Announcement

Collapse
No announcement yet.

Hypervisors and LXD

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Hypervisors and LXD

    I was browsing through YouTube looking for recent videos about Btrfs I found this one:
    Creating a Btrfs Container (i.e., hypervisor or virtual machine running inside your existing installation):


    I had heard about "containers" but that word didn't perk my interest, until I saw that video.
    Canonical has put up a site supporting their container technology: https://linuxcontainers.org

    The first container tool was called LXC (perhaps for "LinuX Container"?). The current technology is called LXD, which uses many LXC and other components under the LXD hood.

    Under the LXD column on that webpage is a "Try it" button. It takes you to a remote LXD container which has access to images of many Linux distros, from Alpine to Ubuntu 18.04. You can make a local container, much like a VirtualBox installation, but no need to imitate separate hardware facilities, and you can resize your containers from the command line. (Btrfs users will probably want to make their container directories nocow? The "Try It" allows access to the remote container and its many images for four sessions of 30 minutes each. Or, you can install lxd and its associated utilities from the repository and build your containers locally, which is what I plan to do after I move to KDE Neon User Edition 18.04.

    About 15 years ago IBM created 4,000 virtual instances of SuSE on their z system mainframe, IIRC. That's one refrigerator size box running 4,000 virtual workstations. That's what LXD reminds me of, if what I understand correctly what is at that linuxcontainers.org website.

    Once you install lxd and lxd-client, you can issue
    sudo lxd init
    and after that
    lxc launch ubuntu:18.04 first

    That will create your "first" container, which contains 18.04.
    Inside it you can begin your setup. The basic starting commands are shown here:
    https://linuxcontainers.org/lxd/getting-started-cli/
    Last edited by GreyGeek; Jul 08, 2018, 01:43 PM.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    https://www.ubuntu.com/containers/lxd
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    Comment


      #3
      Used for our packaging work, and Kubuntu CI build node. Also used run package autotests, both in testing for us and on main Ubuntu infa for proposed migration testing on some architectures.

      Probably used in many more ways on Ubuntu infra than even I am aware of.
      On #kubuntu-devel & #kubuntu on libera.chat - IRC Nick: RikMills - Launchpad ID: click

      Comment


        #4
        Probably a stupid question but can not-so-tech-savvy users use LXD instead of VirtualBox or kvm/qemu for things like checking out other distros?

        Edit:
        I found Windows and Linux on LXD
        Q: Can different flavors of Windows or Linux (just 1 instance) run on LXD ? Any specific considerations ? (performance/scale/Openstack integration among others)

        A: Linux, yes. Containers are chroots, not VMs though, so you cannot run other incompatible operating systems. You need a VM to run Windows on top of Ubuntu or any other Linux.

        As for other distributions on top of Ubuntu (or any other distribution running LXD), everything will generally work as long as you're wanting to run a compatible architecture (i386 on i386, or amd64 or i386 on amd64, for example). Anything which needs specific kernel features which may not be enabled in the host system, won't work inside the container, as it's not a VM.


        So I'm guessing trying out 18.10 on 18.04 via LXD may not be possible?

        Next edit: Can an LXD client run a desktop environment?
        Q: Can an LXD client run a graphical desktop environment in the same way as, for example, GNOME Boxes or VirtualBox?
        A: Short answer is "no". Containers don't have virtual graphic cards so there's nothing for them to render to.
        Last edited by chimak111; Jul 08, 2018, 07:27 AM.
        Kubuntu 20.04

        Comment


          #5
          Originally posted by chimak111 View Post
          Probably a stupid question but can not-so-tech-savvy users use LXD instead of VirtualBox or kvm/qemu for things like checking out other distros?

          Edit:
          I found Windows and Linux on LXD
          Q: Can different flavors of Windows or Linux (just 1 instance) run on LXD ? Any specific considerations ? (performance/scale/Openstack integration among others)

          A: Linux, yes. Containers are chroots, not VMs though, so you cannot run other incompatible operating systems. You need a VM to run Windows on top of Ubuntu or any other Linux.

          As for other distributions on top of Ubuntu (or any other distribution running LXD), everything will generally work as long as you're wanting to run a compatible architecture (i386 on i386, or amd64 or i386 on amd64, for example). Anything which needs specific kernel features which may not be enabled in the host system, won't work inside the container, as it's not a VM.


          So I'm guessing trying out 18.10 on 18.04 via LXD may not be possible?

          Next edit: Can an LXD client run a desktop environment?
          Q: Can an LXD client run a graphical desktop environment in the same way as, for example, GNOME Boxes or VirtualBox?
          A: Short answer is "no". Containers don't have virtual graphic cards so there's nothing for them to render to.
          My understanding is that containers access the hardware and OS underneath.
          https://linuxcontainers.org/lxd/getting-started-cli/
          Shows how to create an ubuntu 16.04 container and then access its bash shell.
          When I tried
          lxc launch ubuntu-daily:16.04 myubuntu
          it created IPv4 & 6 subnets and assigned addresses with NAT.
          It added this network bridge, which I did not activate:
          Code:
          7: lxdbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
              link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
              inet 10.171.161.1/24 scope global lxdbr0
                 valid_lft forever preferred_lft forever
              inet6 fd33:d55c:a943:2a93::1/64 scope global 
                 valid_lft forever preferred_lft forever
              inet6 fe80::5c53:6cff:feca:32b2/64 scope link 
                 valid_lft forever preferred_lft forever

          Then I did
          lxc exec first -- /bin/bash
          to get a bash shell.

          From inside that shell I did
          lxc exec apt-get xinit
          which asked me if I wanted to install the Gnome graphical environment, about 245MB of stuff. IF I had completed that download and used 'startx' I suspect it would have attempted to start the Gnome DE.

          In the Video posted in my OP you'll notice that the video starts with the LXC-server container already made and moved into using the "lxc exec LXC-server -- /bin/bash" command. From that bash prompt he installs btrfs-tools, and then formats the /dev/sdb drive with btrfs. He then proceeds to create a mount point under root and mounts it using the mount command.

          As acheron says, I can see containers being used as console environments for KDE Qt programming, compiling, debugging and testing against a variety of distros.
          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
          – John F. Kennedy, February 26, 1962.

          Comment


            #6
            The following video is interesting between 15 and 37 minutes, where the speaker demonstrates lcx. He is aggrivating because every sentence he speaks trails off into a mumble. But, the screen view of his commands are interesting. Also, hardware passes through to containers, or visa-versa, so it appears that perhaps one can add a gpu device to a container, establish a display and run a DE. He shows adding how to add a gpu device (His was a GT 670). Interestingly, he added /dev/kvm as another device and bound some files to it.
            Last edited by GreyGeek; Jul 08, 2018, 05:31 PM.
            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
            – John F. Kennedy, February 26, 1962.

            Comment


              #7
              Containers are the Big Thing right now, for sure. It is not just for big hardware, either.

              https://www.reddit.com/r/Crostini/wiki/index
              New Chromebooks are getting Linux app support via LXD containers, some have it already (unofficially) .

              It is going to be a little weird and wonderful running Chrome OS apps, Android apps, and Linux programs all on the same machine at the same time

              (yeah, I know we already have crouton, but that is a chroot, not the same thing and can be a PITA)
              Last edited by claydoh; Jul 08, 2018, 06:06 PM.

              Comment


                #8
                Interesting history of containers, and some more examples of how it is used. I found it interesting that some installations use containers for every service running.


                I found one instance of someone getting a DE to work inside of a container:
                https://forum.kde.org/viewtopic.php?f=17&t=138768
                but he had to settle for slim DM because he couldn't get sddm to work.


                So, unable to find an instance or successful instructions on running a Plasma5 inside a container, and as good as they may be for running a full featured text based distro inside a server, that concludes my interest in containers. At least until the devs create the ability to run a DE inside one.
                Last edited by GreyGeek; Jul 08, 2018, 06:52 PM.
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment


                  #9
                  Doesn't docker sorta count as a container?
                  https://community.kde.org/Neon/Docker

                  Comment


                    #10
                    Originally posted by GreyGeek View Post
                    ... unable to find an instance or successful instructions on running a Plasma5 inside a container...
                    I suppose one might want to use a container to check out running some version of a DE, but I wonder if X apps could be run in the container, talking to an X server on the system hosting the container? Or another system? Does the contained OS have an IP address for the containing OS?

                    Regards, John Little
                    Regards, John Little

                    Comment


                      #11
                      Originally posted by jlittle View Post
                      I suppose one might want to use a container to check out running some version of a DE, but I wonder if X apps could be run in the container, talking to an X server on the system hosting the container? Or another system? Does the contained OS have an IP address for the containing OS?

                      Regards, John Little
                      Good question. Borrowing the display of the host. For consoles that is, essentially, what is taking place by using the framebuffer. When I used debian as a template in the container I created, it downloaded the entire distro and even executed scripts which created a bridge and NAT, assigning an IP address for BOTH IPv4 and IPv6. It did not create a DNS assignment, however, and I didn't continue with creating that setting. In a post above I displayed the bridge configuration that was set up. From my Neon Konsole I could run ifconfig and see the bridge listed.

                      Without NAT the container cannot communicate with its host, but it does see the hardware. I installed and ran xinit and it started an xterm. Inside that I ran startx. It failed. I could have imported my xinitrc and retried it, but I didn't.

                      After I satisfied myself that the primary thrust of lxc & lxd was to create headless server containers I decided to stop exploring and restore my system, since I had installed dozens of lxc related packages. Anticipating problems, I snapshotted @ and @home as @_precont and @home_precont. I used my basic Btrfs rollback scheme and within 3 minutes was back to my system before I began my lxc experimentation.
                      My curiosity has been satisfied.
                      "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                      – John F. Kennedy, February 26, 1962.

                      Comment


                        #12
                        Originally posted by claydoh View Post
                        Doesn't docker sorta count as a container?
                        https://community.kde.org/Neon/Docker
                        Before yesterday I knew absolutely NOTHING about containers or dockers. Since that first video I've read and seen mention made of dockers but until your question I didn't feel the need to explore dockers. I decided to see what the differences are. There are many websites and article explaining the difference, but I found this one to be the easiest and clearest:
                        https://pasztor.at/blog/lxc-vs-docker

                        LXC itself is a spiritual successor of OpenVZ. While OpenVZ is still around, mostly in the Redhat world with older kernels, LXC is the tool of choice for many who who wish to run a full operating system in a container. As such, LXC is more akin to true VMs and has to be handled much in the same way: software is installed by hand, updates have to be run, configuration management is much needed for keeping the madness at bay.

                        Docker on the other hand adopts a much different approach. Instead of running a VM-like container with a full software stack, including an init system, a syslog server, cron daemon and all the other stuff that one may have, it is built for running one application.
                        ...
                        Common misconception: Docker does not use LXC. In the beginning Docker used the LXC command line tools to run containers, but that is no longer the case. Both Docker and LXC use the containerization features (cgroups and namespace) in the Linux kernel, but are independent of each other.
                        I quit developing ten years ago, and packaging a distro or an app using either containers or dockers would not serve any useful purpose for me. If I wanted to isolate an application I'd run it with firejail.

                        My big disappointment with containers is that getting a DE to run inside that "full operating system" isn't as easy as it is outside. While I've searched seriously for examples of someone running Plasma inside a container I haven't found a successful instance yet. BUT, IMO, a DE in a container is so close to being a reality that if some developer would build that bridge the result would blow VirtualBox out of the water.
                        Last edited by GreyGeek; Jul 09, 2018, 02:29 PM.
                        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                        – John F. Kennedy, February 26, 1962.

                        Comment


                          #13
                          The system that I work on makes extensive use of containers. On the "bottom" is a physical domain running an OS, some drivers, assigned RAM and linked SAN. On "top" of this PDOM (physical domain), is a hypervisor. "Above" the hypervisor, are multiple logical domains (LDOM) with logical CPUs, logical RAM, and the actual system/application software, database, OS, etc. distributed among the multiple LDOMs. To do serious work requires some serious PDOM computing power and a great hypervisor to communicate seamlessly between the LDOM and the physical layer, storage, networking, and connected components.

                          If this *buntu container product works even reasonably well, it is a great tribute to not only Linux, but *buntu, in particular. It's not easy to do efficiently and effectively.
                          The next brick house on the left
                          Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



                          Comment


                            #14
                            Your container experience puts you way above my pay grade, jglen490 !

                            What I've learned is that as long as it is not relatively easy to get a DE (preferabley Plasma5) running in an OS that has been loaded into a container, thus replacing VirtualBox, my interest in the technology is reduced to "wait and see".
                            "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                            – John F. Kennedy, February 26, 1962.

                            Comment


                              #15
                              Lxd cleanup problem

                              When I decided to play with containers I first created a snapshot of @ and @home, calling them @_precont and @home_precont. After I was done playing with lxc and lxd I opened a Konsole, "sudo -i" to root, mounted my sda1, using its uuid, to /mnt.

                              I used Btrfs send & receive to send those two subvolumes to my /backup HD because I always make backup snapshots using the "-r" flag and you can send & receive using only ro snapshots.

                              Then, moving @ and @home out of the way ...
                              mv /mnt/@ /mnt/@_old
                              mv /mnt/@home /mnt/@home_old


                              I created a new @ and @home using previously made precont snapshots:
                              btrfs subvol snapshot create /mnt/snapshots/@_precont /mnt/@
                              btrfs subvol snapshot create /mnt/snapshots/@home_precont /mnt/@home

                              Note: NOT using the "-r" flag creates a read-write snapshot out of a read-only snapshot.

                              I umounted /mnt and logged out of root and then out of the Konsole. I rebooted and my installation came up normally with Lxd & Lxc & any of its dependencies no longer present on my system.

                              I opened a Konsole and used "sudo -i" again, mounted sda1 again using its uuid, and attempted to delete the @old and @homeold snapshots.
                              btrfs subvol delete -C /mnt/@home_old
                              worked fine.
                              btrfs subvol delete -C /mnt/@_old
                              failed!
                              root@jerry-Aspire-V3-771:~# btrfs subvol delete -C /mnt/snapshots/@_old
                              Delete subvolume (commit): '/mnt/snapshots/@_old'
                              ERROR: cannot delete '/mnt/snapshots/@_old': Directory not empty
                              That means that somewhere inside @_old is another btrfs subvolume!

                              Code:
                              root@jerry-Aspire-V3-771:~#[FONT=courier new] [B]btrfs subvolume list /mnt/snapshots/@_old[/B][/FONT]
                              ID 435 gen 107891 top level 5 path snapshots/@_old
                              ID 436 gen 91942 top level 5 path snapshots/@_P5132
                              ID 437 gen 91944 top level 5 path snapshots/@home_P5132
                              ID 440 gen 102544 top level 5 path snapshots/@_20180705
                              ID 441 gen 102545 top level 5 path snapshots/@home_20180705
                              ID 442 gen 106640 top level 5 path snapshots/@home_precont
                              ID 443 gen 106639 top level 5 path snapshots/@_precont
                              [B]ID 444 gen 105998 top level 435 path var/lib/lxd/images/f2228450779fee27020d6024af587379b8f51062c32a335327f2b028c924bfa1.btrfs
                              ID 446 gen 106027 top level 435 path var/lib/lxd/images/07a11066cca8ea674265d06a763fe9b1c607cb16dc4e515a2cb186c9ac695e40.btrfs[/B]
                              ID 448 gen 107894 top level 5 path @
                              ID 449 gen 107898 top level 5 path @home
                              And there they are, two of them! They were created when I was playing with lxc and lxd and created that btrfscontainer container!

                              Code:
                              root@jerry-Aspire-V3-771:~# [B]btrfs subvol delete -C /mnt/snapshots/@_old/var/lib/lxd/images/f2228450779fee27020d6024af587379b8f51062c32a335327f2b028c924bfa1.btrfs
                              [/B]Delete subvolume (commit): '/mnt/snapshots/@_old/var/lib/lxd/images/f2228450779fee27020d6024af587379b8f51062c32a335327f2b028c924bfa1.btrfs'
                              root@jerry-Aspire-V3-771:~# [B]sync[/B]
                              root@jerry-Aspire-V3-771:~# [B]btrfs subvol delete -C /mnt/snapshots/@_old/var/lib/lxd/images/07a11066cca8ea674265d06a763fe9b1c607cb16dc4e515a2cb186c9ac695e40.btrfs[/B]
                              Delete subvolume (commit): '/mnt/snapshots/@_old/var/lib/lxd/images/07a11066cca8ea674265d06a763fe9b1c607cb16dc4e515a2cb186c9ac695e40.btrfs'
                              root@jerry-Aspire-V3-771:~#[B] sync[/B]
                              root@jerry-Aspire-V3-771:~# [B]sync[/B]
                              
                              root@jerry-Aspire-V3-771:~# [B]btrfs subvol delete -C /mnt/snapshots/@_old[/B]
                              Delete subvolume (commit): '/mnt/snapshots/@_old'
                              And there it went, into the infinite bit-bucket in the sky!
                              Last edited by GreyGeek; Jul 09, 2018, 09:17 PM.
                              "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                              – John F. Kennedy, February 26, 1962.

                              Comment

                              Working...
                              X