terraform-lxd

Terraform with LXD: Creates a LXD Container, ZFS Pool, Userdata, etc.

Provider

Using the terraform-provider-lxd to provision a LXD container.

Pre-Requisites

You will require a host with LXD and you will also require to initialize the host and setup remote connections:

sudo snap install lxd
lxd init --minimal
lxc config set core.https_address LXD_HOST_IP_ADDRESS:8443
lxc config set core.trust_password A-SECURE-LXD-PASSWORD
sudo ufw allow in on lan to LXD_HOST_IP_ADDRESS port 8443 proto tcp
sudo ufw allow in on wg0 to LXD_HOST_IP_ADDRESS port 8443 proto tcp

Setup the client machine e.g. a notebook

sudo snap install lxd
lxc remote add zot LXD_HOST_IP_ADDRESS
lxc remote switch zot # make the zot the default
lxc remote list
lxc list # shows instances running on the remote zot
lxc shell ubuntu # login as root to the container ubuntu
lxc exec ubuntu -- uname -a # run a command inside the container ubuntu

Terraform

Populate your lxd_host, lxd_password and other variables in terraform.tfvars to fit your environment.

Then provision a lxd instance and a zfs storage pool with terraform:

terraform init
terraform plan
terraform apply -auto-approve

Outputs:

ip = "10.0.10.134"

Execute the interactive shell inside the instance

lxc shell ubuntu

Check if the configuration finished

cloud-init status --wait

Check the validation status

cloud-init schema --system --annotate

See the config

cloud-init query userdata

Delete the container ubuntu using terraform

terraform destroy --target lxd_instance.ubuntu -auto-approve

SSH Config

Then we should be able to ssh as an ldap user e.g. john:

$ ssh john@ubuntu.lxd
Warning: Permanently added 'x.x.x.x' (x) to the list of known hosts.
Warning: Permanently added '10.0.10.134' (ED25519) to the list of known hosts.
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.4.0-122-generic x86_64)

john@ubuntu:~$

If groups have changed in the LDAP the cache must be invalidated. Flush nscd groups cache

sudo nscd --invalidate=group