From 903f9731fb3f86bb63c807a6beb57990a5f191fd Mon Sep 17 00:00:00 2001 From: Moss Hope Date: Fri, 27 Sep 2024 16:18:09 -0700 Subject: [PATCH] config/containers-and-vms/lxc: document incus thanks to below for copy edit/review Co-authored-by: classabbyamp <5366828+classabbyamp@users.noreply.github.com> Co-authored-by: 0x5c --- src/config/containers-and-vms/lxc.md | 60 ++++++++++++++++++++++++---- 1 file changed, 53 insertions(+), 7 deletions(-) diff --git a/src/config/containers-and-vms/lxc.md b/src/config/containers-and-vms/lxc.md index 3926f3da6..0dd6e3750 100644 --- a/src/config/containers-and-vms/lxc.md +++ b/src/config/containers-and-vms/lxc.md @@ -1,11 +1,16 @@ # LXC -The [Linux Containers project](https://linuxcontainers.org/) includes three -subprojects: [LXC](https://linuxcontainers.org/lxc/introduction/), -[LXD](https://linuxcontainers.org/lxd/introduction/) and -[LXCFS](https://linuxcontainers.org/lxcfs/introduction/). The project also -included the CGManager project, which has been deprecated in favor of the CGroup -namespace in recent kernels. +The [Linux Containers project](https://linuxcontainers.org/) includes four +subprojects: [Incus](https://linuxcontainers.org/incus/introduction/), +[LXC](https://linuxcontainers.org/lxc/introduction/), +[LXCFS](https://linuxcontainers.org/lxcfs/introduction/) and +[distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/). + +The project also formerly included the CGManager and +[LXD](https://canonical.com/lxd) projects. CGManager has been deprecated in +favor of the CGroup namespace in recent kernels. LXD has become a Canonical +project. Incus was forked from LXD to be a community driven alternative, and is +led and maintained by many of the original creators. ## Configuring LXC @@ -114,6 +119,47 @@ access to other containers. To isolate containers from each other, alter the create each container. Trying to fix permissions on a container created with the wrong map is possible, but inconvenient. +## Incus + +Incus provides an alternative interface to LXC's `lxc-*` utilities. However, it +does not require the configuration described in [the previous section](#lxc). + +In `/etc/rc.conf`, set the `CGROUP_MODE` variable to `unified`. Install the +`incus` package, and [enable](../services/index.md#enabling-services) the +`incus` service. + +Some parts of Incus require optional dependencies, see +[README.voidlinux](../package-documentation/index.md). + +Add users who should have full control over Incus to the `_incus-admin` group. + +Optionally, some users can be given limited access to Incus as described +[here](https://linuxcontainers.org/incus/docs/main/howto/projects_confine/#confine-projects-to-specific-incus-users). +Add these users to the `_incus` group, and enable the `incus-user` service. + +Note that `incus-user` will initialize the default Incus profile when it is +started. To avoid default configuration initialize Incus for yourself with +`incus admin init` before enabling `incus-user`. + +> Warning: `incus-user` will also replace the networking config of the default +> profile if it appears invalid. runit does not have socket activation so this +> happens when when the machine boots instead of when a user calls `incus`. If +> the default profile uses a [bridge +> interface](../network/index.md#bridge-interfaces), `incus-user` may replace it +> on boot. + +To migrate existing LXD setups to Incus, use the `lxd-to-incus` tool from the +`incus-tools` package as described +[here](https://linuxcontainers.org/incus/docs/main/howto/server_migrate_lxd/). + +To migrate existing LXC containers to Incus, use the `lxc-to-incus` script from +the `incus-tools` package as described +[here](https://linuxcontainers.org/incus/docs/main/howto/migrate_from_lxc/). + +Some Incus features have additional dependencies. To run virtual machines, +install `qemu` and `edk2-ovmf`. To run OCI containers, install `skopeo` and +`umoci`. + ## LXD LXD provides an alternative interface to LXC's `lxc-*` utilities. However, it @@ -125,4 +171,4 @@ the `lxd` service. LXD users must belong to the `lxd` group. Use the `lxc` command to manage instances, as described -[here](https://linuxcontainers.org/lxd/getting-started-cli/#lxd-client). +[here](https://documentation.ubuntu.com/lxd/en/latest/howto/).