secluded/content/posts/lxd-containers-for-human-be...

---
title: "LXD: Containers for Human Beings"
subtitle: "Docker's great and all, but I prefer the workflow of interacting with VMs"
date: 2023-08-11T16:30:00-04:00
categories:
  - Technology
tags:
  - Sysadmin
  - Containers
  - VMs
  - Docker
  - LXD
draft: true
rss_only: false
cover: ./cover.png
---

This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and
SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but
there's unfortunately nothing I can do about that.

[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m

{{< adm type="warn" >}}

**Note:** Canonical has decided to [pull LXD out][lxd] from under the Linux
Containers entity and instead continue development under the Canonical brand.
The majority of the LXD creators and developers have congregated around
[Incus.][inc] I'll be keeping a close eye on the project and intend to migrate
as soon as there's an installable release.

[lxd]: https://linuxcontainers.org/lxd/
[inc]: https://linuxcontainers.org/incus/

{{< /adm >}}

## The benefits of VMs and containers

- **Isolation:** we don't want an attacker to get into our webserver and be able
  to gain access to our email server
- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
  use the resources they've been given
- **Portability:** once set up and configured, VMs and containers can mostly be
  treated as black boxes; as long as the surrounding environment is similar to
  the previous in terms of communication, they can just be picked up and dropped
  on bare metal servers as necessary.
- **Density:**
- **Cleanliness:**

## Virtual machines

```goat
 .---------------------------------.
|  .-------.  .-------.  .-------. |
| | Guest  | | Guest  | | Guest  | |
| | OS     | | OS     | | OS     | |
| .---+---'  .---+---'  .---+---'  |
|  .--+----.  .--+----.  .--+----. |
| | Guest  | | Guest  | | Guest  | |
| | Kernel | | Kernel | | Kernel | |
| .---+---'  .---+---'  .---+---'  |
|  .--+----------+----------+----. |
| |          Hypervisor          | |
| .--------------+--------------'  |
|  .-------------+---------------. |
| |          Host Kernel         | |
| .-----------------------------'  |
.---------------------------------'
```

## Containers

```goat
       Application containers                 System containers
 .---------------------------------.   .------------------------------.
|  .-------.  .-------.  .-------. |  |  .------.  .------.  .------. |
| | App 01 | | App 02 | | App 03 | |  | | Guest | | Guest | | Guest | |
| '---+---'  '---+---'  '---+---'  |  | | OS    | | OS    | | OS    | |
|  .--+----------+----------+----. |  | '---+--'  '---+--'  '---+--'  |
| |          Hypervisor          | |  |  .--+---------+---------+---. |
| '--------------+--------------'  |  | |         Host Kernel       | |
|  .-------------+---------------. |  | '--------------------------'  |
| |          Host Kernel         | |  '------------------------------'
| '-----------------------------'  |
'---------------------------------'
```

## When to use which

### Virtual machines

- Virtualising esoteric hardware
- Virtualising non-Linux operating systems (Windows, macOS)
- Completely isolating processes from one another with a decades-old, battle-tested technique

{{< adm type="note" >}}
See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a great use of VMs
{{< /adm >}}

### Application containers

- Microservices
- Extremely reproducible builds
  - (NixOS.org would likely be a better fit though)
- Dead-set on using cloud platforms with extreme scaling capabilities (AWS, GCP, etc.)
- When the app you want to run is _only_ distributed as a Docker container and
  the maintainers adamantly refuse to support any other deployment method
  - (Docker does run in LXD 😉)

### System containers

- Anything not listed above 👍

## Crash course to LXD

1. Install snap following [Canonical's tutorial](https://earl.run/ZvUK)
   - LXD is natively packaged for Arch and Alpine, but configuration can be a massive headache.
2. `sudo snap install lxd`
3. `lxd init`
4. `lxc image copy images:debian/11 local: --alias deb-11`
5. `lxc launch deb-11 container-name`
6. `lxc shell container-name`
add drafts 2023-06-25 20:18:31 +00:00			`---`
			`title: "LXD: Containers for Human Beings"`
			`subtitle: "Docker's great and all, but I prefer the workflow of interacting with VMs"`
add some work to the LXD post 2023-08-16 19:34:57 +00:00			`date: 2023-08-11T16:30:00-04:00`
add drafts 2023-06-25 20:18:31 +00:00			`categories:`
add some work to the LXD post 2023-08-16 19:34:57 +00:00			`- Technology`
add drafts 2023-06-25 20:18:31 +00:00			`tags:`
add some work to the LXD post 2023-08-16 19:34:57 +00:00			`- Sysadmin`
			`- Containers`
			`- VMs`
			`- Docker`
			`- LXD`
add drafts 2023-06-25 20:18:31 +00:00			`draft: true`
			`rss_only: false`
			`cover: ./cover.png`
			`---`

add some work to the LXD post 2023-08-16 19:34:57 +00:00			`This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and`
add drafts 2023-06-25 20:18:31 +00:00			`SouthEast LinuxFest 2023. The first was not recorded, but the second was and is`
			`on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but`
			`there's unfortunately nothing I can do about that.`

			`[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m`

add some work to the LXD post 2023-08-16 19:34:57 +00:00			`{{< adm type="warn" >}}`

			`Note: Canonical has decided to [pull LXD out][lxd] from under the Linux`
			`Containers entity and instead continue development under the Canonical brand.`
			`The majority of the LXD creators and developers have congregated around`
			`[Incus.][inc] I'll be keeping a close eye on the project and intend to migrate`
			`as soon as there's an installable release.`

			`[lxd]: https://linuxcontainers.org/lxd/`
			`[inc]: https://linuxcontainers.org/incus/`

			`{{< /adm >}}`

add drafts 2023-06-25 20:18:31 +00:00			`## The benefits of VMs and containers`

			`- Isolation: we don't want an attacker to get into our webserver and be able`
			`to gain access to our email server`
			`- Flexibility: <abbr title="Virtual Machines">VMs</abbr> and containers only`
			`use the resources they've been given`
			`- Portability: once set up and configured, VMs and containers can mostly be`
			`treated as black boxes; as long as the surrounding environment is similar to`
			`the previous in terms of communication, they can just be picked up and dropped`
			`on bare metal servers as necessary.`
			`- Density:`
			`- Cleanliness:`
work on LXD blog post 2023-07-18 17:21:24 +00:00
			`## Virtual machines`

			```goat
			`.---------------------------------.`
			`\| .-------. .-------. .-------. \|`
			`\| \| Guest \| \| Guest \| \| Guest \| \|`
			`\| \| OS \| \| OS \| \| OS \| \|`
			`\| .---+---' .---+---' .---+---' \|`
			`\| .--+----. .--+----. .--+----. \|`
			`\| \| Guest \| \| Guest \| \| Guest \| \|`
			`\| \| Kernel \| \| Kernel \| \| Kernel \| \|`
			`\| .---+---' .---+---' .---+---' \|`
			`\| .--+----------+----------+----. \|`
			`\| \| Hypervisor \| \|`
			`\| .--------------+--------------' \|`
			`\| .-------------+---------------. \|`
			`\| \| Host Kernel \| \|`
			`\| .-----------------------------' \|`
			`.---------------------------------'`
			```

			`## Containers`

			```goat
			`Application containers System containers`
			`.---------------------------------. .------------------------------.`
			`\| .-------. .-------. .-------. \| \| .------. .------. .------. \|`
			`\| \| App 01 \| \| App 02 \| \| App 03 \| \| \| \| Guest \| \| Guest \| \| Guest \| \|`
			`\| '---+---' '---+---' '---+---' \| \| \| OS \| \| OS \| \| OS \| \|`
			`\| .--+----------+----------+----. \| \| '---+--' '---+--' '---+--' \|`
			`\| \| Hypervisor \| \| \| .--+---------+---------+---. \|`
			`\| '--------------+--------------' \| \| \| Host Kernel \| \|`
			`\| .-------------+---------------. \| \| '--------------------------' \|`
add some work to the LXD post 2023-08-16 19:34:57 +00:00			`\| \| Host Kernel \| \| '------------------------------'`
work on LXD blog post 2023-07-18 17:21:24 +00:00			`\| '-----------------------------' \|`
add some work to the LXD post 2023-08-16 19:34:57 +00:00			`'---------------------------------'`
work on LXD blog post 2023-07-18 17:21:24 +00:00			```

			`## When to use which`

			`### Virtual machines`

			`- Virtualising esoteric hardware`
			`- Virtualising non-Linux operating systems (Windows, macOS)`
			`- Completely isolating processes from one another with a decades-old, battle-tested technique`

add some work to the LXD post 2023-08-16 19:34:57 +00:00			`{{< adm type="note" >}}`
			`See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a great use of VMs`
			`{{< /adm >}}`
work on LXD blog post 2023-07-18 17:21:24 +00:00
			`### Application containers`

			`- Microservices`
			`- Extremely reproducible builds`
			`- (NixOS.org would likely be a better fit though)`
			`- Dead-set on using cloud platforms with extreme scaling capabilities (AWS, GCP, etc.)`
			`- When the app you want to run is _only_ distributed as a Docker container and`
			`the maintainers adamantly refuse to support any other deployment method`
			`- (Docker does run in LXD 😉)`

			`### System containers`

			`- Anything not listed above 👍`

			`## Crash course to LXD`

			`1. Install snap following [Canonical's tutorial](https://earl.run/ZvUK)`
			`- LXD is natively packaged for Arch and Alpine, but configuration can be a massive headache.`
			2. `sudo snap install lxd`
			3. `lxd init`
			4. `lxc image copy images:debian/11 local: --alias deb-11`
			5. `lxc launch deb-11 container-name`
			6. `lxc shell container-name`