I am trying to setup LXD so that a regular user can run lxc commands (i.e set the snap lxd.daemon.user.group property). I am in an air-gapped environment. There are images in the local storage. However, the regular user does not see these images.
What do I need to do to make that happen? Is it possible at all or does every user need their local images?
Can you give me an example of a command you’re running that isn’t working so I can better understand the context? Thanks
I have followed Stephane’s video “LXD for multi-user systems”.
Let’s say that you’re logged in as a user who is in the lxd group. Start a container (mainly to get an image cached in the local storage).
$ lxc launch images:ubuntu/focal/cloud u1
$ lxc image ls local:
+-------+--------------+--------+---------------------------------------------+--------------+-----------+----------+-------------------------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE |
+-------+--------------+--------+---------------------------------------------+--------------+-----------+----------+-------------------------------+
| | 0e83499ecacb | no | Ubuntu focal amd64 (20220829_07:43) | x86_64 | CONTAINER | 122.25MB | Aug 30, 2022 at 10:56am (UTC) |
+-------+--------------+--------+---------------------------------------------+--------------+-----------+----------+-------------------------------+
Next, you run this command:
$ sudo snap set lxd daemon.user.group=users
where users is the group you choose. Each user with that group can now run lxc commands.
Then login as a non-privileged user. That user must not part of the lxd group.
Show the images and see that the list is empty.
$ lxc image local: ls
Got you, thanks.
So we can see at this point in the video that the user project is created with features.images=true:
https://youtu.be/6O0q3rSWr8A?t=525
So this means each project (user) can have its own set of images.
I would have thought that doing lxc image copy <image> local: --target-project=<project> --copy-aliases would have allowed an existing image in the default project to be copied into each user’s project.
However it insists that the LXD process needs to be listening on the network (this feels like a bug to me).
@stgraber do you have any suggestions around image management when using lxd-user in an air gapped environment?
As an alternative I have created an image server, as demonstrated in Stephane’s video " Image servers and image handling in LXD". For me that is a sufficient solution.
BTW. Each user need to do lxc remote add ....