Amolith
/
secluded
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
secluded/content/posts/lxd-containers-for-human-be...

3.8 KiB
Raw Blame History

title subtitle date categories tags draft rss_only cover
LXD: Containers for Human Beings Docker's great and all, but I prefer the workflow of interacting with VMs 2023-06-14T10:50:41-04:00
Technology
Sysadmin
Containers
VMs
Docker
LXD
true false ./cover.png

This is a blog-post-version of a talk I presented at both Ubuntu Summit 2022 and SouthEast LinuxFest 2023. The first was not recorded, but the second was and is on SELF's PeerTube instance. I apologise for the terrible, but there's unfortunately nothing I can do about that.

The benefits of VMs and containers

  • Isolation: we don't want an attacker to get into our webserver and be able to gain access to our email server
  • Flexibility: VMs and containers only use the resources they've been given
  • Portability: once set up and configured, VMs and containers can mostly be treated as black boxes; as long as the surrounding environment is similar to the previous in terms of communication, they can just be picked up and dropped on bare metal servers as necessary.
  • Density:
  • Cleanliness:

Virtual machines

 .---------------------------------.
|  .-------.  .-------.  .-------. |
| | Guest  | | Guest  | | Guest  | |
| | OS     | | OS     | | OS     | |
| .---+---'  .---+---'  .---+---'  |
|  .--+----.  .--+----.  .--+----. |
| | Guest  | | Guest  | | Guest  | |
| | Kernel | | Kernel | | Kernel | |
| .---+---'  .---+---'  .---+---'  |
|  .--+----------+----------+----. |
| |          Hypervisor          | |
| .--------------+--------------'  |
|  .-------------+---------------. |
| |          Host Kernel         | |
| .-----------------------------'  |
.---------------------------------'

Containers

       Application containers                 System containers
 .---------------------------------.   .------------------------------.
|  .-------.  .-------.  .-------. |  |  .------.  .------.  .------. |
| | App 01 | | App 02 | | App 03 | |  | | Guest | | Guest | | Guest | |
| '---+---'  '---+---'  '---+---'  |  | | OS    | | OS    | | OS    | |
|  .--+----------+----------+----. |  | '---+--'  '---+--'  '---+--'  |
| |          Hypervisor          | |  |  .--+---------+---------+---. |
| '--------------+--------------'  |  | |         Host Kernel       | |
|  .-------------+---------------. |  | '--------------------------'  |
| |          Host Kernel         | |  '------------------------------' 
| '-----------------------------'  |
'---------------------------------'

When to use which

Virtual machines

  • Virtualising esoteric hardware
  • Virtualising non-Linux operating systems (Windows, macOS)
  • Completely isolating processes from one another with a decades-old, battle-tested technique

See Drew DeVault's blog post In praise of qemu for a great use of VMs

Application containers

  • Microservices
  • Extremely reproducible builds
    • (NixOS.org would likely be a better fit though)
  • Dead-set on using cloud platforms with extreme scaling capabilities (AWS, GCP, etc.)
  • When the app you want to run is only distributed as a Docker container and the maintainers adamantly refuse to support any other deployment method
    • (Docker does run in LXD 😉)

System containers

  • Anything not listed above 👍

Crash course to LXD

  1. Install snap following Canonical's tutorial
    • LXD is natively packaged for Arch and Alpine, but configuration can be a massive headache.
  2. sudo snap install lxd
  3. lxd init
  4. lxc image copy images:debian/11 local: --alias deb-11
  5. lxc launch deb-11 container-name
  6. lxc shell container-name