Nested LXD, how?

Fri Oct 23 21:05:49 UTC 2015

On Fri, Oct 23, 2015 at 3:54 PM, Martinx - ジェームズ <thiagocmartinsc at gmail.com>
wrote:

> Sure, I'm aware of that but, my question is:
>
> * Will OpenStack with LXD, configure the containers, with
> "security.nesting 1" automatically? If no, is there any config option
> related to this?
>
> So I can run nested LXD containers, inside my bare-metal LXD container
> launched by Nova?
>

Not clear to me why you'd nest LXD in LXD if you already have LXD on your
compute host, but I don't know your use-case.
That said, I don't see a config option for that in the nova-compute-lxd
driver at this time.  If that's something desired
I suggest filing an issue[1] with the upstream and document your use-case
for the developers to understand.

1. https://github.com/lxc/nova-compute-lxd/issues

Ryan

> On 23 October 2015 at 18:50, Ryan Harper <ryan.harper at canonical.com>
> wrote:
> > Hi,
> >
> > On Fri, Oct 23, 2015 at 3:38 PM, Martinx - ジェームズ <
> thiagocmartinsc at gmail.com>
> > wrote:
> >>
> >> OMG! This is so cool!! Thank you so much!!!   :-D
> >>
> >> Now, the million dollar question... I'll be playing with LXD on
> >> OpenStack... Is there an elegant solution for this?
> >>
> >> I mean, how can OpenStack launch a LXD containers, with
> >> "security.nesting 1" automatically ?
> >
> >
> > You can get LXD as compute type with nclxd:
> >
> > https://insights.ubuntu.com/2015/05/06/introduction-to-nova-compute-lxd/
> > https://zulcss.wordpress.com/2015/10/20/an-nova-compute-lxd-upate/
> >
> > Or, if you've got a KVM Ubuntu instance, you can just install lxd and run
> > machine containers inside the KVM instance with lxd.
> >
> >
> >>
> >>
> >> Better to include this tip on your next blog post too!   ;-)
> >>
> >> Thank you again!
> >>
> >>
> >> On 23 October 2015 at 15:55, Serge Hallyn <serge.hallyn at ubuntu.com>
> wrote:
> >> > On the host, edit /etc/subuid and /etc/subgid to allocate sufficient
> uid
> >> > ranges.  In the root:firstuid:range entries, change range to be, let's
> >> > say,
> >> > 200000.  So something like
> >> >
> >> > root:100000:200000
> >> > lxd:100000:200000
> >> >
> >> > (I'm showing both root and lxd bc which to use depends on your lxd
> >> > version,
> >> > I think)
> >> >
> >> > Initialize a container,
> >> >
> >> > lxc init wily w1
> >> > lxc config set w1 security.nesting 1
> >> > lxc start w1
> >> >
> >> > Now inside w1, edit /etc/subuid and /etc/subgid to make sure the root
> >> > allcoations do not go past 200000.  so set them to say:
> >> >
> >> > root:100000:65536
> >> > lxd:100000:65536
> >> >
> >> > Now you should be able to launch a container inside w1.  (I just tried
> >> > this in a fresh vm, worked here)
> >> >
> >> > I should do a blog post on this soon.
> >> >
> >> > Quoting Martinx - ジェームズ (thiagocmartinsc at gmail.com):
> >> >> Guys,
> >> >>
> >> >>  I need to create 4, or more, LXD containers, inside 1 LXD container.
> >> >>
> >> >>  How to do that?
> >> >>
> >> >>  The first LXD container, is running on a KVM (or bare-metal) host,
> >> >> with Ubuntu 14.04 + LXD 0.20 (ppa:ubuntu-lxc/lxd-stable).
> >> >>
> >> >>  I really appreciate any help!
> >> >>
> >> >>  I'm seeing that both LXC itself, and LXD, supported nested
> containers
> >> >> but, how?
> >> >>
> >> >>  I'm trying but, it doesn't work...
> >> >>
> >> >>  Thanks in advance!
> >> >>
> >> >> Best,
> >> >> Thiago
> >> >>
> >> >> --
> >> >> ubuntu-server mailing list
> >> >> ubuntu-server at lists.ubuntu.com
> >> >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> >> >> More info: https://wiki.ubuntu.com/ServerTeam
> >>
> >> --
> >> ubuntu-server mailing list
> >> ubuntu-server at lists.ubuntu.com
> >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> >> More info: https://wiki.ubuntu.com/ServerTeam
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20151023/4a468af8/attachment.html>