Skip to content

Latest commit

 

History

History
77 lines (58 loc) · 3.09 KB

README.md

File metadata and controls

77 lines (58 loc) · 3.09 KB

lxdocker

This project provides both a CLI tool and an image server for using docker images with LXD.

Why?

See Rationale

How does it work?

See Internals

lxdocker

This CLI tool pulls docker images from a registry and converts them to LXD images. It acts on a directory rather than a single file so it has a complete list of images and can delete generated files that are not part of any yaml image specification anymore.

Requirements

  • a statically linked busybox in /bin/busybox Debian package: busybox-static
  • sqfstar if squashfs is used. Debian package: squashfs-tools (only on unstable)

CLI options

--cache PATH (required)

Path to lxdockers cache directory. This is where OCI layers are being downloaded to. Unused data is automatically removed after every run.

--lxdimages PATH (required)

This is where lxdocker stores the generated images. Old and unused versions are automatically removed after every run.

--specs PATH (required)

This directory should contain your yaml specifications for how to generate LXD images.

--imageformat FORMAT (optional)

The format of the generated rootfs. Supported values:

  • squashfs: default, because it supports parallell (de-)compression. Requires sqfstar which is only available in newer versions of squashfs-tools.
  • gzip: Alternative which neither lxdocker nor LXD (currently) support parallel (de-)compression for.
  • tar: uncompressed. Might be a good fit if you have very fast disks and networking and don't worry about disk usage.

imgserver

This is a simplestreams image server that serves images generated by LXD. Instead of statically generating and serving index.json and images.json, this service generates them on the fly. Since it uses the same protocol as Canonicals image server it works with all LXD features like lxc launch and auto-update.

SSL

Since LXD only supports SSL servers you have generate a self-signed certificate:

openssl req -x509 -subj "/C=DE/CN=lxdocker.lxd" -addext "subjectAltName = DNS:lxdocker.lxd" -addext "keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment,keyAgreement" -addext "extendedKeyUsage = serverAuth,clientAuth" -newkey rsa:4096 -keyout key.pem -out cert.pem -sha512 -days 365 -nodes

If you call your lxdocker container lxdocker, then lxdocker.lxd can be resolved using LXDs DNS server that runs on lxdbr0. If you add the bridge IP as a secondary DNS server, LXD will be able to resolve it. Alternatively you can add a static entry to /etc/hosts.

CLI options:

--address ADDRESS (optional, default: ":443")

Address in the format IP:port that imgserver should listen to. Defaults to :443.

--lxdimages PATH (required)

Path to the directory where lxdocker puts generated images.

--key PATH (required)

Path to the TLS key used by the server.

--cert PATH (required)

Path to the TLS certificate used by the server.