I recently upgraded my laptop from Fedora 31 to 32.
As a developer, I enjoy using LXC containers, to be able to have a clean workstation, and have separate containers for each project that I work on.

Containers… (by Bernd Dittrich)

LXD from snap

There is no package for LXD in Fedora 32.
I followed the instructions at https://www.cyberciti.biz/faq/how-to-install-setup-lxd-on-fedora-linux/ to install snap itself, and then the lxd snap:

dnf install snapd kernel-modules
ln -s /var/lib/snapd/snap /snap
snap install lxd
snap enable lxd
snap services lxd

Control Group v2

I had some issues with LXC on Fedora 31 already.
Since Fedora 31, Control Group v2 is enabled by default, but it seems LXC 3.2.1 and also LXD 4 are not ready for that yet.
LXC refuses to start the container, and LXD does always show the warning: WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement

To switch back to cgroups v1, do this:

dnf install -y grubby
grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"
# to check it:
cat /boot/grub2/grubenv

For details see https://www.redhat.com/sysadmin/fedora-31-control-group-v2

LXC 3.2.1 issue with cgroups cpuset initialization

I had issues starting my lxc containers on Fedora 32. I then found this bug report for F32: https://bugzilla.redhat.com/show_bug.cgi?id=1816949
It seems, this has been fixed with a patch to the Fedora 31 lxc 3.0.4 package already, but then got removed by mistake for the lxc 3.2.1 package, because some part of the patch was already upstream, but some part was still missing. I have now created my own copr build, with the patch applied, at https://copr.fedorainfracloud.org/coprs/tpokorra/lxc3/, and have provided a pull request at pagure: https://src.fedoraproject.org/rpms/lxc/pull-request/1

Firewall issues

It took me a while to figure out, why neither DHCP nor DNS where working inside the containers. It was the firewall:

# allow access to the DNS port:
firewall-cmd --permanent --zone=trusted --add-port=53/tcp
# allow access to the LXC bridge
firewall-cmd --permanent --zone=trusted --change-interface=lxcbr0
# allow access to the LXD bridge
firewall-cmd --permanent --zone=trusted --change-interface=lxdbr0
firewall-cmd --reload
# for LXC, need to restart the bridge:
systemctl restart lxc-net

Updated lxc-scripts and lxd-scripts

I have updated my scripts, which have an initialisation script (initLXD.sh and initLXC.sh), and offer scripts for creating Fedora, CentOS, Ubuntu and Debian containers:

LXC and LXD on Fedora 32 host
Tagged on: