Using LXD with Juju - advanced
This page is dedicated to more advanced topics related to using LXD with Juju. The main page is Using LXD with Juju.
The topics presented here are:
- Add resilience to your models through LXD clustering
- Registering a remote LXD server as a LXD cloud
- Charms and LXD profiles
Add resilience to your models through LXD clustering
LXD clustering provides the ability for applications to be deployed in a high-availability manner. In a clustered LXD cloud, Juju will deploy units across its nodes.
Background
LXD clustering provides increased resilience in two senses for teams using Juju:
- first, the LXD cloud itself is not exposed to a single point of failure
- secondly, your model can be distributed across each node within the cluster. This can add resilience to individual applications that are deployed with multiple units
Forming a LXD cluster
The documentation provided by the LXD project explains the process of forming a LXD cluster.
A helpful tutorial video has also been provided by project lead Stéphane Graber:
Making use of a LXD cluster
From Juju’s point of view, a LXD cluster is a “remote LXD server”. Follow the instructions in the next section to register the cluster with Juju.
Registering a remote LXD server as a LXD cloud
Two commands enable you to register your LXD server with Juju as a cloud:
-
juju add-cloud
provides the connectivity details to enable Juju to connect to the LXD server -
juju add-credential
provides the security credentials for Juju to use when connected
Adding the cloud
Option 1: Interactively
To add the remote LXD information to Juju, run juju add-cloud
without arguments and follow the prompts:
juju add-cloud
An example session:
Cloud Types
lxd
maas
manual
openstack
vsphere
Select cloud type: lxd
Enter a name for your lxd cloud: lxd-remote
Enter the API endpoint url for the remote LXD server: https://10.10.0.1:8443
Auth Types
certificate
Enter region [default]:
Enter the API endpoint url for the region [use cloud api url]:
Enter another region? (y/N): n
Cloud "lxd-remote" successfully added
You will need to add credentials for this cloud (`juju add-credential lxd-remote`)
before creating a controller (`juju bootstrap lxd-remote`).
Option 2: Provide the cloud metadata via a file
Save the contents of the following YAML fragment to a file (/tmp/clouds.yaml
), making the appropriate changes.
# clouds.yaml
clouds:
lxd-remote: # replace lxd-remote with your preferred name
type: lxd
auth-types: [interactive, certificate]
endpoint: https://10.10.0.1:8443/ # replace with the actual endpoint
Run juju add-cloud
, specifying the correct cloud name and path to your new clouds.yaml:
juju add-cloud lxd-remote /tmp/clouds.yaml
Adding the security credential
Option 1: Interactively
To add the remote LXD information to Juju, run juju add-credential
without arguments and follow the prompts:
juju add-credential
An example session:
Enter credential name: lxd-remote-creds
Auth Types
certificate
interactive
Select auth type [interactive]:
Enter trust-password: *******
Loaded client cert/key from "/home/ubuntu/.local/share/juju/lxd"
Uploaded certificate to LXD server.
Credential "lxd-remote-creds" added locally for cloud "lxd-remote".
Option 2: Provide the credential via a file
Save the contents of the following YAML fragment to a file (/tmp/credentials.yaml
), making the appropriate changes.
# credentials.yaml
credentials:
lxd-remote: # this name must match the name in clouds.yaml
admin:
auth-type: interactive
trust-password: DL7UXEd8tsTF3Tc # replace with actual password
Run juju add-credential
, specifying the correct cloud name and path to your new credentials.yaml:
juju add-credential lxd-remote -f /tmp/credentials.yaml
Next steps
Now that the cloud and credentials have been added the next step is to create a controller. See Creating a controller on the main LXD page.
Charms and LXD profiles
Juju (v.2.5.0
) supports LXD profiles for charms. This is implemented by including file lxd-profile.yaml
in a charm’s root directory. For example, here is a simple two-line file (this is taken from the Openvswitch charm):
config:
linux.kernel_modules: openvswitch,ip_tables,ip6_tables
The profile will be applied to a LXD container that the charm is deployed into. The following functionality is built in:
- A validity check is performed on the profile(s) during the deployment of the charm. This is based on a hardcoded list of allowed items, everything else being denied. The
--force
option can be used to bypass this check but this is not recommended. The list is:
config
-boot
-limits
-migration
devices
unix-char
unix-block
gpu
usb
- Profiles are upgraded during the upgrade of the charm (
juju upgrade-charm
). - Profiles are displayed at the machine level by using either the
show-machine
command or thestatus --format=yaml
command. Below is an example of the kind of information that can be obtained from either of these two commands:
lxd-profiles:
juju-default-lxd-profile-0:
config:
environment.http_proxy: ""
linux.kernel_modules: openvswitch,nbd,ip_tables,ip6_tables
security.nesting: "true"
security.privileged: "true"
description: lxd profile for testing, black list items grouped commented out
devices:
bdisk:
source: /dev/loop0
type: unix-block
sony:
productid: 51da
type: usb
vendorid: 0fce
tun:
path: /dev/net/tun
type: unix-char
See the LXD documentation to learn about the valid profile configuration options.
Last updated 4 months ago. Help improve this document in the forum.