LXC/LXD installed by default on Ubuntu server

Bug #1563026 reported by Tom Cameron on 2016-03-28
78
This bug affects 15 people
Affects Status Importance Assigned to Milestone
ubuntu-meta (Ubuntu)
Wishlist
Dustin Kirkland 

Bug Description

When performing a new installation of Ubuntu server 16.04 Beta 2, LXC and LXD are included in the default packages even when "Virtual Server" is not selected as an installation task. This brings in all of the required dependencies as well, obviously, which seems like it is not the best default behavior to have.

When installing from a non-UEFI boot, the user may select "minimal install" from the "F4" menu. This menu is not available from the UEFI grub environment, making it apparently impossible to select an installation that does not include the LXC and LXD suite by default.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu:
status: New → Confirmed

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1563026/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
affects: ubuntu → ubuntu-meta (Ubuntu)
tags: added: rls-x-incoming
Tom Cameron (drdabbles) wrote :

Thank you Brian for marking the proper package. I wasn't sure what the package name would be for the virtual package "ubuntu". Though now in retrospect, ubuntu-meta is pretty obvious.

Changed in ubuntu-meta (Ubuntu):
assignee: nobody → Canonical Server Team (canonical-server)
Changed in ubuntu-meta (Ubuntu):
assignee: Canonical Server Team (canonical-server) → Dustin Kirkland  (kirkland)
importance: Undecided → Wishlist
Dustin Kirkland  (kirkland) wrote :

Indeed, LXD was added to the default Ubuntu server seed in the 15.10 cycle, so this has been the case for at least 6 months.

LXD is extremely important to the Ubuntu server. Basically, every Ubuntu server can now be 100x more Ubuntu (or other Linux) servers!

This is an important and key concept to Ubuntu as a scale out platform.

Note that LXD images are *not* downloaded until you use them for the first time, so those aren't included in the base image.

Thanks!
Dustin

Changed in ubuntu-meta (Ubuntu):
status: Confirmed → Opinion
Tom Cameron (drdabbles) wrote :

I understand Ubuntu wants to push it's container framework. But what you're saying is that every Ubuntu server installation will have iscsi, libvirt, lxd, dnsmasq, and all of their dependencies by default. Not the best strategy. Perhaps a check box in tasksel for "Containers" would have been more wise.

What is the alternative method to perform a minimal install, especially on UEFI platforms?

lightraven24 (lightraven24) wrote :

Frankly, whether or not I can run 100 gallion Ubuntu servers with LXD on my server with KVM/Xen/a host which needs no virtualization at all on it is irrevelant.

On a brand-new server install (which I prefer to keep to an absolute minimal) on bare-metal on Xenial, I now have:

- A bridge that does nothing for me
- By extension, a stateful firewall with iptables which
a) Could have a negative impact on high throughput hosts
b) Gets in the way of hosts which have their firewalls statically configured with Puppet/Ansible/etc
- dnsmasq which is running a DNS and DHCP service

Do we really need those things on a m1.tiny instance running on AWS?

Even purging LXD on a host causes stuff to be left behind:

Removing lxc-templates (2.0.0~rc12-0ubuntu1) ...
Removing ubuntu-server (1.350) ...
Removing lxd (2.0.0~rc5-0ubuntu1) ...
Warning: Stopping lxd.service, but it can still be activated by:
  lxd.socket
Purging configuration files for lxd (2.0.0~rc5-0ubuntu1) ...
Failed to stop lxd.service: Unit lxd.service not loaded.
dpkg: warning: while removing lxd, directory '/var/lib/lxd' not empty so not removed
Removing lxc (2.0.0~rc12-0ubuntu1) ...
Removing lxc1 (2.0.0~rc12-0ubuntu1) ...
Removing lxc dnsmasq configuration
Purging configuration files for lxc1 (2.0.0~rc12-0ubuntu1) ...
dpkg: warning: while removing lxc1, directory '/etc/lxc' not empty so not removed

Stéphane Graber (stgraber) wrote :

Note that LXD as of yesterday does not depend on lxc anymore and also does not start the bridge (so no dnsmasq or iptables) until you start interacting with lxd.

Kevin Carter (kevin-carter) wrote :

I would suggest this be given better consideration, beyond that of "opinion", as it is currently impossible to use Ubuntu on a minimal server. A "minimal" build is now running services that are unwanted, unexpected, and are creating risk to the enduser. Even though the development of lxd is something I'm excited for and I use lxc just about everyday I have workloads I do not want container services on and this decision is going to force myself and everyone else to perform addition post kick steps to actually deploy a minimal baremetal server. I'd agree with Tom's suggestion to add a menu item in the install process to select container services making it an optional install, it could even be selected by default, but I definitely don't think it should be forced upon the end-user.

Pete Cheslock (pete-cheslock) wrote :

I agree with both Tom and lightraven24, in that adding in packages that are not asked for becomes overkill when your "container" is effectively an amazon instance. Having the ability to create a truely "minimal" build of ubuntu in order to run on a cloud service provider is important to reduce possible attack vectors by having in additional software you never asked for in the first place. I think a menu option for "container services" that installs all necessary lxd related dependencies would be ideal so at least the user could choose if they want to include that. Asking users to specifically go and uninstall a bunch of services after deploy seems like a poor user experience.

Alex Howells (howells) wrote :

I'd also like to suggest this be reconsidered. Minimal should mean minimal.

Miha Vrhovnik (mvrhov) wrote :

As xenial is close in being released this is probably going to stay in Which is unfortunate, because we really don't need the containers when already virtualized, eg. Amazon, DigitalOcean or even in homelabs proxmox.

What's even more annoying is that this is not the only package that now gets installed by default.

Alferd Packer (fuqqer-r) wrote :

LXC/LXD should be removed! The default server installation doesn't even install ssh by default and LXC/LXD is certainly not the de-facto choice of admins to use for a virtualization platform. It should not be foisted upon users.

dhchen (dhchen-tw) wrote :

This also affects upgraded 16.04 as the dependency is in ubuntu-server. This dependency should be removed.

Also, git should be removed from ubuntu-server. Not every server user needs a version control system in their production environment

Mr. Jester (mrjester) wrote :

If this "selection" of packages is what Ubuntu is calling Server now, what should we use instead for a BASE server install? As fuqqer-r pointed out. SSH isn't installed by default, WTF is LDX, git, iscsi, account-services, and who knows whatelse being installed by default for?

Given 16.04 is already released, that means at BEST, we have to put up with this behavior for 2 years if we stick with Ubuntu Server. Seriously... who thought this was a good idea?

Sebastian Unger (sebunger44) wrote :

Honestly? I'm running (or trying to) Ubuntu server off of Raspberry Pis. I don't need or want LXD. At least provide another task (minimal-server) or something that we can use that pulls only in what is truly needed. Right now the only choice I have is to try and figure out for each package that lists itself as belonging on server whether it is needed and then to manually install it and to review this selection every couple of months in case another important one comes along.

Sebastian Unger (sebunger44) wrote :

Dustin, this is assigned to you. Are you actually working on this?

Changed in ubuntu-meta (Ubuntu):
status: Opinion → Confirmed
dhchen (dhchen-tw) wrote :

About 9 months passed and no one at ubuntu really cares about this topic.

In my opinion, the ubuntu-server's dependency should be reconsidered. Many packages should not be included. Such as:

* open-iscsi
* open-vm-tools
* git
* lxd

I really dont know why these packages listed in ubuntu-server and openssh-server not.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers