Backing up LXD Instances with LXMIN

Backing up LXD Instances with LXMIN

LXD is a next generation system container and virtual machine manager for Linux systems from Canonical Ltd. LXD lets you manage your containers with a simple command line tool or via a REST API.

LXMIN (lex-min) is a simple backup and restore tool for LXD instances (containers or virtual machines) using MinIO object storage. It provides both a command line tool and a REST API for backing up and restoring instances.

Using LXMIN you can easily backup and migrate your instances from one host to another. This lets you persist changes to your VM (and container) configuration as an immutable copy on object storage, while using local drives for ephemeral storage ensuring good performance and scalability.

Let's take it for a spin!

Basic Setup

You will need:

  1. The lxmin program installed - grab it from our releases page https://github.com/minio/lxmin/releases. Please note that this is an early look and only release candidates are available at the time of writing.
  2. Access to a MinIO installation - have the server endpoint, a bucket and access keys ready. If you are following along at home, you can use the settings here as they use the public MinIO Play server, or download MinIO.
  3. A LXD installation.

lxmin accepts configuration via both command line flags and environment variables. Here we will use the following environment:

export LXMIN_ENDPOINT=https://play.minio.io:9000
export LXMIN_BUCKET=lxmin-backups
export LXMIN_ACCESS_KEY=Q3AM3UQ867SPQQA43P2F
export LXMIN_SECRET_KEY=zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG export LXMIN_STAGING_ROOT=/tmp/

The bucket needs to be created before it can be used with lxmin - create it with the MinIO client mc downloaded from here, running:

mc mb play/lxmin-backups

The staging directory configured above is a directory on the local machine, where backed-up data is staged in a backup/restore operation. This is a location with sufficient disk space for the backup.

Let's launch a couple of LXD instances to try out lxmin:

lxc launch images:ubuntu/22.04 ubu --vm 
lxc launch images:alpine/3.13 alp

The first one is a virtual machine and the second one is a container.

Using the Command Line

Let's backup these two instances, delete them and restore them from the backup.

For backup we use the --optimized flag to turn on LXC's optimized storage format - this will save some disk space and is supported only for ZFS and BTRFS storage backends. When restoring the instance, the target LXD server needs to use the same storage pool backend.

In addition to the instance image, LXMIN backs up the profiles associated with the instance too. This ensures that during restoration if the profiles do not exist on the target LXD node, they are created first.

Once the backup is completed, we can list them:

Now, let's cleanup the LXD instances and restore them from the backup.

That's it!

REST API

In addition to the command line interface, LXMIN also includes a REST API for remote management of backups. This API is authenticated with mutual TLS, or mTLS (i.e. using client TLS certificates). The REST API allows you to build on top of LXMIN's functionality in any language of your choice.

For this demo, we will use self-signed certificates generated using mkcert. The tool generates a local CA and adds it to the system's trust store. Then we generate a certificate-and-key pair for the localhost LXMIN server and a certificate-and-key pair for client authentication:

mkcert -install 
mkcert example.org localhost 127.0.0.1 ::1 
mkcert -client example.org localhost 127.0.0.1

Now we can configure LXMIN to listen on port 8000 with this certificate pair:

export LXMIN_ADDRESS=":8000"
export LXMIN_NOTIFY_ENDPOINT="http://localhost:8080"
export LXMIN_TLS_CERT="c/example.org+3.pem"
export LXMIN_TLS_KEY="c/example.org+3-key.pem"

On backup and restore operations LXMIN sends out notifications to the given endpoint when the operation completes.

To interact with the server any HTTPS client can be used with the previously generated client certificates.

Here we show how to list backups and to issue a backup request to LXMIN through the REST API with curl. Since the server returns JSON output, we pipe to jq to format it nicely.

The API provides the same functionality as the command line.

Conclusion

We had a quick look at the upcoming LXMIN tool and how it lets you easily manage backups of both VMs and containers in the same way. As a lightweight tool with no dependencies other than the statically compiled binary, it provides a convenient way to manage your backups on object storage.

Previous Post Next Post