LXD Container Setup
This guide sets up LXD containers with SSH access for Filecoin PDP deployments. Containers let you run several isolated nodes on one host, each with its own static IP and storage mounts.
This config comes from one specific environment. Change hostnames, IPs, storage paths, and other settings to match your system.
Prerequisites
Section titled “Prerequisites”- Root or sudo access
- 32 GB+ RAM recommended
- 100 GB+ disk space
Install and Initialize LXD
Section titled “Install and Initialize LXD”-
Install LXD and add your user to the
lxdgroup:Terminal window sudo snap install lxdsudo usermod -aG lxd $USERnewgrp lxdlxd --version -
Initialize LXD:
Terminal window lxd initUse these values when prompted:
Prompt Value Clustering no Storage pool yes Storage backend zfs Create new ZFS pool yes Use existing block device no Size 200GiB (or more) MAAS server no Network bridge yes Bridge name lxdbr0 IPv4 / IPv6 auto for both LXD over network no Auto-update images yes Verify the storage pool:
Terminal window lxc storage listzfs list
Create and Launch a Container
Section titled “Create and Launch a Container”-
Create a container profile. Profiles define network and storage settings. Create one per container with a unique IP:
Terminal window lxc profile create mycontainer-1lxc profile edit mycontainer-1Paste this config, changing the IP for each container:
name: mycontainer-1description: Container with static IPconfig:user.network-config: |version: 2renderer: networkdethernets:eth0:dhcp4: falseaddresses:- 192.168.1.100/24gateway4: 192.168.1.1nameservers:addresses:- 192.168.1.1- 8.8.8.8devices:eth0:name: eth0nictype: bridgedparent: lxdbr0type: nicroot:path: /pool: defaulttype: disk -
Launch the container and check its status:
Terminal window lxc launch ubuntu:22.04 mycontainer-1 -p mycontainer-1lxc list
Set Up SSH Access
Section titled “Set Up SSH Access”-
Install OpenSSH in the container:
Terminal window lxc exec mycontainer-1 -- bashapt updateapt install -y openssh-serversystemctl enable sshsystemctl start sshexit -
Add your SSH key and test the connection:
Terminal window lxc exec mycontainer-1 -- mkdir -p /root/.sshlxc file push ~/.ssh/id_rsa.pub mycontainer-1/root/.ssh/authorized_keyslxc exec mycontainer-1 -- chmod 700 /root/.sshlxc exec mycontainer-1 -- chmod 600 /root/.ssh/authorized_keysssh root@192.168.1.100 -
Create a non-root user (recommended):
Terminal window lxc exec mycontainer-1 -- bashadduser myuserusermod -aG sudo myusermkdir -p /home/myuser/.sshcp /root/.ssh/authorized_keys /home/myuser/.ssh/chown -R myuser:myuser /home/myuser/.sshexitssh myuser@192.168.1.100
Add Storage Mounts
Section titled “Add Storage Mounts”Mount host directories into the container for sealing and long-term storage:
sudo mkdir -p /data/mycontainer-1/storagelxc config device add mycontainer-1 data-storage disk source=/data/mycontainer-1/storage path=/mnt/storagelxc exec mycontainer-1 -- df -hAdd multiple mounts the same way:
lxc config device add mycontainer-1 sealing disk source=/nvme-storage/mycontainer-1 path=/sealinglxc config device add mycontainer-1 long-term disk source=/network-storage/mycontainer-1 path=/storageSet Resource Limits (Optional)
Section titled “Set Resource Limits (Optional)”lxc config set mycontainer-1 limits.memory 32GiBlxc config set mycontainer-1 limits.cpu 8lxc info mycontainer-1Management Commands
Section titled “Management Commands”# Container controllxc start mycontainer-1lxc stop mycontainer-1lxc restart mycontainer-1lxc delete mycontainer-1 --force
# Accesslxc exec mycontainer-1 -- bashssh myuser@192.168.1.100
# Snapshotslxc snapshot mycontainer-1 backup-2024lxc restore mycontainer-1 backup-2024
# Infolxc listlxc info mycontainer-1lxc config show mycontainer-1Create Additional Containers
Section titled “Create Additional Containers”Copy the profile, change the IP, and launch:
lxc profile copy mycontainer-1 mycontainer-2lxc profile edit mycontainer-2 # change IP to 192.168.1.101lxc launch ubuntu:22.04 mycontainer-2 -p mycontainer-2lxc exec mycontainer-2 -- apt updatelxc exec mycontainer-2 -- apt install -y openssh-serverlxc file push ~/.ssh/id_rsa.pub mycontainer-2/root/.ssh/authorized_keyslxc exec mycontainer-2 -- chmod 700 /root/.sshlxc exec mycontainer-2 -- chmod 600 /root/.ssh/authorized_keyssudo mkdir -p /data/mycontainer-2/storagelxc config device add mycontainer-2 data-storage disk source=/data/mycontainer-2/storage path=/mnt/storageNetworking Options
Section titled “Networking Options”-
Managed bridge (default, lxdbr0). Containers are NAT’d behind the host. Simple, with automatic DHCP, but not directly reachable externally without port forwarding. Configured during
lxd init. -
Physical network bridge. Containers receive IP addresses on your physical network. Set this in the profile:
devices:eth0:nictype: bridgedparent: br0type: nic -
SR-IOV (advanced). Near-native performance with hardware isolation using dedicated NIC virtual functions. Requires an SR-IOV-capable NIC and kernel module configuration.
Troubleshooting
Section titled “Troubleshooting”# Container won't startlxc info mycontainer-1 --show-log
# Network issueslxc exec mycontainer-1 -- cloud-init statuslxc exec mycontainer-1 -- ip addrping 192.168.1.100
# SSH not workinglxc exec mycontainer-1 -- systemctl status sshlxc exec mycontainer-1 -- ls -la /root/.ssh/
# Storage issueszpool statuslxc storage info defaultComplete Setup Example
Section titled “Complete Setup Example”lxc profile create prod-1lxc profile edit prod-1sudo mkdir -p /data/prod-1/{sealing,storage}lxc launch ubuntu:22.04 prod-1 -p prod-1lxc exec prod-1 -- apt update && apt install -y openssh-serverlxc exec prod-1 -- mkdir -p /root/.sshlxc file push ~/.ssh/id_rsa.pub prod-1/root/.ssh/authorized_keyslxc exec prod-1 -- chmod 700 /root/.sshlxc exec prod-1 -- chmod 600 /root/.ssh/authorized_keyslxc config device add prod-1 sealing disk source=/data/prod-1/sealing path=/sealinglxc config device add prod-1 storage disk source=/data/prod-1/storage path=/storagelxc config set prod-1 limits.memory 64GiBlxc config set prod-1 limits.cpu 16lxc snapshot prod-1 initial-setupssh root@192.168.1.100You now have LXD containers with ZFS storage, static IP networking, SSH access, persistent storage mounts, and resource management.