Container management made easier with LXD-UI
Control Your Containers
LXC, a command-line manager for Linux containers, is quite tricky to use. Enter the LXD-UI web interface to make life easier.
Linux Containers (LXC) is an operating-system-level virtualization method that uses containers that run in isolation from each other on a Linux system. The system that provides the containers is referred to as the host, and the systems operating in the containers are known as guests. All guests use the host's kernel, which makes LXC very efficient. However, only systems that work with the same kernel can be virtualized in this way. For example, you cannot start Windows in LXC. LXC is managed entirely at the command line.
The LXD container manager was developed to help admins handle LXC's complexity. LXD is based on the LXC components and extends them to include simple tools for administration, as well as tools for the command line. LXD-UI [1], an easy-to-use graphical web front end [2], lets you quickly and easily set up and manage LXC.
Additionally, LXD-UI helps you to configure the entire LXD system, including virtual networks, storage pools, and default container settings. The bottom line is that LXD-UI considerably simplifies tasks related to Linux containers.
Installation
Installing LXD including the web user interface (UI) entails some unexpected pitfalls on various computers. Interestingly, the software ran perfectly smoothly on Ubuntu Desktop 22.04.3. First, I'll look at how to install LXD on a Strato V-Server [3]. I will then check out the installation on local hardware with an Ubuntu 22.04.3 server as the operating system.
To ensure a clean slate for the process, I first used the Stratos web interface to reinstall the V-Server with Ubuntu 22.04. After the install, I used SSH to open a connection to the server.
By default, Strato servers define far too low a number of tasks in their system configurations. To change this, you need to uncomment the DefaultTasksMax
parameter in the /etc/systemd/system.conf
file, setting it to a value of 16547
(DefaultTasksMax=16547
). After saving the changes, reload the service by typing
sudo systemctl daemon-reload
Without this change, you will generally not be happy with your V-Server.
Use the commands from Listing 1 to set up LXD as a Snap image on the server. Once the installation is complete, you can access the web GUI via the URL https://<Host>:8443/. Because the HTTPS connection is opened with a self-created certificate, you need to accept the security warning from the browser before the web GUI splash page appears (Figure 1).
Listing 1
LXD on a Strato V-Server
#### Update system # apt update # apt upgrade #### Install Snap # apt install snapd #### Install LXD # snap install lxd --channel=latest/stable #### Enable GUI # snap set lxd ui.enable=true #### Restart LXD # snap restart --reload lxd #### Set HTTPS port for GUI # lxc config set core.https_address :8443
Getting Started
Once you have reached the interface, first create a new certificate to secure the connection in the future. Then follow the installation instructions on the website including the following command, among other things:
$ lxc config trust add Downloads/lxd-ui.crt
You need to make sure that the hostname is included in the certificate name; in other words, you cannot simply copy and paste the command from the instructions.
After installing the certificate in the web browser and on the server, the two will be able to communicate securely in the future. Only browsers whose certificate matches that of the server can now access the GUI.
Click on Create instance to create the first container (Figure 2). Assign a name and then select an image in Browse images (Figure 3). For the container to run, you will need to assign resources to it. To do this, click on Advanced | Disk device and select the default pool. Assign the desired disk space to the container and specify the RAM and the number of CPU cores in Advanced | Resource limits.
Click on Create and Start to set up and start the container. You can now connect to the container via Instances | <Container name> | Terminal and work on it (Figure 4).
When creating containers, the graphical LXD front end relies on various profiles whose default values you can define in Profiles. This saves a huge amount of work, because you no longer have to type in so much information when creating a container.
Network Connection
The newly created container does not currently have a network connection. To set this up, you first need to create a new network. Normally this happens automatically during the LXD install, but it did not seem to work in testing with the Strato server. This could be due to the fact that the V-Server itself already has a virtual network interface. To create a new virtual network for the containers, go to Networks | Create (Figure 5). Enter the following parameters and create a network:
- Type: Bridge (standard)
- Name: lxdbr0
- Ipv4 Address: 10.9.173.1/24
- Ipv6 Address: fd42:7b3f:d2be:70c::1/64
To assign the network to the container, stop the container, switch to Instances | <Container name> | Configuration | Advanced | Network devices in the settings and assign the network to an interface (Figure 6). Then restart the container.
In the current state, only the containers on the virtual network can communicate with each other; there is no access to the Internet. To connect the containers via network address translation (NAT), you need an additional firewall rule on the host system (Listing 2, line 1). To make a container's port on the host's IP address accessible from outside, you first need to set up port forwarding on the host (Listing 2, line 2).
Listing 2
Iptables Rules
01 # iptables -t nat -A POSTROUTING -o venet0 -j MASQUERAD 02 # iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination <Container-IP>:80 03 # iptables -t nat -L -v -n
To check whether the rules work as desired, use the command from line 3 of Listing 2. Please note that the system deletes the firewall rules during a reboot. To avoid this, you will need to set the firewall rules permanently.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.
-
Fedora 41 Released with New Features
If you're a Fedora fan or just looking for a Linux distribution to help you migrate from Windows, Fedora 41 might be just the ticket.
-
AlmaLinux OS Kitten 10 Gives Power Users a Sneak Preview
If you're looking to kick the tires of AlmaLinux's upstream version, the developers have a purrfect solution.