<div dir="ltr"><div>Hi,</div><div><br></div><div>On Fri, Oct 23, 2015 at 3:38 PM, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">OMG! This is so cool!! Thank you so much!!! :-D<br> <br> Now, the million dollar question... I'll be playing with LXD on<br> OpenStack... Is there an elegant solution for this?<br> <br> I mean, how can OpenStack launch a LXD containers, with<br> "security.nesting 1" automatically ?<br></blockquote><div><br></div><div>You can get LXD as compute type with nclxd:</div><div><br></div><div><a href="https://insights.ubuntu.com/2015/05/06/introduction-to-nova-compute-lxd/">https://insights.ubuntu.com/2015/05/06/introduction-to-nova-compute-lxd/</a></div><div><a href="https://zulcss.wordpress.com/2015/10/20/an-nova-compute-lxd-upate/">https://zulcss.wordpress.com/2015/10/20/an-nova-compute-lxd-upate/</a><br></div><div><br></div><div>Or, if you've got a KVM Ubuntu instance, you can just install lxd and run</div><div>machine containers inside the KVM instance with lxd.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"> <br> Better to include this tip on your next blog post too! ;-)<br> <br> Thank you again!<br> <div class=""><div class="h5"><br> <br> On 23 October 2015 at 15:55, Serge Hallyn <<a href="mailto:serge.hallyn@ubuntu.com">serge.hallyn@ubuntu.com</a>> wrote:<br> > On the host, edit /etc/subuid and /etc/subgid to allocate sufficient uid<br> > ranges. In the root:firstuid:range entries, change range to be, let's say,<br> > 200000. So something like<br> ><br> > root:100000:200000<br> > lxd:100000:200000<br> ><br> > (I'm showing both root and lxd bc which to use depends on your lxd version,<br> > I think)<br> ><br> > Initialize a container,<br> ><br> > lxc init wily w1<br> > lxc config set w1 security.nesting 1<br> > lxc start w1<br> ><br> > Now inside w1, edit /etc/subuid and /etc/subgid to make sure the root<br> > allcoations do not go past 200000. so set them to say:<br> ><br> > root:100000:65536<br> > lxd:100000:65536<br> ><br> > Now you should be able to launch a container inside w1. (I just tried<br> > this in a fresh vm, worked here)<br> ><br> > I should do a blog post on this soon.<br> ><br> > Quoting Martinx - ジェームズ (<a href="mailto:thiagocmartinsc@gmail.com">thiagocmartinsc@gmail.com</a>):<br> >> Guys,<br> >><br> >> I need to create 4, or more, LXD containers, inside 1 LXD container.<br> >><br> >> How to do that?<br> >><br> >> The first LXD container, is running on a KVM (or bare-metal) host,<br> >> with Ubuntu 14.04 + LXD 0.20 (ppa:ubuntu-lxc/lxd-stable).<br> >><br> >> I really appreciate any help!<br> >><br> >> I'm seeing that both LXC itself, and LXD, supported nested containers but, how?<br> >><br> >> I'm trying but, it doesn't work...<br> >><br> >> Thanks in advance!<br> >><br> >> Best,<br> >> Thiago<br> >><br> >> --<br> >> ubuntu-server mailing list<br> >> <a href="mailto:ubuntu-server@lists.ubuntu.com">ubuntu-server@lists.ubuntu.com</a><br> >> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br> >> More info: <a href="https://wiki.ubuntu.com/ServerTeam" rel="noreferrer" target="_blank">https://wiki.ubuntu.com/ServerTeam</a><br> <br> --<br> ubuntu-server mailing list<br> <a href="mailto:ubuntu-server@lists.ubuntu.com">ubuntu-server@lists.ubuntu.com</a><br> <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-server" rel="noreferrer" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-server</a><br> More info: <a href="https://wiki.ubuntu.com/ServerTeam" rel="noreferrer" target="_blank">https://wiki.ubuntu.com/ServerTeam</a></div></div></blockquote></div><br></div></div>