Publishing LXD images
Tags: containers , docker , LXD , Ubuntu , Wily Werewolf
While some work remains to be done for ‘lxc publish’, the current support is sufficient to show a full cycle of image workload with lxd.
Ubuntu Wily comes with systemd by default. Sometimes you might need a Wily container with upstart. And to repeatedly reproduce some tests on Wily with upstart, you might want to create a container image.
# lxc remote add lxc images.linuxcontainers.org # lxc launch lxc:ubuntu/wily/amd64 w1 # lxc exec w1 -- apt-get -y install upstart-bin upstart-sysv # lxc stop w1 # lxc publish --public w1 --alias=wily-with-upstart # lxc image copy wily-with-upstart remote: # optional
Now you can start a new container using
# lxc launch wily-with-upstart w-test-1 # lxc exec w-test-1 -- ls -alh /sbin/init lrwxrwxrwx 1 root root 7 May 18 10:20 /sbin/init -> upstart # lxc exec w-test-1 run-my-tests
Importantly, because “–public” was passed to the lxc publish command, anyone who can reach your lxd server or the image server at “remote:” will also be able to use the image. Of course, for private images, don’t use “–public”.
About the author
Serge Hallyn works for Canonical as a member of the Ubuntu Server team, with a particular focus on the virtualization stack. He has been involved with containers since the first upstream kernel patches for uts and pid namespaces. He was involved with LSM from the start, is listed as co-maintainer of the security subsystem and capabilities, and is a core maintainer of the LXC project.
What’s the risk of unsolved vulnerabilities in Docker images?
Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.