I recently upgraded my laptop from Fedora 31 to 32.
As a developer, I enjoy using LXC containers, to be able to have a clean workstation, and have separate containers for each project that I work on.
LXD from snap
There is no package for LXD in Fedora 32.
I followed the instructions at https://www.cyberciti.biz/faq/how-to-install-setup-lxd-on-fedora-linux/ to install snap itself, and then the lxd snap:
dnf install snapd kernel-modules ln -s /var/lib/snapd/snap /snap reboot snap install lxd snap enable lxd snap services lxd
Control Group v2
I had some issues with LXC on Fedora 31 already.
Since Fedora 31, Control Group v2 is enabled by default, but it seems LXC 3.2.1 and also LXD 4 are not ready for that yet.
LXC refuses to start the container, and LXD does always show the warning: WARNING: cgroup v2 is not fully supported yet, proceeding with partial confinement
To switch back to cgroups v1, do this:
dnf install -y grubby grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0" reboot # to check it: cat /boot/grub2/grubenv
For details see https://www.redhat.com/sysadmin/fedora-31-control-group-v2
LXC 3.2.1 issue with cgroups cpuset initialization
I had issues starting my lxc containers on Fedora 32. I then found this bug report for F32: https://bugzilla.redhat.com/show_bug.cgi?id=1816949
It seems, this has been fixed with a patch to the Fedora 31 lxc 3.0.4 package already, but then got removed by mistake for the lxc 3.2.1 package, because some part of the patch was already upstream, but some part was still missing. I have now created my own copr build, with the patch applied, at https://copr.fedorainfracloud.org/coprs/tpokorra/lxc3/, and have provided a pull request at pagure: https://src.fedoraproject.org/rpms/lxc/pull-request/1
Firewall issues
It took me a while to figure out, why neither DHCP nor DNS where working inside the containers. It was the firewall:
# allow access to the DNS port: firewall-cmd --permanent --zone=trusted --add-port=53/tcp # allow access to the LXC bridge firewall-cmd --permanent --zone=trusted --change-interface=lxcbr0 # allow access to the LXD bridge firewall-cmd --permanent --zone=trusted --change-interface=lxdbr0 firewall-cmd --reload # for LXC, need to restart the bridge: systemctl restart lxc-net
Updated lxc-scripts and lxd-scripts
I have updated my scripts, which have an initialisation script (initLXD.sh and initLXC.sh), and offer scripts for creating Fedora, CentOS, Ubuntu and Debian containers: