install
sudo snap install lxd && lxd init
images
Default repositories:
- ubuntu: (for stable Ubuntu images)
- ubuntu-daily: (for daily Ubuntu images)
- images: (for a bunch of other distros)
Links:
- https://us.images.linuxcontainers.org (official images)
- https://lxdhub.xyz/remote/images/images
lxc image ls images:
lxc image ls ubuntu-daily: # : is required
container
# create local
lxc launch ubuntu-daily:20.04 mycontainer
lxc launch images:centos/8/amd64 nginx
lxc exec nginx bash
# create remote
lxc launch ubuntu-daily:20.04 flathost:mycontainer
# create without start
# lxc init ubuntu-daily:18.04 mycontainer -c security.idmap.isolated=true
lxc config device add nginx porta80 proxy listen=tcp:0.0.0.0:5555 connect=tcp:127.0.0.1:80
lxc stop nginx
lxc publish nginx --compression none --alias nginx
lxc image export nginx /tmp/images
lxc image import /tmp/images/<filename>.tar local: --alias nginx
file transfer
lxc file pull web/usr/share/nginx/html/index.html .
lxc file push ./index.html web/usr/share/nginx/html/
profile
cat > t2.profile <<EOF
name: t2
config:
environment.TALK_NAME: LXD
devices:
public:
path: /public
type: disk
source: /home/gustavo/Public
readonly: true
EOF
lxc profile create t2
cat t2.profile | lxc profile edit t2
lxc profile add web t2 # lxc profile remove web t2
Downloads
cat > downloads.profile <<EOF
name: downloads
config:
security.idmap.isolated: true
raw.idmap: |
uid 1000 1000
gid 1000 1000
description: ""
devices:
downloads:
path: /Downloads
type: disk
source: /home/gustavo/Downloads
readonly: false
EOF
lxc profile create downloads
cat downloads.profile | lxc profile edit downloads
X11 Profile
HOST_DISPLAY=`echo $DISPLAY | cut -d ':' -f2` # 0 or 1
cat > x11.profile <<EOF
config:
environment.DISPLAY: :0
environment.PULSE_SERVER: unix:/home/ubuntu/pulse-native
user.user-data: |
#cloud-config
runcmd:
- 'sed -i "s/; enable-shm = yes/enable-shm = no/g" /etc/pulse/client.conf'
- 'echo "DISPLAY=:0" >> /etc/environment'
packages:
- mesa-utils
- pulseaudio
description: GUI LXD profile
devices:
PASocket1:
bind: container
connect: unix:/run/user/1000/pulse/native
listen: unix:/home/ubuntu/pulse-native
security.gid: "1000"
security.uid: "1000"
uid: "1000"
gid: "1000"
mode: "0777"
type: proxy
X0:
bind: container
connect: unix:@/tmp/.X11-unix/X$HOST_DISPLAY
listen: unix:@/tmp/.X11-unix/X0
security.gid: "1000"
security.uid: "1000"
type: proxy
mygpu:
type: gpu
name: x11
EOF
lxc profile create x11
cat x11.profile | lxc profile edit x11
xhost +local:
api
curl --unix-socket /var/lib/lxd/unix.socket a/1.0/instances/web | python -m json.tool
curl --unix-socket /var/lib/lxd/unix.socket -X PUT -d '{"action": "stop"}' a/1.0/containers/web/state
remote access
# run it on host to allow remote connections
lxc config set core.https_address "[::]"
lxc config set core.trust_password blablabla
# run it on client
remote=flathost.xyz # or IP 10.0.0.1
lxc remote add flathost ${remote} --protocol=lxd
# login
lxc exec flathost:mycontainer -- su ubuntu
unprivileged containers
cat > /etc/sub{uid,gid} <<EOF
root:1:1000000000
lxd:1:1000000000
EOF
systemctl restart lxd # or snap restart lxd (ubuntu)
mycontainer=xpto
printf "uid $(id -u) 1000\ngid $(id -g) 1000" | lxc config set $mycontainer raw.idmap -
echo -ne "security.idmap.isolated: true" | lxc config set $mycontainer -
lxc restart $mycontainer
disable auto update
lxc image edit <fingerprint> # and setting auto_update: true as a top-level item in the config
lxc config unset images.auto_update_interval