Put everything into a Container | LXD Debian 12
Hey,
Since I got the PrepaidHost box, I wanted to try something different right.
Not Proxmox, boring, lets go with LXD on Debian 12.
Since Debian 12 has been released, it has been shipped with LXD.
Which is great, because usually it comes only with an external package manager like snap.
I hate snap, because it does force automatic updates and has a performance penalty.
Snap is great for some cases, but I still hate it.
To get started, you can just install LXD with apt-get.
apt-get install lxd -y
This installs the LTS version, which is supported until 2028.
Also you still gonna have full access to the image server until in a few months.
Until then you can either migrate to Incus, use the new image server for LXD or just use a reverse proxy to keep access to the images, so no worries.
Debian is not shipped with ZFS by default, you can also use LVM, BTRFS or CEPH.
To install zfs on Debian, you have to modify your sources.list and add contrib to main, updates and security.
Like this.
deb http://deb.debian.org/debian bookworm main non-free non-free-firmware contrib
deb http://deb.debian.org/debian bookworm-updates main non-free non-free-firmware contrib
deb http://deb.debian.org/debian-security/ bookworm-security main non-free non-free-firmware contrib
And then just run this to install zfs.
apt-get update && apt-get install zfs-dkms -y && reboot
To setup LXD, which configures a bridge, which your containers connect to and a default storage backend, you can just run.
Adjust the size depending on your disk allocation.
lxd init --auto --storage-backend=zfs --storage-create-loop=50GB
Ideally, you have a extra partition, you can hand over to LXD.
This increases I/O performance, since with a loop device, we basically run a filesystem in a filesystem and this is going to cost us some I/O performance.
lxd init --auto --storage-backend=zfs --storage-create-device=/dev/sda2
ZFS is one of the recommended filesystems, you can also use BTRFS, LVM or CEPH.
Now your done, LXD is configured, so you can deploy the first container.
To create your first container run.
lxc launch images:debian/bookworm/amd64 --device root,size=10GiB --config limits.cpu=1 --config limits.memory=1024MiB containeeer
You can find the available images here.
https://images.linuxcontainers.org/
To give this container access to the network.
lxc config device add containeeer eth0 nic nictype=bridged parent=lxdbr0 name=eth0
If you want to forward a specific port like 443 for a webserver, you can simply do this with that.
lxc config device add containeeer 443 proxy listen=tcp:0.0.0.0:443 connect=tcp:127.0.0.1:443
Afterwards you can just enter the container and setup your stuff.
lxc exec containeeer -- /bin/bash
if you wanna get rid of a container, you have to run.
lxc stop containeeer && lxc delete containeeer
To update the limits.
lxc config set containeeer limits.cpu 4
lxc config set containeeer limits.memory 2048MiB
lxc config device set containeeer root size 20GB
To list all containers.
lxc list
Have fun.
Comments
Thanks!
Next time I am forced to move my server will try this lxd rather than plain lxc (old version?) that is fucking hard to Google anything because it ends with
lxd
results, 24/7, everydamnfuckingtime.// As I am already here - is there a way to allow container to connect to MySQL/MariaDB database running on [node] 127.0.0.1:3306 without iptables rules?
Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png
lxd is just a wrapper around lxc, which makes it way easier to use.
No idea what you mean by that.
You have to be more precise.
Free NAT KVM | Free NAT LXC | Bobr
ITS WEDNESDAY MY DUDES
I think he means he runs mysql on the host and wants to access it from container. If it listens on 127.0.0.1, then no. Normally LXC gives you a bridge like
lxcbr0
and the host has IP like 10.0.3.1 and containers 10.0.3.x, so if you make mysql listen on 10.0.3.1 too, then answer becomes yes.I only use plain LXC but LXD will do something similar to that.
Is there any interface for managing LXD like Portainer?
https://microlxc.net/
Maybe you need try this https://github.com/lxdware/lxd-dashboard
yea if he would make listen for example mysql on the gateway of the bridge, it should work fine.
Free NAT KVM | Free NAT LXC | Bobr
ITS WEDNESDAY MY DUDES
Yea but its with snap.
https://github.com/canonical/lxd-ui
CLI is way easier if you learn the syntax, does everything you need and no snap.
Free NAT KVM | Free NAT LXC | Bobr
ITS WEDNESDAY MY DUDES
Actually this is way simpler.
The containers do not have a storage limit.
However, you can just set a default storage limit right.
lxc profile device set default root size=15GB
Also, edit the default profile
lxc profile device add default eth0 nic nictype=bridged parent=lxdbr0 name=eth0
So you don't have to run, everytime.
lxc config device add containeeer eth0 nic nictype=bridged parent=lxdbr0 name=eth0
I have to update the post, I wrote this in a hurry yesterday.
Free NAT KVM | Free NAT LXC | Bobr
ITS WEDNESDAY MY DUDES
Yes, but I don't want MySQL bind/listen to bridge IP (as it will be enabled to all other containers too) - was hoping for some lxd (reverse) proxy that I can expose node local ports to container ports
Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png
You could just modify that.
lxc config device add containeeer mysql proxy listen=tcp:127.0.0.1:3306 connect=tcp:127.0.0.1:3306
Should work, but then 3306 forwarding is occupied and you can only use it once.
Otherwise you can put MySQL into an container and use an overlay network but its gonna be more complex.
Or just put it into a container and whitelist the containers that should be able to connect to it right.
Free NAT KVM | Free NAT LXC | Bobr
ITS WEDNESDAY MY DUDES