Note
The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Difference between revisions of "LXD/LXD Setup"
< LXD
Jump to navigation
Jump to search
m |
|||
| Line 121: | Line 121: | ||
###i## usermod --add-subuids 100000-165535 root | ###i## usermod --add-subuids 100000-165535 root | ||
###i## usermod --add-subgids 100000-165535 root | ###i## usermod --add-subgids 100000-165535 root | ||
###i## | ###i## /etc/init.d/lxd restart | ||
###i## openrc | ###i## openrc | ||
}} | }} | ||
LXD restart is needed to inform the daemon of the uid/gid changes. | LXD restart is needed to inform the daemon of the uid/gid changes. | ||
Revision as of 12:53, October 25, 2018
PART III - LXD Setup
{{#layout:doc}}
First setup of LXD/Initialisation
Before using LXD for the first time as a user, you should initialize your LXD environment. As stated earlier btrfs (or zfs) is recommended as your storage filesystem.
root # service lxd start * Starting lxd server ... root # lxd init Do you want to configure a new storage pool (yes/no) [default=yes]? yes Name of the new storage pool [default=default]: default Name of the storage backend to use (dir, btrfs, lvm) [default=dir]: btrfs Create a new BTRFS pool (yes/no) [default=yes]? yes Would you like to use an existing block device (yes/no) [default=no]? no Would you like to create a new subvolume for the BTRFS storage pool (yes/no) [default=yes]: yes Would you like LXD to be available over the network (yes/no) [default=no]? no Would you like stale cached images to be updated automatically (yes/no) [default=yes]? no Would you like to create a new network bridge (yes/no) [default=yes]? yes What should the new bridge be called [default=lxdbr0]? lxdbr0 What IPv4 address should be used (CIDR subnet notation, “auto” or “none”) [default=auto]? auto What IPv6 address should be used (CIDR subnet notation, “auto” or “none”) [default=auto]? auto LXD has been successfully configured.
What this does is it creates btrfs subvolumes like this:
user $ btrfs sub list . ID 260 gen 1047 top level 5 path rootfs ID 280 gen 1046 top level 260 path var/lib/lxd/storage-pools/default ID 281 gen 1043 top level 280 path var/lib/lxd/storage-pools/default/containers ID 282 gen 1044 top level 280 path var/lib/lxd/storage-pools/default/snapshots ID 283 gen 1045 top level 280 path var/lib/lxd/storage-pools/default/images ID 284 gen 1046 top level 280 path var/lib/lxd/storage-pools/default/custom
It also creates new network interface for you:
user $ ip a list dev lxdbr0 8: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether d2:9b:70:f2:8f:6f brd ff:ff:ff:ff:ff:ff inet 10.250.237.1/24 scope global lxdbr0 valid_lft forever preferred_lft forever inet 169.254.59.23/16 brd 169.254.255.255 scope global lxdbr0 valid_lft forever preferred_lft forever inet6 fd42:efd8:662e:3184::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::caf5:b7ed:445e:b112/64 scope link valid_lft forever preferred_lft forever
And last but not least it also generates iptables rules for you:
user $ iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:domain /* generated for LXD network lxdbr0 */ ACCEPT udp -- anywhere anywhere udp dpt:domain /* generated for LXD network lxdbr0 */ ACCEPT udp -- anywhere anywhere udp dpt:bootps /* generated for LXD network lxdbr0 */ Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere /* generated for LXD network lxdbr0 */ ACCEPT all -- anywhere anywhere /* generated for LXD network lxdbr0 */ Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:domain /* generated for LXD network lxdbr0 */ ACCEPT udp -- anywhere anywhere udp spt:domain /* generated for LXD network lxdbr0 */ ACCEPT udp -- anywhere anywhere udp spt:bootps /* generated for LXD network lxdbr0 */ user $ iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 10.250.237.0/24 !10.250.237.0/24 /* generated for LXD network lxdbr0 */ user $ iptables -L -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination CHECKSUM udp -- anywhere anywhere udp dpt:bootpc /* generated for LXD network lxdbr0 */ CHECKSUM fill
Some other things done by the initialization and starting of the LXD daemon are:
- dnsmasq listening on lxdbr0
- ...
Finishing up the setup of LXD
Note
Some good instruction for a production server can be found here.
There are still some things that you need to do manually. We need to setup subuid and subgid values for our containers to use. And for using non-systemd containers we will also need app-admin/cgmanager so emerge and start it now.
root # rc-update add lxd default root # rc-update add lxcfs default root # touch /etc/subuid root # touch /etc/subgid root # usermod --add-subuids 100000-165535 root root # usermod --add-subgids 100000-165535 root root # /etc/init.d/lxd restart root # openrc
LXD restart is needed to inform the daemon of the uid/gid changes.