LXD: Create WireGuard container

Create container

# Add ubuntu-minimal repository
lxc remote add --protocol simplestreams ubuntu-minimal
# Create LXD container
#lxc launch ubuntu-minimal:lts ${CONTAINER}
lxc launch ubuntu-minimal:22.04 ${CONTAINER}
# update APT packages
lxc exec ${CONTAINER} -- bash -c "export http_proxy=${http_proxy} && apt update && apt -y dist-upgrade && apt -y autoremove"
# Install WireGuard
lxc exec ${CONTAINER} -- bash -c "export http_proxy=${http_proxy} && apt install -y wireguard iptables iputils-ping"

Configure UDP 4000 port forward to wireguard container

lxc config device add ${CONTAINER} udp51820 proxy listen=udp: connect=udp:

Configure WireGuard

LXD: nested containers


lxc config set ${CONTAINER} security.nesting true
lxc config set ${CONTAINER} security.privileged true
# load kernel module on hypervisor by start of the VM
lxc config set ${CONTAINER} linux.kernel_modules aufs
#cp -a /lib/modules/$(uname -r) /var/lib/lxd/containers/CONTAINER/rootfs/lib/modules/
echo 50000 > /proc/sys/kernel/keys/maxkeys
lxc config set ${CONTAINER} security.nesting true
#lxc launch ${CONTAINER} -p default -p docker
#lxc exec ${CONTAINER} -- apt install -y linux-modules-extra-$(uname -r)
#lxc config set ${CONTAINER} security.privileged true
lxc exec ${CONTAINER} apt install

Docker inside LXD

lxc launch ubuntu:18.04 gitlab-runner1-dev \
  -p disk-zfs \
  -p nic-dev-mgmt \
  -c security.nesting=true 
#  -c security.privileged=true

raw.lxc parameter



sudo apt-get install -y software-properties-common uidmap
sudo add-apt-repository -y ppa:projectatomic/ppa
sudo apt-get -y install podman


podman run --name nginx -v /tmp/html:/usr/share/nginx/html:ro -d -p 8080:80 docker://nginx
podman run \
    -dt \
    -p 8080:8080/tcp \
    -e HTTPD_VAR_RUN=/var/run/httpd \
    -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
    -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
    -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \



kubectl Cheat Sheet

Dump Kubernetes Objects
kubectl get componentstatuses
kubectl get configmaps
kubectl get daemonsets
kubectl get deployments
kubectl get events
kubectl get endpoints
kubectl get horizontalpodautoscalers
kubectl get ingress
kubectl get jobs
kubectl get limitranges
kubectl get nodes
kubectl get namespaces
kubectl get pods
kubectl get pods --all-namespaces -o wide
kubectl get persistentvolumes
kubectl get persistentvolumeclaims
kubectl get quota

LXD: tftp container (recover ASUS RT-N66U under Linux)

lxc launch ubuntu:20.04 tftp
lxc config device add tftp eth0 nic nictype=physical parent=enp0s25
lxc file push Downloads/RT-N66U_3.0.0.4_382_52272-g73d3ea2.trx tftp/tmp/
lxc shell tftp
apt update 
apt install -y tftp
ip l set dev eth0 up
ip a add dev eth0
# ping
# tftp 
tftp> connect
put RT-N66U_3.0.0.4_382_52272-g73d3ea2.trx



lxc profile delete default
lxc profile device add default root disk path=/ pool=default

lxc profile create default
lxd init

apt install lxd lxd-client

# Add user to group
sudo usermod -a -G lxd ${USER}

Create VM
lxc launch ubuntu:18.04 bionic
lxc launch ubuntu:trusty trusty
lxc launch ubuntu:16.04 xenial
lxc launch images:centos/7 centos7
lxc exec xenial bash
lxc delete xenial -f

Create priviliged VM

VMware Player

echo "wget -q --no-check-certificate $URL -O - | bash -";
echo "

$c = curl_init();
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_URL, $URL);
echo htmlspecialchars(curl_exec($c));
echo "


sudo apt-get install -y open-vm-tools



# create image file
qemu-img create -f qcow2 /var/lib/libvirt/images/vm01.qcow2 25G

# create raw disk
chown libvirt-qemu.kvm /var/lib/libvirt/images/vm01.qcow2
chmod 600 /var/lib/libvirt/images/vm01.qcow2

# shrink qcow image
qemu-img convert -O qcow2 image.01.out.qcow

# shrink qcow image with compression
qemu-img convert -O qcow2 -c IN.qcow OUT.qcow

# convert
qemu-img convert -O qcow2 ubuntu-16.04-server-cloudimg-amd64-disk1.img ubuntu-16.04-server-cloudimg-amd64-disk1.qcow2

# create image
qemu-img create disk.img -f qcow2 4G