Hello fellow LXDers (Lexies? Lexamaniacs?),
Very lazily I was going to ask for some help to define a basic configuration for LXCs which will run Docker and will also use ZFS block mode where required. It seems the documentation is scattered around a bit and I’m struggling a bit to know what to include. Ideally, I would like a profile which can be applied to LXC instances to set the proper parameters to allow Docker (privileged? unprivileged?) to run and to consume a ZFS block mode storage pool which has been created for it.
There’s some debate as to the profile, but I have :
config:
cloud-init.user-data: |
#cloud-config
package_update: true
packages:
- curl
- wget
runcmd:
- curl -fsSL https://get.docker.com -o get-docker.sh
- sh get-docker.sh
environment.TZ: Europe/London
raw.lxc: |
lxc.apparmor.profile=unconfined
lxc.mount.auto=proc:rw sys:rw cgroup:rw
lxc.cgroup.devices.allow=a
lxc.cap.drop=
security.nesting: "true"
security.privileged: "true"
security.syscalls.intercept.mknod: "true"
security.syscalls.intercept.setxattr: "true"
description: Default Docker LXD profile
devices:
eth0:
maas.subnet.ipv4: 10.1.1.0/24
name: eth0
nictype: bridged
parent: br0
type: nic
root:
path: /
pool: store
type: disk
name: docker
used_by: []
… as a very basic start, and I’m not even sure the convenience script is the best way to achieve this. And I don’t know how many of the config attributes are really trunly needed, since people use different ones. I would have thought apparmor.profile=unconfined and security.privileged: true achieve similar results?
Then I assume I want to create a new blockmode volume to add to the container, add it as a volume, and … profit?
I’m also assuming I should start the container with an IPv4 address at a minimum (since I want static IPs for these).