LXD

install

apt remove lxd lxd-client snap install lxd # create zfs dataset on pool rpool zfs create rpool/lxd # create lxd storage called zfspool using previous defined dataset lxc storage create zfspool zfs source=rpool/lxd # define default storage pool lxc profile device add default root disk path=/ pool=zfspool # initialize network sudo lxd init Because group membership is only applied at login, you then either need to close and re-open your user session or use the “newgrp lxd” command in the shell you're going to interact with lxd from newgrp lxd lxc-prepare (chmod +x) #!/bin/bash NAME = $1 ALIAS = $2 ALIAS = ${ALIAS:=xenial} lxc image show $ALIAS >/ dev / null 2 >& 1 if [ ! $? = 0 ] ; then echo lxc image copy images:ubuntu / xenial / amd64 local: --alias xenial exit 0 fi if [ ! -f / etc / apt / apt.conf.d / proxy.conf ] ; then sudo apt install apt-cacher-ng PROXY =$ ( lxc network show lxdbr0 | sed -n 's/\s\+ipv4.address: \([0-9\.]\+\).*/\1/p' ) echo "Acquire::http::Proxy \" http:// $PROXY :3142 \" ;" | sudo tee / etc / apt / apt.conf.d / proxy.conf echo "PfilePattern = .*" | sudo tee -a / etc / apt-cacher-ng / acng.conf echo "PassThroughPattern: .*" | sudo tee -a / etc / apt-cacher-ng / acng.conf systemctl restart apt-cacher-ng fi lxc info $NAME >/ dev / null 2 >& 1 if [ ! $? = 0 ] ; then lxc launch $ALIAS $NAME fi if [ -f / etc / apt / apt.conf.d / proxy.conf ] ; then lxc file push / etc / apt / apt.conf.d / proxy.conf $NAME / etc / apt / apt.conf.d / fi lxc file push / etc / inputrc $NAME / etc /

basic

list remote images lxc image list images: auto update remote images lxc config set images.auto_update_cached true import image lxc image copy images:ubuntu/xenial/amd64 local: --alias xenial create profile lxc profile create juju-default cat profile.yaml | lxc profile edit juju-default profile.yaml name: juju-default config: boot.autostart: "true" security.nesting: "true" security.privileged: "true" linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables devices: eth0: mtu: "9000" name: eth0 nictype: bridged parent: br-mng type: nic kvm: path: /dev/kvm type: unix-char mem: path: /dev/mem type: unix-char root: path: / type: disk tun: path: /dev/net/tun type: unix-char create container from local image lxc image list lxc launch xenial test1 --profile juju-default create container from remote image lxc launch images:ubuntu/xenial/amd64 xenial1 lxc config set xenial1 boot.autostart false lxc list create custom image from local container lxc publish local-container --alias mycustomimage create container from previous image lxc launch mycustomimage newcontainer bash inside lxc exec trusty1 -- /bin/bash stop and delete lxc stop trusty1 lxc delete trusty1 autostart on host boot lxc config set < name > boot.autostart true show container configuration lxc config show < name > proxy apt install apt-cacher-ng NAME=x11test lxc file push /etc/apt/apt.conf.d/proxy.conf $NAME/etc/apt/apt.conf.d/ /etc/apt/apt.conf.d/proxy Acquire::http::Proxy "http://10.106.191.1:3142" ;

network

lxc network create br0 lxc network show br0 lxc network edit br0 static IP container istance=c1 lxc stop $instance lxc network attach lxdbr0 $istance eth0 eth0 lxc config device set $istance eth0 ipv4.address 10.99.10.42 lxc start $istance

servers

prepare lxd server # bind to port 8443 lxc config set core.https_address "[::]" # password lxc config set core.trust_password some-password from client add remote server lxc remote add myserver <ip address or DNS> run command lxc exec myserver:trusty1 -- bash

xorg integration

container

create container NAME =x11test lxc launch images:ubuntu / bionic / amd64 $NAME install simpler X program lxc exec $NAME -- apt install xterm lxc exec $NAME bash apt install mesa-utils x11-apps NAME=nvidia-sdk-manager # lxc config set $NAME environment.DISPLAY <ip-of-host-lxdbr0-bridge>:0 lxc config set $NAME environment.DISPLAY :0 lxc config device add $NAME X0 disk path=/tmp/.X11-unix/X0 source=/tmp/.X11-unix/X0 lxc config device add $NAME Xauthority disk path=/root/.Xauthority source=${XAUTHORITY}

on host

for gmd (ubuntu >= 17.10) or … /etc/gdm3/custom.conf [ security ] DisallowTCP = false [ xdmcp ] Enable = true … or for lightdm /etc/lightdm/lightdm.conf xserver-allow-tcp=true xserver-command=X -listen tcp add ip of container on /etc/X0.hosts NAME=x11test lxc info $NAME | sed -n "s/\s*eth0:\s*inet\s\([0-9\.]*\).*/\1/p" >> /etc/X0.hosts launch X application in container xhost + lxc exec $NAME -- xterm

audio integration

misc devices

lxc config device add < name > rfxcom unix-char path = / dev / ttyACM0 lxc config device set < name > rfxcom mode 666

share folder

# only first time echo "root:$UID:1" | sudo tee -a /etc/subuid echo "root:${id -d}:1" | sudo tee -a /etc/subgid lxc profile set default security.privileged true # for every share # lxc init stretch giano lxc config set gianocop security.privileged true lxc config set giano raw.idmap "both $UID $UID" # source is on host, path is inside container lxc config device add giano develop disk source=/mnt/giano path=/mnt/giano

migration

on host-destination lxc config set core.https_address 0.0.0.0:8443 lxc config set core.trust_password PASSWORDhere on host-origin # add destination lxd lxc remote add other-server <ip-address> # take snap0 on gianocop container lxc snapshot gianocop snap0 lxc copy gianocop/snap0 other-server:gianocop --verbose lxc delete gianocop/snap0 on host-destination delete volatile in “lxc config” volatile.base_image: 6adc9ca1a1124ebd954ba787e83dd9318866fd0b9ddce1cffc612559cfe3bc88 volatile.eth0.hwaddr: 00:16:3e:50:f6:e8 volatile.eth0.name: eth0 volatile.idmap.base: "0" volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166537,"Nsid":1001,"Maprange":64535},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166537,"Nsid":1001,"Maprange":64535}]' volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166537,"Nsid":1001,"Maprange":64535},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1000},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1000,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166537,"Nsid":1001,"Maprange":64535}]' volatile.last_state.power: STOPPED

export image from container

Vlan attach

apt-get install vlan sudo modprobe 8021q sudo vconfig add eth1 10 sudo ip addr add 10.0.0.1/24 dev eth1.10 ip addr del 10.22.30.44/16 dev eth0 sudo ip link set up eth1.10 sudo su -c 'echo "8021q" >> /etc/modules' auto eth1.10 iface eth1.10 inet static address 10.0.0.1 netmask 255.255.255.0 vlan-raw-device eth1

Send file to your new host

On image hosts lxc publish --force 'name of container" --alias 'new name' example lxc publish --force 'lxc-limesurvey' --alias 'lxc-docuwiki' Export image lxc image export 'new name' Output is in efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz Show size of export du -h efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz

check sum of image

md5sum efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz > exportmd5.txt cat exportmd5.txt | nc 10.18.49.73 1234 cat efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz | nc 10.18.49.73 1234 NB: 10.18.49.73 is your new lxd host 1234 is a free port

Transfer image and checksum to new LXD host

nc -l 1234 > efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz nc -l 1234 > exportmd5.txt check file md5sum efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz md5sum -c exportmd5.txt

Import image to new LXD host

lxc image import efaa243331f0a7c175376edaf796545a01ad09bb47f25a297b798e09fe66ee66.tar.gz --alias lxc-docuwiki Transferring image: 100% lxc launch image_name container_name Creating container_name Starting container_name In some instances the publish command may lead to a split xz tar-ball — but both formats are supported. Simply import the meta-data and rootfs components with lxc image import <metadata tarball> <rootfs tarball> --alias image_name

Edit LXD default profile: networking