[lxc-devel] [linuxcontainers.org/master] content/lxd/advanced-guide.md - added sections for cloud-init and ser…

toby63 on Github lxc-bot at linuxcontainers.org
Thu Jun 25 20:33:27 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 579 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200625/593f5025/attachment.bin>
-------------- next part --------------
From 53e7639c30bbc7b1ddb242a2080b8279f9df48ae Mon Sep 17 00:00:00 2001
From: Tobias Gerold <tobias at g3ro.eu>
Date: Thu, 25 Jun 2020 22:30:41 +0200
Subject: [PATCH] content/lxd/advanced-guide.md - added sections for cloud-init
 and server configuration, including - remote servers - mentions of projects
 and security - content/lxd/getting-started-cli.md - added one link to
 cloud-init section in advanced guide

Signed-off-by: Tobias Gerold <tobias at g3ro.eu>
---
 content/lxd/advanced-guide.md      | 251 +++++++++++++++++++++++++++++
 content/lxd/getting-started-cli.md |   2 +-
 2 files changed, 252 insertions(+), 1 deletion(-)

diff --git a/content/lxd/advanced-guide.md b/content/lxd/advanced-guide.md
index edc52ad..2505f83 100644
--- a/content/lxd/advanced-guide.md
+++ b/content/lxd/advanced-guide.md
@@ -10,6 +10,15 @@
 		* [Write a profile](#write-a-profile)
 	* [Apply and edit options later](#apply-and-edit-options-later)
 	* [Show configuration](#show-configuration)
+	* [Cloud-init](#cloud-init)
+* [Server configuration](#server-configuration)
+	* [Projects](#projects)
+	* [Security](#security)
+	* [Remote Servers](#remote-servers)
+		* [Setup simplestream servers](#setup-simplestream-servers)
+		* [Setup your LXD server as remote server](#setup-your-lxd-server-as-remote-server)
+		* [Connect to remote servers](#add-remote-servers)
+		* [Use remote servers](#use-remote-servers)
 * [Further Information & Links](#further-information-links)
 
 ---
@@ -226,6 +235,248 @@ This will show all applied configurations (including attached profiles):
 	lxc config show instancename -e
 
 
+# Cloud-init
+`cloud-init` is a software for automatic customization of a linux distribution.
+
+Features include:
+
+* install packages
+* apply/edit configuration
+* add users
+* and more
+
+Requirements:   
+
+* Images with cloud-init support:   
+For example, official LXD images that contain the term `cloud` in `ALIAS` have implemented cloud-init support.
+
+## Apply instructions for cloud-init
+You can apply instructions for cloud-init inside a LXD profile.
+
+For easier editing, we write the content of the profile in a texteditor and apply the textfile to a new profile.
+
+### Write a cloud-init profile
+
+1. Create a new textfile and name it for example: `cloud-profile1.profile`
+2. Open it in a texteditor of your choice and start editing.
+
+Every instruction for cloud-init is applied in section `config`-> `user.user-data` (or other sections for instance data, see [below](#other-config-sections-for-instance-data)):
+
+```
+config:
+  user.user-data: |
+    #cloud-config
+    key: value
+```
+
+Example:
+
+```
+config:
+  user.user-data: |
+    #cloud-config
+    package_upgrade: true
+    packages:
+      - package1
+      - package2
+
+```
+
+This will upgrade all installed packages and install package1 and package2.
+<br>
+<br>
+
+##### More instructions for cloud-init
+For more instructions see [examples in  the cloud-init documentation](https://cloudinit.readthedocs.io/en/latest/topics/examples.html).
+
+##### Other config-sections for instance data
+
+- `user.meta-data` - see [cloud-init docs - instance metadata](https://cloudinit.readthedocs.io/en/latest/topics/instancedata.html)
+- `user.vendor-data` - see [cloud-init docs - vendordata](https://cloudinit.readthedocs.io/en/latest/topics/vendordata.html)
+- `user.network-config` - see [cloud-init docs - network configuration](https://cloudinit.readthedocs.io/en/latest/topics/network-config.html)
+
+**Tip:**   
+You can check whether the syntax is correct with: [cloud-init faq - debug user-data](https://cloudinit.readthedocs.io/en/latest/topics/faq.html#how-can-i-debug-my-user-data)
+
+### Apply the profile
+After you saved the textfile, we can apply it with the following steps.
+
+Create a new profile in LXD:
+ 
+	lxc profile create cloud-profile1
+
+Apply the textfile to the new profile:
+
+	cat cloud-profile1.profile | lxc profile edit cloud-profile1
+
+#### Launch the instance with cloud-init
+Apply the profile during `lxc launch` with flag `-p`:
+ 
+	lxc launch imageserver:image instancename -p cloud-profile1
+
+Now cloud-init will start working.
+
+!!! note "Note:"
+	Cloud-init may take a while until it is finished, depending on your instructions.
+	{: .p-noteadm }
+
+#### Cloud-init status
+You can get the status of cloud-init with:
+
+	cloud-init status
+
+Reports:   
+`status: running`
+: means cloud-init is still working
+
+or
+
+`status: done`
+: means cloud-init has finished work
+
+<br>
+
+You can also use the following flag, which will only respond when cloud-init is finished:
+
+	cloud-init status --wait
+
+
+### More information:
+See:
+ [Cloud-init documentation](https://cloudinit.readthedocs.io/en/latest/)
+ 
+ 
+# Server configuration
+See [LXD documentation - Server settings](/lxd/docs/master/server) for all Server configuration options.
+
+Below we will introduce some topics, including:
+
+- [Projects](#projects)
+- [Security](#security)
+- [Remote Servers](#remote-servers)
+
+## Projects
+You can split your server into projects.   
+Each project can have it's own instances, profiles etc.   
+See [LXD documentation - Projects](/lxd/docs/master/projects) for more information and configuration.
+
+## Security
+See [LXD documentation - Security](/lxd/docs/master/security) for details on Server security.
+
+## Remote Servers
+LXD supports different kinds of remote servers:
+
+* `simplestream servers`: pure image servers (see [below](#setup-simplestream-servers))
+* `LXD-Servers`: regular LXD-Servers that you can manage over a network (can also be used as image servers). You can choose between multiple methods:
+    * [Default (TLS + Password)](#default-tls-password)
+    * [Public (image) server](#public-image-server)
+    * [Candid](#candid) (Authentication service)
+    * [Candid+RBAC](#candid-rbac) (Role Based Access Control)
+
+### Setup simplestream servers
+There are multiple servers available, for example:   
+
+- the LXD image server from Avature: [Link to Github Repo](https://github.com/Avature/lxd-image-server)
+
+**Connect to a simplestreams server:**   
+See [Add Simplestream servers](#add-simplestream-servers).
+
+### Setup your LXD server as remote server
+
+#### Default (TLS + Password)
+This will setup a server with authentification based on TLS-certificates.   
+For easier adding of clients, you can set a password which will authenticate the clients the first time they connect.
+
+Set up a LXD-server as a remote server, with:
+
+    lxc config set core.https_address "[::]"
+    lxc config set core.trust_password some-password
+
+`core.https_address "[::]"` tells LXD to bind all addresses on port 8443.       `core.trust_password` sets a trust password to be used by new clients.
+
+**Note:**
+It is recommended that `core.https_address` should be set to the single address where the server should be available (rather than any address on the host), and firewall rules should be set to only allow access to the LXD port from authorized hosts/subnets.
+
+Furthermore, `core.trust_password` should be unset after all clients have been added. This prevents brute-force attacks trying to guess the password.
+
+For details see: [LXD Documentation - Security](/lxd/docs/master/security)
+
+<br>
+
+**Connect to this Server:**   
+See [Add LXD servers](#add-lxd-servers) for how to add a server to your clients remote server list.
+
+#### Public image server
+You can use an empty LXD Server (with no storage pools, no networks etc.) as a public image server.
+
+Install LXD and run:
+
+	lxc config set core.https_address :8443 
+
+This will make the LXD-Server available over network on port 8443.   
+You also need to set the images you want to share, to `public`.
+
+#### Candid
+Candid is an Authentication service.   
+See [Ubuntu tutorials - Candid authentication for LXD](https://ubuntu.com/tutorials/candid-authentication-lxd#1-overview) for details and howto.
+
+#### Candid + RBAC
+See [LXD documentation - Security RBAC](https://linuxcontainers.org/lxd/docs/master/security#role-based-access-control-rbac) for details.
+
+
+### Add remote servers
+
+#### Add Simplestream servers
+Use:
+
+	lxc remote add some-name https://example.com/some/path --protocol=simplestreams
+
+A list of images on that server can be obtained with:
+
+    lxc image list some-name:
+
+Launch a container based on an image of that server:
+   
+    lxc launch some-name:image-name your-container
+
+
+#### Add remote LXD servers
+
+##### Default (TLS + Password)
+You can add more servers to the remote server list with:
+
+	lxc remote add some-name <IP|FQDN|URL> [flags]   
+
+Example with IP:
+
+    lxc remote add remoteserver2 1.2.3.4 
+
+This will prompt you to confirm the remote server fingerprint and then ask you for the password.
+
+##### Candid
+Use:
+
+	lxc remote add some-name <IP|FQDN|URL> --auth-type=candid
+
+
+#### Use remote servers
+
+#### Image list on a remote server
+A list of images on that server can be obtained with:
+
+    lxc image list my-images:
+
+#### Manage instances on a remote server
+You can use the same commands but prefixing the instance
+and images name with the remote host like:
+
+    lxc exec remoteserver-name:instancename -- apt-get update
+   
+
+
+
+
+
 # Further Information & Links
 You find more information on the following pages:
 
diff --git a/content/lxd/getting-started-cli.md b/content/lxd/getting-started-cli.md
index 7d92af1..2413789 100644
--- a/content/lxd/getting-started-cli.md
+++ b/content/lxd/getting-started-cli.md
@@ -278,7 +278,7 @@ To get a list of remote images on server `images`, type:
 _Most details in the list should be self-explanatory._
 
 - Alias with `cloud`
-: refers to images with built-in cloud-init support (see <!--[Advanced Guide - Cloud-Init](/lxd/advanced-guide#cloud-init) and-->[official cloud-init documentation](https://cloudinit.readthedocs.io/en/latest/))
+: refers to images with built-in cloud-init support (see [Advanced Guide - Cloud-Init](/lxd/advanced-guide#cloud-init) and [official cloud-init documentation](https://cloudinit.readthedocs.io/en/latest/))
 
 #### Search for images
 You can search for images, by applying specific elements (e.g. the name of a distribution).

More information about the lxc-devel mailing list