Back to all cheatsheets

LXC/LXD

Updated May 22, 2026
8 min read
Developer Reference
VirtualizationContainer

LXC/LXD

Updated: May 22, 2026Categories: Virtualization, Container

Printed from:

LXC/LXD Comprehensive Cheatsheet

1. Installation and Setup

LXC/LXD Installation

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# On Ubuntu (LXD is distributed exclusively via snap)
sudo snap install lxd

# On Debian (LXC available via apt; LXD via snap)
sudo apt update
sudo apt install lxc
sudo snap install lxd

# On Fedora/RHEL/CentOS (Incus is the community fork, recommended successor)
sudo dnf install incus incus-tools

# On Arch Linux
sudo pacman -S lxc lxd
# Or for the community fork:
sudo pacman -S incus

Note (2026): Canonical's LXD is now under a CLA and licensed AGPLv3. The original maintainers forked the project as Incus (under the Linux Containers umbrella). Commands are nearly identical — substitute incus for lxc where applicable.

LXD/Incus Initialization

Bash
1
2
3
4
5
6
7
8
9
10
11
# Initial interactive configuration
sudo lxd init
# or
sudo incus admin init

# Non-interactive initialization
sudo lxd init --auto

# Preseed from YAML
cat preseed.yaml | sudo lxd init --preseed

2. Container vs System Container Concepts

  • Container Types:
    • LXC (Linux Containers): Low-level userspace container runtime (liblxc)
    • LXD: Canonical's container/VM management daemon and REST API
    • Incus: Community fork of LXD maintained by Linux Containers project
    • System Containers: Full OS environment, similar to a lightweight VM
    • Application Containers: Single application or service (Docker-style)
    • Virtual Machines: LXD/Incus also manage QEMU-based VMs with the same CLI

3. Basic LXC/LXD Commands

LXD Commands

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# List available commands
lxc --help

# Show server / cluster information
lxc info

# List all instances (containers and VMs)
lxc list

# Filter running instances
lxc list status=running

# List only VMs
lxc list type=virtual-machine

4. Instance Lifecycle Management

Creating Instances

Bash
1
2
3
4
5
6
7
8
9
10
11
12
# Create Ubuntu container (latest LTS)
lxc launch ubuntu:24.04 my-ubuntu-container

# Create container from the Linux Containers image server
lxc launch images:debian/12 my-debian-container

# Create a virtual machine instead of a container
lxc launch ubuntu:24.04 my-vm --vm

# Create instance without starting it
lxc init ubuntu:24.04 my-container

Instance Operations

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Start an instance
lxc start my-container

# Stop an instance (use --force to skip graceful shutdown)
lxc stop my-container

# Restart an instance
lxc restart my-container

# Delete an instance (use --force to delete a running one)
lxc delete my-container

# Pause/Resume (freeze cgroup)
lxc pause my-container
lxc resume my-container

# Rename
lxc rename my-container new-name

5. Image Management

Image Handling

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# List local images
lxc image list

# List remotes
lxc remote list

# Browse remote images
lxc image list images:
lxc image list ubuntu:

# Copy an image into the local store
lxc image copy ubuntu:24.04 local: --alias ubuntu-lts

# Import a local image tarball
lxc image import image.tar.gz --alias my-image

# Delete an image
lxc image delete <alias_or_fingerprint>

# Refresh remote images
lxc image refresh <alias>

6. Instance Configuration

Managing Profiles

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# List profiles
lxc profile list

# Show profile contents
lxc profile show default

# Create a new profile
lxc profile create dev-profile

# Edit profile in $EDITOR
lxc profile edit dev-profile

# Apply one or more profiles at launch
lxc launch ubuntu:24.04 my-container -p default -p dev-profile

# Add/remove profile on an existing instance
lxc profile add my-container dev-profile
lxc profile remove my-container dev-profile

Configuration Examples

Bash
1
2
3
4
5
6
7
8
9
# Set memory limit
lxc config set my-container limits.memory=2GiB

# Pin CPU cores
lxc config set my-container limits.cpu=2

# Show effective configuration
lxc config show my-container --expanded

7. Storage Management

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# List storage pools
lxc storage list

# Create ZFS pool (recommended for production)
lxc storage create my-pool zfs source=/dev/sdb

# Create simple dir-backed pool
lxc storage create my-pool dir

# Create custom storage volume
lxc storage volume create my-pool data-vol

# Attach a custom volume to an instance
lxc storage volume attach my-pool data-vol my-container /mnt/data

# Add a host directory as a disk device
lxc config device add my-container data disk source=/path/to/data path=/mnt/data

Supported drivers: dir, btrfs, lvm, zfs, ceph (RBD), cephfs, cephobject, powerflex, pure.

8. Network Configuration

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# List networks
lxc network list

# Create managed bridge network
lxc network create lxdbr0 ipv4.address=10.0.8.1/24 ipv4.nat=true ipv6.address=none

# Create an OVN network (requires cluster + OVN)
lxc network create ovn0 --type=ovn network=UPLINK

# Attach a NIC to an instance
lxc config device add my-container eth0 nic nictype=bridged parent=lxdbr0

# Forward a host port to an instance
lxc network forward create lxdbr0 192.0.2.10
lxc network forward port add lxdbr0 192.0.2.10 tcp 80 10.0.8.5 80

9. Resource Limits and Cgroups

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
# CPU weight (cgroup v2 replaces cpu.shares)
lxc config set my-container limits.cpu.priority=10

# Memory and swap
lxc config set my-container \
    limits.memory=2GiB \
    limits.memory.swap=true \
    limits.memory.swap.priority=5

# Disk I/O
lxc config device set my-container root limits.read=50MB
lxc config device set my-container root limits.write=50MB

10. Snapshots and Backups

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Create snapshot (stateless)
lxc snapshot my-container initial-setup

# Create stateful snapshot (preserves running state, requires CRIU)
lxc snapshot my-container --stateful runtime-snap

# List snapshots
lxc info my-container

# Restore from snapshot
lxc restore my-container initial-setup

# Schedule automatic snapshots
lxc config set my-container snapshots.schedule="@daily"
lxc config set my-container snapshots.expiry="7d"

# Export instance to a backup tarball
lxc export my-container /path/to/backup.tar.gz

# Import a backup
lxc import /path/to/backup.tar.gz

11. Instance Migration

Bash
1
2
3
4
5
6
7
8
9
10
11
12
# Add a remote
lxc remote add remote-host https://remote.example.com:8443

# Copy instance to a remote
lxc copy my-container remote-host:new-container

# Live move between hosts (requires CRIU for containers)
lxc move my-container remote-host:my-container

# Cluster member migration
lxc move my-container --target=cluster-node-2

12. Security Features

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
# Containers are unprivileged by default; explicitly enforce:
lxc config set my-container security.privileged=false

# Adjust idmap base (advanced; only when manual mapping required)
lxc config set my-container security.idmap.base=100000
lxc config set my-container security.idmap.size=65536

# Enable nesting (for running containers inside containers, e.g., Docker)
lxc config set my-container security.nesting=true

# Restrict syscalls / kernel features
lxc config set my-container security.syscalls.intercept.mknod=true

13. File Sharing

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Bind-mount host directory
lxc config device add my-container hostdata disk \
    source=/host/path path=/container/path

# Copy files into/out of an instance
lxc file push local_file my-container/path/to/destination
lxc file pull my-container/path/to/file local_destination

# Recursive copy
lxc file push -r ./localdir my-container/opt/

# Edit a file in place using your $EDITOR
lxc file edit my-container/etc/hosts

14. Monitoring and Logging

Bash
1
2
3
4
5
6
7
8
9
10
11
12
# Show instance state, including log
lxc info my-container --show-log

# Tail log file directly
lxc console my-container --show-log

# Subscribe to lifecycle events
lxc monitor --type=lifecycle

# Per-instance metrics (Prometheus exporter is built in)
curl -k https://127.0.0.1:8443/1.0/metrics

15. Cloud-Init Integration

Bash
1
2
3
4
5
6
7
8
# Inline user-data
lxc launch ubuntu:24.04 my-container \
    -c cloud-init.user-data="$(cat cloud-config.yaml)"

# Provide network-config and vendor-data
lxc config set my-container cloud-init.network-config="$(cat net.yaml)"
lxc config set my-container cloud-init.vendor-data="$(cat vendor.yaml)"

The legacy user.user-data key still works but cloud-init.user-data is preferred.

16. Performance Optimization

  • Prefer ZFS or btrfs storage backends over dir for copy-on-write snapshots
  • Disable unneeded services inside the image
  • Use macvlan or SR-IOV NICs to bypass the bridge when latency matters
  • Enable security.nesting only when required (adds overhead)
  • For VMs, enable virtio drivers and assign hugepages via limits.memory.hugepages
  • Tune cgroup v2 weights via limits.cpu.priority and limits.memory.swap.priority

17. Troubleshooting

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# Check daemon status
systemctl status snap.lxd.daemon
# or for Incus:
systemctl status incus

# View daemon logs
journalctl -u snap.lxd.daemon
sudo tail -f /var/snap/lxd/common/lxd/logs/lxd.log

# Drop into an instance shell
lxc exec my-container -- bash

# Run one-off commands
lxc exec my-container -- systemctl status nginx

# Recover database / instances after disaster
sudo lxd recover

18. LXC vs Docker Comparison

FeatureLXC/LXD/IncusDocker
Primary useSystem containers + VMsApplication containers
OS supportFull distro userspaceSingle process/app
Persistent stateFirst-classVolumes (add-on)
Image modelPer-distro system imagesLayered application images
OrchestrationBuilt-in clusteringExternal (Swarm, Kubernetes)
VM supportYes (QEMU/KVM)No
Resource isolationcgroups v2 + namespacescgroups v2 + namespaces

19. Use Cases

  • Development environments mimicking production OS
  • Microservice and multi-tenant hosting
  • CI runners with full-OS isolation
  • Lightweight VM replacement on bare metal
  • Edge and IoT deployments
  • Running Docker/Kubernetes inside isolated tenants (nested)

20. Best Practices

  1. Use unprivileged containers (the default) whenever possible
  2. Set explicit limits.cpu and limits.memory on every instance
  3. Keep images updated with lxc image refresh
  4. Standardize configuration via profiles instead of per-instance tweaks
  5. Use a copy-on-write storage backend (ZFS/btrfs) for fast snapshots
  6. Segment workloads with managed bridges or OVN networks
  7. Export critical instances regularly with lxc export (and store offsite)
  8. Enable AppArmor/SELinux confinement and avoid security.privileged=true
  9. Consider migrating to Incus if you need a community-governed, Apache/AGPL-flexible alternative to LXD
  10. Use the built-in Prometheus metrics endpoint for observability

Note: Always refer to the latest LXD or Incus documentation for the most current practices and commands.

Continue Learning

Discover more cheatsheets to boost your productivity

All CheatsheetsMore VirtualizationSearch Library
Skip to content