lxd

LXD: Create X11 container

CONTAINER=x11
 
lxc remote add --protocol simplestreams ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/
 
lxc launch ubuntu-minimal:22.04 ${CONTAINER}
 
lxc exec ${CONTAINER} -- sudo --login --user ubuntu
sudo apt update
sudo apt install -y x11-apps mesa-utils
exit
 
lxc config set ${CONTAINER} raw.idmap "both $UID 1000"
 
lxc restart ${CONTAINER}
 
lxc config device add ${CONTAINER} X0 disk path=/tmp/.X11-unix/X0 source=/tmp/.X11-unix/X0
lxc config device add ${CONTAINER} Xauthority disk path=/home/ubuntu/.Xauthority source=${XAUTHORITY}

Links
https://blog.simos.info/running-x11-software-in-lxd-containers/
https://blog.simos.info/how-to-run-teamviewer-in-lxd/
https://blog.simos.info/how-to-run-graphics-accelerated-gui-apps-in-lxd-containers-on-your-ubuntu-desktop/

LXD: Create WireGuard container

Create container

CONTAINER=wireguard
 
# Add ubuntu-minimal repository
lxc remote add --protocol simplestreams ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/
 
# Create LXD container
#lxc launch ubuntu-minimal:lts ${CONTAINER}
lxc launch ubuntu-minimal:22.04 ${CONTAINER}
 
# update APT packages
lxc exec ${CONTAINER} -- bash -c "export http_proxy=${http_proxy} && apt update && apt -y dist-upgrade && apt -y autoremove"
 
# Install WireGuard
lxc exec ${CONTAINER} -- bash -c "export http_proxy=${http_proxy} && apt install -y wireguard iptables iputils-ping"

Configure UDP 4000 port forward to wireguard container

lxc config device add ${CONTAINER} udp51820 proxy listen=udp:0.0.0.0:51820 connect=udp:127.0.0.1:51820

Configure WireGuard

LXD: profile

Copy profiles between LXD cluster nodes

lxc profile copy profile-name new-lxd-server:

Export all profiles

for PROFILE in $(lxc profile list --format json | jq -r '.[].name'); do
    lxc profile show ${PROFILE} > ${PROFILE}
done

Import profiles

for PROFILE in $(ls nic* disk*); do
    lxc profile create ${PROFILE} < ${PROFILE}
done

Links
https://ubuntu.com/blog/lxd-5-easy-pieces

Deploy LXD container with terraform

Docs
https://registry.terraform.io/providers/terraform-lxd/lxd/latest/docs
https://registry.terraform.io/providers/terraform-lxd/lxd/latest/docs/resources/container

Create LXD container

# terraform init
# terraform apply -auto-approve
# terraform destroy -auto-approve
 
 
terraform {
  required_providers {
    lxd = {
      source = "terraform-lxd/lxd"
    }
  }
}
 
provider "lxd" {
  generate_client_certificates = true
  accept_remote_certificate    = true
}
 
resource "lxd_container" "lxd_container_u2004" {
  name  = "u2004"
  image = "ubuntu:20.04"
 
  config = {
    "boot.autostart" = true
  }
 
  limits = {
    cpu = 2
  }
}
 
resource "lxd_container" "lxd_container_u2110" {
  name = "u2110"
  image = "ubuntu:21.10"
  # image = "images:ubuntu-minimal:21.10" # fixme
 
  config = {
    "boot.autostart" = true
  }
 
  limits = {
    cpu = 2
  }
}

Links
https://dev.to/smashse/snap-lxd-terraform-3f0p

LXD: proxy

lxc launch ubuntu:20.04 proxy
 
cat <<EOF> /etc/netplan/50-cloud-init.yaml 
network:
  version: 2
  ethernets:
    eth0:
      dhcp4: true
      #optional: true
      dhcp4-overrides:
        use-dns: false
        use-routes: false
 
  wifis:
    eth1:
      dhcp4: true
      access-points:
        "foo-wifi":
           password: "pass1234"
EOF
 
lxc config device remove proxy eth1 
 
lxc config device add proxy eth1 nic nictype=physical parent=wlx001f1f283377

LXD: OpenStack CLI (OSC) container

# create container
lxc launch ubuntu:20.04 osc
lxc shell osc
 
# install OpenStack CLI
apt install -y python3-openstackclient python3-neutron-vpnaas python3-octaviaclient python3-barbicanclient
openstack complete | sudo tee /etc/bash_completion.d/openstack
source /etc/bash_completion
 
# configure connection
mkdir -p ~/.config/openstack
cat <<EOF> ~/.config/openstack/clouds.yaml
clouds:
  dev-foo-app:
    auth:
      auth_url: https://keystone.service.example.com/v3
      application_credential_id: "xxxxxxxx"
      application_credential_secret: "xxxxxxxx"
    region_name: "eu-fra1"
    interface: "public"
    identity_api_version: 3
    auth_type: "v3applicationcredential"
EOF
 
echo export OS_CLOUD=dev-foo-app >> .bashrc
 
# test
export OS_CLOUD=dev-foo-app
openstack image list