2021 July 21
  • They “weight” between VMs and Application Containers (e.g. Docker) - VMs are heavier and Application Containers the lightest. LXC/LXD are the middle ground.

  • LXD is the CLI/REST API

  • “Machine containers” - A full operating system containerized.

  • Can have access to hardware on the containerized OS

  • VMs reserve memory for a VM on boot. On LXC, they use limits.memory and limits.cpu, by default all on the machine.

  • You can make clusters of LXD hosts (you can move a container from one host to another)

  • You can snapshot/restore containers

  • You can nest LXD (have LXD inside the containerized OS)

  • They use the LXD daemon host kernel

  • You can ping between 2 or more containers using their DNS name (which is container-name.lxd)

  • On Ubuntu:

    • sudo systemctl enable lxd
    • Add your user account on the lxd group.
    • lxd init
    • lxc version
    • lxc remote list (list remote repositories)
    • lxc image list (show local downloaded images)
    • lxc image list images: (images on a repository)
    • lxc image list images:deb (images on a repository)
    • lxc image list images:cent (images on a repository)
    • lxc launch ubuntu:20.04 (launch a container)
    • lxc list (list containers)
    • lxc delete <container>
    • lxc stop <container>
    • lxc start <container>
    • lxc copy <container> <another-container> (create a new container from an existing one)
    • lxc move <container> <new-name> (renames a container)
    • lxc exec <container> bash (enter the container as root)
    • lxc exec <container> su - <username> (enter the container as another user)
    • lxc info <container> (info on running container)
    • lxc config show <container> (container configuration - shows limits and other info)
    • lxc profile list
    • lxc profile show default (show the default profile)
    • lxc profile copy default new-profile-name (copy default profile)
    • lxc launch ubuntu:18.04 <container> --profile <profile-name> (create a new container with a custom profile)
  • Restrict resources on container - uses cgroups - you can do that on profile or dinamically:

    • Dinamically (on running container): lxc config set <container> limits.memory 512MB
    • On the profile:
      • lxc profile edit <profile-name>
      • Change config: {} to:
          limits.memory: 512MB
      • Create a new container using the edited profile.
  • push files from host to the container: lxc file push <file> <container>/<path>

  • pull files from the container to host: lxc file pull <container>/<path> <file>

  • snapshot a container: lxc snapshot <container> <snapshot-name> (copies the entire filesystem)

  • restore container from snapshot: lxc restore <container> <snapshot-name> (copies the entire filesystem - lxc list shows how many snapshots are there for a container)

  • To use LXD nesting, you must set security.nesting and security.privileged:

    • You cannot set that dinamically
    • You must stop the container if it is running, then:
      • lxc config set <container> security.privileged true
      • lxc config set <container> security.nesting true
    • … or edit the profile:
      • lxc profile edit <profile-name>
      • Change config: {} to:
          security.privileged: true
          security.nesting: true
NOTE: The original content(s) that inspired this one can be found at:
All copyright and intellectual property of each one belongs to its' original author.