/srv/irclogs.ubuntu.com/2022/09/08/#ubuntu-server.txt

cpaelzerbryyce: thanks, one more resolved \o/05:29
cpaelzername mapping error ... too early, thanks sergiodj :-)05:29
ExeciNIs there a way to use cloud-init with a custom configuration without rebuilding the installation image? Can I somehow supply a url with the cloud-init configuration in the kernel command? (probably doing this through the installer's grub menu)07:39
tomreynExeciN: you can use kernel command line     autoinstall ds=nocloud-net;s=http://mywebserver.mytld:myport/     and have the web server serve your cloud-config at the http://mywebserver.mytld:myport/user-data (and an empty /meta-data). note i'm just another user, not a developer.10:56
blackroottomreyn | ExeciN: you can use kernel command line     autoinstall ds=nocloud-net;s=http://mywebserver.mytld:myport/     and have the web server serve your cloud-config at the http://mywebserver.mytld:myport/user-data (and an empty /meta-data). note i'm just another user, not a developer.12:27
blackrootsince you were disconnected when he wrote this :P12:28
=== schopin_ is now known as schopin
ExeciNthanks tomreyn and blackroot15:09
znfIf I want to run a single LXC Container, on a single host, should I even bother with "LXD"?20:12
sarnoldas I understand it, lxd lets you do image-based container things; lxc lets you do recpie-based container things; I think I'd pick whichever one best matches your preferred working style20:13
ravagethe quick answer is yes. its just more convenient20:14
ravageon my Pi4 i actually use LXC. it works too of course20:15
ravagebut on my ubuntu desktop i run lxd20:15
znfEvery time I want to do LXC/LXD I'm met with this issue being so unclear20:16
znfAnd most stuff on the web is a very hit & miss in regards to instructions on both20:16
znfIt really mixes them up together20:16
ravageand what issue is that?20:16
znfIf you google for "do stuff with lxc"20:16
znfyou'll get instructions with the "lxc" command, but that actually is part of the lxd package20:17
ravage"lxd init" asks some basic questions and then you can start containers20:17
ravageafter you setup lxd almost all commands start with lxc20:17
ravagehttps://linuxcontainers.org/lxd/try-it/20:17
sarnoldznf: heh, yeah, the 'lxc' command to use lxd is *very* frustrating imho :(20:18
znfalso, what about the lxc packages20:18
znfdo I need to install any package separately, with apt, or should I just snap install lxd 20:19
ravagethe lxd snap is all your need20:19
ravage*you20:19
znfnow, wonder if I can actually run lxd 5 with a 18.04 kernel 20:19
ravagei guess you can run the stable version with 18.0420:20
ravagenever tried it. i started using it on 20.0420:20
znfName of the storage backend to use (zfs, btrfs, ceph, cephobject, dir, lvm) [default=zfs]:20:21
znfwhy the hell does this even default to zfs lol20:21
ravageit creates an image storage with zfs i think20:21
ravageto enable snapshots and so on20:22
znfand what does it actually use? 20:22
znfooooh20:22
znfit does a loop device20:22
znfthat's crazy 20:22
ravagei actually have a zfs pool on my system20:23
ravagebut the loop device works just fine20:23
sdezielznf: yes, no problem in using LXD 5.0 on 18.04 with whatever kernel20:25
znfoh, wtf20:25
znflxc console attaches to the login console20:25
znfwhat's the equivalent of lxc-attach -n 20:26
sdezielznf: you probably want `lxc shell foo` to give you a bash login20:26
ravageznf, lxc exec yourcontainer -- bash20:26
znfah, 'shell' is fine20:26
ravageshell exists too20:26
ravage^^20:26
sdezielboth are very similar20:26
znfit doesn't list "shell" when you -h 20:26
sdezielznf: that's because `shell` is in fact an alias20:27
znfI see20:27
sdezielznf: it invokes `su -l` inside the instance20:27
znfgreat!20:27
ravagei dont know how big that loop device is by default20:28
znfI went with 'dir' 20:28
ravageok20:28
znfI won't need snapshots on this20:28
ravagei love my snapshots :D20:28
znfI have LVM but someone assigned all the space to / already 20:28
sdezielznf: https://linuxcontainers.org/lxd/docs/master/reference/storage_drivers/20:29
sdezielthat table should give you a nice overview of what LXD supports in terms of storage20:29
sdezielznf: another selling point in favor of LXD is that is supports VMs too ;)20:30
sdeziels/that is/that it/20:30
ravagei never tried that before20:30
ravagei really should20:30
znfI'm familiar with them, but I feel dirty about using a loop device20:30
ravagebut i usually only run them on my desktop and virt-manager does a good job atm20:30
znfand because it's just 1 single container, I'm meh about worrying about them 20:30
znfnow, where's that fancy volume mapping20:31
sdezielznf: yeah, ideally you'd carve up some dedicated space but the loop device actually perform quite nicely20:31
sdezielravage: my main grip with virt-manager is the XML part20:32
znfif *someone* didn't allocate all VG space to a single LV... >_<20:32
ravagesdeziel, yes XML is always annoying :)20:32
znfk, now, how do I map the host /home/stuff to the guest /home/stuff ?20:32
sdezielznf: ext4 supports shrinking if you use a liveusb20:32
znfI don't have IPMI access on it20:32
znfand it's located far far away20:33
znftoo much of a hassle20:33
znf:)20:33
sdezielgranted20:33
znflxc config device add c1 sharedwww disk source=/wwwdata/ path=/var/www/html/20:33
znfthat much?20:33
sdezielznf: sounds about right20:33
ravageok. i know im just lazy. but how do i fix "LXD VM agent isn't currently running" ? :D20:34
ahasenackfor a vm? Wait a bit20:34
sdezielravage: just wait till the VM finishes booting is usually what you need to do20:34
ravageoh ok. i was just too fast then :D20:34
ravageyep. thx20:34
ahasenackit's indeed slower than non-vms20:34
ahasenackand most of the time ssh is ready before the agent, so you can already ssh in if you have the creds in place20:35
ravageim usually fine with containers. but its nice to have the VM option20:35
sdezielravage: you can always do `lxc launch --console=vga --vm ...`20:35
ravagein case of some kernel related thing a VM is good to have20:35
ahasenackit's indeed a quick and very convenient way to launch one20:37
ahasenacknot just ubuntu20:37
ahasenackbasically any os out there (linux based)20:37
ahasenackjust use the "images:" remote20:38
sdezielyeah, for other OSes, you have to provide the ISO usually as we cannot distribute ready-made Windows VMs :/20:38
ahasenackjust take a look at all that is available in "lxc image list images:"20:39
znfmaybe that will finally change now that MS was forced to do the licensing-per-core modification20:39
ahasenackcentos, alpine, fedora, gentoo (!), opensuse, etc20:39
ahasenacksome I have never heard of even20:39
znfwhat's the tcp proxy thingie called20:40
znfso I can proxy ports on the host to the container20:40
znflxc config device add mycontainer myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80 20:41
znfthis sounds ok20:41
ravageYou only need that if you need external Access 20:42
ahasenackhah, I didn't know about that :)20:42
znfyes, I need to make a webserver public20:42
znfis the 127.0.0.1 correct?20:42
znfthat sounds iffy 20:42
znfwould my internal nginx actually see the remote IP correctly?20:42
ravageI don't think it will20:44
znfhmm20:45
znfthat's bad20:45
znfhow to fix that20:45
sdezielznf: you can use the PROXY protocol which NGINX supports, see https://linuxcontainers.org/lxd/docs/master/instances/?highlight=proxy#type-proxy20:46
ravageyep. with a proxy on the host you should be able to forward the remote IP20:46
znfvery confused20:48
ravagetraefik or varnish are popular here too20:48
ahasenackiptables DNAT might be an option, perhaps simpler20:48
znfI don't really want to setup haproxy/traefik etc. 20:48
znfI'd like the stuff to be done via LXC/LXD stuff entirely20:49
ravagethat is usually what you do with containers20:49
ahasenackyou could perhaps launch the container in a network that is exposed already20:49
ravageor you add the containers to a bridge with your main network interface20:49
ahasenackyeah, that20:49
znfIt's way too much trouble/effort when I only need 1 port and 1 container20:49
znfI'd agree if I run something much more complex20:50
znfbut to setup everything just for 1 host and 1 port seems like an overkill 20:50
znf(I also don't have a 2nd public IP address)20:50
ravageis this a dedicated server in a datacenter or whats the situation?20:51
znfYes20:51
ravagewith only one public IP a reverse proxy is the best way to go here really20:51
ravagethe setup is not that difficult20:52
sdezielznf: the LXD native proxy thing is what supports the PROXY protocol if you want that, a simpler way is the `nat=true` one but it requires a static IP on the container/VM side20:52
znfravage, I know it's not, but I'm setting this up for someone else, I'll not handle it day by day, and I don't want to explain/amke it more complicated20:53
sdezielznf: I mean, there is no need for any external components like traefik/haproxy20:53
ravageznf, did you test what IP your webserver actually logs with the lxc proxy command?20:54
znfravage, yeah, 127.0.0.120:54
znfI'll try the nat=true stuff20:55
ahasenackisn't the real IP set in a header actually? You might just need to tweak the server log format string20:55
znf# lxc config device set container eth0 ipv4.address=10.213.9.620:56
znfError: Device from profile(s) cannot be modified for individual instance. Override device or modify profile instead20:56
znfahasenack, no, there's no "header" being sent by the browser/device itself20:57
ahasenackthe proxy usually injects such a header20:58
ahasenacka real proxy, I mean, I don't know what lxd is using20:58
sdezielznf: try `device override` instead of `device set`20:58
znfah, right20:59
sdezielahasenack: you seem to refer to the PROXY protocol header, something that won't be used with `nat=true`20:59
sdezielthe proxy device supports quite a few different things which can be confusing :/21:00
sdezielznf: make sure the expected address shows up in the instance as I'm not sure that can be applied "live"21:01
znfit was already that IP address 21:01
znfjust made sure it was permanent21:01
znfah, ok, proxy_protocol=true won't really work out, because there's no ssl certificate :P 21:02
znfand with http:// I get a 400 bad request from the nginx running inside21:03
znfNAT time I guess21:03
sdezielznf: `proxy_protocol=true` only cares about TCP stuff, no SSL involved IIRC21:04
sdezielznf: if you use `proxy_protocol=true` you need to tell NGINX that it will receive this protocol instead of regular HTTP(S)21:05
znfyeah, screw that21:05
znfnat=true it is21:05
sdezielshould work and have one less moving part ;)21:06
znfyup21:06
znfthat's my goal, less moving parts, less things to break 21:06
znf(and less chances this guy will ask me for help in the future!)21:10
sdezielengineering oneself out of a job, I like it ;)21:16
znfI like to NOT be bothered all the time :P21:17
RoyKThere's no place like ::121:22
sarnold:)21:23
znfI prefer 127.0.0.121:35
znfI'm old, get off my lawn with ipv621:35
sdezielsurprisingly, ::1 is a much smaller home than 127.0.0.1 (/128 vs /8)21:39
znfwhy can't I nat=tcp:0.0.0.021:42
znfdamn it21:42
znfI mean listen on 0.0.0.0 with nat21:43
sdezielznf: what if you add a port to it?21:43
znfnope21:43
znf(I already do that)21:44
znf# lxc config device add container port2082 proxy listen=tcp:0.0.0.0:2083 connect=tcp:10.213.9.6:2082 nat=true21:44
znfError: Invalid devices: Device validation failed for "port2083": Cannot listen on wildcard address "0.0.0.0" when in nat mode21:44
sdezieldang21:44
znfkinda weird21:44
znfhm21:49
znfare containers NOT set to auto-start?21:49
sdezielznf: the state of the instances is preserved throughout hosts reboots (running instances will be restarted on boot)21:55
znfconfig ... get boot.autostart returns empty21:56
znfgood to know then21:56
znfI'll still test by rebooting 21:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!