[LXD 4.23] Remote Image Server

Hello :wave:

I try to understand how configuring LXD as remote image server. For that I have any requirements like this:

  • I want to only store images on this server. Nothing else.
  • I want to have multiple roles ACL (read only for application like gitlab/gihub ; push/read/delete for at least one user from another machine)
  • I want to use a protocol that ensure encryption and authentication

After reading the documentation. I see that there seem to be different alternatives. I chose the “remote images server” instead of a simplestream. (Image handling - LXD documentation)

Further reading led me to see “Default (TLS + password)” ; " Public image server" ; “candid” and “candid + RBAC” (Linux Containers - LXD - Advanced guide).

If someone have skills to explain me each of that use cases. What king of technology is used? What protocol? You’re welcome :wink:

After more research and reading. I think I have a better understanding of these solutions. But I have questions around these solutions.

  • Does each solution use the socket? Or is it an HTTP server in Go under the hood?
  • Is it the same technology with or without authorization for the default TLS and the public image server?
  • Candid is a more oriented authentication solution and used with RBAC it provides ACL management. Isn’t it?

I supposed the first and second server ways are through a web socket. And solutions using candid are the LXD server is same but back a candid http server.

I going to test the RBAC way to understand what are differences to use “RBAC”. Candid seems to have ACL…

If someone have information to the first and second kind of server. I’m a bit confiuse but using it was really an hard way following the documentation. Nothing finded about the pull/push/relay mode for example.

There’s been some examples from @stgraber recently on the different access control features on our YouTube channel, which may be of help:

Cool :smiley:
I didn’t think about that. Thanks for the link :+1: