Installing LXD and Using LXCs.

Or: Running Containers as Isolated Systems.

Installing LXD and Using LXCs.

Update: Saturday 10th February 2024.

TL;DR.

LXD (LinuXDaemon) is a container manager for creating and managing containers. LXCs (LinuXContainers) are isolated system instances where anything within the container can NOT affect other containers or the base distro/OS. Also, multiple container instances can run concurrently on a single host.

Attributions:

https://ubuntu.com/lxd↗.

An Introduction.

This is a concise (read: less rambling) version of a post from 2023. This time around, I will be more specific about my intentions for this adapted chronicle.

The purpose of this post is to present the installation, and likely uses, of LXD/LXC.

The Big Picture.

Containers are considered the Second Wave of System Isolation Technologies. The First Wave were virtual machines and the Third Wave are WASM/WASI binaries. Each Wave brought their own strengths and weaknesses.

NameAdvantageDisadvantage
Wave 1: Virtual MachinesIsolation, less hardware, systems isolation, security, multiple OSs, ISA.Resource heavy, expensive, complex.
Wave 2: ContainersIsolation, reduced complexity, security, distributed computing, consistency, orchestration, portability, efficiency, scalability, automation, shared kernel.Stateless, may be hard to network, compatibility with other container technologies,
Wave 3: WASMPortable, assemblies not needed after compilation, can run outside the browser with WASI.Download size on Edge/2G and GSM/3G, not aware of the DOM - yet, lacks standard security defences.

Prerequisites.

  • A Linux-based distro (I use Ubuntu).

Updating the System.

  • I update my system:
sudo apt clean && \
sudo apt update && \
sudo apt dist-upgrade -y && \
sudo apt --fix-broken install && \
sudo apt autoclean && \
sudo apt autoremove -y

What is LXD and LXC?

LXD (LinuX Daemon) is a container manager for creating and managing LXCs (LinuX Containers.) As a background service, LXD can automatically start containers when the host system boots.

LXCs (LinuX Containers) are isolated, OS-level virtualizations which, for efficiency, uses the Linux kernel of the host system. LXCs are virtual environments where its system processes can not affect other containers, or the host system, without running specific commands.

Installing the LXD.

  • I install the snap package manager, if required:
sudo apt install snapd -y
  • I install the LXD:
sudo snap install lxd
  • I initialise the LXD:
lxd init

NOTE: I choose to use BTRFS and an existing host interface called eno1.
(I used the ip addr command to find the name of my host interface.)

Deleting the LXD.

  • I can delete the LXD:
sudo snap remove --purge lxd
  • I can also delete the LXD installer, if required:
sudo apt remove --purge lxd-installer

NOTE: The --purge flag removes of everything, including configuration files, etc.

Setting Up an LXC.

  • I list the existing containers:
lxc ls
  • I launch a new container called GitLab:
lxc launch ubuntu:22.04 GitLab
  • I bash into the container:
lxc exec GitLab -- bash
  • I update and upgrade the container:
sudo apt clean && \
sudo apt update && \
sudo apt dist-upgrade -y && \
sudo apt --fix-broken install && \
sudo apt autoclean && \
sudo apt autoremove -y

Adding a User Account to the LXC.

  • From within the container, I add a new user:
adduser brian
  • I add the new user to the sudo group:
usermod -aG sudo brian

NOTE: usermod let's me (-a)ppend the sudo (-G)roup to the brian account.

  • I exit the container:
exit

Fixing the Home Directory Problem.

  • From the terminal, I log in to the container with the brian account:
lxc exec GitLab -- su brian
  • I use the Nano text editor to open the .bashrc file:
sudo nano ~/.bashrc
  • I copy the following, add it (CTRL + SHIFT + V) to the bottom of the .bashrc file, save (CTRL +S) the changes, and exit (CTRL + X) Nano:
cd ~
  • I exit the container:
exit

NOTE: Within the container, I can optionally install (or enable) UFW, Fail2Ban, and CrowdSec.

23 Common Commands.

Here is a list of 23 commands that maybe somewhat useful. Although I commonly use only a handful of commands from this list, it's nice to have a reference on file:

  1. lxc --version to check the version (and if the command doesn't work, then I'd know an installation problem occurred),

  2. lxc network list to list all the network adapters,

  3. lxc init ubuntu:22.04 test-container3 to download an Ubuntu container,

  4. lxc launch ubuntu:22.04 test-container3 to launch an Ubuntu container,

  5. lxc storage ls to list storage pool,

  6. lxc list or lxc ls to list all the images and containers,

  7. lxc stop test-container3 to stop a container,

  8. lxc start test-container3 to start a container,

  9. lxc restart test-container3 to restart a container,

  10. lxc stop test-container3 followed by lxc delete test-container3, or lxc stop test-container3 -f to delete a container,

  11. lxc exec test-container3 cat /etc/os-release to execute a command on the container,

  12. lxc info test-container3 to check a container's Information,

  13. lxc exec test-container3 -- bash to get root access to a container,

  14. lxc exec test-container3 -- su mylogin to get account access to a container,

  15. lxc copy test-container3 test-container3-clone to copy a container,

  16. lxc image list images: | grep -i centos to list prebuilt images,

  17. lxc network show lxdbr0 to display information about network interface(s),

  18. lxc profile show default to check the default profile using lxc command,

  19. lxc snapshot test-container3 test-container3_snap followed by lxc info test-container3 to take snapshot of an instance,

  20. lxc restore test-container3 test-container3_snap to restore an instance from a snapshot,

  21. lxc export test-container3 /root/backup/lxd/test-container3_bkp--$(date +'%m-%d-%Y').tar.xz --optimized-storage to take backup of an instance,

  22. lxc import /root/backup/lxd/test-container3_bkp--05-07-2022.tar.xz followed by lxc list to restore instance from a backup, and

  23. lxc --help to check all the options that are available to an LXC command.

Attribution:

https://www.cyberithub.com/20-best-lxc-command-examples-to-manage-linux-containers/

The Results.

LXD and LXC provide a powerful, flexible, and resource-efficient way to run isolated system instances on a single host. This technology represents the second wave of system isolation technologies, offering certain advantages over traditional virtual machines. The process of installing LXD and using LXC may seem complex at first, but once I understood the basics and familiarized myself with common commands, I could create, manage, and delete containers with ease. Whether I'm setting up a homelab or deploying applications in a production environment, mastering LXD/LXC is a valuable skill.

In Conclusion.

LXD and LXC was a revolutionary system isolation technology. LXD (Linux Daemon) is a container manager that allows me to create and manage containers. LXCs (Linux Containers), on the other hand, are isolated system instances. They ensure that anything within the container doesn't affect other containers or the base operating system. This means multiple container instances can run concurrently on a single host.

Containers are considered the Second Wave of System Isolation Technologies. The First Wave were virtual machines and the Third Wave are WASM/WASI binaries. Each Wave brought their own strengths and weaknesses.

LXD and LXC provide a powerful, flexible, and resource-efficient way to run isolated system instances on a single host. This technology offers certain advantages over traditional virtual machines, making it a valuable skill to master.

Once I understood the basics, I could create, manage, and delete containers with ease. Whether setting up a homelab or deploying applications in a production environment, adopting LXD/LXC was a game-changer.

So, have you used LXD and LXC in your projects? What's your experience been like? Share your thoughts in the comments below!

Until next time: Be safe, be kind, be awesome.

NOTE: All images generated by ComfyUI using the dreamshaper_8 checkpoint.