Setup LXC using vm‐broker - allanrogerr/public GitHub Wiki
Deploying to datacenter using GitHub workflow - https://github.com/miniohq/vm-broker/blob/master/.github/workflows/deployer.yml
ssh [email protected]
sudo apt update
sudo apt upgrade
#sudo apt-get install lxc
#sudo snap install lxd
sudo lxd init
Installing LXD snap, please be patient.
Would you like to use LXD clustering? (yes/no) [default=no]:
Do you want to configure a new storage pool? (yes/no) [default=yes]:
Name of the new storage pool [default=default]:
Name of the storage backend to use (ceph, dir, lvm, powerflex, zfs, btrfs) [default=zfs]:
Create a new ZFS pool? (yes/no) [default=yes]:
Would you like to use an existing empty block device (e.g. a disk or partition)? (yes/no) [default=no]:
Size in GiB of the new loop device (1GiB minimum) [default=27GiB]: 100GiB
Would you like to connect to a MAAS server? (yes/no) [default=no]:
Would you like to create a new local network bridge? (yes/no) [default=yes]:
What should the new bridge be called? [default=lxdbr0]:
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]:
Would you like the LXD server to be available over the network? (yes/no) [default=no]: yes
Address to bind LXD to (not including port) [default=all]:
Port to bind LXD to [default=8443]:
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]:
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: yes
config:
core.https_address: '[::]:8443'
networks:
- config:
ipv4.address: auto
ipv6.address: auto
description: ""
name: lxdbr0
type: ""
project: default
storage_pools:
- config:
size: 100GiB
description: ""
name: default
driver: zfs
storage_volumes: []
profiles:
- config: {}
description: ""
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
name: default
projects: []
cluster: null
For subsequent node creation, retain a copy of the required server certificate from /var/snap/lxd/common/lxd/server.crt. This is added to the node configuration UI.
On each LXC node, if this was not done above, also configure a trust password. Note use a different random string instead of <password>. This has already been done on the datacenter so please don't change the current password.
sudo lxc config set core.trust_password <password>On the vm-broker client (e.g. kubernetes pods), validate non-trust
curl -s -k --cert ~/.vm-broker/ssl/tls.crt --key ~/.vm-broker/ssl/tls.key https://a.b.c.d:8443/1.0 | jq .metadata.auth# "untrusted"On client, add certificates
curl -s -k --cert ~/.vm-broker/certs/tls.crt --key ~/.vm-broker/certs/tls.key https://a.b.c.d:8443/1.0/certificates -X POST -d '{"type": "client", "password": "<password>"}' | jq .# {
# "type": "sync",
# "status": "Success",
# "status_code": 200,
# "operation": "",
# "error_code": 0,
# "error": "",
# "metadata": null
# }On client, validate trust
curl -s -k --cert ~/.vm-broker/certs/tls.crt --key ~/.vm-broker/certs/tls.key https://a.b.c.d:8443/1.0 | jq .metadata.auth# "trusted"On each LXC node, also configure the remote image server. This allows each LXC node to access the images of each other.
sudo lxc config set core.https_address "[::]:8443"Store images cached during instance creation for 1 day using the following, to save on storage:
sudo lxc config set images.remote_cache_expiry 1Validate the remote servers' accessibility using:
sudo lxc config show
config:
core.https_address: '[::]:8443'
core.trust_password: true
images.remote_cache_expiry: "1"
