Is there a simple way to share the hosts LXD unix.socket with a admin container instance?. I don’t want to nest the instances as I want them all on the same private subnet.
Thanks in advance
1 Like
You could use a disk device to pass the socket through.
thanks I’ll give that a go…
OK test instance… non-privledged
devices:
snap:
path: /snap
source: /var/snap/lxd/common/lxd-user
type: disk
Within the instance…
bash-4.4$ cat /snap/unix.socket
cat: /snap/unix.socket: No such device or address
So it turns out the way to do this is using the proxy device, which also avoids any issues with file ID shifting too.
e.g.
devices:
lxdsocket:
bind: container
connect: unix:/var/snap/lxd/common/lxd/unix.socket
listen: unix:/root/lxd.socket
type: proxy
Then inside the container:
LXD_SOCKET=/root/lxd.socket lxc ls
Based on the excellent guide here How to manage LXD from within one of its containers – Mi blog lah!
1 Like
Works a treat though I can’t find any precompiled LXD client tools for Redhat… snap install lxd fails in a nested instance…
Though it appears that pylxd works if you give Client the new endpoint lxd = Client(endpoint=‘root/lxd.socket’) which means I don’t need to official LXD client tools…
What error do you get, and what is the host OS?
image.architecture: amd64
image.description: Almalinux 8 amd64 (20220304_02:26)
image.os: Almalinux
image.release: "8"
image.serial: "20220304_02:26"
image.type: squashfs
image.variant: cloud
#yum install snapd (works with a few minor errors)
Failed to resolve booleanif statement at /var/lib/selinux/targeted/tmp/modules/200/snappy/cil:1392
/usr/sbin/semodule: Failed!
Running scriptlet: kernel-debug-core-4.18.0-348.12.2.el8_5.x86_64 17/17
findmnt: can't read (null): No such file or directory
#snap install lxd fails with:-
error: system does not fully support snapd: cannot mount squashfs image
using "squashfs": mount: /tmp/sanity-mountpoint-710903469: mount
failed: Operation not permitted.
Did you try enabling security.nesting on the instance?
I’m not nesting containers…