Using LXD on your Chromebook

I don’t own a chromebook but this interests me for lots of reasons.

Does anyone know if crostini support “nested” containers ?

It does, you can set the security.nesting=true flag if needed (it may be set by default for penguin).
The ability to run Docker containers is something that was worked into this setup from the beginning.

My Acer R13 does not complete the Linux install. (Many, many attempts and removals, bug reports etc.) Although it never completes, I can launch termina (vmc start termina) and get a termina prompt. There are times when I get a penguin vm but not often. When I do it won’t start. I have run the run_container script to download penguin, but that script usually freezes the tab at 100%. (left it for hours).
Do you have any suggestions?

Thank you, you are quite right. I knew lxc was in the repos and wrongly assumed lxd-client was as well.

Hello hello : ) Kind of an newbie here in the container world but i have been messing around allot with the containers on my chromebook last couple of months. Must say that this is great way exploring around in the linux world. I do have an machine running manjaro that i probably reinstall like once a week because of stupid configs and beginner mistakes. Lxd made my life so much easier. hehe. Snapshots and nuking containers is actually fun : D Great way to explore and especially that you can make these fucked up configs without spending a whole day reinstalling a full machine. Now to the question. Is there any way to pipe the lxd containers via the android container. As for now im running cloudflares dns app that occupies the localhost at 127.0.0.1 so its pretty much impossible to start the containers when it’s on. Is there anyway to set termina and the lxd containers localhost to lets say 127.0.0.2 and then forward traffic via androids container that would be on 0.1. I guess termina is pretty much locked down so it might not be possible but is there any other solutions? Looking at ngrok right now if that might be an possible path. I had success running pihole as an container including some minor issues around the changing mac addresses… and the chromeos way to handle dns… as you always need to connect via chromeos internal dns before you can even get things started. What i am looking into achieving now is to pipe a bunch of containers… this might be overkill by i still want to try : D Chromeos -> (deb container ‘Pihole’ running dnscrypt) -> (alpine container running unbound) -> (cros android container running vpn or dns app) --> way to paranoid dns solution out to the cat meme information highway!. I understand that the easy way would be to get 3 rpi’s… but with my new found lxd fetish i am looking into ways solving this via containers : )

Hi!

The communication between the Chromebook and the LXD containers is quite restricted in order to protect the security of the Chromebook from something unexpected running in a LXD container.
Having said that, if you want to run a browser (or other internet application) in a LXD container, and have them use Pi-hole/unbound/etc from other containers, then you can do so. It is possible to direct the traffic from one container to another.

However, if you want your Chromebook to enjoy the love of unbound/pihole and other network services, you could instead get an inexpensive Virtual Private Server (VPS) like the 1-S, install LXD and add unbound/pihole/etc. You need to also add a VPN software like OpenVPN so that the whole Chromebook connects to the Internet through this VPN.

Hello hello.

Actually pihole kind of works from main chromeos as well as long you preconnect to the main working dns from cros and then switch back the dns to the container ip. You can get into issues sometimes depending on start order of containers when running the hole on cros but usually it startup fine. I am about to look into the parts how to direct traffic between containers right now : ) I know : D The whole thing is pretty stupid to muck around with the chromebook when i actually do got other hardware to mess around. I guess its the convenient way how the chromebook handles a total failure. If i totally screw up all containers and system a powerwash or reinstall get me back in tops 10 minutes. Would never dare to go into this crash and burn learn path on my actual workstation.

Been looking around for a vps but been struggling in my mind if i really need one. “Casual and broke user”. ; ) might be the time to take the step. If i would run an s-1 and 1 or 2 lxd containers using pihole rssfeedr buku and minor data apps would be fine i guess. Would be nice to throw in an personal vpn as well but that will hog my cost. Thank you for the scalaway tip. One reason as of holding back was actually the vps jungle… got stuck on choosing.

Hello Stéphane,

I have a couple of Dell Chromebooks but I cannot find Terminal in the application list.

Can you provide instructions on how to install it?

I thought I was making headway towards a good understanding of the mechanisms crostini uses until I ran across this otherwise really useful article.

Can someone help me understand why this article is very firmly about LXD, but all the examples use LXC and not LXD?

actually, installing lxd replace the lxc client with the lxd one, whose name is also lxc.

It’s a common question. In LXD, the client command happens to be lxc and it is indeed confusing.

Linux Containers is a set of functionalities of the Linux kernel that help create containers (imagine a proper extension to chariot).
Then, you get the implementations of Linux Containers,

1. LXC at Linuxcontainers.org. the client commands look like lxc-create. Is hosted and supported here.
2. The LXC implementations at libvirt.
3. LXD, more recent, I think 2015. LXD is the full package and makes it easy to manage containers. Has more features. The client command is lxc.

Thank you both for your answers. My first thought was to wonder how I could tell if I was using the lxc that was the lsd client, or the “other” lxc (which presumably isn’t, or doesn’t have to be.
And then I though that the article here was presenting the Ubuntu view of the world ( i see some views expressed that there’s a difference), and I would just live with it.
And now, I reread the article title, and see that not only is the article specifically about LXD, it’s also specifically about LXD on Chromebook.

So is the LXC that I use on Chromebook, within termina, the same lxc that is described in https://linuxcontainers.org/lxc/introduction/ ?

Some users may accidentally install one or the other, or even both LXD and LXC.
Here is how to figure out which is which.

In this here, I am running LXD, and I have installed LXD from the snap package (of LXD). It’s a popular choice, and here you can see on how many Linux distros you can get the the snap package of LXD. Quite versatile and is supported all over the place. You have the option of either the latest version (currently 3.10), the latest stable version (currently 3.0.3, the Chromebooks will get it soonish), the previous stable version (currently 2.0.11).

$ which lxc
/snap/bin/lxc

The LTS versions of Ubuntu currently come with a DEB package of LXD. Ubuntu 16.04 has LXD 2.0.11, Ubuntu 18.04 has LXD 3.0.3. The above command would say here /usr/bin/lxc.

What about LXC? Not the LXC Linux Containers kernel functionality but rather the implementation also named LXC, which is the precursor of LXD and also supported from this website?

Here we run the command to locate lxc-create, the equivalent to lxc launch. It’s not installed on my computer and it comes from a different package.

$ which lxc-create
$ lxc-create

Command 'lxc-create' not found, but can be installed with:

sudo apt install lxc-utils

The following page, https://linuxcontainers.org/lxc/introduction/ is for LXC (the older implementation of Linux Containers), and commands like lxc-create.

The one on the Chromebook is LXD, found at https://linuxcontainers.org/lxd/introduction/
If you have a Linux distribution, you can install LXD and get more familiar with it. The latest version of LXD is 3.10, which has more features than the version the Chromebooks. With snap packages, you can switch channel and install the exact same version from your Chromebook.

If, instead, you do not have Linux, then you can use virtualization to install a Linux distribution (I suggest Ubuntu 18.04) and then setup LXD in there.

I have written a few tutorials on LXD.
I don’t have a Chromebook, so I do not have a section on this. But there is a related post from when Crostini was first introduced.

Thanks again for the help and not least for the acknowledgement that there are differences as well as similarities. The related post was already in my bookmarks for further study, and I will add your tutorials to the list. My longer term goal is to actually understand what’s going on here, while in the short term trying out features by following canned recipes.

Most of my systems run an openSuSE variant, (which has taken a different LX[CD] path), but I have several VirtualBox environments to try things out on.

Great post. Very informative and well organized.
I’m new to LXD, but very familiar with a Vagrant / Virtual Box workflow.

Now that I can get other containers up and running, I would like to be able to get a shell in them easily. The Terminal app seems to be stuck to the Penguin container. This feels like I am missing something trivial, but how do I get a version of the Terminal app (or similar) that opens in one of my newly launched containers? (Or is the fact I am asking this mean I am probably going about this the wrong way?)

@jgillam the Terminal app opens the container named “penguin”. But you can get around that by swapping the names around, i.e. moving the penguin container to some temp name like “debian” and then creating a new container and naming it “penguin”. See this post for an example: https://www.reddit.com/r/Crostini/wiki/howto/run-ubuntu

Thanks for the wonderful post. Got a chance to learn about lxc’s. I was able to install all the containers and hit some problem when doing some ssh stuff. I am not sure what i did but ended up with this issue -
user@penguin:~$ lxc remote add chromeos1 100.115.92.193
Error: Get https://100.115.92.193:8443: Unable to connect to: 100.115.92.193:8443

I tried resetting the chrome linux to factory and went thro all the steps and ended up again at the same spot. Not sure how to go about it.
Any inputs highly appreciated.

Regards

guys, I had almost resolved the connection issue. For the step where you add remote server as given in the blog,
lxc remote add chromeos 100.115.92.193 , I gave the port number this time and the issue got resolved.

I gave it as - lxc remote add chromeos 100.115.92.193:8443

Hope this helps someone!

When I put lxc file pull ub/usr/bin/lxc /tmp/lxc (ub being the name of the container) I get Error: not found . Any reasons why?

I am using a Chromebook on 79. The container works perfectly well. For some reason lxd does not know where /tmp/lxc is or it does not exit. In that case the question would be how to make it so as to finish the tutorial. Thanks.

sorry to wake up an old post … but any pointers how to do this on newer Chrome OS builds (81+)
Looks like an update to LXC in Chrome OS 81 causes Ubuntu 18.04 to break … and with the new Ubuntu containers using LXC via snap I am not sure if this method can still work.