Authors: Luke Rawlins
I’ve been spending quite a bit of time learning about LXD/LXC containers on Ubuntu. There is a lot of really good information available about how to get started with these containers so I’m not going try to reproduce that content here, however, I will provide links at the bottom that I think are relevant to learn more about LXD and LXC.
Below I outline what it is that I like about LXC these reasons are also the driving factors behind my decision to use LXC for web hosting as opposed to other container technologies. Though I should note that LXC and Docker are not mutually exclusive. If you are comfortable using Docker you may want to consider using both of these technologies.
LXC containers are unprivileged.
An unprivileged container is a container that is not running as root on the host machine. The root account in the container is mapped to a random non-root uid on the host. According to Canonical “Unprivileged containers are safe by design. The container uid 0 is mapped to an unprivileged user outside of the container and only has extra rights on resources that it owns itself.“This prevents access to host files that are owned by root and isolates the container in a way that isn’t possible with a privilaged container deamon. You can allow a user to run LXD/LXC containers without handing over access to a root account on the host.
For more information take a look at this page: https://linuxcontainers.org/lxc/security/
“LXD is a next generation system container manager. It offers a user experience similar to virtual machines but using Linux containers instead.” Since LXD treats LXC container guests as if they were a virtual machine the only new thing I had to learn was how to launch them, and how their networking is managed. After that it is just like configuring any other Linux virtual machine. LXD also offers base host images for several popular Linux distrobutions including: Fedora, CentOS, OpenSUSE, and of course Ubuntu. Learning to use LXD to manage containers is easy and Canonical provides a great tool to help get started. They even offer a web based application to allow you to try LXD which you can find here: https://linuxcontainers.org/lxd/try-it/
LXC containers spin up fast, snapshot fast, and can be redeployed much faster than a traditional server. Once you have built your container and configured it you your satisfaction you can easily launch other identical containers from a snapshot, either to your local host or a remote host in a public or private cloud.
You can live migrate a container to another host machine. This makes it possible to move your containers around for zero downtime operations so that you can perform maintenance tasks like patching or application updates without interrupting users.
Storage is persistent by default on Ubuntu 16.04. With LXD you can have a storage backend using zfs, btrfs, lvm, or for a development environment you can simple filebased storage (though that is much slower). For more information about storage check this page: https://lxd.readthedocs.io/en/latest/storage/
If you have any interest in using LXD, I highly recommend that you read the full blog series that was written by the LXC and LXD project leader, Stéphane Graber. I have linked to it below.
If you’d like to get in touch, contact with me via email.