Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to nest LXD in Ubuntu. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

Nested LXD

The simplest case can be shown using a Ubuntu 16.04 image. Ubuntu 16.04 cloud image is pre-installed with LXD. The daemon itself is not running because it is activated by a socket, so it does not use any resources until you actually use it.

Let's start a Ubuntu 16.04container with nesting enabled:

Lxc launch ubuntu-daily:16.04 C1-c security.nesting=true

You can also set security.nesting on an existing container:

Lxc config set security.nesting true

Or use a specified configuration file for all containers:

Lxc profile set security.nesting true

After the container starts, you can get a shell from inside the container, configure LXD, and generate a container:

Stgraber@dakara:~$ lxc launch ubuntu-daily:16.04 C1-c security.nesting=true Creating C1 Starting C1 stgraber@dakara:~$ lxc exec C1 bash root@c1:~# lxd init Name of the storage backend to use (dir or zfs): dir We detected that you are running inside an unprivileged container. This means that unless you manually configured your host otherwise, you will not have enough uid and gid to allocate to your containers. LXD can re-use your container's own allocation to avoid the problem. Doing so makes your nested containers slightly less safe as they could in theory attack their parent container and gain more privileges than they otherwise would. Would you like to have your containers share their parent's allocation (yes/no)? Yes Would you like LXD to be available over the network (yes/no)? No Do you want to configure the LXD bridge (yes/no)? Yes Warning: Stopping lxd.service, but it can still be activated by: lxd.socket LXD has been successfully configured. Root@c1:~# lxc launch ubuntu:14.04 trusty Generating a client certificate. This may take a minute... If this is your first time using LXD You should also run: sudo lxd init Creating trusty Retrieving image: 100% Starting trusty root@c1:~# lxc list +-+ -+-+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +- -- + | trusty | RUNNING | 10.153.141.124 (eth0) | fd7:f15d:d1d6:da14:216:3eff:fef1:4002 (eth0) | PERSISTENT | 0 | +-- -+-+ root@c1:~#

It's that simple.

Online demo server

Because this article is short, I think I'll take a moment to talk about our running demo server. We just reached 10000 conversations earlier today!

This server is basically just a normal LXD running on a fairly powerful virtual machine, and a small daemon implements the REST API used by our website.

When you accept the terms of service, a new LXD container will be created for you and security.nesting will be enabled, as described above. Then you connect to that container just like you did with lxc exec, except that we used websockets and javascript to do this.

The containers you create in this environment are nested LXD containers. You can nest further if you want.

We use LXD resource restrictions across the board to prevent one user's behavior from affecting other users and to carefully monitor the server for any signs of abuse.

If you want to run your own similar server, you can get the code for our website and daemon:

This is the end of git clone https://github.com/lxc/linuxcontainers.org git clone https://github.com/lxc/lxd-demo-server 's article on "how to nest LXD in Ubuntu". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.