This article will describe installing LXD and running containers.
Table of Contents
1 Disable AppArmor
If you have installed AppArmor and appended "apparmor=1 security=apparmor" to kernel parameter, snapd installation will be failed.
$ sudo snap install --beta core error: cannot perform the following tasks: - Setup snap "core" (2271) security profiles (cannot setup seccomp for snap "core": fork/exec /usr/lib/snapd/snap-seccomp: no such file or directory) - Setup snap "core" (2271) security profiles (fork/exec /usr/lib/snapd/snap-seccomp: no such file or directory)
If you install LXD firstly and install AppArmor later, lxc command will be failed. This will cause even if disabling AppArmor profile for snapd.
$ lxc snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks.
So disable AppArmor with removing "apparmor=1 security=apparmor" from kernel parameter.
2 Install LXD
The following script will install LXD with snap.
#!/bin/sh set -e sudo apt install -y snapd # INFO snap "core" has bad plugs or slots: core-support-plug (unknown interface) # https://forum.snapcraft.io/t/tests-broken-in-master/457/4 sudo snap install core # --beta is not need on 2017/7/17. sudo snap install lxd # Add /snap/bin path to secure_path. sudo sed -e 's;secure_path="\(.*\)";secure_path=\1:/snap/bin;g' \ -i /etc/sudoers # Initialize LXD with NAT network. sudo lxd waitready cat <<EOF | sudo lxd init yes default dir no yes yes lxdbr0 auto auto EOF # Add lxd group. sudo addgroup --system lxd sudo gpasswd -a "${USER}" lxd # Reboot for updating group. sudo reboot
3 Run container
This can download debian/stretch image and run it. IP address is assigned to container.
$ lxc launch images:debian/stretch debian
<snip>
$ lxc exec debian ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
4: eth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP group default qlen 1000
link/ether 00:16:3e:29:1e:7d brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::216:3eff:fe29:1e7d/64 scope link tentative
valid_lft forever preferred_lft forever