website/content/blog/lxdtmpfs.md

3.3 KiB

title date draft tags medium_enabled
LXD on tmpfs 2019-12-31T22:35:21-05:00 false
Linux
Storage
Containers
true

Container images are designed to be as small as possible. Wouldn't it be cool if we can hold entire containers in RAM? This post outlines how to accomplish this using LXD. It turns out that it is a lot easier to setup custom storage pools on LXD than with Docker.

Setting up tmpfs

tmpfs is a temporary filesystem that resides in memory. To get started, first create a directory that you want to mount with tmpfs

mkdir /tmp/ramdisk

To only do this temporarily, then you can run the following command

sudo mount -t tmpfs -o size=4G myramdisk /tmp/ramdisk

You can replace 4G with any size less than your current RAM size.

To set it up permanently, you will have to edit /etc/fstab

myramdisk  /tmp/ramdisk  tmpfs  defaults,size=3G,x-gvfs-show  0  0

Setting up LXD

LXD is a lightweight container hypervisor in Linux. To install and setup, please follow the beginning sections of https://linuxcontainers.org/lxd/getting-started-cli/

Once you've setup the initial configuration with lxd init, we can create a new storage pool using our newly created tmpfs

lxc storage create tmplabel dir source=/tmp/ramdisk 

We can then create a container that will use this storage pool

lxc launch ubuntu:18.04 mycontainer -s tmplabel

In the last command, the -s flag indicates which storage pool we want to use.

With this, our entire container filesystem lives in RAM!

(Optional) Setting up mounts

One downside to putting the entire filesystem in RAM is that it isn't persistent across reboots. You can think of the container then as ephemeral and setup mountpoints to the host in order to save important configuration information.

If the mount point is configured to be world writable or you only need it to be readonly, then this is very simple to setup!

lxc config device add mycontainer dirlabel disk source=/path/on/host path=/path/on/container

This is because files in the container are marked as nobody:nogroup. If you want to be able to write to the mounted directory that's not setup to be world-writable then there's extra steps we need to take.

Most of the following information is taken from: https://tribaal.io/nicer-mounting-home-in-lxd.html

Let's say that you want LXD to be able to write to a folder that you own. First we need to allow LXD to remap your user ID.

echo "root:$UID:1" | sudo tee -a /etc/subuid /etc/subgid

We only need to do this once per host system.

The Ubuntu container has a user called ubuntu with UID 1000. We can remap that userid, otherwise you would have to create another user on the container to remap.

If you create another user, make sure you get its id for the next command:

# In the container
id -u username

For the rest of this tutorial, we will assume that you have a user named ubuntu with UID 1000.

Once LXD is able to remap your user id, you can tell it to do so for the container of interest.

lxc config set mycontainer raw.idmap "both $UID 1000"

Now to setup the mount

lxc config device add myubuntu homedir disk source=$HOME path=/home/ubuntu

Restart the container and now the ubuntu user will be able to write to the mount!

lxc restart mycontainer