Put everything into a Container | LXD Debian 12

NeoonNeoon OG
edited February 9 in Technical

Hey,

Since I got the PrepaidHost box, I wanted to try something different right.
Not Proxmox, boring, lets go with LXD on Debian 12.

Since Debian 12 has been released, it has been shipped with LXD.
Which is great, because usually it comes only with an external package manager like snap.

I hate snap, because it does force automatic updates and has a performance penalty.
Snap is great for some cases, but I still hate it.

To get started, you can just install LXD with apt-get.
apt-get install lxd -y

This installs the LTS version, which is supported until 2028.
Also you still gonna have full access to the image server until in a few months.

Until then you can either migrate to Incus, use the new image server for LXD or just use a reverse proxy to keep access to the images, so no worries.

Debian is not shipped with ZFS by default, you can also use LVM, BTRFS or CEPH.
To install zfs on Debian, you have to modify your sources.list and add contrib to main, updates and security.

Like this.

deb http://deb.debian.org/debian bookworm main non-free non-free-firmware contrib
deb http://deb.debian.org/debian bookworm-updates main non-free non-free-firmware contrib
deb http://deb.debian.org/debian-security/ bookworm-security main non-free non-free-firmware contrib

And then just run this to install zfs.
apt-get update && apt-get install zfs-dkms -y && reboot

To setup LXD, which configures a bridge, which your containers connect to and a default storage backend, you can just run.
Adjust the size depending on your disk allocation.
lxd init --auto --storage-backend=zfs --storage-create-loop=50GB

Ideally, you have a extra partition, you can hand over to LXD.
This increases I/O performance, since with a loop device, we basically run a filesystem in a filesystem and this is going to cost us some I/O performance.
lxd init --auto --storage-backend=zfs --storage-create-device=/dev/sda2

ZFS is one of the recommended filesystems, you can also use BTRFS, LVM or CEPH.
Now your done, LXD is configured, so you can deploy the first container.

To create your first container run.
lxc launch images:debian/bookworm/amd64 --device root,size=10GiB --config limits.cpu=1 --config limits.memory=1024MiB containeeer

You can find the available images here.
https://images.linuxcontainers.org/

To give this container access to the network.
lxc config device add containeeer eth0 nic nictype=bridged parent=lxdbr0 name=eth0

If you want to forward a specific port like 443 for a webserver, you can simply do this with that.
lxc config device add containeeer 443 proxy listen=tcp:0.0.0.0:443 connect=tcp:127.0.0.1:443

Afterwards you can just enter the container and setup your stuff.
lxc exec containeeer -- /bin/bash

if you wanna get rid of a container, you have to run.
lxc stop containeeer && lxc delete containeeer

To update the limits.
lxc config set containeeer limits.cpu 4
lxc config set containeeer limits.memory 2048MiB
lxc config device set containeeer root size 20GB

To list all containers.
lxc list

Have fun.

Comments

  • JabJab
    edited February 9

    Thanks!

    Next time I am forced to move my server will try this lxd rather than plain lxc (old version?) that is fucking hard to Google anything because it ends with lxd results, 24/7, everydamnfuckingtime.

    // As I am already here - is there a way to allow container to connect to MySQL/MariaDB database running on [node] 127.0.0.1:3306 without iptables rules? :D

    Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
    https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png

  • @Jab said:
    Thanks!

    Next time I am forced to move my server will try this lxd rather than plain lxc (old version?) that is fucking hard to Google anything because it ends with lxd results, 24/7, everydamnfuckingtime.

    lxd is just a wrapper around lxc, which makes it way easier to use.

    // As I am already here - is there a way to allow container to connect to MySQL/MariaDB database running on [node] 127.0.0.1:3306 without iptables rules? :D

    No idea what you mean by that.
    You have to be more precise.

  • @Neoon said:

    @Jab said:
    // As I am already here - is there a way to allow container to connect to MySQL/MariaDB database running on [node] 127.0.0.1:3306 without iptables rules? :D

    No idea what you mean by that.
    You have to be more precise.

    I think he means he runs mysql on the host and wants to access it from container. If it listens on 127.0.0.1, then no. Normally LXC gives you a bridge like lxcbr0 and the host has IP like 10.0.3.1 and containers 10.0.3.x, so if you make mysql listen on 10.0.3.1 too, then answer becomes yes.

    I only use plain LXC but LXD will do something similar to that.

  • Is there any interface for managing LXD like Portainer?

  • @Fritz said:
    Is there any interface for managing LXD like Portainer?

    Maybe you need try this https://github.com/lxdware/lxd-dashboard

  • @tetech said:

    @Neoon said:

    @Jab said:
    // As I am already here - is there a way to allow container to connect to MySQL/MariaDB database running on [node] 127.0.0.1:3306 without iptables rules? :D

    No idea what you mean by that.
    You have to be more precise.

    I think he means he runs mysql on the host and wants to access it from container. If it listens on 127.0.0.1, then no. Normally LXC gives you a bridge like lxcbr0 and the host has IP like 10.0.3.1 and containers 10.0.3.x, so if you make mysql listen on 10.0.3.1 too, then answer becomes yes.

    I only use plain LXC but LXD will do something similar to that.

    yea if he would make listen for example mysql on the gateway of the bridge, it should work fine.

  • NeoonNeoon OG
    edited February 10

    @Fritz said:
    Is there any interface for managing LXD like Portainer?

    Yea but its with snap.
    https://github.com/canonical/lxd-ui

    CLI is way easier if you learn the syntax, does everything you need and no snap.

  • NeoonNeoon OG
    edited February 10

    @Neoon said:
    To create your first container run.
    lxc launch images:debian/bookworm/amd64 --device root,size=10GiB --config limits.cpu=1 --config limits.memory=1024MiB containeeer

    Actually this is way simpler.

    lxc launch images:debian/buster --type t2.micro buuuuster
    lxc launch images:debian/buster --type c1-m1 buuuuster
    

    The containers do not have a storage limit.
    However, you can just set a default storage limit right.

    lxc profile device set default root size=15GB

    Also, edit the default profile
    lxc profile device add default eth0 nic nictype=bridged parent=lxdbr0 name=eth0

    So you don't have to run, everytime.
    lxc config device add containeeer eth0 nic nictype=bridged parent=lxdbr0 name=eth0

    I have to update the post, I wrote this in a hurry yesterday.

  • @tetech said: Normally LXC gives you a bridge like lxcbr0 and the host has IP like 10.0.3.1 and containers 10.0.3.x, so if you make mysql listen on 10.0.3.1 too, then answer becomes yes.

    Yes, but I don't want MySQL bind/listen to bridge IP (as it will be enabled to all other containers too) - was hoping for some lxd (reverse) proxy that I can expose node local ports to container ports :D

    Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
    https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png

  • NeoonNeoon OG
    edited February 10

    @Jab said:

    @tetech said: Normally LXC gives you a bridge like lxcbr0 and the host has IP like 10.0.3.1 and containers 10.0.3.x, so if you make mysql listen on 10.0.3.1 too, then answer becomes yes.

    Yes, but I don't want MySQL bind/listen to bridge IP (as it will be enabled to all other containers too) - was hoping for some lxd (reverse) proxy that I can expose node local ports to container ports :D

    You could just modify that.
    lxc config device add containeeer mysql proxy listen=tcp:127.0.0.1:3306 connect=tcp:127.0.0.1:3306

    Should work, but then 3306 forwarding is occupied and you can only use it once.
    Otherwise you can put MySQL into an container and use an overlay network but its gonna be more complex.
    Or just put it into a container and whitelist the containers that should be able to connect to it right.

    Thanked by (1)Not_Oles
Sign In or Register to comment.