Author Archives: s3hh

Using lxd snapshots

Lxd with zfs is fast. Very fast. Yesterday I was testing a package upgrade problem. Purging and re-installing the package was not good enough to reproduce it. So, 1. create a base container lxc launch ubuntu:xenial lv1 That takes about … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

LXD Image Updates

LXD is sweet. To create a ubuntu xenial container, just do lxc launch ubuntu:xenial x1 The remote xenial image will be automatically fetched on the first use, and cached for future uses. Nifty. Hmm… but what then? There are three … Continue reading

Posted in Uncategorized | 5 Comments

Docker in LXD

Since the very early days of upstream Linux containers – around 2006 – we’ve been distinguishing between ‘application’ and ‘system’ containers. (The definition of application containers has changed a bit, and their use case has changed a *lot*, but the … Continue reading

Posted in Uncategorized | Leave a comment

PSA: nested lxc containers

lxc has long supported nesting containers. There’s a lot of (historically accurate) documentation out there saying to use the line lxc.aa_profile = lxc-container-default-with-nesting to enable that. Sadly, a somewhat new kernel restriction has recently required a bit more work. To … Continue reading

Posted in Uncategorized | Leave a comment

Containers – inspect, don’t introspect

You’ve got a whatzit daemon running in a VM. The VM starts acting suspiciously – a lot more cpu, memory, or i/o than you’d expect. What do you do? You could log in and look around. But if the VM’s … Continue reading

Posted in Uncategorized | Leave a comment

Cgroups are now handled a bit differently in Xenial

In the past, when you logged into an Ubuntu system, you would receive and be logged into a cgroup which you owned, one per controller (i.e. memory, freezer, etc). The main reason for this is so that unprivileged users can … Continue reading

Posted in Uncategorized | Leave a comment

Nested containers in LXD

We’ve long considered nested containers an important use case in lxc. Lxd is no different in this regard. Lately there have been several questions If you are using privileged lxd containers (security.privileged: true), then the only thing you need to … Continue reading

Posted in Uncategorized | 4 Comments