From b50a7d3a189a33b99c7cf9449574a630e66ca856 Mon Sep 17 00:00:00 2001 From: Maximilian Friedersdorff Date: Wed, 29 May 2019 12:02:52 +0100 Subject: [PATCH] Some quick notes about installing LXD on gentoo --- content/lxd_as_docker_replacment.rst | 56 ++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 content/lxd_as_docker_replacment.rst diff --git a/content/lxd_as_docker_replacment.rst b/content/lxd_as_docker_replacment.rst new file mode 100644 index 0000000..38e8fc9 --- /dev/null +++ b/content/lxd_as_docker_replacment.rst @@ -0,0 +1,56 @@ +LXD is a suitable Docker alternative +==================================== + +:date: 2019-05-29 11:34 +:category: System Administration +:tags: lxd, docker, container, virtualisation +:authors: Maximilian Friedersdorff +:summary: LXD is a suitable alternative to Docker on Gentoo +:status: draft + +LXD is a good solution for OS level virtualisation (containers) on Gentoo. +The package is up to date and the wiki article sufficiently detailed. + +Installation (on Gentoo) +------------------------ + +Installation proceeded fine using the usual methods. The kernel configuration +for this package is rather critical. Recent versions of the linux kernel (5.2?) +have replaced the `NF_NAT_MASQUERADE_IPV4` and `NF_NAT_MASQUERADE_IPV6` kernel +options with a version agnostic `NF_NAT_MASQUERADE` option. LXD may complain +about this when it installs. Additionally, it requires full ipv6 support for +iptables, even when the ipv6 useflag is disabled, this took me a while to +realise. + +Graphical applications in containers with xpra +---------------------------------------------- + +Graphical applications can be run in the container using ssh forwarding. An +arguably better solution is using xpra; it allows reattaching to the running +sessions after a loss of the network. I currently run spotify in the container +using `xpra start ssh/cerium --start-child spotify`, which uses ssh as the +transport and authentication mechanism. Both the host and the container need +to have xpra installed. + +The Snappy package manager appears not to work +---------------------------------------------- + +When installing spotify using the snappy package manager on an ubuntu container, +it complains about not being allowed to mount a squashfs container: + +.. code-block:: bash + + $ lxc exec cerium -- snap install spotify + error: system does not fully support snapd: cannot mount squashfs image using "squashfs": + mount: /tmp/sanity-mountpoint-808218672: mount failed: Operation not permitted. + +I'm sure the workaround for this is relatively straightforward once I've +figured it out what it is. In the mean time, installing spotify from the debian +package was the easier solution. + +Networking +---------- + +I've resolved to creating a network bridge managed by the OS rather than LXD +itself. The host machine already sits behind a NAT and the automagical +networking that LXD was doing was causing some hard to diagnose issues. -- 2.44.0