How to set up and use the LXD on Ubuntu 16.04 - Setup and create a Nginx containe
A Linux container is a set of processes isolated from the rest of the system by using Linux kernel security features, such as namespaces and control groups. It is similar to the virtual machine, but it is much lighter. If you do not have enough to run additional nuclei or virtual machines, do not worry, because you can easily create multiple containers on the same server. For example, imagine that you have a server running multiple websites for your customers. In the case of a traditional installation each web site will be adding by default of the same server status as Apache or Nginx. But with Linux containers each web site can be installed in its own container with its own web server. Using Linux containers you can group your application and its dependencies into a container without affecting the rest of the system. LXD lets you create and manage these containers. LXD provides the default hardware monitor service for full lifecycle management of containers. In this lesson we will set up LXD and use it to run Nginx in a container. It will then direct traffic to the container in order to make the website accessible from the Internet.
Basic requirements
To complete this lesson, you'll need the following:
Ubuntu 16.04 is pre-configured, you can refer to this article to learn how to do it: Initial setup for Ubuntu 14.04
A non-root user has root and firewall permissions.
Optionally add 20 GB or more of storage space, you can use this to store all container data.
Step 1: Set up the LXD
The LXD is already installed on Ubuntu, but it must be set up properly before you can use it on the server. You must set up the user account to manage the containers, then set up the storage base type to store the containers and set up the network. Log on to the server by using the non-root user account. Then add the user to the LXD group so that you can use it to perform all the container management tasks:
sudo usermod --append --groups lxd Sammy
Log off the server and log on again to update your new SSH session with the new group membership. After you log on, you can start configuring the LXD. Now set up the storage rule. The recommended storage base for LXD is the ZFS file system, which is stored either in a predefined file or by using a storage block. To take advantage of ZFS support in LXD, update your package list and install the zfsutils-linux package:
sudo apt-get update
sudo apt-get install zfsutils-linux
You can now set up the LXD. Start the LXD initialization process with the LXD init command:
sudo lxd init
You will be prompted to set the storage rule details. After completing this setup you must set up the network for containers.
First you will suggest that you choose about the storage base, and will choose between two things: dir or zfs. The dir option tells LXD that the containers are stored in folders belonging to the server file system. The zfs option uses the zfs file system and LVM. Choose zfs. Using zfs we get both efficient storage and improved response. For example, if we create ten containers from the same image as the initial container, they all use only one container space. After that, only changes to the image of the first container will be stored in the storage base.
Name of the storage backend to use (dir or zfs) [default=zfs]: zfs
After you choose zfs, you will be prompted to create a new zfs pool (pool) and a name for this assembly. Select Yes to create the assembly, and name it lxd:
Create a new ZFS pool (yes/no) [default=yes]? yes
Name of the new ZFS pool [default=lxd]: lxd
You will then be asked if you want to use the existing storage hardware:
Would you like to use an existing block device (yes/no) [default=no]
If you answer yes, tell LXD where to find this hardware. If you answer No, LXD will use a predefined file. With this option you will use the empty space on the same server. There are two situations that follow depending on whether you want to use a predefined file or storage hardware. Follow the appropriate step for your situation. After you select the storage mechanism, it will initialize the network options for your containers.
Option 1: Use customization
You can use a predefined file if you can not access the storage hardware for storing the containers. Follow these steps to set up the LXD to use a predefined file to store the containers.
First, when you are asked to use the existing storage hardware, answer None:
Would you like to use an existing block device (yes/no) [default=no]? no
Next, you'll be asked to specify the size of the loop device, which is called by the predefined file from the LXD. Use the suggested default size for the predefined file:
Size in GB of the new loop device (1GB minimum) [default=15]: 15
As a rule 15 GB is the smallest size you should create. You want to allocate enough space to have at least 10 GB of remaining space after you create your containers.
After you configure the device, you will be asked to set up the network. Go to step 2 to continue setup.
Option 2: Use storage hardware
If you want to use storage hardware as a storage base, you'll need to find the hardware that corresponds to the storage block size that you created in the LXD configuration. Navigate to the Folders tab in the DigitalOcean control panel, locate your volume, click More on the pop-up menu, and then click Setup Help. Locate the hardware by applying the volume configuration command. Specifically, look for the path specified by sudo mkfs.ext4 -F. Do not run any of the commands shown on that page, we just want to find the correct device name to give to the LXD.
The following figure shows an example of the device name of the volume. You only need the red-rimmed part:
001.png
You can also specify the device name by doing the following:
ls -l /dev/disk/by-id/
total 0
lrwxrwxrwx 1 root root 9 Sep 16 20:30 scsi-0DO_Volume_volume-fra1-01 -> ../../sda
In this case, the device name for the volume is
/dev/disk/by-id/scsi-0D0_Volume_volume-fra1-01
Your order may differ. After you specify the name of the volume, continue with the LXD installation. When asked if you would like to use the existing storage hardware, choose Yes and provide the path you previously found:
Would you like to use an existing block device (yes/no) [default=no]? yes
Path to the existing block device: /dev/disk/by-id/scsi-0DO_Volume_volume-fra1-01
After you select the hard drive, you are prompted to set up network options.
Step 2: Network Settings
After you configure the volume, you are prompted to configure and set up the network. First, LXD will ask if you want to make it available over the network. Choosing Yes will enable you to manage the LXD from your local computer, without having to have an SSH session to access this server. Accept default value "No":
Output of the "lxd init" command — LXD over the network
Would you like LXD to be available over the network (yes/no) [default=no]? no
You will then be prompted to create a network bridge for the LXD containers. This gives you the following features:
Each container automatically gets a private IP address.
Containers can communicate with each other over a private network.
Each container can have an Internet connection.
The containers that you create are still inaccessible from the Internet.
You can not make a connection from the Internet and access a container unless you explicitly enable it. You will learn how to allow access to a specific container in the next step.
When prompted to configure the LXD Bridge, choose Yes:
Output of the "lxd init" command — Networking for the containers
Do you want to configure the LXD bridge (yes/no) [default=yes]? Yes
The following message will be displayed:
002.png
Confirm that you want to set up the network bridge.
You will be asked to name the bridge. Accept the default value.
You will be prompted to configure the network for both IPv4 and IPv6. In this lesson we will only work with IPv4.
When you are prompted to set up an IPv4 subnet, select Yes. You will be notified that a random subnet has been created for you. Choose OK to continue.
When you are prompted for a valid IPv4 address, accept the default value.
When you are prompted for a valid CIDR mask, accept the default value.
When prompted for the first DHCP address, accept the default value. Do the same with the latest DHCP address, depending on the maximum number of DHCP clients.
Choose Yes when NAT requests IPv4 traffic.
When you are prompted to set up an IPv6 subnet, choose No. You will see the following outputs after network setup is complete:
Warning: Stopping lxd.service, but it can still be activated by:
lxd.socket
LXD has been successfully configured.
You are now ready to set up your containers.
Step 3: Create the Nginx container
You have successfully configured the LXD and are now ready to create and manage the first container. You can manage containers with the lxc command.
Use lxc list to view installed installed containers:
lxc list
You should see the following output:
Generating a client certificate. This may take a minute...
If this is your first time using LXD, you should also run: sudo lxd init
To start your first container, try: lxc launch ubuntu:16.04
+------+-------+------+------+------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------+-------+------+------+------+-----------+
Since this is the first time that lxc has been connected with the LXD virtual hardware controller, its output lets you know that it has automatically created a client certificate for safe communication with the LXD, some information about how to run a container, and an empty list of containers, We have not created any one yet. Let's create a container that runs Nginx. To do this we will use the lxc launch command to create and start an Ubuntu 16.04 container named webserver. To create the webserver container we execute the command:
lxc launch ubuntu:x webserver
x in ubuntu: x is the acronym for the first character of Xenial, the code name for Ubuntu 16.04. ubuntu: The identifier for the repository that was previously configured for LXD images. You can also use ubuntu: 16.04 for the image name.
Note: You can find the full list of all ubuntu photos available by running the command:
lxc image list Ubuntu:
In other distributions by running the command:
lxc image list images:
Because this is the first time you create a container, this command downloads the container image from the Internet and stores it locally so that if you create a new container, it will be created more quickly. You'll see these output when you create the new container:
Generating a client certificate. This may take a minute...
If this is your first time using LXD, you should also run: sudo lxd init
To start your first container, try: lxc launch ubuntu:16.04
Creating webserver
Retrieving image: 100%
Starting webserver
Now, after running the container, use the lxc list command to display information about it:
lxc list
Outputs show a table with the name of each container, its current state, its IP address, type, and whether there are shots taken.
Output
- ----------- + --------- + ----------------------- + --- --- + ------------ + ----------- +
| NAME STATE | IPV4 IPV6 TYPE SNAPSHOTS - ----------- + --------- + ----------------------- + --- --- + ------------ + ----------- +
| webserver RUNNING | 10.10.10.100 (eth0) | | PERSISTENT 0 | - ----------- + --------- + ----------------------- + --- --- + ------------ + ----------- +
NOTE: If you enable IPv6 in the LXD, the lxc list command output may be too large to fit on the screen.
You can instead use the lxc list -columns ns4tS command that only shows the name, state, IPv4, type, and whether there are snapshots available.
Note the IPv4 address of the container. You will need to configure the firewall to allow visits from the outside world.
We will follow in the next lesson how to configure, redirect and remove the Nginx container .