How to Set Up and Use LXD on CentOS Linux 7.x Server

I know how to setup LXD on a Debian or Ubuntu Linux. How do I install, configure and setup LXD on CentOS Linux 7.x?

Introduction: Linux containers give an environment as close as possible as the one you would get from a VM but without the overhead that comes with running a separate kernel and simulating all the hardware. You can run your favorite Linux distributions such as Debian, Ubuntu, Arch, Gentoo, CentOS and more. LXD is lxc on steroids with strong security on the mind. LXD is not a rewrite of LXC. Under the hood, LXD uses LXC through liblxc and its Go binding. This tutorial shows how to setup and use LXD on CentOS Linux 7.x server.

Procedure to set up and use LXD on CentOS Linux 7.x

  1. Install snapd on CentOS
  2. Install lxd on CentOS Linux
  3. Configure lxd storage, networking, and other stuff
  4. Create your first VM

Step 1 – Update CentOS 7.x box

Run the following yum command:
$ sudo yum update
## reboot Linux box if kernel updated ##
$ sudo reboot

Step 2 – Configure EPEL repo on CentOS 7.x

Command to install EPEL repo on a CentOS Linux and RHEL 7.x:
$ sudo yum install epel-release
$ sudo yum update

See “How To Install EPEL Repo on a CentOS and RHEL 7.x” for more info.

Step 3 – How to enable and configure COPR repository for CentOS Linux

Type the following yum command:
$ sudo yum install yum-plugin-copr
$ sudo yum copr enable ngompa/snapcore-el7

Step 4 – Install LXD

Install LXD on CentOS 7 Linux:
$ sudo yum install snapd
$ sudo systemctl enable --now snapd.socket

Step 5 – Configure the CentOS Linux kernel for LXD

You need to use the grubby command. It is acommand line tool for updating and displaying information about the configuration files for various architecture specific bootloaders:
$ grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
$ grubby --args="namespace.unpriv_enable=1" --update-kernel="$(grubby --default-kernel)"
$ sudo sh -c 'echo "user.max_user_namespaces=3883" > /etc/sysctl.d/99-userns.conf'
$ sudo reboot

Step 5 – Install the LXD on CentOS

Run the following command:
$ sudo snap search lxd
$ sudo snap install lxd
$ sudo ln -s /var/lib/snapd/snap /snap


Verify it:
$ snap list
$ snap services

Step 5 – Configuring LXD

First, you need to add yourself to the LXD group. The command to add user to Linux group is as follows:
$ sudo usermod -a -G lxd vivek
Use the id command to verify it:
$ newgrp lxd
$ id

Make sure we can talk to lxd server:
$ lxc list
To configure LXD on CentOS 7, run:
$ lxd init

Step 6 – Create and launch your first container

You can list all container images with the following command:
$ lxc image list images:
$ lxc image list images: | grep -i centos
$ lxc image list images: | grep -u ubuntu

How create and setup your first container

To create and start containers from images use the launch command as follows:
lxc launch images:{distro}/{version}/{arch} {container-name-here}
Let us see some examples to create and start containers from various Linux distro images as per your needs.

CentOS Linux 7 container

$ lxc launch images:centos/7/amd64 cenots-db

To access the VM/container:
$ lxc list
$ lxc exec centos-db bash

Ubuntu Linux 16.4 “xenial” LTS VM

$ lxc launch images:ubuntu/xenial/amd64 ubuntu-nginx

Fedora Linux 28 VM

$ lxc launch images:fedora/28/amd64 fedora27-c1

Now I have set up and use LXD on CentOS 7.x, what next?

List your containers:
lxc list
To start/stop/restart containers use:
lxc start container-name
lxc stop container-name
lxc restart container-name

Remove or delete container
lxc delete container-name
lxc delete nginx-c1

Getting info about your container:
$ lxc info container
$ lxc info centos-db

Setting up iptables rules to redirect traffic (type commands on host)

The syntax is as follows to redirect traffic for 443 coming on public IP 104.20.186.5 to container IP 10.86.112.210:443
iptables -t nat -I PREROUTING -i eth0 -p TCP -d 104.20.186.5 --dport 443 -j DNAT --to-destination 10.86.112.210:443
CentOS uses the firwalld. To find the default firewalld zone, run:
$ sudo firewall-cmd --get-default-zone
public

Open port 443 for public zone
$ sudo firewall-cmd --zone=public --add-service=https --permanent
Forward port 443 to the LXD server 10.86.112.210:443
$ sudo firewall-cmd --permanent --zone=public --add-forward-port=port=443:proto=tcp:toport=443:toaddr=10.86.112.210
Reload the fireall
$ sudo firewall-cmd --reload
Test it. Fire the web browser and type url:
https://104.20.186.5

A list of lxc command

lxc --help
lxc command --help
lxc stop --help

command Description
alias Manage command aliases
cluster Manage cluster members
config Manage container and server configuration options
console Attach to container consoles
copy Copy containers within or in between LXD instances
delete Delete containers and snapshots
exec Execute commands in containers
export Export container backups
file Manage files in containers
help Help about any command
image Manage images
import Import container backups
info Show container or server information
launch Create and start containers from images
list List containers
move Move containers within or in between LXD instances
network Manage and attach containers to networks
operation List, show and delete background operations
profile Manage profiles
publish Publish containers as images
remote Manage the list of remote servers
rename Rename containers and snapshots
restart Restart containers
restore Restore containers from snapshots
snapshot Create container snapshots
start Start containers
stop Stop containers
storage Manage storage pools and volumes
version Show local and remote versions

Conclusion

You have set up CentOS and other VM running in an LXD container. You can now use your container as independent VM/jail. You can redirect traffic using iptables/ufw to containers to the specific port. For more info see the official page here and here.


🐧 Please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
1 comment… add one

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @ webmaster@cyberciti.biz