1---
  2title: "LXD: Containers for Human Beings"
  3subtitle: "Docker's great and all, but I prefer the workflow of interacting with VMs"
  4date: 2023-08-11T16:30:00-04:00
  5categories:
  6  - Technology
  7tags:
  8  - Sysadmin
  9  - Containers
 10  - VMs
 11  - Docker
 12  - LXD
 13draft: true
 14rss_only: false
 15cover: ./cover.png
 16---
 17
 18This is a blog post version of a talk I presented at both Ubuntu Summit 2022 and
 19SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
 20on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible audio,
 21but there's unfortunately nothing I can do about that.
 22
 23[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m
 24
 25{{< adm type="warn" >}}
 26
 27**Note:** Canonical has decided to [pull LXD out][lxd] from under the Linux
 28Containers entity and instead continue development under the Canonical brand.
 29The majority of the LXD creators and developers have congregated around
 30[Incus.][inc] I'll be keeping a close eye on the project and intend to migrate
 31as soon as there's an installable release.
 32
 33[lxd]: https://linuxcontainers.org/lxd/
 34[inc]: https://linuxcontainers.org/incus/
 35
 36{{< /adm >}}
 37
 38## The benefits of VMs and containers
 39
 40- **Isolation:** we don't want an attacker to get into our webserver and be able
 41  to gain access to our email server
 42- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
 43  use the resources they've been given. If you tell the VM it has 200 MBs of
 44  RAM, it's going to make do with 200 MBs of RAM and the kernel's <abbr
 45  title="Out Of Memory">OOM</abbr> killer is going to have a fun time 🤠
 46- **Portability:** once set up and configured, VMs and containers can mostly be
 47  treated as black boxes; as long as the surrounding environment is similar to
 48  the previous in terms of communication, they can just be picked up and dropped
 49  to various machines and hosts as necessary.
 50- **Density:** applications are usually much lighter than the systems they're
 51  running on, so it makes sense to run many applications on one system. VMs and
 52  containers facilitate that without sacrificing security.
 53- **Cleanliness:** VMs and containers are black boxes. When you're done with it,
 54  you can just throw the box in the trash (delete it) and everything related to
 55  that application is gone.
 56
 57## Virtual machines
 58
 59```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
 60title: |md
 61  # Virtual machines
 62| { near: top-center }
 63
 64direction: up
 65
 66k1: Guest kernel
 67k2: Guest kernel
 68k3: Guest kernel
 69os1: Guest OS
 70os2: Guest OS
 71os3: Guest OS
 72app1: Many apps
 73app2: Many apps
 74app3: Many apps
 75
 76Host kernel -> Hypervisor
 77Hypervisor -> k1 -> os1 -> app1
 78Hypervisor -> k2 -> os2 -> app2
 79Hypervisor -> k3 -> os3 -> app3
 80```
 81
 82## Containers
 83
 84```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
 85title: |md
 86  # Application containers
 87| { near: top-center }
 88
 89direction: up
 90
 91app1: App
 92app2: App
 93app3: App
 94
 95Host kernel -> Hypervisor
 96Hypervisor -> app1
 97Hypervisor -> app2
 98Hypervisor -> app3
 99```
100
101```kroki {type=d2,d2theme=flagship-terrastruct,d2sketch=true}
102title: |md
103  # System containers
104| { near: top-center }
105
106direction: up
107
108os1: Guest OS
109os2: Guest OS
110os3: Guest OS
111app1: Many apps
112app2: Many apps
113app3: Many apps
114
115Host kernel -> os1 -> app1
116Host kernel -> os2 -> app2
117Host kernel -> os3 -> app3
118```
119
120## When to use which
121
122### Virtual machines
123
124- Virtualising esoteric hardware
125- Virtualising non-Linux operating systems (Windows, macOS)
126- Completely isolating processes from one another with a decades-old, battle-tested technique
127
128{{< adm type="note" >}}
129See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a great use of VMs
130{{< /adm >}}
131
132### Application containers
133
134- Microservices
135- Extremely reproducible builds
136  - (NixOS.org would likely be a better fit though)
137- Dead-set on using cloud platforms with extreme scaling capabilities (AWS, GCP, etc.)
138- When the app you want to run is _only_ distributed as a Docker container and
139  the maintainers adamantly refuse to support any other deployment method
140  - (Docker does run in LXD 😉)
141
142### System containers
143
144- Anything not listed above 👍
145
146## Crash course to LXD
147
1481. Install snap following [Canonical's tutorial](https://earl.run/ZvUK)
149   - LXD is natively packaged for Arch and Alpine, but configuration can be a massive headache.
1502. `sudo snap install lxd`
1513. `lxd init`
1524. `lxc image copy images:debian/11 local: --alias deb-11`
1535. `lxc launch deb-11 container-name`
1546. `lxc shell container-name`