$ lxc start ${containername}
$ lxc restart ${containername}
$ lxc stop ${containername}
# open shell
$ lxc exec ${containername} -- /bin/bash
# -- with sudo permissions
# $ lxc exec ${containername} -- sudo --login --user ${username}
# -- execute command
# $ lxc exec ${containername} -- ${command}
$ sudo apt update $ sudo apt upgrade $ sudo apt policy lxd # optional: wipe disk and use for zfs # $ sudo mkfs.ext4 -F /dev/disk/by-id/scsi-000_Volume_volume-fra1-01 $ sudo apt-get install lxd $ sudo apt-get install zfsutils-linux
# create an unprivileged lxc user and add to "lxd" group
$ sudo add user ${username}
$ sudo usermod -aG lxd
See Common Linux Commands for more information.
$ sudo lxd init
# create lbr0
$ lxc network create lbr0
$ lxc network set lbr0 ipv4.address ${lbr0ipv4}
$ lxc network set lbr0 ipv4.nat true
$ lxc network show lbr0
config:
ipv4.address: ${lbr0ipv4}/24
ipv4.nat: "true"
ipv6.address: fd42:27e1:6a22:790c::1/64
ipv6.nat: "true"
name: lbr0
type: bridge
used_by:
- /1.0/containers/${containername}
managed: true
# attach lbr0 to eth0
$ lxc stop ${containername}
$ lxc network attach lbr0 ${containername} eth0
$ lxc start ${containername}
# change network address
$ lxc config device set ${containername} eth0 ipv4.address ${lbr0ipv4}
# show bridges
$ brctl show
# bridge name bridge id STP enabled interfaces
# lxcbr0 8000.00163e000000 no vethAAX55F
# vethD5E4UB
# vethAAX55F
# lxdbr0 8000.000000000000 no
# delete bridges $ ip link set lxdbr0 down $ brctl delbr lxdbr0
# stop bridges
See: < Notes/Server/misc.notes >
services:
servicename: lxd-bridge
# edit bridges
# stop
$ vi /etc/default/lxd-bridge
LXD_IPV4_NAT="true"
LXD_IPV6_NAT="false"
# restart
services:
servicename: lxd
# optional_conversion_from_eth0_to_br0:
# use br0 instead of lxc-br0 (lxc creates its own device lxc-br0 which is managed by the lxc-net service)
$ netstat -r
# Kernel IP routing table
# Destination Gateway Genmask Flags MSS Window irtt Iface
# default gateway 0.0.0.0 UG 0 0 0 eth0
# 10.13.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
# xx.xx.xx.xxx 0.0.0.0 255.255.255.0 U 0 0 0 eth0
$ vi /etc/network/interfaces
< /etc/network/interfaces >
auto br0
iface br0 inet dhcp
bridge-ifaces eth0
bridge-ports eth0
up ifconfig eth0 up
iface eth0 inet manual
$ sudo ifup br0
$ netstat -r
# Kernel IP routing table
# Destination Gateway Genmask Flags MSS Window irtt Iface
# default xx.xx.xx.1 0.0.0.0 UG 0 0 0 br0
# xx.xx.xx.xxx * 255.255.255.0 U 0 0 0 br0
# xx.xx.xx.xxx * 255.255.255.0 U 0 0 0 eth0
# disable USE_LXC_BRIDGE
$ vi /etc/default/lxc-net
< /etc/default/lxc-net >
USE_LXC_BRIDGE=0
# set lxc network link as br0
$ vi ~/.config/lxc/default.conf
< ~/.config/lxc/default.conf >
lxc.network.link=br0
$ vi /etc/lxc/default.conf
< /etc/lxc/default.conf >
lxc.network.link=br0
$ vi /etc/dnsmasq.d/lxc
< /etc/dnsmasq.d/lxc >
except-interface=br0
$/etc/init.d/dnsmasq restart
$ vi /var/lib/lxc/<container_name>/config
< /var/lib/lxc/${containername}/config >
lxc.network.link=br0
# configure iptables
# -- forward source
source: xx.xx.xx.xxx/24
interface: eth0
$ sudo iptables -A FORWARD -s ${source} -o ${interface} -j ACCEPT
# -- forward destination
destination: 10.0.3.0/24
interface: lxcbr0
$ sudo iptables -A FORWARD -d ${destination} -o ${interface} -j ACCEPT
# -- forward DNAT ports
chain: PREROUTING
protocol: TCP
localaddress: xx.xx.xx.xxx
port: 25565
address: 10.0.3.116:25565
$ sudo iptables -t nat -I ${chain} -p ${protocol} -d ${localaddress} --dport ${port} -j DNAT --to ${address}
# -- forward ports
chain: PREROUTING
protocol: TCP
localaddress: 10.0.3.116
port: 25565
$ sudo iptables -A ${chain} -p ${protocol} -d ${localaddress} --dport ${port} -j ACCEPT
See Networking for more information.
# allow nesting
$ lxc config set ${containername} security.nesting true
# reconfigure lxd # $ sudo dpkg-reconfigure -p medium lxd
# create lxd container
$ lxc launch ubuntu:x ${containername}
# list containers $ lxc list
# delete containers
# stop container
$ lxc delete ${containername}
# get container info
$ lxc info ${containername}
# show container configuration
$ lxc config show ${containername}
# file locations
/var/lib/lxd/containers/${containername} > /var/lib/lxd/storage-pools/lxd-pool/containers/${containername}
< /var/lib/lxd/containers/${containername}/rootfs >
# when copying, change file ownership to 100000
# copying files into container
$ lxc file push ${filepath} ${containername}
# show images
$ lxc image list
# +-------+--------------+--------+---------------------------------------------+--------+----------+------------------------------+
# | ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCH | SIZE | UPLOAD DATE |
# +-------+--------------+--------+---------------------------------------------+--------+----------+------------------------------+
# | | 8fa08537ae51 | no | ubuntu 16.04 LTS amd64 (release) (20170516) | x86_64 | 120.85MB | May 17, 2017 at 6:51pm (UTC) |
# +-------+--------------+--------+---------------------------------------------+--------+----------+------------------------------+
# delete images $ lxc image delete 8fa08537ae51
# profiles $ lxc profile edit default $ lxc profile show default
# file locations
/var/lib/lxd/containers/${containername} > /var/lib/lxd/containers/${containername}.zfs
# tree
/var/lib/lxd/containers/${containername}.zfs
├── metadata.yaml
├── rootfs
└── templates
zpools: pool: lxd-pool
# show zpools
$ sudo zpool list
# NAME SIZE ALLOC FREE EXPANDSZ FRAG CAP DEDUP HEALTH ALTROOT
# ${pool} 2.98G 85K 2.98G - 0% 0% 1.00x ONLINE -
# // -- if empty
# no pools available
# show config
$ lxc config show
# config:
# storage.zfs_pool_name: ${pool}
# destroy zpool
$ sudo zpool destroy ${pool}
# show status
$ sudo zpool status
# pool: ${pool}
# state: ONLINE
# scan: scrub repaired 0 in 0h0m with 0 errors on Sun May 14 00:24:28 2017
# config:
# NAME STATE READ WRITE CKSUM
# ${pool} ONLINE 0 0 0
# /var/lib/lxd/zfs.img ONLINE 0 0 0
# errors: No known data errors
# // -- status if in block device: i.e. /dev/sda8
# pool: ${pool}
# state: ONLINE
# scan: none requested
# config:
# NAME STATE READ WRITE CKSUM
# ${pool} ONLINE 0 0 0
# /sda8 ONLINE 0 0 0
# errors: No known data errors
config:
# increase size by adding a vdev
$ sudo zpool add test-tao /dev/<disk-name>
$ sudo zpool add test-tao mirror /dev/<disk-0-name> /dev/<disk-1-name>
zfs:
# show zfs
$ sudo zfs list
# NAME USED AVAIL REFER MOUNTPOINT
# ${pool} 982M 1.93G 19K none
# ${pool}/containers 681M 1.93G 19K none
# ${pool}/containers/c1 681M 1.93G 964M /var/lib/lxd/storage-pools/${pool}/containers/c1
# ${pool}/custom 19K 1.93G 19K none
# ${pool}/deleted 19K 1.93G 19K none
# ${pool}/images 300M 1.93G 19K none
# ${pool}/images/8fa08537ae51c880966626561987153e72d073cbe19dfe5abc062713d929254d 300M 1.93G 300M none
# // -- if empty
# no datasets available
# mount
$ mount | grep c1.zfs
# ${pool}/containers/c1 on /var/lib/lxd/containers/c1.zfs type zfs (rw,relatime,xattr,noacl)
# unset container
$ lxc config unset storage.zfs_${pool}
References:
<https://bobcares.com/blog/building-an-nginx-web-application-gateway-for-an-lxc-lxd-server-virtualization-infrastructure/> <https://blog.simos.info/trying-out-lxd-containers-on-ubuntu-on-digitalocean/>
<https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/> <https://www.digitalocean.com/community/tutorials/how-to-host-multiple-web-sites-with-nginx-and-haproxy-using-lxd-on-ubuntu-16-04>