lxd

package module
v0.0.0-...-427813e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 7, 2016 License: Apache-2.0 Imports: 22 Imported by: 0

README

LXD

REST API, command line tool and OpenStack integration plugin for LXC.

LXD is pronounced lex-dee.

To easily see what LXD is about, you can try it online.

CI status

  • Travis: Build Status
  • Jenkins: Build Status

Getting started with LXD

Since LXD development is happening at such a rapid pace, we only provide daily builds right now. They're available via:

sudo add-apt-repository ppa:ubuntu-lxc/lxd-git-master && sudo apt-get update
sudo apt-get install lxd

Because group membership is only applied at login, you then either need to close and re-open your user session or use the "newgrp lxd" command in the shell you're going to interact with lxd from.

newgrp lxd

After you've got LXD installed and a session with the right permissions, you can take your first steps.

Using the REST API

The LXD REST API can be used locally via unauthenticated Unix socket or remotely via SSL encapsulated TCP.

via Unix socket
curl --unix-socket /var/lib/lxd/unix.socket \
    -H "Content-Type: application/json" \
    -X POST \
    -d @hello-ubuntu.json \
    "https://127.0.0.1:8443/1.0/containers"
via TCP

TCP requires some additional configuration and is not enabled by default.

lxc config set core.https_address "[::]:8443"
curl -k -L -I \
    --cert ~/.config/lxc/client.crt \
    --key ~/.config/lxc/client.key \
    -H "Content-Type: application/json" \
    -X POST \
    -d @hello-ubuntu.json \
    "https://127.0.0.1:8443/1.0/containers"
JSON payload

The hello-ubuntu.json file referenced above could contain something like:

{
    "name":"some-ubuntu",
    "ephemeral":true,
    "config":{
        "limits.cpu":"2"
    },
    "source": {
        "type":"image",
        "mode":"pull",
        "protocol":"simplestreams",
        "server":"https://cloud-images.ubuntu.com/releases",
        "alias":"14.04"
    }
}

Building from source

We recommend having the latest versions of liblxc (>= 1.1 required) and CRIU (>= 1.7 recommended) available for LXD development. Additionally, LXD requires Golang 1.5 or later to work. All the right versions dependencies are available via the LXD PPA:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ubuntu-lxc/lxd-git-master
sudo apt-get update
sudo apt-get install golang lxc lxc-dev mercurial git pkg-config protobuf-compiler golang-goprotobuf-dev xz-utils tar acl make

There are a few storage backends for LXD besides the default "directory" backend. Installing these tools adds a bit to initramfs and may slow down your host boot, but are needed if you'd like to use a particular backend:

sudo apt-get install lvm2 thin-provisioning-tools
sudo apt-get install btrfs-tools

To run the testsuite, you'll also need:

sudo apt-get install curl gettext jq sqlite3 uuid-runtime pyflakes pep8 shellcheck bzr
Building the tools

LXD consists of two binaries, a client called lxc and a server called lxd. These live in the source tree in the lxc/ and lxd/ dirs, respectively. To get the code, set up your go environment:

mkdir -p ~/go
export GOPATH=~/go

And then download it as usual:

go get github.com/lxc/lxd
cd $GOPATH/src/github.com/lxc/lxd
make

...which will give you two binaries in $GOPATH/bin, lxd the daemon binary, and lxc a command line client to that daemon.

Machine Setup

You'll need sub{u,g}ids for root, so that LXD can create the unprivileged containers:

echo "root:1000000:65536" | sudo tee -a /etc/subuid /etc/subgid

Now you can run the daemon (the --group sudo bit allows everyone in the sudo group to talk to LXD; you can create your own group if you want):

sudo -E $GOPATH/bin/lxd --group sudo

First steps

LXD has two parts, the daemon (the lxd binary), and the client (the lxc binary). Now that the daemon is all configured and running (either via the packaging or via the from-source instructions above), you can create a container:

$GOPATH/bin/lxc launch ubuntu:14.04

Alternatively, you can also use a remote LXD host as a source of images. One comes pre-configured in LXD, called "images" (images.linuxcontainers.org)

$GOPATH/bin/lxc launch images:centos/7/amd64 centos

Bug reports

Bug reports can be filed at https://github.com/lxc/lxd/issues/new

Contributing

Fixes and new features are greatly appreciated but please read our contributing guidelines first.

Contributions to this project should be sent as pull requests on github.

Hacking

Sometimes it is useful to view the raw response that LXD sends; you can do this by:

lxc config set core.trust_password foo
lxc remote add local 127.0.0.1:8443
wget --no-check-certificate https://127.0.0.1:8443/1.0 --certificate=$HOME/.config/lxc/client.crt --private-key=$HOME/.config/lxc/client.key -O - -q

Upgrading

The lxd and lxc (lxd-client) binaries should be upgraded at the same time with:

apt-get update
apt-get install lxd lxd-client

Support and discussions

We use the LXC mailing-lists for developer and user discussions, you can find and subscribe to those at: https://lists.linuxcontainers.org

If you prefer live discussions, some of us also hang out in #lxcontainers on irc.freenode.net.

FAQ

How to enable LXD server for remote access?

By default LXD server is not accessible from the networks as it only listens on a local unix socket. You can make LXD available from the network by specifying additional addresses to listen to. This is done with the core.https_address config variable.

To see the current server configuration, run:

lxc config show

To set the address to listen to, find out what addresses are available and use the config set command on the server:

ip addr
lxc config set core.https_address 192.168.1.15
When I do a lxc remote add over https, it asks for a password?

By default, LXD has no password for security reasons, so you can't do a remote add this way. In order to set a password, do:

lxc config set core.trust_password SECRET

on the host LXD is running on. This will set the remote password that you can then use to do lxc remote add.

You can also access the server without setting a password by copying the client certificate from .config/lxc/client.crt to the server and adding it with:

lxc config trust add client.crt
How do I configure alternative storage backends for LXD?

LXD supports various storage backends; below are instructions on how to configure some of them. By default, we use a simple directory backed storage mechanism, but we recommend using ZFS for best results.

ZFS

First, you need to install the ZFS tooling. On Wily and above this is just:

sudo apt-get install zfsutils-linux

ZFS has many different ways to procure a zpool, which is what you need to feed LXD. For example, if you have an extra block device laying around, you can just:

sudo zpool create lxd /dev/sdc6 -m none

However, if you want to test things out on a laptop or don't have an extra disk laying around, ZFS has its own loopback driver and can be used directly on a (sparse) file. To do this, first create the sparse file:

sudo truncate -s 100G /var/lib/lxd.img

then,

sudo zpool create lxd /var/lib/lxd.img -m none

Finally, whichever method you used to create your zpool, you need to tell LXD to use it:

lxc config set storage.zfs_pool_name lxd
BTRFS

The setup for btrfs is fairly simple, just mount /var/lib/lxd (or whatever your chosen LXD_DIR is) as a btrfs filesystem before you start LXD, and you're good to go. First install the btrfs userspace tools,

sudo apt-get install btrfs-tools

Now, you need to create a btrfs filesystem. If you don't have an extra disk laying around, you'll have to create your own loopback device manually:

sudo truncate -s 100G /var/lib/lxd.img
sudo losetup /dev/loop0 /var/lib/lxd.img

Once you've got a loopback device (or an actual device), you can create the btrfs filesystem and mount it:

sudo mkfs.btrfs /dev/loop0 # or your real device
sudo mount /dev/loop0 /var/lib/lxd
LVM

To set up LVM, the instructions are similar to the above. First, install the userspace tools:

sudo apt-get install lvm2 thin-provisioning-tools

Then, if you have a block device laying around:

sudo pvcreate /dev/sdc6
sudo vgcreate lxd /dev/sdc6
lxc config set storage.lvm_vg_name lxd

Alternatively, if you want to try it via a loopback device, there is a script provided in /scripts/lxd-setup-lvm-storage which will do it for you. It can be run via:

sudo apt-get install lvm2
./scripts/lxd-setup-lvm-storage -s 10G

And it has a --destroy argument to clean up the bits as well:

./scripts/lxd-setup-lvm-storage --destroy
How can I live migrate a container using LXD?

Live migration requires a tool installed on both hosts called CRIU, which is available in Ubuntu via:

sudo apt-get install criu

Then, launch your container with the following,

lxc launch ubuntu $somename
sleep 5s # let the container get to an interesting state
lxc move host1:$somename host2:$somename

And with luck you'll have migrated the container :). Migration is still in experimental stages and may not work for all workloads. Please report bugs on lxc-devel, and we can escalate to CRIU lists as necessary.

Can I bind mount my home directory in a container?

Yes. The easiest way to do that is using a privileged container:

lxc launch ubuntu priv -c security.privileged=true
lxc config device add priv homedir disk source=/home/$USER path=/home/ubuntu
How can I run docker inside a LXD container?

To run docker inside a lxd container, you must be running a kernel with cgroup namespaces (Ubuntu 4.4 kernel or newer, or upstream 4.6 or newer), and must apply the docker profile to your container.

lxc launch ubuntu:xenial my-docker-host -p default -p docker

Note that the docker profile does not provide a network interface, so the common case will want to compose the default and docker profiles.

The container must be using the Ubuntu 1.10.2-0ubuntu4 or newer docker package.

Documentation

Index

Constants

This section is empty.

Variables

View Source
var DefaultConfig = Config{
	Remotes:       DefaultRemotes,
	DefaultRemote: "local",
	Aliases: map[string]string{
		"shell": "exec @ARGS@ -- login -f root",
	},
}
View Source
var DefaultRemotes = map[string]RemoteConfig{
	"images":       ImagesRemote,
	"local":        LocalRemote,
	"ubuntu":       UbuntuRemote,
	"ubuntu-daily": UbuntuDailyRemote}
View Source
var ImagesRemote = RemoteConfig{
	Addr:   "https://images.linuxcontainers.org",
	Public: true}
View Source
var (
	// LXDErrors are special errors; the client library hoists error codes
	// to these errors internally so that user code can compare against
	// them. We probably shouldn't hoist BadRequest or InternalError, since
	// LXD passes an error string along which is more informative than
	// whatever static error message we would put here.
	LXDErrors = map[int]error{
		http.StatusNotFound: fmt.Errorf("not found"),
	}
)
View Source
var LocalRemote = RemoteConfig{
	Addr:   "unix://",
	Static: true,
	Public: false}
View Source
var StaticRemotes = map[string]RemoteConfig{
	"local":        LocalRemote,
	"ubuntu":       UbuntuRemote,
	"ubuntu-daily": UbuntuDailyRemote}
View Source
var UbuntuDailyRemote = RemoteConfig{
	Addr:     "https://cloud-images.ubuntu.com/daily",
	Static:   true,
	Public:   true,
	Protocol: "simplestreams"}
View Source
var UbuntuRemote = RemoteConfig{
	Addr:     "https://cloud-images.ubuntu.com/releases",
	Static:   true,
	Public:   true,
	Protocol: "simplestreams"}

Functions

func GetLocalLXDErr

func GetLocalLXDErr(err error) error

GetLocalLXDErr determines whether or not an error is likely due to a local LXD configuration issue, and if so, returns the underlying error. GetLocalLXDErr can be used to provide customized error messages to help the user identify basic system issues, e.g. LXD daemon not running.

Returns syscall.ENOENT, syscall.ECONNREFUSED or syscall.EACCES when a local LXD configuration issue is detected, nil otherwise.

func SaveConfig

func SaveConfig(c *Config, fname string) error

SaveConfig writes the provided configuration to the config file.

func WebsocketDial

func WebsocketDial(dialer websocket.Dialer, url string) (*websocket.Conn, error)

WebsocketDial attempts to dial a websocket to a LXD instance, parsing LXD-style errors and returning them as go errors.

Types

type Client

type Client struct {
	BaseURL     string
	BaseWSURL   string
	Config      Config
	Name        string
	Remote      *RemoteConfig
	Transport   string
	Certificate string

	Http http.Client
	// contains filtered or unexported fields
}

Client can talk to a LXD daemon.

func NewClient

func NewClient(config *Config, remote string) (*Client, error)

NewClient returns a new LXD client.

func NewClientFromInfo

func NewClientFromInfo(info ConnectInfo) (*Client, error)

NewClientFromInfo returns a new LXD client.

func (*Client) Action

func (c *Client) Action(name string, action shared.ContainerAction, timeout int, force bool, stateful bool) (*Response, error)

func (*Client) AddMyCertToServer

func (c *Client) AddMyCertToServer(pwd string) error

func (*Client) Addresses

func (c *Client) Addresses() ([]string, error)

func (*Client) AmTrusted

func (c *Client) AmTrusted() bool

func (*Client) AssignProfile

func (c *Client) AssignProfile(container, profile string) (*Response, error)

func (*Client) AsyncWaitMeta

func (c *Client) AsyncWaitMeta(resp *Response) (*shared.Jmap, error)

func (*Client) CertificateAdd

func (c *Client) CertificateAdd(cert *x509.Certificate, name string) error

func (*Client) CertificateList

func (c *Client) CertificateList() ([]shared.CertInfo, error)

func (*Client) CertificateRemove

func (c *Client) CertificateRemove(fingerprint string) error

func (*Client) ContainerDeviceAdd

func (c *Client) ContainerDeviceAdd(container, devname, devtype string, props []string) (*Response, error)

func (*Client) ContainerDeviceDelete

func (c *Client) ContainerDeviceDelete(container, devname string) (*Response, error)

func (*Client) ContainerInfo

func (c *Client) ContainerInfo(name string) (*shared.ContainerInfo, error)

func (*Client) ContainerListDevices

func (c *Client) ContainerListDevices(container string) ([]string, error)

func (*Client) ContainerState

func (c *Client) ContainerState(name string) (*shared.ContainerState, error)

func (*Client) CopyImage

func (c *Client) CopyImage(image string, dest *Client, copy_aliases bool, aliases []string, public bool, autoUpdate bool, progressHandler func(progress string)) error

func (*Client) Delete

func (c *Client) Delete(name string) (*Response, error)

func (*Client) DeleteAlias

func (c *Client) DeleteAlias(alias string) error

func (*Client) DeleteImage

func (c *Client) DeleteImage(image string) error

func (*Client) Exec

func (c *Client) Exec(name string, cmd []string, env map[string]string,
	stdin io.ReadCloser, stdout io.WriteCloser,
	stderr io.WriteCloser, controlHandler func(*Client, *websocket.Conn),
	width int, height int) (int, error)

Exec runs a command inside the LXD container. For "interactive" use such as `lxc exec ...`, one should pass a controlHandler that talks over the control socket and handles things like SIGWINCH. If running non-interactive, passing a nil controlHandler will cause Exec to return when all of the command output is sent to the output buffers.

func (*Client) ExportImage

func (c *Client) ExportImage(image string, target string) (string, error)

func (*Client) GetAlias

func (c *Client) GetAlias(alias string) string

func (*Client) GetContainerConfig

func (c *Client) GetContainerConfig(container string) ([]string, error)

* return string array representing a container's full configuration

func (*Client) GetImageInfo

func (c *Client) GetImageInfo(image string) (*shared.ImageInfo, error)

func (*Client) GetLog

func (c *Client) GetLog(container string, log string) (io.Reader, error)

func (*Client) GetMigrationSourceWS

func (c *Client) GetMigrationSourceWS(container string) (*Response, error)

func (*Client) GetProfileConfig

func (c *Client) GetProfileConfig(profile string) (map[string]string, error)

func (*Client) GetServerConfig

func (c *Client) GetServerConfig() (*Response, error)

func (*Client) GetServerConfigString

func (c *Client) GetServerConfigString() ([]string, error)

func (*Client) ImageFromContainer

func (c *Client) ImageFromContainer(cname string, public bool, aliases []string, properties map[string]string) (string, error)

func (*Client) Init

func (c *Client) Init(name string, imgremote string, image string, profiles *[]string, config map[string]string, devices shared.Devices, ephem bool) (*Response, error)

Init creates a container from either a fingerprint or an alias; you must provide at least one.

func (*Client) IsAlias

func (c *Client) IsAlias(alias string) (bool, error)

func (*Client) IsPublic

func (c *Client) IsPublic() bool

func (*Client) ListAliases

func (c *Client) ListAliases() (shared.ImageAliases, error)

func (*Client) ListContainers

func (c *Client) ListContainers() ([]shared.ContainerInfo, error)

func (*Client) ListImages

func (c *Client) ListImages() ([]shared.ImageInfo, error)

func (*Client) ListProfiles

func (c *Client) ListProfiles() ([]string, error)

func (*Client) ListSnapshots

func (c *Client) ListSnapshots(container string) ([]shared.SnapshotInfo, error)

func (*Client) LocalCopy

func (c *Client) LocalCopy(source string, name string, config map[string]string, profiles []string, ephemeral bool) (*Response, error)

func (*Client) MigrateFrom

func (c *Client) MigrateFrom(name string, operation string, certificate string, secrets map[string]string, architecture string, config map[string]string, devices shared.Devices, profiles []string, baseImage string, ephemeral bool) (*Response, error)

func (*Client) Monitor

func (c *Client) Monitor(types []string, handler func(interface{})) error

func (*Client) PostAlias

func (c *Client) PostAlias(alias string, desc string, target string) error

func (*Client) PostImage

func (c *Client) PostImage(imageFile string, rootfsFile string, properties []string, public bool, aliases []string, progressHandler func(percent int)) (string, error)

func (*Client) PostImageURL

func (c *Client) PostImageURL(imageFile string, public bool, aliases []string) (string, error)

func (*Client) ProfileConfig

func (c *Client) ProfileConfig(name string) (*shared.ProfileConfig, error)

func (*Client) ProfileCopy

func (c *Client) ProfileCopy(name, newname string, dest *Client) error

func (*Client) ProfileCreate

func (c *Client) ProfileCreate(p string) error

func (*Client) ProfileDelete

func (c *Client) ProfileDelete(p string) error

func (*Client) ProfileDeviceAdd

func (c *Client) ProfileDeviceAdd(profile, devname, devtype string, props []string) (*Response, error)

func (*Client) ProfileDeviceDelete

func (c *Client) ProfileDeviceDelete(profile, devname string) (*Response, error)

func (*Client) ProfileListDevices

func (c *Client) ProfileListDevices(profile string) ([]string, error)

func (*Client) PullFile

func (c *Client) PullFile(container string, p string) (int, int, int, io.ReadCloser, error)

func (*Client) PushFile

func (c *Client) PushFile(container string, p string, gid int, uid int, mode string, buf io.ReadSeeker) error

func (*Client) PutImageInfo

func (c *Client) PutImageInfo(name string, p shared.BriefImageInfo) error

func (*Client) PutProfile

func (c *Client) PutProfile(name string, profile shared.ProfileConfig) error

func (*Client) Rename

func (c *Client) Rename(name string, newName string) (*Response, error)

func (*Client) RestoreSnapshot

func (c *Client) RestoreSnapshot(container string, snapshotName string, stateful bool) (*Response, error)

func (*Client) ServerStatus

func (c *Client) ServerStatus() (*shared.ServerState, error)

func (*Client) SetContainerConfig

func (c *Client) SetContainerConfig(container, key, value string) error

func (*Client) SetProfileConfigItem

func (c *Client) SetProfileConfigItem(profile, key, value string) error

func (*Client) SetServerConfig

func (c *Client) SetServerConfig(key string, value string) (*Response, error)

func (*Client) Snapshot

func (c *Client) Snapshot(container string, snapshotName string, stateful bool) (*Response, error)

func (*Client) SnapshotInfo

func (c *Client) SnapshotInfo(snapName string) (*shared.SnapshotInfo, error)

func (*Client) UpdateContainerConfig

func (c *Client) UpdateContainerConfig(container string, st shared.BriefContainerInfo) error

func (*Client) UpdateServerConfig

func (c *Client) UpdateServerConfig(ss shared.BriefServerState) (*Response, error)

func (*Client) WaitFor

func (c *Client) WaitFor(waitURL string) (*shared.Operation, error)

Wait for an operation

func (*Client) WaitForSuccess

func (c *Client) WaitForSuccess(waitURL string) error

type Config

type Config struct {
	// DefaultRemote holds the remote daemon name from the Remotes map
	// that the client should communicate with by default.
	// If empty it defaults to "local".
	DefaultRemote string `yaml:"default-remote"`

	// Remotes defines a map of remote daemon names to the details for
	// communication with the named daemon.
	// The implicit "local" remote is always available and communicates
	// with the local daemon over a unix socket.
	Remotes map[string]RemoteConfig `yaml:"remotes"`

	// Command line aliases for `lxc`
	Aliases map[string]string `yaml:"aliases"`

	// This is the path to the config directory, so the client can find
	// previously stored server certs, give good error messages, and save
	// new server certs, etc.
	//
	// We don't need to store it, because of course once we've loaded this
	// structure we already know where it is :)
	ConfigDir string `yaml:"-"`
}

Config holds settings to be used by a client or daemon.

func LoadConfig

func LoadConfig(path string) (*Config, error)

LoadConfig reads the configuration from the config path; if the path does not exist, it returns a default configuration.

func (*Config) ConfigPath

func (c *Config) ConfigPath(file string) string

func (*Config) ParseRemote

func (c *Config) ParseRemote(raw string) string

func (*Config) ParseRemoteAndContainer

func (c *Config) ParseRemoteAndContainer(raw string) (string, string)

func (*Config) ServerCertPath

func (c *Config) ServerCertPath(name string) string

type ConnectInfo

type ConnectInfo struct {
	// Name is a simple identifier for the remote server. In 'lxc' it is
	// the name used to lookup the address and other information in the
	// config.yml file.
	Name string
	// RemoteConfig is the information about the Remote that we are
	// connecting to. This includes information like if the remote is
	// Public and/or Static.
	RemoteConfig RemoteConfig
	// ClientPEMCert is the PEM encoded bytes of the client's certificate.
	// If Addr indicates a Unix socket, the certificate and key bytes will
	// not be used.
	ClientPEMCert string
	// ClientPEMKey is the PEM encoded private bytes of the client's key associated with its certificate
	ClientPEMKey string
	// ClientPEMCa is the PEM encoded client certificate authority (if any)
	ClientPEMCa string
	// ServerPEMCert is the PEM encoded server certificate that we are
	// connecting to. It can be the empty string if we do not know the
	// server's certificate yet.
	ServerPEMCert string
}

ConnectInfo contains the information we need to connect to a specific LXD server

type RemoteConfig

type RemoteConfig struct {
	Addr     string `yaml:"addr"`
	Public   bool   `yaml:"public"`
	Protocol string `yaml:"protocol,omitempty"`
	Static   bool   `yaml:"-"`
}

RemoteConfig holds details for communication with a remote daemon.

type Response

type Response struct {
	Type ResponseType `json:"type"`

	/* Valid only for Sync responses */
	Status     string `json:"status"`
	StatusCode int    `json:"status_code"`

	/* Valid only for Async responses */
	Operation string `json:"operation"`

	/* Valid only for Error responses */
	Code  int    `json:"error_code"`
	Error string `json:"error"`

	/* Valid for Sync and Error responses */
	Metadata json.RawMessage `json:"metadata"`
}

func HoistResponse

func HoistResponse(r *http.Response, rtype ResponseType) (*Response, error)

HoistResponse hoists a regular http response into a response of type rtype or returns a golang error.

func ParseResponse

func ParseResponse(r *http.Response) (*Response, error)

ParseResponse parses a lxd style response out of an http.Response. Note that this does _not_ automatically convert error responses to golang errors. To do that, use ParseError. Internal client library uses should probably use HoistResponse, unless they are interested in accessing the underlying Error response (e.g. to inspect the error code).

func (*Response) MetadataAsMap

func (r *Response) MetadataAsMap() (*shared.Jmap, error)

func (*Response) MetadataAsOperation

func (r *Response) MetadataAsOperation() (*shared.Operation, error)

type ResponseType

type ResponseType string
const (
	Sync  ResponseType = "sync"
	Async ResponseType = "async"
	Error ResponseType = "error"
)

Directories

Path Synopsis
Package main is a generated protocol buffer package.
Package main is a generated protocol buffer package.
lxd-bridge
This is a FLEXible file which can be used by both client and daemon.
This is a FLEXible file which can be used by both client and daemon.
gnuflag
Package flag implements command-line flag parsing in the GNU style.
Package flag implements command-line flag parsing in the GNU style.
test
deps
* An example of how to use lxd's golang /dev/lxd client.
* An example of how to use lxd's golang /dev/lxd client.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL