Howto LXD

Some commands:

$ lxc image alias list images:
$ lxc info <name>
$ lxc config edit <name>
$ lxc config show <name>
$ lxc exec <name> bash
# Some limits
$ lxc config set <name> limits.memory 512MB
$ lxc config set <name> limits.cpu 2
$ lxc config set <name> limits.cpu.allowance 50%
$ lxc config set <name> limits.memory.swap false
$ lxc config device set <name> root limits.read 30MB
$ lxc config device set <name> root limits.write 10MB
$ lxc config device set <name> root limits.read 20Iops
$ lxc config device set <name> root limits.write 10Iops
$ lxc config device override <name> root size=20GB
$ lxc profile device set default eth0 limits.ingress 100Mbit
$ lxc profile device set default eth0 limits.egress 100Mbit
# Port isolation make the container unable to see other containers that are also in port_isolation mode
$ lxc config device set <name> eth0 security.port_isolation=true
$ lxc profile device set default eth0 security.port_isolation=true
$ lxc 
$ lxc launch images:debian/11 <name>
$ lxc config set <name> environment.LC_ALL=en_US.UTF-8
$ lxc list
$ lxc storage volume list <storagename>
$ #mode privileged
$ lxc launch ubuntu:20.04 test -c security.privileged=true -c security.nesting=true
$ lxc config device add test ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22
$ #Create a backups volume in the local (default) pool (ZFS) and use it for backups
$ lxc storage volume create local backups
$ lxc config set storage.backups_volume local/backups
$ #Create a images volume in the local (default) pool (ZFS) and use it for images (containers images downloaded)
$ lxc storage volume create local images
$ lxc config set storage.images_volume local/images
$ lxc config device add $containerName $deviceName disk source=/home/foo path=/home/foo
$ lxc config device add $containerName $deviceName disk source=/dev/<disk> path=/home/foo

Path:

  • /var/lib/lxd/
  • /var/snap/lxd/common/lxd/

Entering LXD namespace managed by snap (to access ZFS mount points for example):

# nsenter -t $(cat /var/snap/lxd/common/lxd.pid) -m

Some packages I like to install on fresh containers install:

vim
postfix
logrotate
etckeeper
iputils-ping
dnsutils

Some initial steps:

  • Enable journald
  • Set hostname (create /etc/hostname on Archlinux!)
  • Configure postfix

Disable getty for old containers images:

# sed -i 's/^tty/# tty/g' /etc/inittab
# systemctl disable getty@tty{1..4}
# reboot

Nginx memo:

set_real_ip_from W.X.Y.Z;
#real_ip_recursive on;
real_ip_header X-Forwarded-For;
log_format custom '$http_x_forwarded_for - $remote_user [$time_local] '
  '"$request" $status $body_bytes_sent '
  '"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log custom;


Last update: September 4, 2021
Created: August 21, 2017