[lxc-users] lxc / lxd I'm lost somewhere

Tue Mar 1 18:55:20 UTC 2016

Quoting Benoit GEORGELIN - Association Web4all (benoit.georgelin at web4all.fr):
> Hi Serge, 
> 
> Thanks for your input. 
> I still don't understand how I can manage the equivalent to create a container using LXD instant of lxc-create. 
> 
> My goal is just to create a container with a permanent existence . 
> To me, lxc launch is only for volatile containers, a bit more like a docker container 

Why is that?

lxc launch is just lxc init && lxc start.  The container sticks around
until you lxc delete it.

> I'll try to understand more how I should work with LXD instant of only LXC . I understand all the capabilities of LXD but I misunderstand how I can just do what i am doing right now : 
> 
> - Create a dedicated système user (unpriv container) 

lxc init imagelias containername

> - Apply a specific lxc.config file 

lxc config edit containername

> - Create a new rootfs with LVM or BTRFS 

You do need to choose whether you're using lvm, btrfs, zfs, or
just a regular rootfs as backing store, although you could
run 4 different lxd instances each with different backing
store, all on the same host, if you wanted.

> - Create a new container like this 
> lxc-create -n test -t ubuntu -B lvm --lvname test --vgname vg_node1 --fstype ext4 --fssize 1GB 
> 
> So the specific user will have his own container . 
> 
> User A will have his own space for containers 
> User B will have his own space for containers 

The real support for segratated lxc users (multi-tenant support) is not
yet there.  And at the moment, giving user A the ability to use the lxd
remote on host X (meaning, full ability to configure the containers and
devices there) means that user A is effectively root on host X.

> They should do "lxc-ls -f" or "lxc list" and see only their own containers 
> 
> Maybe this is not a typical use case ? 

I'm hoping we can focus on multi-tenant support as a design goal after
the 2.0 release.  But with lxd being remote based, the idea really is
that A and B can both have accounts on host H1, with lxd remotes running
on host H2 for user A and H3 for user B, and their lxc client configured
to use the appropriate remotes.  (where H2 and H3 can of course just be
VMs on H1, or truly remote).  So whereas lxc was host-based, i.e. I
create and use containers on the host I'm logged in on, lxd is
remote-based and it doesn't really matter where things are.

For instance I have my local laptop and a (very) remote server.  I
can 'lxc launch xenial h:x1; lxc file push my.tar.gz h:x1/; lxc
shell h:x1' and the fact that x1 is running on 'h' on a different
continent really doesn't matter a lick.  it's the same thing I'd
do locally - 'lxc launch xenial x1; lxc file push my.tar.gz x1;
lxc shell x1'.

-serge