lxd

LXD: The hypervisor that isn't

Tycho.Andersen @ Canonical .com

What is lxd?

  • Based on Linux Containers (LXC)
  • Secure by default: user namespaces, cgroups, AppArmor, etc.
  • A REST API for managing system containers
  • A daemon that can do hypervisor-y things
  • A framework for managing container base images

What isn't lxd?

  • A network management tool
  • A storage management tool
  • An application container tool

What is lxd?

  • Based on Linux Containers (LXC)
  • Secure by default: user namespaces, cgroups, AppArmor, etc.
  • A REST API for managing system containers
  • A daemon that can do hypervisor-y things
  • A framework for managing container base images

lxd   API

  • containers
  • images
  • networks
  • other administrative ones
  • secured by client certificates and TLS 1.2

Creating a container

wget --no-check-certificate --certificate=~/.config/lxc/client.crt --private-key=~/.config/lxc/client.key -O - -q https://127.0.0.1:8443/1.0/containers --method=POST --body-data='{"name": "manual", ...}'


{"type":"async","operation":"/1.0/operations/ae5b7709-213d-4b51-b4e2-825e4ac9d45c"}

containers endpoint

wget --no-check-certificate --certificate=~/.config/lxc/cert.pem --private-key=~/.config/lxc/key.pem -O - -q https://127.0.0.1:8443/1.0/containers/foo


{"type":"sync","result":"success","metadata":
   {"name":"foo", "config":[], "profiles":[],
       "status":{"state":"RUNNING", ...}}
}

networks endpoint

wget --no-check-certificate --certificate=~/.config/lxc/client.crt --private-key=~/.config/lxc/client.key -O - -q https://127.0.0.1:8443/1.0/networks


{"type":"sync","result":"success","metadata":[
  • "/1.0/networks/lo",
  • "/1.0/networks/wlan0",
  • "/1.0/networks/lxcbr0",
  • "/1.0/networks/virbr0"
]}

What is lxd?

  • Based on Linux Containers (LXC)
  • Secure by default: user namespaces, cgroups, AppArmor, etc.
  • A REST API for managing system containers
  • A daemon that can do hypervisor-y things
  • A framework for managing container base images
Snapshotting
File Injection
Container Migration

What is lxd?

  • Based on Linux Containers (LXC)
  • Secure by default: user namespaces, cgroups, AppArmor, etc.
  • A REST API for managing system containers
  • A daemon that can do hypervisor-y things
  • A framework for managing container base images

Image Workflow

  • Snapshot (running) containers as images
  • All LXD instances are image servers
  • Clients can publish private or public images

lxd roadmap

  • 0.1 - Last week of January, container management only
  • 0.2 - February 18: Images, experimental migration, bugfixes, oh my!
  • 0.3 - Summer 2015: Full specification implementation
  • 0.? - Hardware hardened containers
lxd

Kia ora!

github.com/lxc/lxd