Amolith
/
secluded
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
secluded/content/posts/lxd-containers-for-human-be...

109 lines
3.8 KiB
Markdown
Raw Blame History

---
title: "LXD: Containers for Human Beings"
subtitle: "Docker's great and all, but I prefer the workflow of interacting with VMs"
date: 2023-06-14T10:50:41-04:00
categories:
- Technology
tags:
- Sysadmin
- Containers
- VMs
- Docker
- LXD
draft: true
rss_only: false
cover: ./cover.png
---
This is a blog-post-version of a talk I presented at both Ubuntu Summit 2022 and
SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but
there's unfortunately nothing I can do about that.
[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m
## The benefits of VMs and containers
- **Isolation:** we don't want an attacker to get into our webserver and be able
to gain access to our email server
- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
use the resources they've been given
- **Portability:** once set up and configured, VMs and containers can mostly be
treated as black boxes; as long as the surrounding environment is similar to
the previous in terms of communication, they can just be picked up and dropped
on bare metal servers as necessary.
- **Density:**
- **Cleanliness:**
## Virtual machines
```goat
.---------------------------------.
| .-------. .-------. .-------. |
| | Guest | | Guest | | Guest | |
| | OS | | OS | | OS | |
| .---+---' .---+---' .---+---' |
| .--+----. .--+----. .--+----. |
| | Guest | | Guest | | Guest | |
| | Kernel | | Kernel | | Kernel | |
| .---+---' .---+---' .---+---' |
| .--+----------+----------+----. |
| | Hypervisor | |
| .--------------+--------------' |
| .-------------+---------------. |
| | Host Kernel | |
| .-----------------------------' |
.---------------------------------'
```
## Containers
```goat
Application containers System containers
.---------------------------------. .------------------------------.
| .-------. .-------. .-------. | | .------. .------. .------. |
| | App 01 | | App 02 | | App 03 | | | | Guest | | Guest | | Guest | |
| '---+---' '---+---' '---+---' | | | OS | | OS | | OS | |
| .--+----------+----------+----. | | '---+--' '---+--' '---+--' |
| | Hypervisor | | | .--+---------+---------+---. |
| '--------------+--------------' | | | Host Kernel | |
| .-------------+---------------. | | '--------------------------' |
| | Host Kernel | | '------------------------------'
| '-----------------------------' |
'---------------------------------'
```
## When to use which
### Virtual machines
- Virtualising esoteric hardware
- Virtualising non-Linux operating systems (Windows, macOS)
- Completely isolating processes from one another with a decades-old, battle-tested technique
> See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a great use of VMs
### Application containers
- Microservices
- Extremely reproducible builds
- (NixOS.org would likely be a better fit though)
- Dead-set on using cloud platforms with extreme scaling capabilities (AWS, GCP, etc.)
- When the app you want to run is _only_ distributed as a Docker container and
the maintainers adamantly refuse to support any other deployment method
- (Docker does run in LXD 😉)
### System containers
- Anything not listed above 👍
## Crash course to LXD
1. Install snap following [Canonical's tutorial](https://earl.run/ZvUK)
- LXD is natively packaged for Arch and Alpine, but configuration can be a massive headache.
2. `sudo snap install lxd`
3. `lxd init`
4. `lxc image copy images:debian/11 local: --alias deb-11`
5. `lxc launch deb-11 container-name`
6. `lxc shell container-name`
Reference in New Issue View Git Blame Copy Permalink