Certification Docs

Merge ~rodsmith/certification-docs:add-lxd-info into certification-docs:master

  1. Git
  2. lp:~rodsmith/certification-docs
  3. add-lxd-info
  4. Merge into master
Proposed by Rod Smith
Status: Merged
Approved by: Rod Smith
Approved revision: d5784f6166a8826ce16d7220264f1dfa3a4f3ebf
Merged at revision: 71081ebe1ff68a08f6570e0852f38e494388f505
Proposed branch: ~rodsmith/certification-docs:add-lxd-info
Merge into: certification-docs:master
Diff against target: 205 lines (+185/-1)
2 files modified
MAAS_Advanced_NUC_Installation_And_Configuration_Scripted.rst (+178/-1)
debian/changelog (+7/-0)
Reviewer Review Type Date Requested Status
Jeff Lane  Approve
Review via email: mp+373983@code.launchpad.net

Commit message

New MANIACS appendix describing LXD setup

Description of the change

This documents the current state of the lxc-setup script and related procedures. The script still has some awkward limitations, the worst of which the documentation describes. These are things that will require more effort to fix, like better integration between the host and container configurations; but I think it's best to get the current state documented now and work on improving the LXC/LXD procedures as time permits.

To post a comment you must log in.
Revision history for this message
Jeff Lane  (bladernr) wrote :

Looks good to me. Could you add trello card(s) to cover reviewing the scripts and docs for updates later (as you've described some brittle points that could be addressed).

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/MAAS_Advanced_NUC_Installation_And_Configuration_Scripted.rst b/MAAS_Advanced_NUC_Installation_And_Configuration_Scripted.rst
2index 2a9a438..9b29626 100644
3--- a/MAAS_Advanced_NUC_Installation_And_Configuration_Scripted.rst
4+++ b/MAAS_Advanced_NUC_Installation_And_Configuration_Scripted.rst
5@@ -1102,7 +1102,184 @@ Assigned Automatically 172.24.126.0 - 172.24.127.254 172.24.125.0 - 172.24.125
6
7 PageBreak
8
9-Appendix D: Glossary
10+Appendix D: Installing MAAS in a LXD Container
11+==============================================
12+
13+It is possible to install MAAS in a virtual machine or container. Doing so
14+will help to isolate MAAS from the underlying OS and enable relatively easy
15+backup and restoration of the complete MAAS environment. To facilitate this
16+setup, the certification PPA includes a package, called ``maas-lxc-host``,
17+which includes scripts and tools to run on the host system in order to
18+install MAAS in a LXC/LXD container. Note, however, that *this procedure is
19+still experimental!* Although it can be made to work, it is delicate, and
20+can easily fail because of system-specific configuration issues or because
21+of minor deviations from the specified procedure.
22+
23+If you want to run MAAS in this way, follow these steps:
24+
25+#. Install Ubuntu Server on the server you want to host the LXD container
26+ and configure the server's network as described earlier, in `Installing
27+ and Configuring Ubuntu`_.
28+
29+#. Type ``sudo apt-add-repository ppa:hardware-certification/public`` to
30+ add the Hardware Certification PPA to the host server.
31+
32+#. Install the ``maas-lxc-host`` package by typing ``sudo apt install
33+ maas-lxc-host``.
34+
35+#. If you're using a remote SSH session, type ``screen``. The setup process
36+ will interrupt network connectivity, so you'll have to reconnect
37+ mid-process. Better, use a physical console or remote KVM, which will
38+ not be affected by this interruption.
39+
40+#. Type ``lxc-setup``. This runs the LXC/LXD setup script, which proceeds
41+ to run through the setup steps, asking you some questions along the
42+ way...
43+
44+ #. If you're running remotely, the script checks to see if ``screen`` is
45+ in use. If so, you'll be asked to confirm that you want to continue.
46+
47+ #. The script tries to identify the internal and external network
48+ devices on the host, and asks you to verify each identification. It
49+ then tweaks the configuration to create network bridges for the
50+ future container. Once this is done, the script gives you the option
51+ to manually edit the NetPlan configuration file, in case you want to
52+ make your own tweaks. Note that the script tries to configure the
53+ external network interface (``br1``) using DHCP. This is likely to
54+ result in the external network interface's IP address changing
55+ compared to its original configuration unless you manually edit it to
56+ use a static IP address; but specifying a static IP address may be
57+ unreliable.
58+
59+ #. After configuring the network, your remote network access is likely
60+ to go down, if you're running remotely. You should be able to
61+ reconnect (doing so via the internal network interface may be easier
62+ than trying to find the new external IP address) and run ``screen -r``
63+ to resume.
64+
65+ #. After configuring LXD, the script sets up the LXD container's network
66+ options. As with the host's network configuration, the script gives
67+ you the option of reviewing and editing the settings. By default, the
68+ internal network (``eth0``) is given an address one higher than the
69+ host (for instance, 172.24.124.2, to the host's 172.24.124.1), and
70+ the external address is configured via DHCP.
71+
72+ #. At this point, the script asks if you want to set up MAAS in the LXD
73+ container. If you respond by typing ``Y`` (which is the default), the
74+ script installs ``maas-cert-server`` in the LXD container and then
75+ runs ``maniacs-setup``, as described in `Running the Setup Script`_.
76+ For the most part, you can configure the MAAS server in the LXD
77+ container just as you would a MAAS server running directly on a
78+ server; however....
79+
80+ #. When the setup script asks if you want to configure the server as a
81+ NAT router, you may want to answer ``N``. The NAT control scripts are
82+ installed on both the host and the container, but using the host as a
83+ NAT router provides a more direct route to the outside world than
84+ would be the case if you used the LXD container for this purpose.
85+ Typing ``sudo systemctl enable certification-nat`` on the host will
86+ configure it to enable NAT on the next reboot, and typing ``sudo
87+ service certification-nat start`` will start NAT immediately. Note
88+ that if you use the host as the NAT router, you must edit the subnet
89+ definition in MAAS (from the "Subnets" link near the top of the MAAS
90+ web UI) so that its gateway is the IP address of the host.
91+
92+#. If the ``lxc-setup`` script fails at some point, you can try fixing
93+ whatever problem is reported and re-running the script; however, some
94+ steps relating to LXC setup may fail when re-run. You can copy the
95+ ``/usr/sbin/lxc-setup`` script and comment out the offending lines,
96+ which are likely to be the ``sudo lxd init``, ``lxc profile copy``, and
97+ ``edit_lxd_profile`` lines in the ``setup_lxd()`` function.
98+
99+The result of this configuration is that the computer will have at least
100+four IP addresses: Internal and external for the host computer itself and
101+for the LXD container. The latter will run MAAS and an SSH server, but the
102+latter may not be usable until you import your SSH public keys into the LXD
103+container's ``ubuntu`` account. You can do this from the host by typing::
104+
105+ lxc exec lxc-maas bash
106+ su ubuntu
107+ ssh-import-id lp:username
108+ exit
109+ exit
110+
111+Change ``username`` to your Launchpad username. Alternatively, you can add
112+SSH public keys in any way you like, such as by editing
113+``~.ssh/authorized_keys``.
114+
115+If you prefer, you can access the LXD container from the host by typing
116+``lxc exec lxc-maas bash`` every time; however, this is likely to be more
117+awkward than enabling direct SSH access to the container.
118+
119+In either case, the LXD container shares the ``/home/username`` and
120+``/srv`` directories with the host, where ``username`` is your username on
121+the host. The former enables you to easily share arbitrary files between the
122+host and its container; and the latter is intended to simplify
123+configuration of Apache to deliver virtualization files needed by the
124+virtualization tests. Because ``maniacs-setup`` configures Apache on the
125+LXD container and optionally downloads virtualization files, it's easy to
126+set up the container as the server for these files; however, storing these
127+large files outside of the container may be desirable. You can also install
128+Apache on the host and deliver these files from that location, if you
129+prefer.
130+
131+The ``iperf3`` server is installed on both the host and the LXD container
132+at the end of this process, but it's not configured to launch automatically
133+from either location. In theory, network tests can use either location as a
134+target, once you launch ``iperf3`` in the correct environment; however,
135+running ``iperf3`` on the host is less likely to cause performance problems
136+and is therefore recommended. If you run ``iperf3`` on the LXD container
137+and encounter network test failures, you should try running ``iperf3`` on
138+the host and using it as a target instead. Note that network performance
139+will be limited by the capabilities of the host; you can't run full-speed
140+tests against both the host and the LXD container and expect to get twice
141+the host's native network speed!
142+
143+A fresh installation of MAAS in a LXC/LXD container will consume about 4.7
144+GiB of disk space in the ``/var/lib/lxd/storage-pools/default/containers/``
145+directory. This space is likely to grow over time, especially if you add
146+support for multiple Ubuntu versions and CPU architectures to your MAAS
147+configuration. (Each new version requires ``cloud-init`` files that consume
148+some space.)
149+
150+You can use numerous commands to manage your MAAS container. These include,
151+but are not limited to:
152+
153+* ``lxc list`` -- Show a list of containers and some summary information
154+ about them, including their IP addresses and whether or not they're
155+ running.
156+
157+* ``lxc info`` -- Displays summary information about a specified container
158+ (more than is shown by ``lxc list``.
159+
160+* ``lxc exec`` -- Runs a command in a container. In particular, ``lxc exec
161+ lxc-maas bash`` runs ``bash`` in the ``lxc-maas`` container (the name of
162+ the container created by ``lxc-setup``).
163+
164+* ``lxc stop`` -- Stops a specified container.
165+
166+* ``lxc start`` -- Starts a specified container. Note that the container
167+ created by ``lxc-setup`` should start up automatically when the host
168+ boots.
169+
170+* ``lxc restart`` -- Restarts a specified container.
171+
172+* ``lxc snapshot`` -- Creates a snapshot of a specified container.
173+
174+* ``lxc restore`` -- Restores a snapshot of a specified container.
175+
176+This documentation can provide only a brief summary of LXC/LXD commands and
177+tools. For more information, see the official Linux containers
178+documentation at https://linuxcontainers.org. You can also type ``lxc``
179+with no options to see a summary of sub-commands, or type ``lxc`` with a
180+subcommand to see a summary of how to use it, if the subcommand requires
181+additional subcommands.
182+
183+.. raw:: pdf
184+
185+ PageBreak
186+
187+Appendix E: Glossary
188 ====================
189
190 The following definitions apply to terms used in this document.
191diff --git a/debian/changelog b/debian/changelog
192index 29e88e0..7d3a410 100644
193--- a/debian/changelog
194+++ b/debian/changelog
195@@ -1,3 +1,10 @@
196+certification-docs (0.3.0-0ppa1) bionic; urgency=medium
197+
198+ * New appendix (D) in MANIACS documenting the lxd-setup script in the
199+ maas-lxc-host package.
200+
201+ -- Rod Smith <rod.smith@canonical.com> Thu, 10 Oct 2019 15:29:02 -0400
202+
203 certification-docs (0.2.8-0ppa1) bionic; urgency=medium
204
205 * Updated MANIACS and STG for new high-speed network testing

Subscribers

People subscribed via source and target branches