 These are the main links that you want to be familiar with, and I advise you to study some of this in your own time. The tutorial that I linked to there is very good. That takes you through many more of the features of LXD that I'm going to show you, than what I'm going to show you today. And then for the sort of detail reference documentation, this is the place to go for looking at configuration parameters and things like that. What we will do is just go through a brief demo of installing LXD on a blank Ubuntu machine, a little bit about the network, storage, how to create containers, stop them, a couple of basics like that. This is the kind of prerequisite. Before we can install our DHS tools, we want to make sure we put our infrastructure in place. So without further ado, I'm going to try to get to my console. The first time I connect to this thing, it's going to complain because I've just rebooted the machine. The thing is a little bit different. I have to log in as root the first time. And it's going to fail because the machine has been reinstalled. It's got a different host key. Let's line 332 is the old one. Let's go with the line 332 and try again. Okay, this time we're getting in. Okay, I'll get rid of it the next time. Okay, so this is a new machine as you saw. I just re-initialized it. There's a what we call a birthing process. When you have a new machine, Stephen wrote it up for us. Stephen Alkaya, I'll give you the link for it. It's there on the jit hub of the steps to go through when you've got a machine. You definitely don't want to leave it like this. All right, when the machine is first provisioned, it's generally where it's at. It's most vulnerable. There's no firewall on it. I'm allowing root to log in with a password. It's generally not in a good state to leave it. So the first thing I would do make myself a user, add my user to the sudo group. So I won't need to log in as root anymore. I can just open it myself. Another thing that's useful to add yourself to the LXD group as well. That allows you to run the various LXC commands without running sudo all the time. And the next thing I want to do is to put my key. My key is already installed in root there. So let me just copy it. I'll say this process I have written up that for the moment. All right, just show you going through it. So let me just become the sub object. Let's set up my key on here. Under authorised keys listed in. There's a couple of different ways to do this, but this is the way I'm doing it. Change the permissions on the file. And at this point I should be able to log in as myself. Let's exit again to my laptop this time. Let's just try to log in as blockchain. I still have that online 332. Who is looking for my password? Shouldn't be doing that. It's difficult to see the left line right up here. You might have to change the permissions on the SSA directory also. 07, 07. 07. No, you don't need to. I mean I know it's good practice too. Never do these things live. Let's go in again. So I can log in now using my key. I'll just check I can sudo. So there's no longer any reason to be able to log into this machine as a root. So I need to turn that off. There's also no reason to log into this machine using your password. I can turn that off as well. So that's the next thing we do going to ssad.com. This is controversial. We can have long discussion about whether to change the port or not. It doesn't really do much in terms of security. It keeps your log file quieter. It takes people longer to find you. It can still find you eventually. I made a root log in. No, we can't log into this machine as root, at least not through ssh. And the other thing, the three things I typically do is this is actually quite important. A lot of people think because they're logging in with their ssh keys that that's it. Now everything is much more secure. Don't vent logging in with passwords. Once you verify that you're logging in with keys works, then make sure that we can no longer log in with a password. Having done that, I can now restart my ssh. And should be able to see it running at this point on 822. Usually the next thing I do immediately from here is to just install my host firewall. So I'll say ufw. Let's allow limited connections from port 822 using tcp. And then let's enable the firewall. Be careful doing this. I've done it very quick. But if you make a mistake, you can find yourself that you've locked yourself out of the machine. Now we can see my ssh is running on port 822. And we can see that my firewall is allowing connections on port 822. At this point, I can slow down and relax. Now my machine is reasonably secure. This is a process that we're calling it birthing, right? When you've got a new infant, new infant machine coming into the world, right? It's very vulnerable to start with. Run through a few basic steps like this. From here, we can relax a bit. I know that nobody can log into this machine as a root. So nobody can log into this machine without using your ssh key. I'm currently the only account holder on it. That's a very bad thing in production, right? You want to make sure there's at least two people, preferably three who are able to log into the machine in case one gets run over by a bus. Also make sure you don't have accounts like admin or MOH or anonymous accounts. They are frequent problems where there are anonymous accounts that three or four people are logging in with the same account and then you don't have a good audit trail, right? Who's logged into the machine to do well? Everyone who logs into your machine should be personally identifiable. That's my preference of good practice. Anyway, on Ubuntu 2004, the latest LTS version of LXD should already be installed. You might find if, well, it is certainly on the lin node image, you might find that it's not, and if so, you can install it. I know some, yeah, it's already installed, so we don't need to. You might find you have to do that step. All right, so to start with LXE, you're going to find, going to give you a little message. You need to init your machine first. And when I do LXE LS, like that to list my mission, I've got no containers defined.