<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 23, 2015 at 3:54 PM, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Sure, I'm aware of that but, my question is:<br> <br> * Will OpenStack with LXD, configure the containers, with<br> "security.nesting 1" automatically? If no, is there any config option<br> related to this?<br> <br> So I can run nested LXD containers, inside my bare-metal LXD container<br> launched by Nova?<br></blockquote><div><br></div><div>Not clear to me why you'd nest LXD in LXD if you already have LXD on your compute host, but I don't know your use-case.</div><div>That said, I don't see a config option for that in the nova-compute-lxd driver at this time. If that's something desired<br></div><div>I suggest filing an issue[1] with the upstream and document your use-case for the developers to understand.</div><div><br></div><div>1. <a href="https://github.com/lxc/nova-compute-lxd/issues">https://github.com/lxc/nova-compute-lxd/issues</a></div><div><br></div><div>Ryan</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"> <div class=""><div class="h5"><br> On 23 October 2015 at 18:50, Ryan Harper <<a href="mailto:ryan.harper@canonical.com">ryan.harper@canonical.com</a>> wrote:<br> > Hi,<br> ><br> > On Fri, Oct 23, 2015 at 3:38 PM, Martinx - ジェームズ <<a href="mailto:thiagocmartinsc@gmail.com">thiagocmartinsc@gmail.com</a>><br> > wrote:<br> >><br> >> OMG! This is so cool!! Thank you so much!!! :-D<br> >><br> >> Now, the million dollar question... I'll be playing with LXD on<br> >> OpenStack... Is there an elegant solution for this?<br> >><br> >> I mean, how can OpenStack launch a LXD containers, with<br> >> "security.nesting 1" automatically ?<br> ><br> ><br> > You can get LXD as compute type with nclxd:<br> ><br> > <a href="https://insights.ubuntu.com/2015/05/06/introduction-to-nova-compute-lxd/" rel="noreferrer" target="_blank">https://insights.ubuntu.com/2015/05/06/introduction-to-nova-compute-lxd/</a><br> > <a href="https://zulcss.wordpress.com/2015/10/20/an-nova-compute-lxd-upate/" rel="noreferrer" target="_blank">https://zulcss.wordpress.com/2015/10/20/an-nova-compute-lxd-upate/</a><br> ><br> > Or, if you've got a KVM Ubuntu instance, you can just install lxd and run<br> > machine containers inside the KVM instance with lxd.<br> ><br> ><br> >><br> >><br> >> Better to include this tip on your next blog post too! ;-)<br> >><br> >> Thank you again!<br> >><br> >><br> >> On 23 October 2015 at 15:55, Serge Hallyn <<a href="mailto:serge.hallyn@ubuntu.com">serge.hallyn@ubuntu.com</a>> wrote:<br> >> > On the host, edit /etc/subuid and /etc/subgid to allocate sufficient uid<br> >> > ranges. In the root:firstuid:range entries, change range to be, let's<br> >> > say,<br> >> > 200000. So something like<br> >> ><br> >> > root:100000:200000<br> >> > lxd:100000:200000<br> >> ><br> >> > (I'm showing both root and lxd bc which to use depends on your lxd<br> >> > version,<br> >> > I think)<br> >> ><br> >> > Initialize a container,<br> >> ><br> >> > lxc init wily w1<br> >> > lxc config set w1 security.nesting 1<br> >> > lxc start w1<br> >> ><br> >> > Now inside w1, edit /etc/subuid and /etc/subgid to make sure the root<br> >> > allcoations do not go past 200000. so set them to say:<br> >> ><br> >> > root:100000:65536<br> >> > lxd:100000:65536<br> >> ><br> >> > Now you should be able to launch a container inside w1. (I just tried<br> >> > this in a fresh vm, worked here)<br> >> ><br> >> > I should do a blog post on this soon.<br> >> ><br> >> > Quoting Martinx - ジェームズ (<a href="mailto:thiagocmartinsc@gmail.com">thiagocmartinsc@gmail.com</a>):<br> >> >> Guys,<br> >> >><br> >> >> I need to create 4, or more, LXD containers, inside 1 LXD container.<br> >> >><br> >> >> How to do that?<br> >> >><br> >> >> The first LXD container, is running on a KVM (or bare-metal) host,<br> >> >> with Ubuntu 14.04 + LXD 0.20 (ppa:ubuntu-lxc/lxd-stable).<br> >> >><br> >> >> I really appreciate any help!<br> >> >><br> >> >> I'm seeing that both LXC itself, and LXD, supported nested containers<br> >> >> but, how?<br> >> >><br> >> >> I'm trying but, it doesn't work...<br> >> >><br> >> >> Thanks in advance!<br> >> >><br> >> >> Best,<br> >> >> Thiago<br> >> >><br> >> >> --<br> >> >> ubuntu-server mailing list<br> >> >> <a href="mailto:ubuntu-server@lists.ubuntu.com">ubuntu-server@lists.ubuntu.com</a><br> >> >> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br> >> >> More info: <a href="https://wiki.ubuntu.com/ServerTeam" rel="noreferrer" target="_blank">https://wiki.ubuntu.com/ServerTeam</a><br> >><br> >> --<br> >> ubuntu-server mailing list<br> >> <a href="mailto:ubuntu-server@lists.ubuntu.com">ubuntu-server@lists.ubuntu.com</a><br> >> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br> >> More info: <a href="https://wiki.ubuntu.com/ServerTeam" rel="noreferrer" target="_blank">https://wiki.ubuntu.com/ServerTeam</a><br> ><br> ><br> </div></div></blockquote></div><br></div></div>