Container Management with LXD

We continue our series of articles on containerization. If the first two articles ( 1 and 2 ) were devoted to the theory, today we will talk about a very specific tool and about the features of its practical use. The subject of our review will be LXD (short for Linux Container Daemon), created by Canadian Stephan Grabe from Canonical.


The name of the creator of LXD is well known in the professional community: he is also one of the authors of another popular container solution - LXC. Actually, LXD is an add-in over LXC, which simplifies working with containers and adds a wide range of new features.
')
In this article, we will limit ourselves to a brief introduction to LXD: compare it with Docker, provide installation and configuration instructions, and demonstrate the basic container management features.

LXD and Docker

LXD is a relatively new tool: the first version came out in 2014, when Docker was already widely used and well proven in practice.
Like Docker, LXD operates on the basis of LXC.

At the same time, the scope of use of the two tools is completely different: if Docker is designed to run applications in containers, then LXD is for running full-fledged operating systems.

With LXD, you can create not even containers in the literal sense of the word, but lightweight virtual machines. In order to emphasize this moment and at the same time point out the difference from other containerization tools, the authors of many publications call LXD the word lightvisor (they already translate it into Russian as a “lightweight visual”).

Canonical reports that LXD containers can work 10 times faster than traditional KVM-based virtual machines.

In LXD, an attempt was made to solve a number of problems encountered when working with other containerization tools: a dynamic resource management mechanism was thought out, container migration capabilities were expanded (including in real time), and security issues were eliminated. Compared to Docker, LXD has much wider possibilities for container reconfiguration.

LXD is equipped with an open API; There are clients for various programming languages. Created a plugin for OpenStack that allows you to manage containers using the Nova client.

Installation and Setup

Hereinafter we will describe the features of working with LXD on Ubuntu 16.04 material. In this OS, LXD is included in the official repositories and is installed in the standard way:

apt-get install lxd 

In his article, Stefan Grabe recommends using the ZFS file system as a backend for storing containers. To work with ZFS, you need to install the appropriate packages:

 apt-get install zfsutils-linux 

If ZFS does not suit you for one reason or another, you can use BTRFS or LVM (for more information, see here ).
After the installation is completed, run the command:

 lxd init 

The setup program will ask you a few simple questions, after which everything will be configured automatically. More details about the features of the LXD configuration can be found in this article .

Container creation

All containers in LXD are created on the basis of images. Images can be obtained from both local and remote repository. View a list of available repositories:

  lxc remote list +-----------------+------------------------------------------+---------------+--------+--------+ | NAME | URL | PROTOCOL | PUBLIC | STATIC | +-----------------+------------------------------------------+---------------+--------+--------+ | images | https://images.linuxcontainers.org | lxd | YES | NO | +-----------------+------------------------------------------+---------------+--------+--------+ | local (default) | unix:// | lxd | NO | YES | +-----------------+------------------------------------------+---------------+--------+--------+ | ubuntu | https://cloud-images.ubuntu.com/releases | simplestreams | YES | YES | +-----------------+------------------------------------------+---------------+--------+--------+ | ubuntu-daily | https://cloud-images.ubuntu.com/daily | simplestreams | YES | YES | +-----------------+------------------------------------------+---------------+------- 

For the first acquaintance with LXD, the local repository (local) is quite suitable. Run in the Ubuntu OS 16.04 container:

 lxc launch ubuntu:16.04 container1 

As a result of this command, LXD will create a container based on the specified image and launch it.

You can launch a command shell in this container using the command:

 lxc exec container1 /bin/bash 

If you just need to create a container, but do not run it, just run the command:

 lxc init ubuntu:16.04 container1 

For the subsequent start and stop of the container, the lxc start and lxc stop commands are used.

LXC provides good on-the-fly container management capabilities. So, for example, you can put the file created on the main host inside the container:

 lxc file push [     ] []/[] 

You can perform the reverse operation - download the file from the container to the main host:

 $ lxc file pull []/[] 

You can also edit the files in the container directly:

 lxc edit []/[] 

We have already reviewed the basic commands for creating and running containers; wishing to learn more refer to the detailed article by Stefan Grabe.

Resource management

Managing isolated environments is unthinkable without control of resources: we must provide the container with enough resources to operate and at the same time be sure that the container will not consume extra resources, thereby disrupting the rest of the system.

In LXD, you can allocate resources to containers using a special set of commands:

 #    lxc config set container1 limits.memory 512M #     CPU lxc config set container1 limits.cpu 1,3 #    CPU lxc config set container1 cpu.allowance 10% #      (   ZFS  btrfs) lxc config set container1 root size 10GB 

You can read more about resource management in this article .

You can view resource consumption statistics for a container using a simple command:

 lxc info container1 Name: container1 Architecture: x86_64 Created: 2016/08/16 07:55 UTC Status: Running Type: persistent Profiles: default Pid: 4110 Ips: lo: inet 127.0.0.1 lo: inet6 ::1 eth0: inet6 fe80::216:3eff:fe18:faa9 vethA2SCMX Resources: Processes: 24 Memory usage: Memory (current): 48.88MB Memory (peak): 163.26MB Network usage: eth0: Bytes received: 648 bytes Bytes sent: 648 bytes Packets received: 8 Packets sent: 8 lo: Bytes received: 264 bytes Bytes sent: 264 bytes Packets received: 4 Packets sent: 4 

Work with snapshots

LXD has the ability to create snapshots and restore containers from snapshots. Let's see how this works in practice (the example is taken from the interactive LXD tutorial ).

Let's make some changes to container1 already created by us:

 lxc exec container1 -- apt-get update lxc exec container1 -- apt-get dist-upgrade -y lxc exec container1 -- apt-get autoremove —purge -y 

Make a snapshot of this container and call it, for example, new:

 lxc snapshot container1 new 

Let's try to break something in our first container:

 lxc exec container1 -- rm -Rf /etc /usr 

After this, we will launch a command shell in it:

 lxc exec container -- bash I have no name!@container1:~# 

Run the exit command and return to the primary host. Restore the operation of container1 from snapshot:

 lxc restore container1 new 

Run the command shell in the restored container:

 lxc exec container1 -- bash root@container1:# 

Everything works the same way as before!

In the example above, we looked at the so-called stateless snapshots. In LXD, there is another type of snapshots - stateful, in which the current state of all processes in the container is preserved. A number of interesting and useful functions are connected with stateful snapshots.

To create stateful snapshots, we need to install a CRIU program (CheckPoint / Restore in Userspace). With its help, you can save the current state of all processes, and then restore them at least on the current, at least on another machine.
In Ubuntu 16.04, the CRIU utility is installed using the standard package manager:

 apt-get install criu 

After this, you can proceed to creating snapshots:

 lxc snapshot container1 snapshot1 --stateful 

In some situations, such snapshots can be very useful. Imagine, for example, that we need to restart a server on which one or more containers are running. In order not to restart everything after a reboot, but to continue from the interrupted place, it is enough to execute:

 #   lxc stop container1 --stateful #  lxc start container1 

On the basis of stateful snapshots, the mechanism of “live” container migration is implemented, which is still in a somewhat “raw” state.

Conclusion

LXD is a convenient container management system with many useful features. We hope that the LXD project will successfully develop and will occupy a worthy place in the range of modern containerization tools.

If you have practical experience using LXD, welcome to comments.
If, for one reason or another, you cannot comment on posts here - welcome to our corporate blog .
Naturally, in one article it is hardly possible to talk about all the functions of LXD. For those who want to learn more, here are some useful links:

• https://www.stgraber.org/2016/03/11/lxd-2-0-blog-post-series-012/ - a series of articles about LXD in the blog of Stefan Grabe;
• http://vasilisc.com/lxd-2-0-series - translation of all articles on the previous link in Russian;
• https://insights.ubuntu.com/2016/04/19/directly-interacting-with-the-lxd-api/ - article-introduction to the LXD API;
• https://www.openstack.org/summit/vancouver-2015/summit-videos/presentation/lxd-vs-kvm - video of a report on the prospects for using LXD in OpenStack.