CentOS 7: LXD/LXCでコンテナを立ち上げる

CentOS 7はLXC 1.x系です。LXD/LXCはLXC 2.x系です。1.x系と2.x系ではコマンドが異なります。libvirtでは将来的にLXCがサポートがされなくなります。そこでこの記事ではlibvirt + LXC 1.x系ではなく、LXD/LXCをCentOS 7に導入する手順を記載します。

1 LXD/LXCのインストール

こちらのページいくつかの手順が紹介されています。以下のスクリプトを実行することでLXD/LXCのインストールから初期化まで実行できます。

#!/bin/sh

set -e

USER_ADDED_TO_LXD_GROUP="${USER}"

export GOPATH=${HOME}/go
LXD_HOME_DIR=/var/lib/lxd
LXD_BIN_DIR=/usr/bin
LXD_LOG_DIR=/var/log/lxd

FEDORA=https://dl.fedoraproject.org/pub/fedora/linux/releases/27
FEDORA_PACKAGES_L=${FEDORA}/Everything/source/tree/Packages/l
FEDORA_LXC=lxc-2.0.8-2.fc27.2.src.rpm

# Install Fedora's lxc package because centos's is too old.
sudo yum install -y wget epel-release rpmdevtools rpm-build
wget -q ${FEDORA_PACKAGES_L}/${FEDORA_LXC}
sudo yum-builddep -y ${FEDORA_LXC}
rpmbuild --rebuild ${FEDORA_LXC}
# shellcheck disable=SC2046
sudo yum localinstall -y \
     $(find ~/rpmbuild/RPMS -type f -a ! -name "*debuginfo*")

# Setup subuid and subgid.
echo "root:100000:65536" | sudo tee -a /etc/subuid
echo "root:100000:65536" | sudo tee -a /etc/subgid

# Add lxd group and add user to lxd group.
sudo /usr/sbin/adduser --system lxd --home "${LXD_HOME_DIR}" --shell /bin/false
sudo gpasswd -a "${USER_ADDED_TO_LXD_GROUP}" lxd

# Build LXD and install LXD.
sudo yum install -y git golang sqlite-devel dnsmasq squashfs-tools libacl-devel
go get -v -x github.com/lxc/lxd/lxc github.com/lxc/lxd/lxd
sudo cp "${GOPATH}"/bin/* "${LXD_BIN_DIR}"

# Create LXD directory.
sudo mkdir -p "${LXD_LOG_DIR}"
sudo chown root:lxd "${LXD_LOG_DIR}"

# Setup systemd service.
cat <<EOF | sudo tee /usr/lib/systemd/system/lxd.service
[Unit]
Description=LXD - main daemon
After=network.target
Requires=network.target lxd.socket
Documentation=man:lxd(1)

[Service]
EnvironmentFile=-/etc/environment
ExecStart=${LXD_BIN_DIR}/lxd --group lxd --logfile=${LXD_LOG_DIR}/lxd.log
ExecStartPost="${LXD_BIN_DIR}/"lxd waitready --timeout=600
KillMode=process
TimeoutStartSec=600
TimeoutStopSec=40
Restart=on-failure
LimitNOFILE=infinity
LimitNPROC=infinity

[Install]
Also=lxd.socket
EOF
cat <<EOF | sudo tee /usr/lib/systemd/system/lxd.socket
[Unit]
Description=LXD - unix socket
Documentation=man:lxd(1)

[Socket]
ListenStream=${LXD_HOME_DIR}/unix.socket
SocketGroup=lxd
SocketMode=0660
Service=lxd.service

[Install]
WantedBy=sockets.target
EOF
sudo systemctl --system daemon-reload
sudo systemctl enable lxd
sudo systemctl start lxd

# Initialize LXD.
#   Would you like to use LXD clustering? (yes/no) [default=no]:
#   Do you want to configure a new storage pool? (yes/no) [default=yes]:
#   Name of the new storage pool [default=default]:
#   Name of the storage backend to use (btrfs, dir, lvm) [default=btrfs]:
#   Would you like to connect to a MAAS server? (yes/no) [default=no]:
#   Would you like to create a new network bridge? (yes/no) [default=yes]:
#   What should the new bridge be called? [default=lxdbr0]:
#   What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”)
#   [default=auto]:
#   What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”)
#   [default=auto]:
#   Would you like LXD to be available over the network? (yes/no) [default=no]:
#   Would you like stale cached images to be updated automatically? (yes/no)
#   [default=yes]
#   Would you like a YAML "lxd init" preseed to be printed? (yes/no)
#   [default=no]:
cat <<EOF | sudo lxd init
no
yes
default
dir
no
yes
lxdbr0
auto
auto
no
no
no
EOF

# Setup kernel.
sudo yum install -y grub2-tools
. /etc/default/grub
V="$GRUB_CMDLINE_LINUX user_namespace.enable=1 namespace.unpriv_enable=1"
sudo sed -e "s;^GRUB_CMDLINE_LINUX=.*;GRUB_CMDLINE_LINUX=\"$V\";g" \
     -i /etc/default/grub
sudo /usr/sbin/grub2-mkconfig -o /boot/grub2/grub.cfg
cat <<EOF | sudo tee /etc/sysctl.d/lxd.conf
user.max_user_namespaces=15076
EOF

# LXD can be used after reboot.
sudo reboot

2 動作確認

$ lxc launch ubuntu:16.04 ubuntu-1604
$ lxc exec ubuntu-1604 -- uname -a
3.10.0-693.21.1.el7.x86_64

3 その他の設定

Ubuntu 16.04の場合と同様です。