This chapter discusses the various resources available to create LXC and LXD containers. It explains the internal working of some LXC templates and LXD images with the help of illustrations. LXC installation provides templates that are used to create the containers with various operating system distributions. Each template is a shell script that downloads or bootstraps a minimal system with the basic contents required for container creation using the lxc-create command.
Default LXC Templates
The lxc-create command takes the template as a parameter using the -t option. We will go through some of the commonly used templates and the options they offer.
The default templates available in a typical LXC installation are as follows:
lxc-alpine lxc-centos lxc-fedoralxc-oracle lxc-sshd lxc-altlinuxlxc-cirros lxc-gentoo lxc-plamolxc-ubuntu lxc-archlinux lxc-debianlxc-openmandriva lxc-slackware lxc-ubuntu-cloudlxc-busybox lxc-download lxc-opensuselxc-sparclinux
The previous chapter introduced some of the template scripts used by LXC to create LXC containers. As you saw, the download template is quite different from the other templates; it uses an image server to provide the basic files to create the containers for different operating system distributions. Other templates do a full distribution bootstrap on the host machine, which is time consuming and depends on the host machine resources. In the following sections let’s have a closer look at the working of both the download and distribution specific templates.
Download Template
The download template provides a way to create containers of different operating system distributions using a common interface. As mentioned, the download template uses an image server to download the initial data required to create the container. The download template uses prepackaged, heavily compressed, signed container images available from a central image server such as https://images.linuxcontainers.org/ , which provides a faster and much reliable way of container creation. The image server holds image builds of different operating system distributions. The formats of these images are described in the “LXD Image Formats” section later in this chapter.
In host machines with fewer resources, the download template comes in handy because it uses a prebuilt image rather than building the image on the host machine. Building the image involves bootstrapping a minimal rootfs and installing all the basic packages for the requested operating system distribution into the rootfs. Building the image on the host machine can be a time-consuming process if the Internet connection is slow. The download template provides the following options (from the download template --help menu):
LXC container image downloaderSpecial arguments:[ -h | --help ]: Print this help message and exit.[ -l | --list ]: List all available images and exit.Required arguments:[ -d | --dist <distribution> ]: The name of the distribution[ -r | --release <release> ]: Release name/version[ -a | --arch <architecture> ]: Architecture of the containerOptional arguments:[ --variant <variant> ]: Variant of the image (default: "default")[ --server <server> ]: Image server (default: "images.linuxcontainers.org")[ --keyid <keyid> ]: GPG keyid (default: 0x...)[ --keyserver <keyserver> ]: GPG keyserver to use[ --no-validate ]: Disable GPG validation (not recommended)[ --flush-cache ]: Flush the local copy (if present)[ --force-cache ]: Force the use of the local copy even if expiredLXC internal arguments (do not pass manually!):[ --name <name> ]: The container name[ --path <path> ]: The path to the container[ --rootfs <rootfs> ]: The path to the container's rootfs[ --mapped-uid <map> ]: A uid map (user namespaces)[ --mapped-gid <map> ]: A gid map (user namespaces)
The following is an example of using the download template to create an Arch Linux-based container:
$ sudo lxc-create -t download -n archlinux-test -- --dist archlinux --release current --arch amd64Setting up the GPG keyringDownloading the image indexDownloading the rootfsDownloading the metadataThe image cache is now readyUnpacking the rootfs---You just created an ArchLinux container (release=current, arch=amd64, variant=default)For security reason, container images ship without user accountsand without a root password.Use lxc-attach or chroot directly into the rootfs to set a root passwordor create user accounts.$
Let’s have a closer look at the steps involved in creating the preceding Arch Linux container. The download template does the following:
It downloads the image index from the image server ( http://images.linuxcontainers.org/ ) to determine if the requested distribution with the supplied parameters is available. The index includes basic information about each of the images available, such as the release, architecture, creation timestamp, and the path of the image files within the server. The image index file has lines similar to the one shown here:
alpine;3.1;amd64;default;20170319_17:50;/images/alpine/3.1/amd64/default/20170319_17:50/For example, the image file for the requested Arch Linux distribution is available in the server at this path: https://images.linuxcontainers.org/images/archlinux/current/amd64/default/20170505_01:27/
This location holds the following files:
SHA256SUMS 2017-05-05 04:34 232SHA256SUMS.asc 2017-05-05 04:34 819lxd.tar.xz 2017-05-05 04:34 604lxd.tar.xz.asc 2017-05-05 04:34 819meta.tar.xz 2017-05-05 04:34 556meta.tar.xz.asc 2017-05-05 04:34 819rootfs.tar.xz 2017-05-05 04:34 114Mrootfs.tar.xz.asc 2017-05-05 04:34 819Note The preceding listing may vary, and there is a possibility the link here will break. The server is updated using a build system that truncates irrelevant or old files. This listing is the file listing at the time of writing this chapter.
The download template then downloads rootfs.tar.xz from the image server URL for the specific distribution requested. This provides the specific rootfs for the requested release and architecture of the Arch Linux distribution.
After downloading the rootfs, the metadata file is downloaded next. It includes some basic information for setting up the Arch Linux container. The following are the files present in the meta.tar.xz file:
config config-user create-message excludes-user expiry templatesThe contents of the preceding files are as follows:
$ cat configlxc.include = LXC_TEMPLATE_CONFIG/archlinux.common.conflxc.arch = x86_64$ cat config-userlxc.include = LXC_TEMPLATE_CONFIG/archlinux.common.conflxc.include = LXC_TEMPLATE_CONFIG/archlinux.userns.conflxc.arch = x86_64$ cat create-messageYou just created an ArchLinux container (release=current, arch=amd64, variant=default)For security reason, container images ship without user accountsand without a root password.Use lxc-attach or chroot directly into the rootfs to set a root passwordor create user accounts.$ cat excludes-user$ cat expiry1496539775$ cat templates/etc/hostname/etc/hosts$The preceding files that are downloaded from the image server are cached in the /var/cache/lxc/download folder, in a separate tree for each of the distributions. The cache will be used for any subsequent creation of containers of the same type, provided the timestamp in the image server matches or expiry is still valid.
The rootfs is extracted to /var/lib/lxc/{container-name}, where container-name is the name of the container provided in the -n option.
Once the rootfs is extracted, a minimal setup of the container is done to make it bootable and packages are installed if any have been requested.
Thus, a container with the requested distribution, release, and architecture is created using the download template.
Distribution-Specific Templates
This section covers the templates for two distributions: Debian and Fedora.
Debian Template
The Debian template provides the following options, which are quite different from the options offered by the download template:
The Debian template–specific options can be passed to lxc-create after a -- like this:
lxc-create --name=NAME [-lxc-create-options] -- [-template-options]Usage: /usr/share/lxc/templates/lxc-debian -h|--help -p|--path=<path> [-c|--clean] [-a|--arch=<arch>] [-r|--release=<release>][--mirror=<mirror>] [--security-mirror=<security mirror>][--package=<package_name1,package_name2,...>]Options :-h, --help print this help text-p, --path=PATH directory where config and rootfs of this VM will be kept-a, --arch=ARCH The container architecture. Can be one of: i686, x86_64,amd64, armhf, armel, powerpc. Defaults to host arch.-r, --release=RELEASE Debian release. Can be one of: wheezy, jessie, stretch, sid.Defaults to current stable.--mirror=MIRROR Debian mirror to use during installation. Overrides the MIRRORenvironment variable (see below).--security-mirror=SECURITY_MIRRORDebian mirror to use for security updates. Overrides theSECURITY_MIRROR environment variable (see below).--packages=PACKAGE_NAME1,PACKAGE_NAME2,...List of additional packages to install. Comma separated, without space.-c, --clean only clean up the cache and terminate--enable-non-free include also Debian's contrib and non-free repositories.Environment variables:MIRROR The Debian package mirror to use. See also the --mirror switch above.Defaults to 'http://httpredir.debian.org/debian'SECURITY_MIRROR The Debian package security mirror to use. See also the --security-mirror switch above.Defaults to 'http://security.debian.org/'
The following is an example usage of the Debian template to create a Stretch-based container:
$ sudo lxc-create -t debian -n stretch-test -- --release stretch --packages=wget,iputils-ping --mirror=http://deb.debian.org/debian/ --security-mirror=http://deb.debian.org/debian-security/debootstrap is /usr/sbin/debootstrapChecking cache download in /var/cache/lxc/debian/rootfs-stretch-amd64 ...gpg: keybox '/var/cache/lxc/debian/archive-key.gpg' createdgpg: directory '/home/stylesen/.gnupg' createdgpg: new configuration file '/home/stylesen/.gnupg/dirmngr.conf' createdgpg: new configuration file '/home/stylesen/.gnupg/gpg.conf' createdgpg: /home/stylesen/.gnupg/trustdb.gpg: trustdb createdgpg: key 7638D0442B90D010: public key "Debian Archive Automatic Signing Key (8/jessie) <[email protected]>" importedgpg: Total number processed: 1gpg: imported: 1gpg: no ultimately trusted keys foundDownloading debian minimal ...I: Retrieving InRelease----------OUTPUT TRUNCATED----------I: Base system installed successfully.Download complete.Copying rootfs to /var/lib/lxc/stretch-test/rootfs...Generating locales (this might take a while)...en_IN.en_IN...character map file `en_IN' not found: No such file or directorydoneGeneration complete.update-rc.d: error: cannot find a LSB script for checkroot.shupdate-rc.d: error: cannot find a LSB script for umountfsupdate-rc.d: error: cannot find a LSB script for hwclockfirst.shCreating SSH2 RSA key; this may take some time ...----------OUTPUT TRUNCATED----------invoke-rc.d: could not determine current runlevelinvoke-rc.d: policy-rc.d denied execution of start.Current default time zone: 'Etc/UTC'Local time is now: Wed May 24 15:13:39 UTC 2017.Universal Time is now: Wed May 24 15:13:39 UTC 2017.Root password is 'root', please change !Installing packages: wget iputils-pingHit:1 http://deb.debian.org/debian stretch InRelease----------OUTPUT TRUNCATED----------Processing triggers for libc-bin (2.24-10) ...W: --force-yes is deprecated, use one of the options starting with --allow instead.$
Let’s examine the steps involved in creating the preceding Debian container:
The Debian template uses debootstrap to create a minimal Debian system with the provided parameters such as release, mirror, and security_mirror. This minimal Debian system is bootstrapped in the folder /var/cache/lxc/debian/, if the requested rootfs is not already available there. The rootfs created in /var/cache/lxc/debian/ is copied to /var/lib/lxc/{container-name}, where container-name is the name of the container passed via the -n option.
After copying the rootfs, the Debian template script sets up the basic configuration for the newly created container.
The following are some options that are unique to the Debian templates:
The option --packages accepts a comma-separated list of packages that should be installed to the newly created container. Once the minimal Debian system rootfs is copied to the container location, the download template script installs the list of packages supplied to the --packages option into the newly created container using apt. This happens before starting the container, as part of container creation itself. It comes in handy when we want to get a container set up with all tools and software packages installed before booting into the container.
The --mirror and --security-mirror options accept Debian mirror URLs that will be used for downloading any packages needed, whether for the bootstrap or in the list of extra packages requested. Some users may have a local Debian mirror from which they can install the packages instead of wasting Internet bandwidth; otherwise, a user can point to a mirror close to the user’s geographical location to expedite the download.
Fedora Template
The Fedora template provides the following options to create a Fedora-based container:
Host CPE ID from /etc/os-release:
usage:
/usr/share/lxc/templates/lxc-fedora -n|--name=<container_name>
[-p|--path=<path>] [-c|--clean] [-R|--release=<Fedora_release>]
[--fqdn=<network name of container>] [-a|--arch=<arch of the container>]
[--mask-tmp]
[-h|--help]
Mandatory args:
-n,--name container name, used to as an identifier for that container
Optional args:
-p,--path path to where the container will be created,
defaults to /var/lib/lxc.
--rootfs path for actual rootfs.
-c,--clean clean the cache
-R,--release Fedora release for the new container.
Defaults to host's release if the host is Fedora.
--fqdn fully qualified domain name (FQDN) for DNS and system naming
-a,--arch Define what arch the container will be [i686,x86_64]
--mask-tmp Prevent systemd from over-mounting /tmp with tmpfs.
-h,--help print this helpThe following is an example of using the Fedora template to create a container based on Fedora release 25:
$ sudo lxc-create -t fedora -n fedora-test -- --release 25Host CPE ID from /etc/os-release:Checking cache download in /var/cache/lxc/fedora/x86_64/25/rootfs ...Downloading fedora minimal ...Fetching release rpm name from http://mirror.rise.ph/fedora/linux/releases/25/Everything/x86_64/os//Packages/f...% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed----------OUTPUT TRUNCATED----------Bootstrap Environment testing...Fedora Installation Bootstrap Build...Downloading stage 0 LiveOS squashfs file system from archives.fedoraproject.org...Have a beer or a cup of coffee. This will take a bit (∼300MB).----------OUTPUT TRUNCATED----------Complete!Fixing up rpm databasesDownload complete.Copy /var/cache/lxc/fedora/x86_64/25/rootfs to /var/lib/lxc/fedora-test/rootfs ...Copying rootfs to /var/lib/lxc/fedora-test/rootfs ...Storing root password in '/var/lib/lxc/fedora-test/tmp_root_pass'Expiring password for user root.passwd: Successinstalling fedora-release packageRedirecting to '/usr/bin/dnf -y install fedora-release' (see 'man yum2dnf')Failed to set locale, defaulting to CFedora 25 - x86_64 4.7 MB/s | 50 MB 00:10Fedora 25 - x86_64 - Updates 2.0 MB/s | 23 MB 00:11Last metadata expiration check: 0:00:11 ago on Thu May 25 22:59:00 2017.Package fedora-release-25-2.noarch is already installed, skipping.Dependencies resolved.Nothing to do.Complete!Container rootfs and config have been created.Edit the config file to check/enable networking setup.You have successfully built a Fedora container and cache. This cache maybe used to create future containers of various revisions. The directory/var/cache/lxc/fedora/x86_64/bootstrap contains a bootstrapwhich may no longer needed and can be removed.A LiveOS directory exists at /var/cache/lxc/fedora/x86_64/LiveOS.This is only used in the creation of the bootstrap run-time-environmentand may be removed.The temporary root password is stored in:'/var/lib/lxc/fedora-test/tmp_root_pass'The root password is set up as expired and will require it to be changedat first login, which you should do as soon as possible. If you lose theroot password or wish to change it without starting the container, youcan change it from the host by running the following command (which willalso reset the expired flag):chroot /var/lib/lxc/fedora-test/rootfs passwd$
The following steps are involved in creating the preceding Fedora container:
The Fedora template downloads a minimal Fedora system with the provided parameters such as release. This minimal Fedora system is created in the folder /var/cache/lxc/fedora/, if the requested rootfs is not already there.
Inside this minimal Fedora system, the required Fedora mirrors are set up and the basic software packages are installed using yum package manager.
The rootfs created in /var/cache/lxc/fedora/ is copied to /var/lib/lxc/{container-name}, where container-name is the name of the container passed via the -n option.
After copying the rootfs, the Fedora template script sets up the basic configuration for the newly created container. The template also generates a root password and copies it to a specific location within the container directory.
Note
To see the different options provided by any of the LXC template scripts, use the following command (where {name} is the name of the template):
$ /usr/share/lxc/templates/lxc-{name} --helpAll the LXC template scripts use /var/cache/lxc/ as the cache folder in order to store the minimal bootstrapped rootfs of the different distributions. Subsequent lxc-create commands to create a container that is already available from the cache use the rootfs from the cache instead of downloading everything from the Internet, making the creation faster. Each template uses a different invalidation mechanism for the cache.
LXD Images
LXD uses images to create containers and has no other mechanism, unlike LXC. LXD uses the same image server as the download template to provide an image-based workflow, with advanced caching and preloading support to keep the images up to date in the host machine’s cache. The containers created by LXD are created from images obtained from image servers or locally created images with a specific format.
LXD Image Formats
LXD image formats are easy to understand. Standard contents of an LXD image format are as follows:
Container filesystem
Metadata file, which describes
When the image was made
When the image expires
What architecture the image supports
Optionally, a bunch of file templates, used for configuring the container
LXD supports two image formats:
Unified image (single tarball)
Split image (two tarballs)
Note
LXD is used for OS-based containers and has nothing to do with application containers. Hence, LXD does not support any of the application container–specific standard image formats available as of this writing. In other words, LXD does not support either Docker image formats or other virtual machine image formats.
Unified Image
The unified image format is a single tarball that is self-contained with all the files required to support an LXD image. This is the format used for officially supplied LXD images in the past (now the official images are split images, as explained in the following section). The tarball may be either compressed or uncompressed. The SHA256 checksum of the image tarball is used as the image identifier.
The contents of the unified image tarball are as follows:
rootfs/
metadata.yaml
templates/ (optional)
A typical metadata.yaml file looks something like this:
architecture: "x86_64"
creation_date: 1495726848
properties:
architecture: "x86_64"
description: "Ubuntu 16.04 LTS server (20170525)"
os: "ubuntu"
release: "xenial"
templates:
/etc/hostname:
when:
- create
- copy
template: hostname.tpl
/var/lib/cloud/seed/nocloud-net/meta-data:
when:
- create
- copy
template: cloud-init-meta.tpl
/var/lib/cloud/seed/nocloud-net/network-config:
when:
- create
- copy
template: cloud-init-network.tpl
/var/lib/cloud/seed/nocloud-net/user-data:
when:
- create
- copy
template: cloud-init-user.tpl
properties:
default: |
#cloud-config
{}
/var/lib/cloud/seed/nocloud-net/vendor-data:
when:
- create
- copy
template: cloud-init-vendor.tpl
properties:
default: |
#cloud-config
{}
/etc/init/console.override:
when:
- create
template: upstart-override.tpl
/etc/init/tty1.override:
when:
- create
template: upstart-override.tpl
/etc/init/tty2.override:
when:
- create
template: upstart-override.tpl
/etc/init/tty3.override:
when:
- create
template: upstart-override.tpl
/etc/init/tty4.override:
when:
- create
template: upstart-override.tplThis metadata.yaml files has two mandatory fields, architecture and creation_date. The architecture field specifies the architecture to which the image applies, and the creation_date field specifies the date of creation of the image in UNIX time_t format. The other extra properties available in the metadata file are there for the convenience of the user; they give a detailed description of the image. These extra properties are used by commands such as lxc image list and to perform a key/value search for a particular image. These extra properties can be edited by the users with the help of the lxc image edit command, though the architecture and creation_date fields are immutable.
Note
UNIX time_t (also known as POSIX time) is a system for describing instants in time, defined as the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC), Thursday, 1 January 1970 (known as the epoch).
Templates
LXD templates use the pongo2 templating engine for the template syntax. The template provides a way to generate or regenerate some files during the lifecycle of a container. In custom images, there can also be custom templates added to change or dynamically configure certain files within the container. The templates found in the metadata.yaml file previously discussed can take one of the following values for the when key:
create: Run at the time a new container is created from the image
copy: Run when a container is created from an existing one
start: Run every time the container is started
The following context is available during the template execution:
trigger: Name of the event that triggered the template
path: Path of the file being templated
container: Key/value map of container properties (name, architecture, privileged, and ephemeral)
config: Key/value map of the container’s configuration
devices: Key/value map of the devices assigned to this container
properties: Key/value map of the template properties specified in metadata. yaml
Note
pongo2 is the successor to pongo, a Django syntax–like templating language. The project is available from https://github.com/flosch/pongo2
Split Image
The split image format has two distinct tarballs, one for the rootfs and the other for metadata. The metadata file contains the following:
expiry
create-message
templates (optional)
config-user
config
excludes-user
The rootfs tarball simply contains the container root filesystem at its root. A listing of the untarred rootfs.tar file will have the following folders:
$ ls
bin dev home lib64 opt root sbin sys usr
boot etc lib mnt proc run srv tmp var
$These two tarballs may be either compressed or uncompressed, and each tarball may choose its own compression algorithm—it is not mandatory to use the same compression algorithm for both the tarballs. This is the current format in which the LXD project officially generates its images at the time of this writing. The image identifier is the SHA256 checksum of the concatenation of the metadata and the rootfs tarball (in that order). For example, to calculate the image identifier, we can use the following command on the metadata and rootfs tarballs:
$ cat meta.tar.xz rootfs.tar.xz | sha256sum
119fd125d0c4f67525096aa5d34759cf15971fd667915dd84ad509b3d18c1848 -
$Many operating system distributions provide a rootfs tarball, which can be directly used as the rootfs tarball without any modification. This is the major advantage of the split-image format over the older single-image format.
Using LXD Images
The images are normally obtained from a remote image server and cached in a local LXD image store, then used to create a container. This means that the first time an image is used, it may take some time to download it, but future uses will typically be much quicker.
The image can be referred to in various different ways on the image server, such as by using the image short hash, full hash, or an alias. Here are some examples of creating a Debian Stretch container by referring to it with different image identifiers :
$ sudo lxc launch images:debian/stretch test-container-1
Creating test-container-1
Starting test-container-1
$ sudo lxc launch images:93e45634460f test-container-2
Creating test-container-2
Starting test-container-2
$ sudo lxc launch images:93e45634460fcd6d8107a2d9ddfb06dba18634d134ac26819af74b33d31add11 test-container-3
Creating test-container-3
Starting test-container-3
$Since the image is cached in the LXD image store locally, we can also launch the container from our local image store as follows:
$ sudo lxc launch local:93e45634460f test-container-4
Creating test-container-4
Starting test-container-4
$Or, we can simply do the following, where local: is understood if not specified:
$ sudo lxc launch 93e45634460f test-container-5
Creating test-container-5
Starting test-container-5
$As we saw previously, LXD caches the image automatically when asked to create a container for the first time from a remote image server. It downloads the image, marks the image as cached, and records the origin of the image. If the image is unused for a period of time (10 days by default), LXD automatically removes the cached image from the local image store. LXD checks for updates to the image on the remote server every 6 hours by default and updates the local cache whenever there is a new version available. All this behavior can be controlled within LXD configuration.
To change from the default of 10 days the number of days before unused images are removed from the local cache, use the following command:
$ sudo lxc config set images.remote_cache_expiry 5You can also modify the auto-update interval to check for updates for a new version on the remote server from the default 6 hours to 24 hours with the following command:
$ sudo lxc config set images.auto_update_interval 24To update only the cached images on which the --auto-update flag is set, use the following command:
$ sudo lxc config set images.auto_update_cached falseTo view the configuration parameters that are set on the local image store/server, use the following command. The configuration parameters we previously set are shown in the following command run:
$ sudo lxc config showconfig:core.https_address: '[::]:8443'images.auto_update_cached: "false"images.auto_update_interval: "24"images.remote_cache_expiry: "5"$
Copying Images
LXD provides a way to copy an image from a remote image server to the local image store without creating or launching a container immediately. The copied image can be used later to create a container—this is useful when you want to cache certain images when you have an Internet connection and later use these cached images to create containers when disconnected from the Internet.
$ sudo lxc image copy images:debian/jessie local:Image copied successfully!$$ sudo lxc image list+-------+-------------+------+-------------+------+--------+---------------+|ALIAS| FINGERPRINT |PUBLIC| DESCRIPTION | ARCH | SIZE | UPLOAD DATE |+-------+-------------+------+-------------+------+--------+---------------+| | 489c3fa793c4| no |Debian jessie |x86_64| 94.17MB| May 26, 2017 |amd64 at 9:20am (UTC) (20170504_02:41)+-------+-------------+------+-------------+------+-------+---------------+$
To save yourself from having to remember the cryptic fingerprint as an image identifier for the copied image in the local image store, you can create an alias while copying the image as follows:
$ sudo lxc image copy images:debian/stretch local: --alias debian-stretchImage copied successfully!$ sudo lxc image list debian+---------+-------------+-------+-------------+-------+----v-+-------------+| ALIAS | FINGERPRINT |PUBLIC| DESCRIPTION | ARCH | SIZE | UPLOAD DATE |+---------+-------------+-------+-------------+-------+------+-------------+|debian-| 93e45634460f | no | Debian stretch | x86_64|95.98MB| May 26, 2017 | stretch amd64 at 9:14am (UTC) (20170504_02:41)+---------+-------------+-------+-------------+-------+------+-------------+$
Importing Images
The LXD image formats described previously in the “LXD Image Formats” section can be imported to the local image store using the lxc import command as describe in this section.
To import a single tarball or the unified tarball, with an alias to refer it, use the following command:
$ sudo lxc image import xenial-server-cloudimg-amd64-lxd.tar.xz --alias custom-xenialImage imported with fingerprint: a1fca7830c07fb024fa246fb02798e3627caafd793bba81397e6a7bd8b5f547e$ sudo lxc image list+--------+-------------+--------+-------------+------+------+-------------+| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCH | SIZE | UPLOAD DATE |+--------+-------------+--------+-------------+------+------+-------------+|custom-| a1fca7830c07 | no | Ubuntu 16.04 |x86_64|0.00MB| May 26, 2017| xenial LTS server at 9:23am (UTC) (20170525)+--------+-------------+--------+-------------+------+------+-------------+$
To import split tarballs (i.e., two separate tarballs) with an alias, use the following command:
$ sudo lxc image import meta.tar.gz rootfs.tar.xz --alias split-xenialImage imported with fingerprint: e127122143e88dd7f18eae7e60cfecdc6f0c4fc5b469689def6f4a0c70fab0d7$ sudo lxc image list+--------+-------------+--------+------------+-------+------+--------------+| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCH |SIZE | UPLOAD DATE |+--------+-------------+--------+------------+-------+------+--------------+| split | e127122143e8| no | Ubuntu 16.04 |x86_64|81.93MB|May 26, 2017 | -xenial LTS server at 9:30am (UTC) (20170525)+--------+-------------+--------+-------------+------+------+--------------+$
Viewing and Editing Image Information
To get detailed information about an image, use the following command:
$ sudo lxc image info ubuntu:16.04Fingerprint: 8fa08537ae51c880966626561987153e72d073cbe19dfe5abc062713d929254dSize: 153.70MBArchitecture: x86_64Public: yesTimestamps:Created: 2017/05/16 00:00 UTCUploaded: 2017/05/16 00:00 UTCExpires: 2021/04/21 00:00 UTCLast used: neverProperties:description: ubuntu 16.04 LTS amd64 (release) (20170516)os: ubunturelease: xenialversion: 16.04architecture: amd64label: releaseserial: 20170516Aliases:- 16.04- 16.04/amd64- default- default/amd64- lts- lts/amd64- x- x/amd64- xenial- xenial/amd64Auto update: disabled$
The lxc image edit command allows you to edit this image information with the help of a text editor that will pop up when the command is issued:
$ sudo lxc image edit split-xenialNote
In the preceding command, you can refer to an image with either the alias or the fingerprint.
The contents shown for editing inside the text editor will look like the following:
### This is a yaml representation of the image properties.### Any line starting with a '# will be ignored.###### Each property is represented by a single line:### An example would be:### description: My custom imageauto_update: falseproperties:architecture: x86_64description: Ubuntu 16.04 LTS server (20170525)os: ubunturelease: xenialpublic: false
Deleting Images
You can delete images from the image store as follows:
$ sudo lxc image delete 3e50ba589426For the last argument, you can use either the image alias or the fingerprint.
Exporting Images
If you want to send LXD images to someone else, there is an option to export an image:
$ sudo lxc image export split-xenialOutput is in .$ ls * -alh-rw------- 1 root root 82M May 26 15:10 e127122143e88dd7f18eae7e60cfecdc6f0c4fc5b469689def6f4a0c70fab0d7.tar.xz-rw------- 1 root root 456 May 26 15:10 meta-e127122143e88dd7f18eae7e60cfecdc6f0c4fc5b469689def6f4a0c70fab0d7.tar.gz$
Summary
In this chapter, you have seen the various templates of LXC and how they work with some interesting options provided by the templates. LXD works with images that are downloaded from image servers and creates containers using the local cached version of the images. You were introduced to the two different image formats supported by LXD, and you also saw how to work with both remote and local image servers.