--- title: "LXD: Containers for Human Beings" subtitle: "Docker's great and all, but I prefer the workflow of interacting with VMs" date: 2023-08-11T16:30:00-04:00 categories: - Technology tags: - Sysadmin - Containers - VMs - Docker - LXD draft: true rss_only: false cover: ./cover.png --- This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and SouthEast LinuxFest 2023. The first was not recorded, but the second was and is on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but there's unfortunately nothing I can do about that. [selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m {{< adm type="warn" >}} **Note:** Canonical has decided to [pull LXD out][lxd] from under the Linux Containers entity and instead continue development under the Canonical brand. The majority of the LXD creators and developers have congregated around [Incus.][inc] I'll be keeping a close eye on the project and intend to migrate as soon as there's an installable release. [lxd]: https://linuxcontainers.org/lxd/ [inc]: https://linuxcontainers.org/incus/ {{< /adm >}} ## The benefits of VMs and containers - **Isolation:** we don't want an attacker to get into our webserver and be able to gain access to our email server - **Flexibility:** VMs and containers only use the resources they've been given - **Portability:** once set up and configured, VMs and containers can mostly be treated as black boxes; as long as the surrounding environment is similar to the previous in terms of communication, they can just be picked up and dropped on bare metal servers as necessary. - **Density:** - **Cleanliness:** ## Virtual machines ```goat .---------------------------------. | .-------. .-------. .-------. | | | Guest | | Guest | | Guest | | | | OS | | OS | | OS | | | .---+---' .---+---' .---+---' | | .--+----. .--+----. .--+----. | | | Guest | | Guest | | Guest | | | | Kernel | | Kernel | | Kernel | | | .---+---' .---+---' .---+---' | | .--+----------+----------+----. | | | Hypervisor | | | .--------------+--------------' | | .-------------+---------------. | | | Host Kernel | | | .-----------------------------' | .---------------------------------' ``` ## Containers ```goat Application containers System containers .---------------------------------. .------------------------------. | .-------. .-------. .-------. | | .------. .------. .------. | | | App 01 | | App 02 | | App 03 | | | | Guest | | Guest | | Guest | | | '---+---' '---+---' '---+---' | | | OS | | OS | | OS | | | .--+----------+----------+----. | | '---+--' '---+--' '---+--' | | | Hypervisor | | | .--+---------+---------+---. | | '--------------+--------------' | | | Host Kernel | | | .-------------+---------------. | | '--------------------------' | | | Host Kernel | | '------------------------------' | '-----------------------------' | '---------------------------------' ``` ## When to use which ### Virtual machines - Virtualising esoteric hardware - Virtualising non-Linux operating systems (Windows, macOS) - Completely isolating processes from one another with a decades-old, battle-tested technique {{< adm type="note" >}} See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a great use of VMs {{< /adm >}} ### Application containers - Microservices - Extremely reproducible builds - (NixOS.org would likely be a better fit though) - Dead-set on using cloud platforms with extreme scaling capabilities (AWS, GCP, etc.) - When the app you want to run is _only_ distributed as a Docker container and the maintainers adamantly refuse to support any other deployment method - (Docker does run in LXD 😉) ### System containers - Anything not listed above 👍 ## Crash course to LXD 1. Install snap following [Canonical's tutorial](https://earl.run/ZvUK) - LXD is natively packaged for Arch and Alpine, but configuration can be a massive headache. 2. `sudo snap install lxd` 3. `lxd init` 4. `lxc image copy images:debian/11 local: --alias deb-11` 5. `lxc launch deb-11 container-name` 6. `lxc shell container-name`