With unprivileged containers we have sometime to map namespace id’s from host to containers to access mounts (https://github.com/lxc/lxd/blob/master/doc/userns-idmap.md), that means also setting subuid and subgid on lxd, and restart it.
Doing a restart make all containers restart too. Is there a way to prevent this?
So it depends, for the snap you can do systemctl reload snap.lxd.daemon but then again the snap doesn’t actually use /etc/subuid and /etc/subgid so that shouldn’t be needed in the first place.
For the deb, you can normally do systemctl restart lxd which shouldn’t impact running containers.
Hello Stéphane,
I had (after exchanging the /var/snap/lxd/common/lxd/server.crt) to restart the lxd-daemon with:
systemctl restart snap.lxd.daemon
to get the new Certificate shown by lxc info. A reload was not enough.
Can you maybe explain to me, what is the difference between reload and restart of lxd? When to do reload and when to restart? Thank you for your time.
systemctl restart snap.lxd.daemon will restart all containers.
systemctl reload snap.lxd.daemon only restarts the daemon/API.
For a certificate change, you definitely only need a systemctl reload.
The main catch is that reload isn’t instantaneous. The command will return immediately but LXD will only perform the reload once current API clients are all disconnected.
So if you have an existing lxc exec or similar command running, it can take up to 5 minutes for LXD to give up on it and disconnect it then reload.