secluded/content/posts/lxd-containers-for-human-be...

---
title: "LXD: Containers for Human Beings"
subtitle: "Docker's great and all, but I prefer the workflow of interacting with VMs"
date: 2023-08-11T16:30:00-04:00
categories:
  - Technology
tags:
  - Sysadmin
  - Containers
  - VMs
  - Docker
  - LXD
draft: true
rss_only: false
cover: ./cover.png
---

This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and
SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible audio,
but there's unfortunately nothing I can do about that.

[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m

{{< adm type="warn" >}}

**Note:** Canonical has decided to [pull LXD out][lxd] from under the Linux
Containers entity and instead continue development under the Canonical brand.
The majority of the LXD creators and developers have congregated around
[Incus.][inc] I'll be keeping a close eye on the project and intend to migrate
as soon as there's an installable release.

[lxd]: https://linuxcontainers.org/lxd/
[inc]: https://linuxcontainers.org/incus/

{{< /adm >}}

## The benefits of VMs and containers

- **Isolation:** we don't want an attacker to get into our webserver and be able
  to gain access to our email server
- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
  use the resources they've been given. If you tell the VM it has 200 MBs of
  RAM, it's going to make do with 200 MBs of RAM and the kernel's <abbr
  title="Out Of Memory">OOM</abbr> killer is going to have a fun time 🤠
- **Portability:** once set up and configured, VMs and containers can mostly be
  treated as black boxes; as long as the surrounding environment is similar to
  the previous in terms of communication, they can just be picked up and dropped
  to various machines and hosts as necessary.
- **Density:** applications are usually much lighter than the systems they're
  running on, so it makes sense to run many applications on one system. VMs and
  containers facilitate that without sacrificing security.
- **Cleanliness:** VMs and containers are black boxes. When you're done with it,
  you can just throw the box in the trash (delete it) and everything related to
  that application is gone.

## Virtual machines

```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
title: |md
  # Virtual machines
| { near: top-center }

direction: up

k1: Guest kernel
k2: Guest kernel
k3: Guest kernel
os1: Guest OS
os2: Guest OS
os3: Guest OS
app1: Many apps
app2: Many apps
app3: Many apps

Host kernel -> Hypervisor
Hypervisor -> k1 -> os1 -> app1
Hypervisor -> k2 -> os2 -> app2
Hypervisor -> k3 -> os3 -> app3
```

## Containers

```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
title: |md
  # Application containers
| { near: top-center }

direction: up

app1: App
app2: App
app3: App

Host kernel -> Hypervisor
Hypervisor -> app1
Hypervisor -> app2
Hypervisor -> app3
```

```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
title: |md
  # System containers
| { near: top-center }

direction: up

os1: Guest OS
os2: Guest OS
os3: Guest OS
app1: Many apps
app2: Many apps
app3: Many apps

Host kernel -> os1 -> app1
Host kernel -> os2 -> app2
Host kernel -> os3 -> app3
```

## When to use which

### Virtual machines

- Virtualising esoteric hardware
- Virtualising non-Linux operating systems (Windows, macOS)
- Completely isolating processes from one another with a decades-old, battle-tested technique

{{< adm type="note" >}}
See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a great use of VMs
{{< /adm >}}

### Application containers

- Microservices
- Extremely reproducible builds
  - (NixOS.org would likely be a better fit though)
- Dead-set on using cloud platforms with extreme scaling capabilities (AWS, GCP, etc.)
- When the app you want to run is _only_ distributed as a Docker container and
  the maintainers adamantly refuse to support any other deployment method
  - (Docker does run in LXD 😉)

### System containers

- Anything not listed above 👍

## Crash course to LXD

1. Install snap following [Canonical's tutorial](https://earl.run/ZvUK)
   - LXD is natively packaged for Arch and Alpine, but configuration can be a massive headache.
2. `sudo snap install lxd`
3. `lxd init`
4. `lxc image copy images:debian/11 local: --alias deb-11`
5. `lxc launch deb-11 container-name`
6. `lxc shell container-name`
add drafts 2023-06-25 20:18:31 +00:00			`---`
			`title: "LXD: Containers for Human Beings"`
			`subtitle: "Docker's great and all, but I prefer the workflow of interacting with VMs"`
add some work to the LXD post 2023-08-16 19:34:57 +00:00			`date: 2023-08-11T16:30:00-04:00`
add drafts 2023-06-25 20:18:31 +00:00			`categories:`
add some work to the LXD post 2023-08-16 19:34:57 +00:00			`- Technology`
add drafts 2023-06-25 20:18:31 +00:00			`tags:`
add some work to the LXD post 2023-08-16 19:34:57 +00:00			`- Sysadmin`
			`- Containers`
			`- VMs`
			`- Docker`
			`- LXD`
add drafts 2023-06-25 20:18:31 +00:00			`draft: true`
			`rss_only: false`
			`cover: ./cover.png`
			`---`

add some work to the LXD post 2023-08-16 19:34:57 +00:00			`This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and`
add drafts 2023-06-25 20:18:31 +00:00			`SouthEast LinuxFest 2023. The first was not recorded, but the second was and is`
make progress on LXD post 2023-08-18 02:04:07 +00:00			`on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible audio,`
			`but there's unfortunately nothing I can do about that.`
add drafts 2023-06-25 20:18:31 +00:00
			`[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m`

add some work to the LXD post 2023-08-16 19:34:57 +00:00			`{{< adm type="warn" >}}`

			`Note: Canonical has decided to [pull LXD out][lxd] from under the Linux`
			`Containers entity and instead continue development under the Canonical brand.`
			`The majority of the LXD creators and developers have congregated around`
			`[Incus.][inc] I'll be keeping a close eye on the project and intend to migrate`
			`as soon as there's an installable release.`

			`[lxd]: https://linuxcontainers.org/lxd/`
			`[inc]: https://linuxcontainers.org/incus/`

			`{{< /adm >}}`

add drafts 2023-06-25 20:18:31 +00:00			`## The benefits of VMs and containers`

			`- Isolation: we don't want an attacker to get into our webserver and be able`
			`to gain access to our email server`
			`- Flexibility: <abbr title="Virtual Machines">VMs</abbr> and containers only`
make progress on LXD post 2023-08-18 02:04:07 +00:00			`use the resources they've been given. If you tell the VM it has 200 MBs of`
			`RAM, it's going to make do with 200 MBs of RAM and the kernel's <abbr`
			`title="Out Of Memory">OOM</abbr> killer is going to have a fun time 🤠`
add drafts 2023-06-25 20:18:31 +00:00			`- Portability: once set up and configured, VMs and containers can mostly be`
			`treated as black boxes; as long as the surrounding environment is similar to`
			`the previous in terms of communication, they can just be picked up and dropped`
make progress on LXD post 2023-08-18 02:04:07 +00:00			`to various machines and hosts as necessary.`
			`- Density: applications are usually much lighter than the systems they're`
			`running on, so it makes sense to run many applications on one system. VMs and`
			`containers facilitate that without sacrificing security.`
			`- Cleanliness: VMs and containers are black boxes. When you're done with it,`
			`you can just throw the box in the trash (delete it) and everything related to`
			`that application is gone.`
work on LXD blog post 2023-07-18 17:21:24 +00:00
			`## Virtual machines`

make progress on LXD post 2023-08-18 02:04:07 +00:00			```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
			`title: \|md`
			`# Virtual machines`
			`\| { near: top-center }`

			`direction: up`

			`k1: Guest kernel`
			`k2: Guest kernel`
			`k3: Guest kernel`
			`os1: Guest OS`
			`os2: Guest OS`
			`os3: Guest OS`
			`app1: Many apps`
			`app2: Many apps`
			`app3: Many apps`

			`Host kernel -> Hypervisor`
			`Hypervisor -> k1 -> os1 -> app1`
			`Hypervisor -> k2 -> os2 -> app2`
			`Hypervisor -> k3 -> os3 -> app3`
work on LXD blog post 2023-07-18 17:21:24 +00:00			```

			`## Containers`

make progress on LXD post 2023-08-18 02:04:07 +00:00			```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
			`title: \|md`
			`# Application containers`
			`\| { near: top-center }`

			`direction: up`

			`app1: App`
			`app2: App`
			`app3: App`

			`Host kernel -> Hypervisor`
			`Hypervisor -> app1`
			`Hypervisor -> app2`
			`Hypervisor -> app3`
			```

			```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
			`title: \|md`
			`# System containers`
			`\| { near: top-center }`

			`direction: up`

			`os1: Guest OS`
			`os2: Guest OS`
			`os3: Guest OS`
			`app1: Many apps`
			`app2: Many apps`
			`app3: Many apps`

			`Host kernel -> os1 -> app1`
			`Host kernel -> os2 -> app2`
			`Host kernel -> os3 -> app3`
work on LXD blog post 2023-07-18 17:21:24 +00:00			```

			`## When to use which`

			`### Virtual machines`

			`- Virtualising esoteric hardware`
			`- Virtualising non-Linux operating systems (Windows, macOS)`
			`- Completely isolating processes from one another with a decades-old, battle-tested technique`

add some work to the LXD post 2023-08-16 19:34:57 +00:00			`{{< adm type="note" >}}`
			`See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a great use of VMs`
			`{{< /adm >}}`
work on LXD blog post 2023-07-18 17:21:24 +00:00
			`### Application containers`

			`- Microservices`
			`- Extremely reproducible builds`
			`- (NixOS.org would likely be a better fit though)`
			`- Dead-set on using cloud platforms with extreme scaling capabilities (AWS, GCP, etc.)`
			`- When the app you want to run is _only_ distributed as a Docker container and`
			`the maintainers adamantly refuse to support any other deployment method`
			`- (Docker does run in LXD 😉)`

			`### System containers`

			`- Anything not listed above 👍`

			`## Crash course to LXD`

			`1. Install snap following [Canonical's tutorial](https://earl.run/ZvUK)`
			`- LXD is natively packaged for Arch and Alpine, but configuration can be a massive headache.`
			2. `sudo snap install lxd`
			3. `lxd init`
			4. `lxc image copy images:debian/11 local: --alias deb-11`
			5. `lxc launch deb-11 container-name`
			6. `lxc shell container-name`