LXD is under heavy development at the moment, so if you’re reading this page and it’s not 2015 2016, it’s probably out of date.
For Ubuntu Xenial DO NOT follow this guide! Go here instead.
As far as I can see, Canonical’s LXD is a set of wrappers on top of LXC, with the end goal of integration into Openstack. For now, it provides a useful set of tools and python libraries for LXC containters.
I wanted to produce some LXC containers which could talk to each other and that I could access locally over SSH, with DNS entries, so that I could test out Ansible deployments. Here are the steps that worked on Trusty Tahr.
Run the following on your host. You may need to run “sudo apt-get upgrade” if you system is a little out of date:
sudo add-apt-repository -y ppa:ubuntu-lxc/lxd-git-master sudo apt-get update sudo apt-get -y install lxd
Now add your user to the lxd group (command assumes you’re logged in as the user you’ll be using):
whoami | xargs sudo usermod -a -G lxd
Now log off and log back in again or run the following to allow you to run lxc commands without sudo:
Set up DNS Resolution
dnsmasq is used by LXC, but we also need it to install it as a separate package on the host, so we can channel requests for “lxc” domain hosts to the DNS service running for LXC:
sudo apt-get install -y dnsmasq
Now configure our host’s dnsmasq service to send DNS requests for the “lxc” domain to LXC’s DNS service (on 10.0.3.1):
echo 'server=/lxc/10.0.3.1' | sudo tee -a /etc/dnsmasq.conf
Configure LXC’s dnsmasq service to use the “lxc” domain name:
echo 'LXC_DOMAIN="lxc"' | sudo tee -a /etc/default/lxc-net
Restart lxc networking and our host’s dnsmasq service:
sudo service lxc-net restart sudo service dnsmasq restart
Import an image
lxd-images import ubuntu trusty amd64 --alias ubuntu
Launch a container
Now the fun bit; launching a container:
lxc launch ubuntu test1
Now list all our containers to check:
Errors such as:
error: Error calling 'lxd forkstart test1 /var/lib/lxd/containers /var/log/lxd/test1/lxc.conf': err='exit status 1'
May require a workaround. Try this:
[[ -d /usr/lib/x86_64-linux-gnu/lxc/proc ]] || sudo mkdir /usr/lib/x86_64-linux-gnu/lxc/proc sudo mount --bind /proc /usr/lib/x86_64-linux-gnu/lxc/proc
Add the container to DNS
If you run ‘cat /var/lib/misc/dnsmasq.lxcbr0.leases’ you’ll see that the host called itself “ubuntu” when it requested an IP from LXC’s dnsmasq service. This is not so helpful, because our host should be called “test1”. Networking runs before the hostname is properly defined, but this can be recified by giving the container a kick (very quick with containers):
lxc exec test1 reboot
Now if you ‘cat /var/lib/misc/dnsmasq.lxcbr0.leases’ you should see that the host has properly requested an IP for its correct host name of “test1”. You can check this:
You can also check LXC’s DNS service directly if you want:
dig test1.lxc @10.0.3.1
You should now be able to log in to your container using the lxc CLI:
lxc exec test1 -- bash # and then... exit
Then copied over my public SSH key:
lxc file push ~/.ssh/id_rsa.pub test1/home/ubuntu/.ssh/authorized_keys --mode=0600 --uid=1000
Let’s prove it all works, by connecting to the container over SSH:
LXD provides a handy CLI to spin up LXC containers, but there’s still lots to do before it can be called “production ready”.
If you think this page can be improved, please do let me know!