LXC

From StdOut

LXC (Linux Containers) is an operating-system-level virtualization method for running multiple isolated Linux systems (containers) on a control host using a single Linux kernel. (source: Wikipedia)

Install

apt install lxd lxd-client
sudo lxd init

# Using a Preallocated File
Would you like to use an existing block device (yes/no) [default=no]? no

# Using a Block Device
Would you like to use an existing block device (yes/no) [default=no]? yes

Profile

Change default

lxc profile edit default

Make LAN

lxc profile copy default lan
lxc profile edit lan

Change profile

lxc profile apply {vm-name} lan

Copy profile

lxc profile copy dmz epsilon:

Make container

lxc launch ubuntu:16.04 {vm-name} (-p {profile})
lxc list
lxc exec {vm-name} -- /bin/bash

Config

lxc config show {vm-name}

Limits

lxc config set {vm-name} limits.cpu 1
lxc config set {vm-name} limits.memory 1

lxc profile device set {profile-name} {device/eth0} limits.ingress 100Mbit
lxc profile device set {profile-name} {device/eth0} limits.egress 100Mbit

Autostart

lxc config set {vm-name} boot.autostart true
lxc config set {vm-name} boot.autostart.delay 10 # seconds to wait after starting container
lxc config set {vm-name} boot.autostart.priority 99 # higher values means earlier start

Mount disk

lxc config device add {vm-name} {dev_name} disk source=/mnt/md0 path=/mnt/md0

Privilege is needed for read/write access

lxc config set {vm-name} security.privileged=true

Remote

Add

Both local and remove must have https_address set.

lxc config set core.https_address [::]:8443
lxc config set core.trust_password something-secure

lxc remote add foo 1.2.3.4
lxc remote list

Storage

https://lxd.readthedocs.io/en/latest/storage/

$ lxc storage list

Create

$ sudo apt install zfsutils-linux

Create a loop-backed pool named “lxd”. The ZFS Zpool will also be called “lxd”.

$ lxc storage create lxd zfs

Create a new pool called “lxd” on /dev/sdX. The ZFS Zpool will also be called “lxd”.

lxc storage create lxd zfs source=/dev/sdX

Change default

No images or containers can exist on system

$ lxc profile device remove default root
$ lxc storage delete default
$ lxc storage create default …
$ lxc profile device add default root disk path=/ pool=default

Grow

$ sudo truncate -s +5G /var/lib/lxd/disks/<POOL>.img
$ sudo zpool set autoexpand=on <POOL>
$ sudo zpool online -e <POOL> /var/lib/lxd/disks/<POOL>.img
$ sudo zpool set autoexpand=off <POOL>

Snapshots

lxc snapshot {container} {snapshot-name}
lxc info {container/snapshot-name}
lxc restore {container} {snapshot-name}
lxc delete {container}/snapshot-name}

Remap users

Allow on host

echo "root:1000:1" | sudo tee -a /etc/subuid /etc/subgid

This will allow root to use 1 new user and group ids, from 1000 to 1001.

Config container

lxc config set wiki-test raw.idmap "both $UID 1000"
#or
echo -en "both 1000 1000\nboth 33 33" | lxc config set wiki-test raw.idmap -
Instead of remapping — you can set the permissions on the host to UID+100000, that will align with the remapped IDs on the container.