Ubuntu Server Guide Changes, errors and bugs
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
- Bu sahifa navigatsiya:
- Authentication
- Backing store
LXD Server Configuration
By default, LXD is socket activated and configured to listen only on a local UNIX socket. While LXD may not be running when you first look at the process listing, any LXC command will start it up. For instance: l x c l i s t This will create your client certificate and contact the LXD server for a list of containers. To make the server accessible over the network you can set the http port using: l x c c o n f i g s e t c o r e . h t t p s _ a d d r e s s : 8 4 4 3 This will tell LXD to listen to port 8843 on all addresses. 114 Authentication By default, LXD will allow all members of group lxd to talk to it over the UNIX socket. Communication over the network is authorized using server and client certificates. Before client c1 wishes to use remote r1, r1 must be registered using: l x c remote add r 1 r 1 . example . com : 8 4 4 3 The fingerprint of r1’s certificate will be shown, to allow the user at c1 to reject a false certificate. The server in turn will verify that c1 may be trusted in one of two ways. The first is to register it in advance from any already-registered client, using: l x c c o n f i g t r u s t add r 1 c e r t f i l e . c r t Now when the client adds r1 as a known remote, it will not need to provide a password as it is already trusted by the server. The other step is to configure a ‘trust password’ with r1, either at initial configuration using lxd init , or after the fact using: l x c c o n f i g s e t c o r e . t r u s t _ p a s s w o r d PASSWORD The password can then be provided when the client registers r1 as a known remote. Backing store LXD supports several backing stores. The recommended and the default backing store is zfs . If you already have a ZFS pool configured, you can tell LXD to use it during the lxd init procedure, otherwise a file-backed zpool will be created automatically. With ZFS, launching a new container is fast because the filesystem starts as a copy on write clone of the images’ filesystem. Note that unless the container is privileged (see below) LXD will need to change ownership of all files before the container can start, however this is fast and change very little of the actual filesystem data. The other supported backing stores are described in detail in the Storage configuration section of the LXD documentation. Download 1.27 Mb. Do'stlaringiz bilan baham: |
Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling
ma'muriyatiga murojaat qiling