How to manage LXD from within LXD - Using Snap package

On our development machines, we run a LXD container for each development task, which contains all the tools and settings required. This LXD container is configured to use the LXD socket of the host machine, as detailed with Simos blog post at https://blog.simos.info/how-to-manage-lxd-from-within-one-of-its-containers/. This approach relies on the lxd-client Apt package and it all works fine, as of now.

However as of the discussion at Is there Feature Parity between Snap and Apt releases? I learned that there will only be Snap packages in the future. In the light of this I wonder whether there will be a lxd-client Snap package in the future that can be used in place of the lxd-client Apt package?

If this is the case, we would also require the ability that snap install lxd-client would successfully install within a LXD container that runs on a LXD host that was installed by the use of the snap install lxd command.

Alternatively it would also be fine not to have a separate lxd-client snap, as long it would be possible to install LXD within the LXD container by the use of snap install lxd, when the container itself runs on a LXD host that was installed by the use of the snap install lxd command.

I’ll quickly re-test here, but installing the LXD snap inside a container that’s running on a host using the LXD snap should work just fine. You can also then use snap disable on that snap so the daemon itself doesn’t run.

1 Like

Works fine here, host is 18.04 using latest stable snap, ZFS storage with 18.04 container, also installing LXD stable snap. I just had to create /lib/modules in the container as snapd is rather unhappy without it.

@stgraber Thank you for the quick turnaround. Based on your feedback I got it to work with a vanilla ubuntu:18.04 container. I am equally using ZFS and latest stable Snap.

Snap LXD within Snap LXD:

$ lxc launch ubuntu:18.04 c1
ubuntu@c1:~$ lxc exec c1 -- sudo --user ubuntu --login
ubuntu@c1:~$ sudo apt remove lxd lxd-client -y
ubuntu@c1:~$ sudo mkdir /lib/modules
ubuntu@c1:~$ sudo snap install lxd
lxd 3.5 from Canonical✓ installed
ubuntu@c1:~$ sudo systemctl stop snap.lxd.daemon.service
ubuntu@c1:~$ sudo systemctl disable snap.lxd.daemon.service
ubuntu@c1:~$ logout

$ lxc config device add c1 lxd proxy \
           connect=unix:/var/snap/lxd/common/lxd/unix.socket \
           listen=unix:/var/snap/lxd/common/lxd/unix.socket \
           bind=container \
           uid=0 \
           gid=108 \
           mode=0666 \
           security.uid=65534 \
           security.gid=130

$ lxc exec c1 -- sudo --user ubuntu --login
ubuntu@c1:~$ lxc image ls
# This should show the same LXD images as on the host machine

However, we got the below error on our custom image/ container, which is based on the same stock ubuntu:18.04 image.

➜➜➜ sudo snap install lxd
error: cannot perform the following tasks:
- Run install hook of "lxd" snap if present (run hook "install": cannot perform operation: mount --rbind /snap /snap: Permission denied)

Looking at it more closely it appeared that this was due to the option “security.privileged”: “true”. Luckily, due to other improvements on this LXD image/ container, we could change this to “security.privileged”: “false” (default is false) without causing any other errors with this image/ container.