VM: lxc: Installation
Installing and getting a VM (Virtual Machine) running inside the lxc / lxd containerization service.
A complete alternative to docker.io is lxc. It is a powerful virtualization system.
- lxc segregates VM's and containers and uses effectively different command sets for each.
To install:
sudo apt-get install lxc
And from there you will have a list of possible commands:
lxc is more 'tool like' than standard docker, and you can see how it installed with lxc-checkconfig
With a detailed information about the lxc containerization service:
Due to lxc unprivileged nature - most containers will not work due to the mapping of sub ids to uids. Effectively:
Create a ~/.config/default.conf and load the following:
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
And then execute:
echo "$(id -un) veth lxcbr0 10" | sudo tee -a /etc/lxc/lxc-usernet
If you are working from Ubuntu:
export DOWNLOAD_KEYSERVER="hkp://keyserver.ubuntu.com"
Once we are done this we can follow the guide to start one. Oddly they are calling from a systemd call:
systemd-run --unit=my-unit --user --scope -p "Delegate=yes" -- lxc-start my-container
The container automatically is stopped on creation and there seems to be some issues in making / keeping it running. Attempting to attach to it:
Broken out of the gate:
As the guide covers the one linux that is inherently and properly setup is Ubuntu. Since we are on backbox, we were finally able to get a container to run - as root.
sudo lxc-create -t download -n privilege
If you have the type download it will give you a option to download a bunch of pre-built image types.
lxc-start -n privilege
lxc-info -n privilege
Networking:
Inspecting the first running container shows it is network isolated, and it is recommended to install lxd:
sudo snap install lxd
After you have installed lxd - lxc behaves very similar to docker. For instance:
lxc launch ubuntu:22.04 u1
Now it is much more managable:
lxc storage list
As we learn more effectively lxc by and of itself is pretty limited and to use it you need its lxd companion:
Whoa! Here is where lxd/lxc just left docker in the dust - X11..
This was run out of the gate from inside the running instance:
sudo apt install x11-apps --fix-missing
And then simply ssh -X into the box:
xclock
Try setting up a X11 to a docker and it has been my experience you will be fumbling around for days configuring ports etc etc etc. This just works. Also it seems to properly setup a bridge interface for all your VM's that have proper port/ip bindings. QEMU was found to be quite problematic in this regard (requiring lots of network plumbing) but was treated like 'whole VM's' with their own desktop etc. Very impressed.
So the next question becomes can one have a lxd/lxc load a .iso image on boot to install an entire VM machine like a normal virtual machine?
Looking around we find an awesome guide - so simple one would have to try it:
- Create a VM.
2. Give it more disk space:
3. Create a virtual CDROM and add it to the 'u1' instance:
IMPORTANT! You must now disable autoboot - simply if the image is not correctly configured it will boot automatically into a disabled format (aka bad virtual bios setup)
lxc config set <vm> boot.autostart=false
4. Start the image (wow it worked!)
lxc start u1 --console=vga
It's not perfect but it tried:
What was missing? We needed to turn off 'secure-boot'
Nope that did not work either. But it is like the 'cdrom' is not being seen properly.
Finally we tried another .iso different from backbox - dragonOS
Solved! Thanks to here As the machine boots treat it like a normal computer with it's own bios, hit escape inside the boot screen quickly you will get a 'virtual bios'!
The moment we changed the boot manager presto - we were up!
Summary - lxc/lxd wins hands down.
- QEMU was fantastic - minor one limitation, it never seemed to map a proper external IP to your VM without a pile of plumbing. It was very mangly to ssh into a running VM.
- Docker just seemed to have no examples that worked properly with X11 I welcome anyone to advise otherwise.
- lxd/lxc answered both of these problems - allowing for full desktop VM's while allowing for proper network plumbing to reach them!
- NONE of this is possible in Windows.
- I used to utilize QEMU exclusively for local VM's but because of the proper network mapping of devices under the lxd/lxc I have now switched. It works.