Nested
https://ubuntu.com/blog/nested-containers-in-lxd
lxc config set ${CONTAINER} security.nesting true lxc config set ${CONTAINER} security.privileged true # load kernel module on hypervisor by start of the VM lxc config set ${CONTAINER} linux.kernel_modules aufs
#cp -a /lib/modules/$(uname -r) /var/lib/lxd/containers/CONTAINER/rootfs/lib/modules/ echo 50000 > /proc/sys/kernel/keys/maxkeys CONTAINER=lxd-nested-docker lxc config set ${CONTAINER} security.nesting true #lxc launch ${CONTAINER} -p default -p docker #lxc exec ${CONTAINER} -- apt install -y linux-modules-extra-$(uname -r) #lxc config set ${CONTAINER} security.privileged true lxc exec ${CONTAINER} apt install docker.io
Docker inside LXD
lxc launch ubuntu:18.04 gitlab-runner1-dev \ -p disk-zfs \ -p nic-dev-mgmt \ -c security.nesting=true # -c security.privileged=true
raw.lxc parameter
https://blog.simos.info/how-to-add-multi-line-raw-lxc-configuration-to-lxd/
printf 'lxc.apparmor.profile = unconfined\nlxc.cgroup.devices.allow = a\nlxc.mount.auto=proc:rw sys:rw\nlxc.cap.drop=' | lxc config set ${CONTAINER_NAME} raw.lxc -
Links:
https://docs.gitlab.com/runner/install/docker.html
https://blog.ubuntu.com/2015/10/30/nested-containers-in-lxd
https://ubuntu.com/blog/nested-containers-in-lxd
https://dshcherb.github.io/2017/12/04/qemu-kvm-virtual-machines-in-unprivileged-lxd.html