I am trying to have one single LXD Profile whcih can handle all need of Data Base Server, Docer ect,.
lxc profile create production
lxc profile edit production <<END
config:
environment.LANG: en_US.UTF-8
environment.LANGUAGE: en_US:en
environment.LC_ALL: en_US.UTF-8
environment.DISPLAY: :0.0
raw.idmap: both 1000 1000
boot.autostart: “true”
security.nesting: “true”
security.privileged: “true”
linux.kernel_modules: “bridge,br_netfilter,x_tables,nbd,nf_conntrack_ipv4,ip_tables,ip6_tables,ip_vs,vxlan,ip_vs_rr,ip_vs_wrr,ip_vs_sh,ip_set,ipip,xt_mark,xt_multiport,xt_conntrack,ip_tunnel,tunnel4,netlink_diag,nf_nat,nfnetlink,nf_conntrack,overlay,aufs,openvswitch,ip_vs_wlc,ip_vs_sed,ip_vs_nq,ip_vs_lc,ip_vs_lblcr,ip_vs_lblc,ip_vs_ftp,ip_vs_dh,libcrc32c”
raw.lxc: |-
lxc.apparmor.profile = unconfined
lxc.apparmor.allow_incomplete = 1
lxc.cgroup.devices.allow = a
lxc.autodev = 1
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry = hugetlbfs dev/hugepages hugetlbfs rw,relatime,create=dir 0 0
lxc.mount.entry = tmpfs tmp tmpfs defaults
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0
lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0
lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
security.nesting: “true”
security.privileged: “true”
description: “Production LXD profile”
devices:
eth0:
name: eth0
nictype: bridged
parent: lxdbr0
type: nic
root:
path: /
pool: lxd
type: disk
/dev/mem:
uid: “0”
gid: “0”
mode: “0640”
path: /dev/mem
type: unix-char
autofs:
path: /dev/autofs
source: /dev/autofs
type: disk
fuse:
path: /dev/fuse
source: /dev/fuse
type: disk
x11-socket:
path: /tmp/.X11-unix/
source: /tmp/.X11-unix/
type: disk
tun:
path: /dev/net/tun
type: unix-char
vhost-net:
path: /dev/vhost-net
type: unix-char
mode: 0600
aadisable:
path: /sys/module/apparmor/parameters/enabled
source: /dev/null
type: disk
name: production
used_by: []
END
systemctl restart snap.lxd.daemon.service && sleep 2 && systemctl status snap.lxd.daemon.service
Should i use this profile in Production Environment??