Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Basic commands to run LXD containers

install

sudo snap install lxd && lxd init

images

Default repositories:

  • ubuntu: (for stable Ubuntu images)
  • ubuntu-daily: (for daily Ubuntu images)
  • images: (for a bunch of other distros)

Links:

lxc image ls images:
lxc image ls ubuntu-daily:  # : is required

container

lxc launch images:centos/8/amd64 nginx
lxc exec nginx bash

# create without start
# lxc init ubuntu-daily:18.04 mycontainer -c security.idmap.isolated=true

lxc config device add nginx porta80 proxy listen=tcp:0.0.0.0:5555 connect=tcp:127.0.0.1:80

lxc stop nginx
lxc publish nginx --compression none --alias nginx

lxc image export nginx /tmp/images
lxc image import /tmp/images/<filename>.tar local: --alias nginx

file transfer

lxc file pull web/usr/share/nginx/html/index.html .
lxc file push ./index.html web/usr/share/nginx/html/

profile

cat > t2.profile <<EOF
name: t2
config:
  environment.TALK_NAME: LXD
devices:
  public:
    path: /public
    type: disk
    source: /home/gustavo/Public
    readonly: true
EOF
lxc profile create t2
cat t2.profile | lxc profile edit t2
lxc profile add web t2  # lxc profile remove web t2

X11 Profile

HOST_DISPLAY=`echo $DISPLAY | cut -d ':' -f2`  # 0 or 1
cat > x11.profile <<EOF
config:
  environment.DISPLAY: :0
  environment.PULSE_SERVER: unix:/home/ubuntu/pulse-native
  user.user-data: |
    #cloud-config
    runcmd:
      - 'sed -i "s/; enable-shm = yes/enable-shm = no/g" /etc/pulse/client.conf'
      - 'echo "DISPLAY=:0" >> /etc/environment'
    packages:
      - mesa-utils
      - pulseaudio
description: GUI LXD profile
devices:
  PASocket1:
    bind: container
    connect: unix:/run/user/1000/pulse/native
    listen: unix:/home/ubuntu/pulse-native
    security.gid: "1000"
    security.uid: "1000"
    uid: "1000"
    gid: "1000"
    mode: "0777"
    type: proxy
  X0:
    bind: container
    connect: unix:@/tmp/.X11-unix/X$HOST_DISPLAY
    listen: unix:@/tmp/.X11-unix/X0
    security.gid: "1000"
    security.uid: "1000"
    type: proxy
  mygpu:
    type: gpu
name: x11
EOF

lxc profile create x11
cat x11.profile | lxc profile edit x11
xhost +local:

api

curl --unix-socket /var/lib/lxd/unix.socket a/1.0/instances/web | python -m json.tool
curl --unix-socket /var/lib/lxd/unix.socket -X PUT -d '{"action": "stop"}' a/1.0/containers/web/state

remote access

# run it on host to allow remote connections
lxc config set core.https_address "[::]"
lxc config set core.trust_password blablabla

# run it on client
remote=flathost.xyz  # or IP 10.0.0.1
lxc remote add flathost ${remote} --protocol=lxd

unprivileged containers

cat > /etc/sub{uid,gid} <<EOF
root:1:1000000000   
lxd:1:1000000000
EOF
systemctl restart lxd  # or snap restart lxd (ubuntu)

mycontainer=xpto
printf "uid $(id -u) 1000\ngid $(id -g) 1000" | lxc config set $mycontainer raw.idmap -
echo -ne "security.idmap.isolated: true" | lxc config set $mycontainer -
lxc restart $mycontainer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.