Simple really: Is there any way to add a lxd remote server that is known to every user on a given lxd host? As far as I understand “lxc remote” needs to be executed for every user on the system that gets to use lxd. It would be very handy if I could provision remote lxd image servers per host together with the lxd instance itself instead of per user.
I can think of a few ways of doing that.
- Have a common account for working with LXD, and give users ssh access to it.
- Copy your $HOME/snap/lxd/current/.config/lxc somewhere where everyone has read access, and have everyone symlink their own $HOME/snap/lxd/current/.config/lxc to that.
- Create a container for managing LXD with a common account that users have ssh access to. The container can manage LXD simply by copying a working config in $HOME/snap/lxd/current/.config. It’s easier to just use https instead of unix sockets, but you can also proxy a unix socket if you want. This is a variation of 1 + 2.
- Give each user their own container, which has snap/lxd installed and attach a common LXD volume for all at the path $HOME/snap/lxd/…’
I have used 1 and 3 (just for myself).
$HOME/ snap/lxd/current/.config/lxc/config.yml
don’t seems to contain remote definition
My remote:
# lxc remote list
+-----------------+------------------------------------------+---------------+-------------+--------+--------+--------+
| NAME | URL | PROTOCOL | AUTH TYPE | PUBLIC | STATIC | GLOBAL |
+-----------------+------------------------------------------+---------------+-------------+--------+--------+--------+
| images | https://images.linuxcontainers.org | simplestreams | none | YES | NO | NO |
+-----------------+------------------------------------------+---------------+-------------+--------+--------+--------+
| my-remote | https://xxx.yyy.fr:8443 | lxd | tls | NO | NO | NO |
And my config file:
# cat snap/lxd/current/.config/lxc/config.yml
default-remote: local
remotes:
images:
addr: https://images.linuxcontainers.org
protocol: simplestreams
public: true
local:
addr: unix://
public: false
aliases: {}