LXD/LXC Basic Setup: Difference between revisions

From WikiMLT
VisualWikitext
Line 170: Line 170:
lxc network set lxdbr0 ipv6.address none
lxc network set lxdbr0 ipv6.address none
</syntaxhighlight>
</syntaxhighlight>
== Backup LXC Containers ==
Here are provided notes about backing up the containers,
=== Local export approach ===
<syntaxhighlight lang="bash">
* */1 * * * /snap/bin/lxc export lxc-webserver $HOME/backups/lxc-webserver-backup.tar.gz >/tmp/crontab.${USER}.lxc-webserver-backup.tar.gz.log 2>&1
</syntaxhighlight>The command could be a part of your backup script. Also they say it is better to export a snap shot... Then a remote instance can fetch it by <code>rsync</code> via SSH.
References:
* Linux containers LXD: [https://linuxcontainers.org/lxd/docs/master/backup/ Backing up a LXD server]
*CiberCity: [https://www.cyberciti.biz/faq/how-to-movemigrate-lxd-vm-to-another-host-on-linux/ How to move/migrate LXD VM to another host on Linux]
* NixCraft: [https://www.cyberciti.biz/faq/how-to-backup-and-restore-lxd-containers/ How to backup and restore LXD containers]
* StackOverflow: [https://serverfault.com/questions/759170/copy-lxd-containers-between-hosts Copy lxd containers between hosts]
=== Remote export approach ===
In this section, the LXD that is running at <code>metalvel.tech</code> will be called ''remote server''. The LXD that will fetch (export) the backups will be called ''local server'' in this case it is <code>szs.spae</code>. Here is used the most simple settings and the connection between the servers will be carry out via SSH tunnel.
So, at the remote server run the following command.
<syntaxhighlight lang="shell" line="1">
lxc config set core.https_address :8443
lxc config set core.trust_password 'p@s$********wD'
</syntaxhighlight>
Then at the local server <code>szs.space</code> add the necessary entry for a connection with port forwarding of port <code>8443</code> in the file <code>~/.ssh/config</code> - see the entry  <code>lxd.fwd.metalevel.tech</code> in the [[{{FULLPAGENAME}}#SSH Setup|SSH section below]]. After that test the connection bi the following commands.
<syntaxhighlight lang="shell" line="1">
ssh lxd.fwd.metalevel.tech -fTN
sudo netstat -tnupa | grep 8443
</syntaxhighlight>
If everything looks fine, do the [[{{FULLPAGENAME}}#LXD Initial Setup|Init setup]] for this instance (answer with ''no'' at all questions if wont run local LXCs) and then execute the following command to add the remote server.
<syntaxhighlight lang="bash" class="mlw-continue">
# Default auth type: TLS + password; 'mlt' stands for 'metalevel.tech'
</syntaxhighlight><syntaxhighlight lang="shell" line="1">
lxc remote add mlt 127.0.0.1:8443
</syntaxhighlight><syntaxhighlight lang="shell-session">
ficate fingerprint: 1778ec79530...
ok (y/n/[fingerprint])? y
Admin password for metalevel.tech: ***
Client certificate now trusted by server: mlt
</syntaxhighlight>
Then you can switch the default ''remote'' server and list the running containers as follow.<syntaxhighlight lang="shell" line="1">
lxc remote list
lxc remote switch mlt
lxc list
</syntaxhighlight>
'''The above procedure must be done for all users that will manipulate the remote instance - in this count the <code>root</code> account!'''
In order to export a backup from the remote instance you can perform the following steps.<syntaxhighlight lang="shell" line="1">
lxc snapshot mlt:lxc-webserver backup
lxc export mlt:lxc-webserver/backup ./mlt.lxc-webserver.tar.gz
</syntaxhighlight>Note you need to have enough space at the remote instance, because the snapshots are created there, also backups before to be moved to the destination place are created there as temporary archive. <syntaxhighlight lang="shell" line="1">
lxc export mlt:lxc-webserver ./mlt.lxc-webserver.tar.gz
</syntaxhighlight>
References:
* Linux containers LXD: [https://linuxcontainers.org/lxd/getting-started-cli/#other-installation-options Advanced guide Introduction], Section: [https://linuxcontainers.org/lxd/advanced-guide/#add-remote-lxd-servers '''Remote LXD Server''']
*Linux containers LXD: [https://linuxcontainers.org/lxd/docs/master/backup/ Backing up a LXD server]
* Mi blog lah: [https://blog.simos.info/how-to-use-lxc-remote-with-the-lxd-snap/ How to use LXC remote with the LXD snap]


== References ==
== References ==

Revision as of 14:30, 8 September 2022

Lin­ux Serv­er
Con­tain­ers

LXD Ini­tial Set­up

sudo usermod -aG lxd <user>

Ini­tial­ize LXD. 

lxd init
#Out­put
Would you like to use LXD clustering? (yes/no) [default=no]: no
Do you want to configure a new storage pool? (yes/no) [default=yes]: yes
Name of the new storage pool [default=default]: default
Name of the storage backend to use (dir, lvm, zfs, ceph, btrfs) [default=zfs]: dir
Would you like to connect to a MAAS server? (yes/no) [default=no]: no
Would you like to create a new local network bridge? (yes/no) [default=yes]: yes
What should the new bridge be called? [default=lxdbr0]: lxdbr0
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
Would you like the LXD server to be available over the network? (yes/no) [default=no]: no
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]: yes
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: yes

config: {}
networks:
- config:
    ipv4.address: auto
    ipv6.address: auto
  description: ""
  name: lxdbr0
  type: ""
  project: default
storage_pools:
- config: {}
  description: ""
  name: default
  driver: dir
profiles:
- config: {}
  description: ""
  devices:
    eth0:
      name: eth0
      network: lxdbr0
      type: nic
    root:
      path: /
      pool: default
      type: disk
  name: default
projects: []
cluster: null

List the avail­able im­ages by the com­mand: lxc im­age list ubuntu:22.04 | grep x86_​​​64. Then in­stall a cer­tain im­age and name the con­tain­er lxc-web­serv­er, that will be ca­pa­ble to run oth­er con­tain­ers in­side, for more de­tails read the ar­ti­cle Nest­ed con­tain­ers in LXD. 

lxc launch ubuntu:22.04 lxc-webserver -c security.nesting=true
#Out­put
Creating lxc-webserver
Starting lxc-webserver

In or­der to add (or re­move) the nest­ing op­tion to an ex­ist­ing LXC, use:

lxc config set lxc-webserver security.nesting true

lxc list --columns ns4 # name, state and IPv4
#Out­put
+---------------+---------+-----------------------+
|   NAME        |  STATE  |         IPV4          |
+---------------+---------+-----------------------+
| lxc-webserver | RUNNING | 10.127.198.222 (eth0) |
+---------------+---------+-----------------------+

Con­fig­ure the con­tain­er to ob­tain a sta­t­ic IP as­sign­ment. 

lxc config device override lxc-webserver eth0

Device eth0 overridden for lxc-webserver

lxc config device set lxc-webserver eth0 ipv4.address 10.127.198.222 # no output mean everything is fine
lxc restart lxc-webserver
lxc list --columns ns4 | grep eth0 # check the ip

| lxc-webserver | RUNNING | 10.127.198.222 (eth0) |

LXD Ba­sic op­er­a­tion

Restart the ser­vice.

sudo snap restart lxd

Mount a host di­rec­to­ry to a di­rec­to­ry in­side a con­tain­er. Map the per­mis­sions.

printf "lxd:$(id -u):1\nroot:$(id -u):1\n" | sudo tee -a /etc/subuid # Allow LXD’s use of our user uid
printf "lxd:$(id -g):1\nroot:$(id -g):1\n" | sudo tee -a /etc/subgid # Allow LXD’s use of our user gid
sudo snap restart lxd                                                # Restart LXD to have it load the new map
printf "uid $(id -u) 1000\ngid $(id -g) 1000" | lxc config set lxc-webserver raw.idmap - # Set a custom map for our container
lxc restart lxc-webserver                                            # Restart the container to have the new map apply
lxc config device add lxc-webserver Git disk source=/home/<user>/Git path=/home/<user>/Git # Mount the directory

Do the ac­tu­al share (mount) of some di­rec­to­ries.

lxc config device add lxc-webserver Git disk source=/home/<user>/Git path=/home/<user>/Git
lxc config device add lxc-webserver VSC disk source=/home/<user>/.vscode-server path=/home/<user>/.vscode-server

Ref­er­ences:

LXC Ba­sic op­er­a­tions

List avail­able con­tain­ers.

lxc list
lxc list -c ns4

Lo­gin to a con­tain­er (note lxc-web­serv­er is a con­tain­er name).

lxc shell lxc-webserver

Ex­e­cute a com­mand against the con­tain­er from the host.

lxc exec lxc-webserver -- apt install apache2

Start, stop or delete con­tain­er.

lxc (start|stop|delete) container-name

Cre­ate a snap­shot.

lxc snapshot lxc-webserver snapshot-name

Delete a snap­shot.

lxc delete lxc-webserver/snapshot-name

Re­store a snap­shot.

lxc restore lxc-webserver snapshot-name

Cre­ate a back­up. 

lxc export lxc-webserver ./lxc-webserver-backup.tar.gz

Re­store a back­up.

lxc import ./lxc-webserver-backup.tar.gz

Get in­fo about the con­tain­er (and its snap­shots at the bot­tom).

lxc info lxc-webserver

Lim­it the container's mem­o­ry us­age.

lxc config set lxc-webserver limits.memory 1GB

Au­to-start a con­tain­er.

lxc config set lxc-webserver boot.autostart 1

Set an au­to-start de­lay for a con­tain­er.

lxc config set lxc-webserver boot.autostart.delay 30

Set an au­to-start or­der num­ber for a con­tain­er.

lxc config set lxc-database boot.autostart.order 2
lxc config set lxc-webserver boot.autostart.order 3

Dis­able IPv6 for the con­tain­ers – ref­er­ence.

lxc network set lxdbr0 ipv6.address none

Back­up LXC Con­tain­ers

Here are pro­vid­ed notes about back­ing up the con­tain­ers,

Lo­cal ex­port ap­proach

* */1 * * * /snap/bin/lxc export lxc-webserver $HOME/backups/lxc-webserver-backup.tar.gz >/tmp/crontab.${USER}.lxc-webserver-backup.tar.gz.log 2>&1

The com­mand could be a part of your back­up script. Al­so they say it is bet­ter to ex­port a snap shot… Then a re­mote in­stance can fetch it by rsync via SSH.

Ref­er­ences:

Re­mote ex­port ap­proach

In this sec­tion, the LXD that is run­ning at metalvel​.tech will be called re­mote serv­er. The LXD that will fetch (ex­port) the back­ups will be called lo­cal serv­er in this case it is szs.spae. Here is used the most sim­ple set­tings and the con­nec­tion be­tween the servers will be car­ry out via SSH tun­nel.

So, at the re­mote serv­er run the fol­low­ing com­mand. 

lxc config set core.https_address :8443
lxc config set core.trust_password 'p@s$********wD'

Then at the lo­cal serv­er szs​.space add the nec­es­sary en­try for a con­nec­tion with port for­ward­ing of port 8443 in the file ~/.ssh/config – see the en­try lxd​.fwd​.metalevel​.tech in the SSH sec­tion be­low. Af­ter that test the con­nec­tion bi the fol­low­ing com­mands. 

ssh lxd.fwd.metalevel.tech -fTN
sudo netstat -tnupa | grep 8443

If every­thing looks fine, do the Init set­up for this in­stance (an­swer with no at all ques­tions if wont run lo­cal LXCs) and then ex­e­cute the fol­low­ing com­mand to add the re­mote serv­er. 

# Default auth type: TLS + password; 'mlt' stands for 'metalevel.tech'

lxc remote add mlt 127.0.0.1:8443

ficate fingerprint: 1778ec79530...
ok (y/n/[fingerprint])? y
Admin password for metalevel.tech: ***
Client certificate now trusted by server: mlt

Then you can switch the de­fault re­mote serv­er and list the run­ning con­tain­ers as fol­low.

lxc remote list
lxc remote switch mlt
lxc list

The above pro­ce­dure must be done for all users that will ma­nip­u­late the re­mote in­stance – in this count the root ac­count!

In or­der to ex­port a back­up from the re­mote in­stance you can per­form the fol­low­ing steps.

lxc snapshot mlt:lxc-webserver backup
lxc export mlt:lxc-webserver/backup ./mlt.lxc-webserver.tar.gz

Note you need to have enough space at the re­mote in­stance, be­cause the snap­shots are cre­at­ed there, al­so back­ups be­fore to be moved to the des­ti­na­tion place are cre­at­ed there as tem­po­rary archive. 

lxc export mlt:lxc-webserver ./mlt.lxc-webserver.tar.gz

Ref­er­ences:

Ref­er­ences


Retrieved from "https://wiki.metalevel.tech/index.php?title=LXD/LXC_Basic_Setup&oldid=31365"