Skip to content

M1cha/lxdocker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
docs
docs
 
 
pkg/common
pkg/common
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

lxdocker

This project provides both a CLI tool and an image server for using docker images with LXD.

Why?

See Rationale

How does it work?

See Internals

lxdocker

This CLI tool pulls docker images from a registry and converts them to LXD images. It acts on a directory rather than a single file so it has a complete list of images and can delete generated files that are not part of any yaml image specification anymore.

Requirements

  • a statically linked busybox in /bin/busybox Debian package: busybox-static
  • sqfstar if squashfs is used. Debian package: squashfs-tools (only on unstable)

CLI options

--cache PATH (required)

Path to lxdockers cache directory. This is where OCI layers are being downloaded to. Unused data is automatically removed after every run.

--lxdimages PATH (required)

This is where lxdocker stores the generated images. Old and unused versions are automatically removed after every run.

--specs PATH (required)

This directory should contain your yaml specifications for how to generate LXD images.

--imageformat FORMAT (optional)

The format of the generated rootfs. Supported values:

  • squashfs: default, because it supports parallell (de-)compression. Requires sqfstar which is only available in newer versions of squashfs-tools.
  • gzip: Alternative which neither lxdocker nor LXD (currently) support parallel (de-)compression for.
  • tar: uncompressed. Might be a good fit if you have very fast disks and networking and don't worry about disk usage.

imgserver

This is a simplestreams image server that serves images generated by LXD. Instead of statically generating and serving index.json and images.json, this service generates them on the fly. Since it uses the same protocol as Canonicals image server it works with all LXD features like lxc launch and auto-update.

SSL

Since LXD only supports SSL servers you have generate a self-signed certificate:

openssl req -x509 -subj "/C=DE/CN=lxdocker.lxd" -addext "subjectAltName = DNS:lxdocker.lxd" -addext "keyUsage = critical,nonRepudiation,digitalSignature,keyEncipherment,keyAgreement" -addext "extendedKeyUsage = serverAuth,clientAuth" -newkey rsa:4096 -keyout key.pem -out cert.pem -sha512 -days 365 -nodes

If you call your lxdocker container lxdocker, then lxdocker.lxd can be resolved using LXDs DNS server that runs on lxdbr0. If you add the bridge IP as a secondary DNS server, LXD will be able to resolve it. Alternatively you can add a static entry to /etc/hosts.

CLI options:

--address ADDRESS (optional, default: ":443")

Address in the format IP:port that imgserver should listen to. Defaults to :443.

--lxdimages PATH (required)

Path to the directory where lxdocker puts generated images.

--key PATH (required)

Path to the TLS key used by the server.

--cert PATH (required)

Path to the TLS certificate used by the server.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

26 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases 3

v0.3 Latest
Aug 4, 2022
+ 2 releases

Packages

No packages published

Languages