char
  mem:
    path: /dev/mem
    type: unix-char
  root:
    path: /
    type: disk
  tun:
    path: /dev/net/tun
    type: unix-char

create container from local image

lxc image list
lxc launch xenial test1 --profile juju-default

create container from remote image

lxc launch images:ubuntu/xenial/amd64 xenial1
lxc config set xenial1 boot.autostart false
lxc list

create custom image from local container

lxc publish local-container --alias mycustomimage

create container from previous image

lxc launch mycustomimage newcontainer

bash inside

lxc exec trusty1 -- /bin/bash

stop and delete

lxc stop trusty1
lxc delete trusty1

autostart on host boot

lxc config set <name> boot.autostart true

show container configuration

lxc config show <name>

proxy

apt install apt-cacher-ng
NAME=x11test
lxc file push /etc/apt/apt.conf.d/proxy.conf $NAME/etc/apt/apt.conf.d/
/etc/apt/apt.conf.d/proxy
Acquire::http::Proxy "http://10.106.191.1:3142";

network

lxc network create br0
lxc network show br0
lxc network edit br0

static IP container

istance=c1

lxc stop $instance
lxc network attach lxdbr0 $istance eth0 eth0
lxc config device set $istance eth0 ipv4.address 10.99.10.42
lxc start $istance

servers

prepare lxd server

# bind to port 8443
lxc config set core.https_address "[::]" 

# password
lxc config set core.trust_password some-password

from client add remote server

lxc remote add myserver <ip address or DNS>

run command

lxc exec myserver:trusty1 -- bash

xorg integration

container

create container

NAME=x11test
lxc launch images:ubuntu/bionic/amd64 $NAME

install simpler X program

lxc exec $NAME -- apt install xterm
lxc exec $NAME bash
apt install mesa-utils x11-apps
NAME=nvidia-sdk-manager
# lxc config set $NAME environment.DISPLAY <ip-of-host-lxdbr0-bridge>:0
lxc config set $NAME environment.DISPLAY :0
lxc config device add $NAME X0 disk path=/tmp/.X11-unix/X0 source=/tmp/.X11-unix/X0
lxc config device add $NAME Xauthority disk path=/root/.Xauthority source=${XAUTHORITY}

on host

for gmd (ubuntu >= 17.10) or …

/etc/gdm3/custom.conf
[security]
DisallowTCP=false
 
[xdmcp]
Enable=true

… or for lightdm

/etc/lightdm/lightdm.conf
xserver-allow-tcp=true
xserver-command=X -listen tcp

add ip of container on /etc/X0.hosts

NAME=x11test
lxc info $NAME | sed -n "s/\s*eth0:\s*inet\s\([0-9\.]*\).*/\1/p" >> /etc/X0.hosts

launch X application in container

xhost +
lxc exec $NAME -- xterm

audio integration

misc devices

lxc config device add <name> rfxcom unix-char path=/dev/ttyACM0
lxc config device set <name>  rfxcom  mode 666

share folder

# only first time
echo "root:$UID:1" | sudo tee -a /etc/subuid
echo "root:${id -d}:1" | sudo tee -a /etc/subgid
lxc profile set default security.privileged true

# for every share 
# lxc init stretch giano
lxc config set gianocop security.privileged true
lxc config set giano raw.idmap "both $UID $UID"
# source is on host, path is inside container
lxc config device add giano develop disk source=/mnt/giano path=/mnt/giano

migration

on host-destination

lxc config set core.https_address 0.0.0.0:8443
lxc config set core.trust_password PASSWORDhere

on host-origin

# add destination lxd
lxc remote add other-server <ip-address>

# take snap0 on gianocop container
lxc snapshot gianocop snap0
lxc copy gianocop/snap0 other-server:gianocop --verbose
lxc delete gianocop/snap0

on host-destination delete volatile in “lxc config”

volatile.base_image: 6adc9ca1a1124ebd954ba787e83dd9318866fd0b9ddce1cffc612559cfe3bc88
  volatile.eth0.hwaddr: 00:16:3e:50:f6:e8
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166537,"Nsid":1001,"Maprange":64535},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166537,"Nsid":1001,"Maprange":64535}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166537,"Nsid":1001,"Maprange":64535},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166537,"Nsid":1001,"Maprange":64535}]'
  volatile.last_state.power: STOPPED

export image from container

Vlan attach

apt-get install vlan 
sudo modprobe 8021q 
sudo vconfig add eth1 10 
sudo ip addr add 10.0.0.1/24 dev eth1.10 
ip addr del 10.22.30.44/16 dev eth0 
sudo ip link set up eth1.10
 sudo su -c 'echo "8021q" >> /etc/modules'
auto eth1.10
iface eth1.10 inet static
    address 10.0.0.1
    netmask 255.255.255.0
    vlan-raw-device eth1 

Send file to your new host

On image hosts

lxc publish --force 'name of container" --alias 'new name' 

example

lxc publish --force 'lxc-limesurvey' --alias 'lxc-docuwiki' 

Export image

lxc image  export 'new name' 

Output is in efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz Show size of export

du -h efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz 

check sum of image

md5sum efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz > exportmd5.txt

cat exportmd5.txt | nc 10.18.49.73 1234

cat efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz | nc 10.18.49.73 1234

NB: 10.18.49.73 is your new lxd host

1234 is a free port

Transfer image and checksum to new LXD host

nc -l 1234 > efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz
nc -l 1234 > exportmd5.txt 

check file

md5sum efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz 
md5sum -c exportmd5.txt 

Import image to new LXD host

 lxc image import efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz --alias lxc-docuwiki 

Transferring image: 100%

lxc launch image_name container_name 

Creating container_name Starting container_name

In some instances the publish command may lead to a split xz tar-ball — but both formats are supported. Simply import the meta-data and rootfs components with

  lxc image import <metadata tarball> <rootfs tarball> --alias image_name

Edit LXD default profile: networking

Put lxc network interface to host network

lxc stop lxc-docuwiki 
lxc profile device set default eth0 parent ens3
lxc profile device set  default eth0 nictype macvlan
service lxd restart
service lxd-containers restart 

launch your container

lxc start lxc-docuwiki 
lxc exec lxc-docuwiki /bin/bash