1---
2title: "LXD: Containers for Human Beings"
3subtitle: "Docker's great and all, but I prefer the workflow of interacting with VMs"
4date: 2023-06-14T10:50:41-04:00
5categories:
6- Technology
7tags:
8- Sysadmin
9- Containers
10- VMs
11- Docker
12- LXD
13draft: true
14rss_only: false
15cover: ./cover.png
16---
17
18This is a blog-post-version of a talk I presented at both Ubuntu Summit 2022 and
19SouthEast LinuxFest 2023. The first was not recorded, but the second was and is
20on [SELF's PeerTube instance.][selfpeertube] I apologise for the terrible, but
21there's unfortunately nothing I can do about that.
22
23[selfpeertube]: https://peertube.linuxrocks.online/w/hjiTPHVwGz4hy9n3cUL1mq?start=1m
24
25## The benefits of VMs and containers
26
27- **Isolation:** we don't want an attacker to get into our webserver and be able
28 to gain access to our email server
29- **Flexibility:** <abbr title="Virtual Machines">VMs</abbr> and containers only
30 use the resources they've been given
31- **Portability:** once set up and configured, VMs and containers can mostly be
32 treated as black boxes; as long as the surrounding environment is similar to
33 the previous in terms of communication, they can just be picked up and dropped
34 on bare metal servers as necessary.
35- **Density:**
36- **Cleanliness:**
37
38## Virtual machines
39
40```goat
41 .---------------------------------.
42| .-------. .-------. .-------. |
43| | Guest | | Guest | | Guest | |
44| | OS | | OS | | OS | |
45| .---+---' .---+---' .---+---' |
46| .--+----. .--+----. .--+----. |
47| | Guest | | Guest | | Guest | |
48| | Kernel | | Kernel | | Kernel | |
49| .---+---' .---+---' .---+---' |
50| .--+----------+----------+----. |
51| | Hypervisor | |
52| .--------------+--------------' |
53| .-------------+---------------. |
54| | Host Kernel | |
55| .-----------------------------' |
56.---------------------------------'
57```
58
59## Containers
60
61```goat
62 Application containers System containers
63 .---------------------------------. .------------------------------.
64| .-------. .-------. .-------. | | .------. .------. .------. |
65| | App 01 | | App 02 | | App 03 | | | | Guest | | Guest | | Guest | |
66| '---+---' '---+---' '---+---' | | | OS | | OS | | OS | |
67| .--+----------+----------+----. | | '---+--' '---+--' '---+--' |
68| | Hypervisor | | | .--+---------+---------+---. |
69| '--------------+--------------' | | | Host Kernel | |
70| .-------------+---------------. | | '--------------------------' |
71| | Host Kernel | | '------------------------------'
72| '-----------------------------' |
73'---------------------------------'
74```
75
76## When to use which
77
78### Virtual machines
79
80- Virtualising esoteric hardware
81- Virtualising non-Linux operating systems (Windows, macOS)
82- Completely isolating processes from one another with a decades-old, battle-tested technique
83
84> See Drew DeVault's blog post [_In praise of qemu_](https://earl.run/rmBs) for a great use of VMs
85
86### Application containers
87
88- Microservices
89- Extremely reproducible builds
90 - (NixOS.org would likely be a better fit though)
91- Dead-set on using cloud platforms with extreme scaling capabilities (AWS, GCP, etc.)
92- When the app you want to run is _only_ distributed as a Docker container and
93 the maintainers adamantly refuse to support any other deployment method
94 - (Docker does run in LXD 😉)
95
96### System containers
97
98- Anything not listed above 👍
99
100## Crash course to LXD
101
1021. Install snap following [Canonical's tutorial](https://earl.run/ZvUK)
103 - LXD is natively packaged for Arch and Alpine, but configuration can be a massive headache.
1042. `sudo snap install lxd`
1053. `lxd init`
1064. `lxc image copy images:debian/11 local: --alias deb-11`
1075. `lxc launch deb-11 container-name`
1086. `lxc shell container-name`