Show pageOld revisionsBacklinksAdd to bookExport to PDFBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== LXD ======= {{tag>[lxd]}} ===== install ===== <code> apt remove lxd lxd-client snap install lxd # create zfs dataset on pool rpool zfs create rpool/lxd # create lxd storage called zfspool using previous defined dataset lxc storage create zfspool zfs source=rpool/lxd # define default storage pool lxc profile device add default root disk path=/ pool=zfspool # initialize network sudo lxd init </code> Because group membership is only applied at login, you then either need to close and re-open your user session or use the "newgrp lxd" command in the shell you're going to interact with lxd from <code> newgrp lxd </code> <file bash lxc-prepare (chmod +x)> #!/bin/bash NAME=$1 ALIAS=$2 ALIAS=${ALIAS:=xenial} lxc image show $ALIAS >/dev/null 2>&1 if [ ! $? = 0 ]; then echo lxc image copy images:ubuntu/xenial/amd64 local: --alias xenial exit 0 fi if [ ! -f /etc/apt/apt.conf.d/proxy.conf ]; then sudo apt install apt-cacher-ng PROXY=$( lxc network show lxdbr0 | sed -n 's/\s\+ipv4.address: \([0-9\.]\+\).*/\1/p' ) echo "Acquire::http::Proxy \"http://$PROXY:3142\";" | sudo tee /etc/apt/apt.conf.d/proxy.conf echo "PfilePattern = .*" | sudo tee -a /etc/apt-cacher-ng/acng.conf echo "PassThroughPattern: .*" | sudo tee -a /etc/apt-cacher-ng/acng.conf systemctl restart apt-cacher-ng fi lxc info $NAME >/dev/null 2>&1 if [ ! $? = 0 ]; then lxc launch $ALIAS $NAME fi if [ -f /etc/apt/apt.conf.d/proxy.conf ]; then lxc file push /etc/apt/apt.conf.d/proxy.conf $NAME/etc/apt/apt.conf.d/ fi lxc file push /etc/inputrc $NAME/etc/ </file> ===== basic ===== list remote images <code> lxc image list images: </code> auto update remote images <code> lxc config set images.auto_update_cached true </code> import image <code> lxc image copy images:ubuntu/xenial/amd64 local: --alias xenial </code> create profile <code> lxc profile create juju-default cat profile.yaml | lxc profile edit juju-default </code> profile.yaml <code> name: juju-default config: boot.autostart: "true" security.nesting: "true" security.privileged: "true" linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables devices: eth0: mtu: "9000" name: eth0 nictype: bridged parent: br-mng type: nic kvm: path: /dev/kvm type: unix-char mem: path: /dev/mem type: unix-char root: path: / type: disk tun: path: /dev/net/tun type: unix-char </code> create container from local image <code> lxc image list lxc launch xenial test1 --profile juju-default </code> create container from remote image <code> lxc launch images:ubuntu/xenial/amd64 xenial1 lxc config set xenial1 boot.autostart false lxc list </code> create custom image from local container <code> lxc publish local-container --alias mycustomimage </code> create container from previous image <code> lxc launch mycustomimage newcontainer </code> bash inside <code> lxc exec trusty1 -- /bin/bash </code> stop and delete <code> lxc stop trusty1 lxc delete trusty1 </code> autostart on host boot <code bash> lxc config set <name> boot.autostart true </code> show container configuration <code bash> lxc config show <name> </code> proxy <code> apt install apt-cacher-ng NAME=x11test lxc file push /etc/apt/apt.conf.d/proxy.conf $NAME/etc/apt/apt.conf.d/ </code> <file yaml /etc/apt/apt.conf.d/proxy> Acquire::http::Proxy "http://10.106.191.1:3142"; </file> ===== network ===== <code> lxc network create br0 lxc network show br0 lxc network edit br0 </code> static IP container <code> istance=c1 lxc stop $instance lxc network attach lxdbr0 $istance eth0 eth0 lxc config device set $istance eth0 ipv4.address 10.99.10.42 lxc start $istance </code> ===== servers ===== prepare lxd server <code> # bind to port 8443 lxc config set core.https_address "[::]" # password lxc config set core.trust_password some-password </code> from client add remote server <code> lxc remote add myserver <ip address or DNS> </code> run command <code> lxc exec myserver:trusty1 -- bash </code> ===== xorg integration ===== * https://bitsandslices.wordpress.com/2015/12/08/creating-an-lxd-container-for-graphics-applications/ ==== container ==== create container <code bash> NAME=x11test lxc launch images:ubuntu/bionic/amd64 $NAME </code> install simpler X program <code bash> lxc exec $NAME -- apt install xterm lxc exec $NAME bash apt install mesa-utils x11-apps </code> <code> NAME=nvidia-sdk-manager # lxc config set $NAME environment.DISPLAY <ip-of-host-lxdbr0-bridge>:0 lxc config set $NAME environment.DISPLAY :0 lxc config device add $NAME X0 disk path=/tmp/.X11-unix/X0 source=/tmp/.X11-unix/X0 lxc config device add $NAME Xauthority disk path=/root/.Xauthority source=${XAUTHORITY} </code> ==== on host ==== for gmd (ubuntu >= 17.10) or ... <file ini /etc/gdm3/custom.conf> [security] DisallowTCP=false [xdmcp] Enable=true </file> ... or for lightdm <file yaml /etc/lightdm/lightdm.conf> xserver-allow-tcp=true xserver-command=X -listen tcp </file> add ip of container on /etc/X0.hosts <code> NAME=x11test lxc info $NAME | sed -n "s/\s*eth0:\s*inet\s\([0-9\.]*\).*/\1/p" >> /etc/X0.hosts </code> launch X application in container <code bash> xhost + lxc exec $NAME -- xterm </code> ===== audio integration ===== * https://bitsandslices.wordpress.com/2015/12/10/using-audio-in-lxd-containers/ ===== misc devices ===== <code bash> lxc config device add <name> rfxcom unix-char path=/dev/ttyACM0 lxc config device set <name> rfxcom mode 666 </code> ===== share folder ===== <code> # only first time echo "root:$UID:1" | sudo tee -a /etc/subuid echo "root:${id -d}:1" | sudo tee -a /etc/subgid lxc profile set default security.privileged true # for every share # lxc init stretch giano lxc config set gianocop security.privileged true lxc config set giano raw.idmap "both $UID $UID" # source is on host, path is inside container lxc config device add giano develop disk source=/mnt/giano path=/mnt/giano </code> ===== migration ===== on host-destination <code> lxc config set core.https_address 0.0.0.0:8443 lxc config set core.trust_password PASSWORDhere </code> on host-origin <code> # add destination lxd lxc remote add other-server <ip-address> # take snap0 on gianocop container lxc snapshot gianocop snap0 lxc copy gianocop/snap0 other-server:gianocop --verbose lxc delete gianocop/snap0 </code> on host-destination delete volatile in "lxc config" <code> volatile.base_image: 6adc9ca1a1124ebd954ba787e83dd9318866fd0b9ddce1cffc612559cfe3bc88 volatile.eth0.hwaddr: 00:16:3e:50:f6:e8 volatile.eth0.name: eth0 volatile.idmap.base: "0" volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166537,"Nsid":1001,"Maprange":64535},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166537,"Nsid":1001,"Maprange":64535}]' volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166537,"Nsid":1001,"Maprange":64535},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166537,"Nsid":1001,"Maprange":64535}]' volatile.last_state.power: STOPPED </code> ===== export image from container ===== {{tag>[wiki lxd 'profile network' apache vlan]}} ===== Vlan attach ===== <code>apt-get install vlan </code> <code>sudo modprobe 8021q </code> <code>sudo vconfig add eth1 10 </code> <code>sudo ip addr add 10.0.0.1/24 dev eth1.10 </code> <code>ip addr del 10.22.30.44/16 dev eth0 </code> <code>sudo ip link set up eth1.10</code> <code> sudo su -c 'echo "8021q" >> /etc/modules'</code> <code> auto eth1.10 iface eth1.10 inet static address 10.0.0.1 netmask 255.255.255.0 vlan-raw-device eth1 </code> ===== Send file to your new host ===== On image hosts <code>lxc publish --force 'name of container" --alias 'new name' </code> example <code>lxc publish --force 'lxc-limesurvey' --alias 'lxc-docuwiki' </code> Export image <code>lxc image export 'new name' </code> Output is in efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz Show size of export <code>du -h efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz </code> ==== check sum of image ==== <code> md5sum efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz > exportmd5.txt cat exportmd5.txt | nc 10.18.49.73 1234 cat efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz | nc 10.18.49.73 1234 </code> **NB**: 10.18.49.73 is your new lxd host 1234 is a free port ===== Transfer image and checksum to new LXD host ===== <code> nc -l 1234 > efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz nc -l 1234 > exportmd5.txt </code> check file <code> md5sum efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz md5sum -c exportmd5.txt </code> ===== Import image to new LXD host ====== <code> lxc image import efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz --alias lxc-docuwiki </code> Transferring image: 100% <code>lxc launch image_name container_name </code> Creating container_name Starting container_name In some instances the publish command may lead to a split xz tar-ball --- but both formats are supported. Simply import the meta-data and rootfs components with lxc image import <metadata tarball> <rootfs tarball> --alias image_name === Edit LXD default profile: networking === Put lxc network interface to host network <code> lxc stop lxc-docuwiki lxc profile device set default eth0 parent ens3 lxc profile device set default eth0 nictype macvlan service lxd restart service lxd-containers restart </code> launch your container <code> lxc start lxc-docuwiki lxc exec lxc-docuwiki /bin/bash </code> tips/lxd.txt Last modified: 2019/11/19 19:12by scipio