Deploying your first container with LXD
In this recipe, we will create our first container with LXD.
Getting ready
You will need access to the root account or an account with sudo
privileges.
How to do it…
LXD works on the concept of remote servers and images served by those remote servers. Starting a new container with LXD is as simple as downloading a container image and starting a container out of it, all with a single command. Follow these steps:
- To start your first container, use the
lxc launch
command, as follows:$ lxc launch ubuntu:14.04/amd64 c1
LXC will download the required image (
14.04/amd64
) and start the container.You should see the progress like this:
- As you can see in the screenshot,
lxc launch
downloads the required image, creates a new container, and then starts it as well. You can see your new container in a list of containers with thelxc list
command, as follows:$ lxc list
- Optionally, you can get more details about the containers with the
lxc info
command:$ lxc info c1
- Now that your container is running, you can start working with it. With the
lxc exec
command, you can execute commands inside a container. Use the following command to obtain the details of Ubuntu running inside a container:$ lxc exec c1 -- lsb_release -a
- You can also open a bash shell inside a container, as follows:
$ lxc exec c1 -- bash
How it works…
Creating images is a time-consuming task. With LXD, the team has solved this problem by downloading the prebuilt images from trusted remote servers. Unlike LXC, where images are built locally, LXD downloads them from the remote servers and keep a local cache of these images for later use. The default installation contains three remote servers:
- Ubuntu: This contains all Ubuntu releases
- Ubuntu-daily: This contains all Ubuntu daily builds
- images: This contains all other Linux distributions
You can get a list of available remote servers with this command:
$ lxc remote list
Similarly, to get a list of available images on a specific remote server, use the following command:
$ lxc image list ubuntu:
In the previous example, we used 64-bit Ubuntu 14.04 from one of the preconfigured remote servers (ubuntu:
). When we start a specific container, LXD checks the local cache for the availability of the respective image; if it's not available locally, the required images gets fetched from the remote server and cached locally for later use. These images are kept in sync with remote updates. They also expire if not used for a specific time period, and expired images are automatically removed by LXD. By default, the expiration period is set to 10 days.
Note
You can find a list of various configuration parameters for LXC and LXD documented on GitHub at https://github.com/lxc/lxd/blob/master/doc/configuration.md.
The lxc launch
command creates a new container and then starts it as well. If you want to just create a container without starting it, you can do that with the lxc init
command, as follows:
$ lxc init ubuntu:xenial c2
All containers (or their rootfs
) are stored under the /var/lib/lxd/containers
directory, and images are stored under the /var/lib/lxd/images
directory.
Note
All LXD containers are non-privileged containers by default. You do not need any special privileges to create and manage containers. On the other hand, LXD does support privileged containers as well.
While starting a container, you can specify the set of configuration parameters using the --config
flag. LXD also supports configuration profiles. Profiles are a set of configuration parameters that can be applied to a group of containers. Additionally, a container can have multiple profiles. LXD ships with two preconfigured profiles: default
and docker
.
To get a list of profiles, use the lxc profile list
command, and to get the contents of a profile, use the lxc profile show <profile_name>
command.
Sometimes, you may need to start a container to experiment with something—execute a few random commands and then undo all the changes. LXD allows us to create such throwaway or ephemeral containers with the -e
flag. By default, all LXD containers are permanent containers. You can start an ephemeral container using the --ephemeral
or -e
flag. When stopped, an ephemeral container will be deleted automatically.
With LXD, you can start and manage containers on remote servers as well. For this, the LXD daemon needs to be exposed to the network. This can be done at the time of initializing LXD or with the following commands:
$ lxc config set core.https_address "[::]" $ lxc config set core.trust_password some-password
Next, make sure that you can access the remote server and add it as a remote for LXD with the lxc remote add
command:
$ lxc remote add remote01 192.168.0.11 # lxc remote add name server_ip
Now, you can launch containers on the remote server, as follows:
$ lxc launch ubuntu:xenial remote01:c1
There's more…
Unlike LXC, LXD container images do not support password-based SSH logins. The container still has the SSH daemon running, but login is restricted to a public key. You need to add a key to the container before you can log in with SSH. LXD supports file management with the lxc file
command; use it as follows to set your public key inside an Ubuntu container:
$ lxc file push ~/.ssh/id_rsa.pub \ c1/home/ubuntu/.ssh/authorized_keys \ --mode=0600 --uid=1000
Once the public key is set, you can use SSH to connect to the container, as follows:
$ ssh ubuntu@container_IP
Alternatively, you can directly open a root session inside a container and get a bash shell with lxc exec
, as follows:
$ lxc exec c1 -- bash
See also
- The LXD getting started guide: https://linuxcontainers.org/lxd/getting-started-cli/
- The Ubuntu Server guide for LXC: https://help.ubuntu.com/lts/serverguide/lxd.html
- Container images are created using tools such as debootstrap, which you can read more about at https://wiki.debian.org/Debootstrap
- Creating LXC templates from scratch: http://wiki.pcprobleemloos.nl/using_lxc_linux_containers_on_debian_squeeze/creating_a_lxc_virtual_machine_template