Running Ubuntu Core using the LXD container

This is a creation in Article, where the information may have evolved or changed.

What is Ubuntu Core?

Ubuntu Core is a completely transactional version of Ubuntu built entirely on snap packages.

Most of the system is read-only, and all installed applications come from snap packages, using transactional updates entirely. This means that the entire system can fall back to its previous state and log the error, regardless of whether the system is updating or installing the software.

The latest version of Ubuntu Core 16 was released in November 2016.

Note that Ubuntu Core restricts the ability to install only snap packages (not "legacy" packages), and that a significant number of SNAP packages do not function properly in the current environment, or require human intervention (creating users and user groups, etc.) to function properly. With the release of the new SNAPD and "core" snap packs, Ubuntu Core is improved every week.

Environmental requirements

As far as LXD is concerned, Ubuntu Core is only equivalent to another Linux distribution. In other words, SNAPD needs to mount the unprivileged FUSE and AppArmor namespaces as well as the software stack, like this:

• A new version of the system using the official Ubuntu kernel
• A new version of LXD

Create an Ubuntu Core container

The current Ubuntu Core image is published in the community's mirror server. You can start a new container like this:

stgraber@dakara:~$ lxc launch images:ubuntu-core/16 ubuntu-coreCreating ubuntu-coreStarting ubuntu-core

This container start takes a little time, it will first execute the first stage of the loader, the loader will determine which image to use (the mirror is read-only), and set a readable layer on the system, you do not interrupt the container at this stage execution, this time there is nothing, so the execution lxc exec will be wrong.

After a few seconds, the execution lxc list will show the IP address of the container, which indicates that Ubuntu Core has been launched:

stgraber@dakara:~$ lxc list+-------------+---------+----------------------+----------------------------------------------+------------+-----------+|     NAME    |  STATE  |          IPV4        |                      IPV6                    |    TYPE    | SNAPSHOTS |+-------------+---------+----------------------+----------------------------------------------+------------+-----------+| ubuntu-core | RUNNING | 10.90.151.104 (eth0) | 2001:470:b368:b2b5:216:3eff:fee1:296f (eth0) | PERSISTENT | 0         |+-------------+---------+----------------------+----------------------------------------------+------------+-----------+

You can then interact with the container as you would with other interactions:

stgraber@dakara:~$ lxc exec ubuntu-core bashroot@ubuntu-core:~# snap listName       Version     Rev  Developer  Notescore       16.04.1     394  canonical  -pc         16.04-0.8   9    canonical  -pc-kernel  4.4.0-45-4  37   canonical  -root@ubuntu-core:~#

Update container

If you've been looking at the development of Ubuntu Core, you should know that the version above is already very old. This is because the code that is used as an Ubuntu LXD image is updated every few months. The Ubuntu Core system checks for updates and updates automatically when it restarts (the update failure is rolled back).

If you want to force updates now, you can do this:

stgraber@dakara:~$ lxc exec ubuntu-core bashroot@ubuntu-core:~# snap refreshpc-kernel (stable) 4.4.0-53-1 from 'canonical' upgradedcore (stable) 16.04.1 from 'canonical' upgradedroot@ubuntu-core:~# snap versionsnap 2.17snapd 2.17series 16root@ubuntu-core:~#

Then reboot the Ubuntu Core system and look at the SNAPD version.

root@ubuntu-core:~# rebootroot@ubuntu-core:~# stgraber@dakara:~$ lxc exec ubuntu-core bashroot@ubuntu-core:~# snap versionsnap 2.21snapd 2.21series 16root@ubuntu-core:~#

You can also view the history of all SNAPD as follows:

stgraber@dakara:~$ lxc exec ubuntu-core snap changesID  Status  Spawn                 Ready                 Summary1   Done    2017-01-31T05:14:38Z  2017-01-31T05:14:44Z  Initialize system state2   Done    2017-01-31T05:14:40Z  2017-01-31T05:14:45Z  Initialize device3   Done    2017-01-31T05:21:30Z  2017-01-31T05:22:45Z  Refresh all snaps in the system

Installing the SNAP Package

Start with one of the simplest examples, the classic Hello world:

stgraber@dakara:~$ lxc exec ubuntu-core bashroot@ubuntu-core:~# snap install hello-worldhello-world 6.3 from 'canonical' installedroot@ubuntu-core:~# hello-worldHello World!

Now let's look at some of the more useful ones:

stgraber@dakara:~$ lxc exec ubuntu-core bashroot@ubuntu-core:~# snap install nextcloudnextcloud 11.0.1snap2 from 'nextcloud' installed

You can then access your container via HTTP to see the Nextcloud instance that you just deployed.

If you want to test the latest version of LXD directly from Git, you can do this:

stgraber@dakara:~$ lxc config set ubuntu-core security.nesting truestgraber@dakara:~$ LXC exec ubuntu-core bashroot@ubuntu-core:~# Snap Install Lxd--edgelxd (Edge) git-c6006fb from ' canonical ' installedroot@ubuntu-core:~# lxd I Nitname of the storage backend to use (dir or ZFS) [Default=dir]: We detected that is running inside an unprivileged Container. This means, unless you manually configured your host otherwise,you won't have the enough UID and GID to allocate R containers. LXD can re-use your container ' s own allocation to avoid the problem. Doing so makes your nested containers slightly less safe as they couldin theory attack their parent container and gain mor E privileges Thanthey otherwise would. Would do I have your containers share their parent ' s allocation (yes/no) [Default=yes]? Would LXD to being available over the network (yes/no) [Default=no]? Would stale cached images to be updated automatically (yes/no) [Default=yes]? Would to CREate A new Network Bridge (yes/no) [Default=yes]? What should the new bridge being called [Default=lxdbr0]? What IPV4 address should is used (CIDR subnet notation, "Auto" or "none") [Default=auto]? What IPV6 address should is used (CIDR subnet notation, "Auto" or "none") [Default=auto]? LXD has been successfully configured.

A container that has been provisioned cannot be rolled back, but another Ubuntu core 16 container can be run in Ubuntu core 16:

root@ubuntu-core:~# lxc launch images:ubuntu-core/16 nested-coreCreating nested-coreStarting nested-core root@ubuntu-core:~# lxc list+-------------+---------+---------------------+-----------------------------------------------+------------+-----------+|    NAME     |  STATE  |         IPV4        |                       IPV6                    |    TYPE    | SNAPSHOTS |+-------------+---------+---------------------+-----------------------------------------------+------------+-----------+| nested-core | RUNNING | 10.71.135.21 (eth0) | fd42:2861:5aad:3842:216:3eff:feaf:e6bd (eth0) | PERSISTENT | 0         |+-------------+---------+---------------------+-----------------------------------------------+------------+-----------+

Written in the last

If you just want to try Ubuntu Core, this is a good way to do it. For SNAP package developers, this is also a good tool to test whether your snap package works in a different environment.

If you want your system to be always up-to-date and replicable, Ubuntu Core is a great solution, but there are some limitations, so it might not work for you.

Finally, there is a warning that these images are sufficient for testing, but are not officially supported at this moment. In the near future, the official Ubuntu server can fully support the Ubuntu Core LXD image.

Appendix

• LXD Main station: HTTPS://LINUXCONTAINERS.ORG/LXD
• Github:https://github.com/lxc/lxd
• Mailing list: https://lists.linuxcontainers.org
• IRC: #lxcontainers on irc.freenode.net
• Online trial: https://linuxcontainers.org/lxd/try-it

From: https://insights.ubuntu.com/2017/02/27/ubuntu-core-in-lxd-containers/

Author: Stéphane Graber Translator: AIWHJ proofreading: Wxy

This article was compiled by LCTT original, Linux China honors launched