How to Set Up and Use LXD on CentOS Linux 7.x Server nixCraft

I know how to setup LXD on a Debian or Ubuntu Linux. How do I install, configure and setup LXD on CentOS Linux 7.x?

Introduction: Linux containers give an environment as close as possible as the one you would get from a VM but without the overhead that comes with running a separate kernel and simulating all the hardware. You can run your favorite Linux distributions such as Debian, Ubuntu, Arch, Gentoo, CentOS and more. LXD is lxc on steroids with strong security on the mind. LXD is not a rewrite of LXC. Under the hood, LXD uses LXC through liblxc and its Go binding. This tutorial shows how to setup and use LXD on CentOS Linux 7.x server.

Procedure to set up and use LXD on CentOS Linux 7.x

  1. Install snapd on CentOS
  2. Install lxd on CentOS Linux
  3. Configure lxd storage, networking, and other stuff
  4. Create your first VM

Step 1 – Update CentOS 7.x box

Run the following yum command:
$ sudo yum update
## reboot Linux box if kernel updated ##
$ sudo reboot

Step 2 – Configure EPEL repo on CentOS 7.x

Command to install EPEL repo on a CentOS Linux and RHEL 7.x:
$ sudo yum install epel-release
$ sudo yum update

See “How To Install EPEL Repo on a CentOS and RHEL 7.x” for more info.

Step 3 – How to enable and configure COPR repository for CentOS Linux

Type the following yum command:
$ sudo yum install yum-plugin-copr
$ sudo yum copr enable ngompa/snapcore-el7

Step 4 – Install LXD

Install LXD on CentOS 7 Linux:
$ sudo yum install snapd
$ sudo systemctl enable --now snapd.socket

LXD on CentOS Linux 7

Step 5 – Configure the CentOS Linux kernel for LXD

You need to use the grubby command. It is acommand line tool for updating and displaying information about the configuration files for various architecture specific bootloaders:
$ grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)"
$ grubby --args="namespace.unpriv_enable=1" --update-kernel="$(grubby --default-kernel)"
$ sudo sh -c 'echo "user.max_user_namespaces=3883" > /etc/sysctl.d/99-userns.conf'
$ sudo reboot

Step 5 – Install the LXD on CentOS

Run the following command:
$ sudo snap search lxd
$ sudo snap install lxd
$ sudo ln -s /var/lib/snapd/snap /snap

Set up install LXD on CentOS
Verify it:
$ snap list
$ snap services

List snap services on LXD

Step 5 – Configuring LXD

First, you need to add yourself to the LXD group. The command to add user to Linux group is as follows:
$ sudo usermod -a -G lxd vivek
Use the id command to verify it:
$ newgrp lxd
$ id

Make sure we can talk to lxd server:
$ lxc list
To configure LXD on CentOS 7, run:
$ lxd init
Configure the LXD on CentOS with lxd init command

Step 6 – Create and launch your first container

You can list all container images with the following command:
$ lxc image list images:
$ lxc image list images: | grep -i centos
$ lxc image list images: | grep -u ubuntu

How to list VM images in LXD (Linux Containers)

How create and setup your first container

To create and start containers from images use the launch command as follows:
lxc launch images:{distro}/{version}/{arch} {container-name-here}
Let us see some examples to create and start containers from various Linux distro images as per your needs.

CentOS Linux 7 container

$ lxc launch images:centos/7/amd64 cenots-db
Create your first contaier
To access the VM/container:
$ lxc list
$ lxc exec centos-db bash

Ubuntu Linux 16.4 “xenial” LTS VM

$ lxc launch images:ubuntu/xenial/amd64 ubuntu-nginx

Fedora Linux 28 VM

$ lxc launch images:fedora/28/amd64 fedora27-c1

Now I have set up and use LXD on CentOS 7.x, what next?

List your containers:
lxc list
To start/stop/restart containers use:
lxc start container-name
lxc stop container-name
lxc restart container-name

Remove or delete container
lxc delete container-name
lxc delete nginx-c1

Getting info about your container:
$ lxc info container
$ lxc info centos-db

Set Up and Use LXD on CentOS and Getting Info

Setting up iptables rules to redirect traffic (type commands on host)

The syntax is as follows to redirect traffic for 443 coming on public IP 104.20.186.5 to container IP 10.86.112.210:443
iptables -t nat -I PREROUTING -i eth0 -p TCP -d 104.20.186.5 --dport 443 -j DNAT --to-destination 10.86.112.210:443
CentOS uses the firwalld. To find the default firewalld zone, run:
$ sudo firewall-cmd --get-default-zone
public

Open port 443 for public zone
$ sudo firewall-cmd --zone=public --add-service=https --permanent
Forward port 443 to the LXD server 10.86.112.210:443
$ sudo firewall-cmd --permanent --zone=public --add-forward-port=port=443:proto=tcp:toport=443:toaddr=10.86.112.210
Reload the fireall
$ sudo firewall-cmd --reload
Test it. Fire the web browser and type url:
https://104.20.186.5

A list of lxc command

lxc --help
lxc command --help
lxc stop --help

commandDescription
aliasManage command aliases
clusterManage cluster members
configManage container and server configuration options
consoleAttach to container consoles
copyCopy containers within or in between LXD instances
deleteDelete containers and snapshots
execExecute commands in containers
exportExport container backups
fileManage files in containers
helpHelp about any command
imageManage images
importImport container backups
infoShow container or server information
launchCreate and start containers from images
listList containers
moveMove containers within or in between LXD instances
networkManage and attach containers to networks
operationList, show and delete background operations
profileManage profiles
publishPublish containers as images
remoteManage the list of remote servers
renameRename containers and snapshots
restartRestart containers
restoreRestore containers from snapshots
snapshotCreate container snapshots
startStart containers
stopStop containers
storageManage storage pools and volumes
versionShow local and remote versions

Conclusion

You have set up CentOS and other VM running in an LXD container. You can now use your container as independent VM/jail. You can redirect traffic using iptables/ufw to containers to the specific port. For more info see the official page here and here.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Facebook Comments

More Stuff

Control your data with Syncthing: An open source synchronization t... These days, some of our most important possessions—from pictures and videos of family and friends to financial and medical documents—are data. And e...
Flashing Once Again A project has come around that’s finally got me working in Flash (a web animation software package, for those that don’t know) again – which is nice. ...
Include WordPress environment in a plain PHP page There comes a time for most serious WordPress developers when they are developing a WordPress site but need a separate PHP page which needs to access ...
Installing and configuring Linux CDP Agents R1Soft CDP is a easy to install and use continous data protection system, primarily targeted at the hosting market. It backups up multiple servers t...
Spread the love

Posted by News Monkey