Using LXD with Juju - advanced

This page is dedicated to more advanced topics related to using LXD with Juju. The main page is Using LXD with Juju.

The topics presented here are:

  • Add resilience to your models through LXD clustering
  • Registering a remote LXD server as a LXD cloud
  • Charms and LXD profiles

Add resilience to your models through LXD clustering

LXD clustering provides the ability for applications to be deployed in a high-availability manner. In a clustered LXD cloud, Juju will deploy units across its nodes.

Background

LXD clustering provides increased resilience in two senses for teams using Juju:

  • first, the LXD cloud itself is not exposed to a single point of failure
  • secondly, your model can be distributed across each node within the cluster. This can add resilience to individual applications that are deployed with multiple units

Forming a LXD cluster

The documentation provided by the LXD project explains the process of forming a LXD cluster.

A helpful tutorial video has also been provided by project lead Stéphane Graber:

Making use of a LXD cluster

From Juju’s point of view, a LXD cluster is a “remote LXD server”. Follow the instructions in the next section to register the cluster with Juju.

Registering a remote LXD server as a LXD cloud

Two commands enable you to register your LXD server with Juju as a cloud:

  • juju add-cloud provides the connectivity details to enable Juju to connect to the LXD server
  • juju add-credential provides the security credentials for Juju to use when connected

Adding the cloud

Option 1: Interactively

To add the remote LXD information to Juju, run juju add-cloud without arguments and follow the prompts:

juju add-cloud

An example session:

Cloud Types

  lxd
  maas
  manual
  openstack
  vsphere

Select cloud type: lxd

Enter a name for your lxd cloud: lxd-remote

Enter the API endpoint url for the remote LXD server: https://10.10.0.1:8443
Auth Types
  certificate

Enter region [default]: 

Enter the API endpoint url for the region [use cloud api url]: 

Enter another region? (y/N): n

Cloud "lxd-remote" successfully added

You will need to add credentials for this cloud (`juju add-credential lxd-remote`)
before creating a controller (`juju bootstrap lxd-remote`).

Option 2: Provide the cloud metadata via a file

Save the contents of the following YAML fragment to a file (/tmp/clouds.yaml), making the appropriate changes.

# clouds.yaml

clouds:
  lxd-remote: # replace lxd-remote with your preferred name
    type: lxd
    auth-types: [interactive, certificate]
    endpoint: https://10.10.0.1:8443/  # replace with the actual endpoint

Run juju add-cloud, specifying the correct cloud name and path to your new clouds.yaml:

juju add-cloud lxd-remote /tmp/clouds.yaml

Adding the security credential

Option 1: Interactively

To add the remote LXD information to Juju, run juju add-credential without arguments and follow the prompts:

juju add-credential

An example session:

Enter credential name: lxd-remote-creds

Auth Types
  certificate
  interactive

Select auth type [interactive]: 

Enter trust-password: *******

Loaded client cert/key from "/home/ubuntu/.local/share/juju/lxd"
Uploaded certificate to LXD server.

Credential "lxd-remote-creds" added locally for cloud "lxd-remote".

Option 2: Provide the credential via a file

Save the contents of the following YAML fragment to a file (/tmp/credentials.yaml), making the appropriate changes.

# credentials.yaml

credentials:
    lxd-remote:  # this name must match the name in clouds.yaml
        admin:
            auth-type: interactive
            trust-password: DL7UXEd8tsTF3Tc # replace with actual password

Run juju add-credential, specifying the correct cloud name and path to your new credentials.yaml:

juju add-credential lxd-remote -f /tmp/credentials.yaml

Next steps

Now that the cloud and credentials have been added the next step is to create a controller. See Creating a controller on the main LXD page.

Charms and LXD profiles

Juju (v.2.5.0) supports LXD profiles for charms. This is implemented by including file lxd-profile.yaml in a charm’s root directory. For example, here is a simple two-line file (this is taken from the Openvswitch charm):

config:
  linux.kernel_modules: openvswitch,ip_tables,ip6_tables

The profile will be applied to a LXD container that the charm is deployed into. The following functionality is built in:

  • A validity check is performed on the profile(s) during the deployment of the charm. This is based on a hardcoded list of allowed items, everything else being denied. The --force option can be used to bypass this check but this is not recommended. The list is:
config
   -boot
   -limits
   -migration

devices
   unix-char
   unix-block
   gpu
   usb
  • Profiles are upgraded during the upgrade of the charm (juju upgrade-charm).
  • Profiles are displayed at the machine level by using either the show-machine command or the status --format=yaml command. Below is an example of the kind of information that can be obtained from either of these two commands:
   lxd-profiles:
      juju-default-lxd-profile-0:
        config:
          environment.http_proxy: ""
          linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables
          security.nesting: "true"
          security.privileged: "true"
        description: lxd profile for testing, black list items grouped commented out
        devices:
          bdisk:
            source: /dev/loop0
            type: unix-block
          sony:
            productid: 51da
            type: usb
            vendorid: 0fce
          tun:
            path: /dev/net/tun
            type: unix-char

See the LXD documentation to learn about the valid profile configuration options.

Last updated 4 months ago. Help improve this document in the forum.