libvirt users - Apr 2017 - Re: creating a lxc image to be used with libvirt-lxc

ok, thank you Daniel, that helps, I'll see if I can adapt it to other OS
and figure out the docker style stuff, it would be useful to run a few
things I have in mind.

Btw, Daniel, have you ever tried to run libvirt inside a container? I was
trying to do so to test things since I didn't want to get all the stuff
installed on the host, but I got a whole bunch of errors and virt-manager
would not connect no matter what.

Also, some more examples, if anybody on the list has them, would be most
appreciated to help a noob get started.

best,

Spike

On Tue, Apr 4, 2017 at 2:59 AM Daniel P. Berrange <berrange@redhat.com>
wrote:
> On Mon, Apr 03, 2017 at 05:52:33PM +0000, Spike wrote:
> > Dear all,
> >
> > I'm moving my first baby steps with libvirt-lxc trying to convert
over
> from
> > an LXD installation and one of the hurdles is putting together an
image.
> >
> > All the examples I found about libvirt-lxc refer to running /bin/sh in
a
> > container, almost as if it was docker, as opposed to run a "full
system"
> > like I've been doing with lxd. Also virt-install, often referred
in
> libvirt
> > docs, seems to be specific/only for kvm.
> >
> > Can anybody point me to any documentation to achieve the same as
you'd do
> > with lxd? would it even just work to use those images (
> > https://cloud-images.ubuntu.com/) with libvirt? Last but not least, is
> > there any way to "publish" a modified image so that I could
make changes
> to
> > any of the above and then reuse the modified one as a base for other
> > containers?
>
> Libvirt LXC doesn't really care what you run inside the containedr - it
is
> possible to use it to run a single application (docker style), or to run a
> full operating system. You essentially just need to populate a chroot with
> the operating system install you want to run.
>
> I've previously tested with a Fedora chroot:
>
>
>
https://www.berrange.com/posts/2013/08/12/running-a-full-fedora-os-inside-a-libvirt-lxc-guest/
>
> If you want to have layered modifications, then the best bet is probably
> to make use of overlayfs with your chroots. ie populate a base chroot
> and treat it as read-only thereafter. Then create a new directory mounted
> with overlayfs to add a writable layer on top.
>
>
> Regards,
> Daniel
> --
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/
> :|
> |: http://libvirt.org              -o-             http://virt-manager.org
> :|
> |: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/
> :|
>

On Tue, Apr 04, 2017 at 05:20:19PM +0000, Spike wrote:
> ok, thank you Daniel, that helps, I'll see if I can adapt it to other
OS
> and figure out the docker style stuff, it would be useful to run a few
> things I have in mind.
> 
> Btw, Daniel, have you ever tried to run libvirt inside a container? I was
> trying to do so to test things since I didn't want to get all the stuff
> installed on the host, but I got a whole bunch of errors and virt-manager
> would not connect no matter what.
You can run libvirt inside a container - I've done that the same reasons
as you when i wanted to test stuff without messing up my host. It sounds
like you were trying to connect using a virt-manager outside the container,
talking to libvirtd inside the container.

This gets more complicated - virt-manager connects over a UNIX domain
socket at /var/run/libvirt by default. If you're running libvirtd inside
a container, then the /var/run seen by libvirtd will be in the container
filesystem, while the /var/run seen by virt-manager will be the host
filesystem. You'd need to figure out a way for the
/var/run/libvirt/libvirt-sock
in the container to be exposed to virt-manager in the host.

Alternatively you would have to make libvirtd listen on a TCP address and
connect over TCP with suitable auth.


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

thank you for your help Daniel. I don't get why virt-manager would see a
different /var/run. My container has an ip/ssh, so when I connect with
qemu+ssh from my desktop I shuould end up in the same
"space/filesystem" of
libvirtd, not the host one. And I canc onfirm that because I see the logs
of ssh of virt-manager trying to log in. In any case I will try TLS/TCP,
that's fine with me. I seem to also be having another problem: for some
reason I can't get rid of virbr0 and make libvirt use the existing bridge
in the container, even after changing the default net-define virt-manager
still sees a virbr0 and fails to start a VM.

thanks,

Spike

On Wed, Apr 5, 2017 at 2:10 AM Daniel P. Berrange <berrange@redhat.com>
wrote:
> On Tue, Apr 04, 2017 at 05:20:19PM +0000, Spike wrote:
> > ok, thank you Daniel, that helps, I'll see if I can adapt it to
other OS
> > and figure out the docker style stuff, it would be useful to run a few
> > things I have in mind.
> >
> > Btw, Daniel, have you ever tried to run libvirt inside a container? I
was
> > trying to do so to test things since I didn't want to get all the
stuff
> > installed on the host, but I got a whole bunch of errors and
virt-manager
> > would not connect no matter what.
>
> You can run libvirt inside a container - I've done that the same
reasons
> as you when i wanted to test stuff without messing up my host. It sounds
> like you were trying to connect using a virt-manager outside the container,
> talking to libvirtd inside the container.
>
> This gets more complicated - virt-manager connects over a UNIX domain
> socket at /var/run/libvirt by default. If you're running libvirtd
inside
> a container, then the /var/run seen by libvirtd will be in the container
> filesystem, while the /var/run seen by virt-manager will be the host
> filesystem. You'd need to figure out a way for the
> /var/run/libvirt/libvirt-sock
> in the container to be exposed to virt-manager in the host.
>
> Alternatively you would have to make libvirtd listen on a TCP address and
> connect over TCP with suitable auth.
>
>
> Regards,
> Daniel
> --
> |: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/
> :|
> |: http://libvirt.org              -o-             http://virt-manager.org
> :|
> |: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/
> :|
>