Diff for "Running/LXD"

Not logged in - Log In / Register

Differences between revisions 16 and 17
Revision 16 as of 2021-11-16 10:53:04
Size: 4129
Editor: lgp171188
Comment: Added a troubleshooting section for an issue with ufw on Ubuntu 21.10
Revision 17 as of 2021-12-10 15:21:52
Size: 68
Editor: cjwatson
Comment: redirect to readthedocs
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
This page explains how to set up and run Launchpad (for development) inside an LXD managed LXC container, superseding [[Running/LXC]].

= Why? =
Launchpad development setup makes significant changes to your machine; it's nice to be unaffected by those when you're not doing such development. Also, multiple containers can be used to work around Launchpad's limitations regarding concurrent test runs on a single machine.

LXD also has some nice snapshotting and ZFS capabilities that I find easier to use with LXD's frontend.

These instructions should work on Ubuntu 16.04 LTS or later. We currently test on 16.04 and 18.04, with the aim of upgrading production to 18.04 soon. 20.04 is known not to work yet.

= Create an LXD Container =
This assumes you already have LXD setup. If not, follow the instructions for getting lxd installed and configured on your network: https://linuxcontainers.org/lxd/getting-started-cli/

 1. If you haven't done so already, run this script to set up LXD to let you use your home directory inside the container:
{{{
#! /bin/sh

id=400000 # some large uid outside of typical range, and outside of already mapped ranges in /etc/sub{u,g}id
uid=$(id -u)
gid=$(id -g)
user=$(id -un)
group=$(id -gn)

# give lxc permission to map your user/group id through
sudo usermod --add-subuids ${uid}-${uid} --add-subgids ${gid}-${gid} root

# create a profile to control this
lxc profile create $user >/dev/null 2>&1

# configure profile
cat << EOF | lxc profile edit $user
name: $user
description: allow home dir mounting for $user
config:
  raw.idmap: |
    uid $uid $id
    gid $gid $id
  user.user-data: |
    #cloud-config
    runcmd:
      - "groupadd $group --gid $id"
      - "useradd $user --uid $id --gid $group --groups adm,sudo --shell /bin/bash"
      - "echo '$user ALL=(ALL) NOPASSWD:ALL' >/etc/sudoers.d/90-cloud-init-users"
      - "chmod 0440 /etc/sudoers.d/90-cloud-init-users"
devices:
  home:
    type: disk
    source: $HOME
    path: $HOME
EOF
}}}

 1. Create a container
 This command creates a Ubuntu 16.04 unprivileged container using the profile created in the previous step.
 {{{
 lxc launch ubuntu:16.04 lpdev -p default -p $USER
 }}}

 1. Find the container IP, either from `lxc list` or `lxc info lpdev`.

 1. In order to be able to ssh into the container, you need to add your public key to your local `.ssh/authorized_keys` configuration. Also make sure that both `.ssh` (700) and `authorized_keys` (600) have the correct permissions.

 1. Then connect with:
 {{{
 ssh -A $user@IP_ADDRESS_FROM_LXC_LS
 }}}
 The -A permits you to access Launchpad code hosting from within the container without needing to reenter passphrases.

 1. [Inside the container] Install Bazaar so you can run rocketfuel-setup.
 {{{
 sudo apt-get install bzr
 }}}
 1. [Inside the container] You can now follow the normal [[Running|LP installation instructions]]. Be warned that changes in your home directory will also be seen outside the container and vice versa. If your home directory already has a Launchpad work area set up you'll want to run rocketfuel-setup --no-workspace to avoid trying to recreate it, but all subsequent steps are still required.

 1. Follow [[Running/RemoteAccess]] to set up access from the host's applications to the container's Launchpad instance or else going to launchpad.test won't work.

= Troubleshooting =

 The LXC container is not getting an IPv4 address assigned and the network connectivity inside the container doesn't work.<<BR>><<BR>>

 On Ubuntu 21.10, ufw uses nftables by default. So if you are using Ubuntu 21.10 on the host and ufw is enabled with the default policy of blocking incoming and routed traffic, the rules added by LXD will not take effect. Hence LXD's traffic will be dropped.

 The fix is to add ufw allow rules to allow incoming and routed traffic on the bridge interface like

 {{{
 sudo ufw allow in on lxdbr0
 sudo ufw route allow in on lxdbr0
 }}}

 where you have to replace 'lxdbr0' with the name of the bridge interface on your computer.
#refresh 0 https://launchpad.readthedocs.io/en/latest/running.html

Running/LXD (last edited 2022-06-17 12:36:25 by cjwatson)