Welcome to this guide on how to run Linux containers with LXC/LXD on Rocky Linux 8|AlmaLinux 8. But before we dive into the crux of this matter, we will discuss and get to know what LXC/LXD is.
What is LXC/LXD?
The term LXD is an acronym for Linux Container Daemon. This is an open-source tool that provides a set of tools, templates, libraries as well as language bindings used to manage Linux containers. LXC stands for Linux containers, this virtualizes applications at the operating system level. LXD just like Docker was created as an extension of the LXC. This makes it easy to manage the LXD container using the LXC pre-defined set of commands. LXD has an amazing interface that offers amazing features such as image controls and snapshots. Both LXD and LXC are developed by Canonical
Features of LXC
LXC offers the following features:
- Chroots (using pivot_root)
- Seccomp policies
- CGroups (control groups)
- Kernel capabilities
- Apparmor and SELinux profiles
- Kernel namespaces (ipc, uts, mount, pid, network and user)
Features of LXD
LXD offers a lot of features that include:
- Secure by design through unpriviliged containers, resource restrictions e.t.c
- It is scalable.
- It is simple with a clear API and crisp command line
- Support for Cross-host container and image transfer
- It has an advanced resource control tool for the cpu, memory, disk usage e.t.c
- Storage management with support for multiple storage backends, storage pools and storage volumes
- Network management that includes bridge creation and configuration, cross-host tunnels e.t.c
Install and Use LXC/LXD on Rocky Linux 8|AlmaLinux 8
This guide aims to provide you with the required knowledge to run Linux Containers with LXC/LXD on Rocky Linux 8|AlmaLinux 8.
Step 1 – Prepare your Rocky Linux 8|AlmaLinux 8 system
We will ensure that the available packages are updated to their latest available versions as below:
sudo dnf update
Install the required packages for the installation.
sudo dnf -y install vim curl
Set SELinux inpermissive mode as below.
sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
Step 2 – Add the EPEL repository on Rocky Linux 8|AlmaLinux 8
We need to add the EPEL repository to our system to be able to install the required packages on Rocky Linux 8|AlmaLinux 8.
Add the EPEL repository as below.
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm sudo dnf makecache
Step 3 – Install Snap on Rocky Linux 8|AlmaLinux 8
Since LXD is available on Snap, we need to install and enable the snapd service on our system.
Install snap on Rocky Linux 8|AlmaLinux 8 using the command:
sudo dnf -y install snapd
Start and enable snap.
sudo systemctl enable --now snapd.socket
Enable classic snap support by creating the below symbolic link.
sudo ln -s /var/lib/snapd/snap /snap
Step 4 – Configure the Rocky Linux 8|AlmaLinux 8 Kernel
There are some Kernel configurations required by LXD. These configurations are made to the Kernel using the below commands:
Begin by switching to the root user.
sudo su -
Using Grubby, make the below configurations.
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)" grubby --args="namespace.unpriv_enable=1" --update-kernel="$(grubby --default-kernel)" echo "user.max_user_namespaces=3883" | sudo tee -a /etc/sysctl.d/99-userns.conf
To apply the above Kernel configurations, we need to reboot the system.
sudo reboot -i
Step 5 – Install LXC/LXD on Rocky Linux 8|AlmaLinux 8
We will install LXD as a snap package on our system using the below command:
sudo snap install lxd
Setup snap "snapd" (14295) security profiles / 2021-12-28T07:59:55-05:00 INFO Waiting for automatic snapd restart... lxd 4.21 from Canonical✓ installed
In order to be able to run the LXD commands without using
sudo, we need to add the system user to the LXD group. This is achieved by running the command:
sudo usermod -aG lxd $USER newgrp lxd
Step 6 – Configure LXD on Rocky Linux 8|AlmaLinux 8
We will now configure the LXD environment by making the settings as illustrated below.
First, initialize LXD:
Now proceed to the storage pool configuration. Here you can choose between LVM and the default brtfs.
Would you like to use LXD clustering? (yes/no) [default=no]: Do you want to configure a new storage pool? (yes/no) [default=yes]: Name of the new storage pool [default=default]: Name of the storage backend to use (btrfs, dir, lvm, ceph) [default=btrfs]: lvm
Set the disk space and proceed with more configurations.
Create a new LVM pool? (yes/no) [default=yes]: Would you like to use an existing empty block device (e.g. a disk or partition)? (yes/no) [default=no]: Size in GB of the new loop device (1GB minimum) [default=7GB]: 5GB Would you like to connect to a MAAS server? (yes/no) [default=no]: Would you like to create a new local network bridge? (yes/no) [default=yes]: What should the new bridge be called? [default=lxdbr0]: What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: Would you like the LXD server to be available over the network? (yes/no) [default=no]: Would you like stale cached images to be updated automatically? (yes/no) [default=yes] Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:
Now allow the lxdbr0 network bridge through the firewall.
sudo firewall-cmd --add-interface=lxdbr0 --zone=trusted --permanent sudo firewall-cmd --reload
Step 7 – Create and Manage Linux Containers with LXC/LXD
Once the above configuration has been done, we are set to launch and manage Linux containers using the
1. Create a Linux Container
To create a container, the below syntax is used.
lxc launch images:[distro]/[version]/[architecture] [your-container-name]
In the command, replace:
- distro with the Linux distribution to run, i.e CentOS, RedHat
- version with the Version of the distribution.
- Architecture with the CPU architecture i.e amd4, i386, ppc64el e.t.c
- your-container-name the desired name for the container to be created.
For example, to create an Ubuntu 20.04(focal) amd64 container, I will issue the command:
$ lxc launch images:ubuntu/20.04/amd64 Ubuntu20 Creating Ubuntu20 Starting Ubuntu20
2. List available Containers
It is possible to run multiple containers, once created, you can list them using the command:
$ lxc list
3. Stop, Start and Delete LXC containers
Once the containers have been created, you can manage them by starting, stopping, and deleting them when there is a need to.
These actions can be achieved using the commands:
lxc start container-name lxc stop container-name lxc restart container-name lxc delete container-name
For example, the created Ubuntu20 container can be stopped as below.
lxc stop Ubuntu20
Now view the status of the container.
4. View Container information
The information of a container can be viewed as below:
lxc info container-name
For example, the information about the Ubuntu20 container can ve viewed as below.
$ lxc info Ubuntu20 Name: Ubuntu20 Status: RUNNING Type: container Architecture: x86_64 PID: 10756 Created: 2021/12/28 08:08 EST Last Used: 2021/12/28 08:13 EST Resources: Processes: 14 Disk usage: root: 538.77MiB CPU usage: CPU usage (in seconds): 0 Memory usage: Memory (current): 101.87MiB Memory (peak): 104.12MiB Network usage: lo: Type: loopback State: UP MTU: 65536 Bytes received: 0B Bytes sent: 0B Packets received: 0 Packets sent: 0 IP addresses: inet: 127.0.0.1/8 (local) inet6: ::1/128 (local) eth0: Type: broadcast ..........
5. Execute ad hoc commands in containers
Similar to docker, you can also execute the commands inside the LXD container. The syntax used is as below.
lxc exec container-name <command>
For example, to install Apache on our Ubuntu20 container, we will execute:
lxc exec Ubuntu20 -- apt -y install apache2
6. Access Container bash
To execute commands, you can also access the container’s bash as below.
lxc exec Ubuntu20 -- /bin/bash
Once in the shell, you can execute desired commands.
Step 8 – Use LXD GUI to manage LXC containers
For those who are not comfortable with the command line, you can as well use the LXD GUI to manage LXC containers.
Install lxdmosaic from Snap as below.
$ sudo snap install lxdmosaic lxdmosaic 0+git.2124524 from Daniel Hope (turtle0x1) installed
Assign and allow the required ports through the firewall.
sudo snap set lxdmosaic ports.http=81 ports.https=444 sudo firewall-cmd --zone=public --add-port=81/tcp --permanent sudo firewall-cmd --zone=public --add-port=444/tcp --permanent sudo firewall-cmd --reload
Configure the LXD GUI by setting a preferred password to access the web page.
lxc config set core.https_address [::] lxc config set core.trust_password your-password
In the above command, replace your-password with your preferred password.
Restart snap on your system.
sudo systemctl restart snapd
Step 9 – Access the LXD Web UI
Use the URL https://IP_address:444 to access the LXD Web UI on Chrome or any other powerful browser. Fill in the required details.
Enter the LXD server IP address and password set above. Also, create an admin user for LXD Mosaic. Once all the details are filled in, launch LXD Mosaic as below.
Now login using the created admin user credentials.
That is it! You will now have the LXD GUI to manage the containers
That marks the end of this amazing guide. I hope are now in a position to create and manage Linux Containers with LXC/LXD on Rocky Linux 8|AlmaLinux 8.