LXD: The hypervisor that isn't

transcript

LXD: The hypervisor that isn't @ .comTycho.Andersen

What is ?Based on Linux Containers (LXC)Secure by default: user namespaces, cgroups, AppArmor, etc.A REST API for managing system containersA daemon that can do hypervisor-y thingsA framework for managing container base images

What isn't ?A network management toolA storage management toolAn application container tool

APIcontainersimagesnetworksother administrative onessecured by client certificates and TLS 1.2

Creating a containerwget --no-check-certificate --certificate=~/.config/lxc/client.crt --private-key=~/.config/lxc/client.key -O - -qhttps://127.0.0.1:8443/1.0/containers --method=POST --body-data='{"name": "manual",...}'

{"type":"async","operation":"/1.0/operations/ae5b7709-213d-4b51-b4e2-825e4ac9d45c"}

{"type":"sync","result":"success","metadata": {"name":"foo", "config":[], "profiles":[], "status":{"state":"RUNNING", ...}}}

containers endpointwget --no-check-certificate --certificate=~/.config/lxc/cert.pem --private-key=~/.config/lxc/key.pem -O - -qhttps://127.0.0.1:8443/1.0/containers/foo

networks endpointwget --no-check-certificate --certificate=~/.config/lxc/client.crt --private-key=~/.config/lxc/client.key -O - -qhttps://127.0.0.1:8443/1.0/networks

{"type":"sync","result":"success","metadata":["/1.0/networks/lo","/1.0/networks/wlan0","/1.0/networks/lxcbr0","/1.0/networks/virbr0"

Image WorkflowSnapshot (running) containers as imagesAll LXD instances are image serversClients can publish private or public images

roadmap0.1 - Last week of January, container management only0.2 - February 18: Images, experimental migration, bugfixes, ohmy!0.3 - Summer 2015: Full specification implementation0.? - Hardware hardened containers

Kia ora!github.com/lxc/lxd

LXD: The hypervisor that isn't

Technology