Use the API to launch a container from a non-public image

sysadmin · September 21, 2023, 1:13pm

I’d like to use the API to effectively run the equivalent of lxc launch <remote>:<image> <hostname> for launching containers/VMs on an LXD server called mylxdserver.example.com. I am passing the following source configuration (as part of my larger config):

"source": {
  "alias": "my-image-name",
  "protocol": "lxd",
  "server": "https://myimageserver.example.com:8443",
  "type": "image"
}

The image server, myimageserver.example:8443, is also a server running LXD but it just hosts images I push to it (no local containers/VMs) with the following config:

config:
  core.https_address: '[::]:8443'
  core.trust_password: true

Moreover, I have added myimageserver.example.com:8443 as a remote on mylxdserver.example.com. I can successfully launch instances with client.instances.create from images on myimageserver.example.com:8443 but only if the image was published with --public. However, I do not want to publish all my images as public. How can I use the API to launch new containers/VMs with non-public images? This can easily be done with lxc launch so it seems like it should be possible with the API too, but I can’t seem to get it to work.

I’ve tried using both the latest version of LXD as well as 5.0 stable.

Thank you!

ru-fu · September 21, 2023, 2:09pm

Have you tried running the lxc launch command with --debug to see which API calls it uses?
Maybe this can help track down what you’re missing in your calls.

sysadmin · September 21, 2023, 6:46pm

Thanks, this helped. I was able to see that it was calling /1.0/images/<fingerprint>/secret to get the secret and then including that in the config when creating the instance:

                "source": {
                        "type": "image",
                        "certificate": "<cert>",
                        "fingerprint": "<fingerprint>",
                        "server": "https://myimageserver.example.com:8443",
                        "secret": "<secret>",
                        "protocol": "lxd",
                        "mode": "pull",
                        "allow_inconsistent": false
                },

It would be really helpful if the documentation had more examples including this functionality for non-public images. As it states here:

The config itself is beyond the scope of this documentation. Please refer to the LXD documentation for more information

Yet I haven’t been able to find a complete definition of the config, so elaborating on that would make using the API more approachable.

ru-fu · September 22, 2023, 7:28am

Great you got it working!

The API documentation is here: https://documentation.ubuntu.com/lxd/en/latest/rest-api/
With the full API specification here: https://documentation.ubuntu.com/lxd/en/latest/api/

We’re also planning to add more instructions on how to use the API in the future.