Images & Profiles
Images are the blueprints for your instances โ every container and VM starts from one. Profiles are reusable configuration templates that define exactly how those instances run. Together they give you a consistent, repeatable and version-controlled infrastructure.
Explore โLXD Images
An image in LXD is a compressed root filesystem snapshot โ the starting point for every container and virtual machine you launch. Images carry a unique fingerprint (SHA-256), optional aliases and metadata describing the OS, architecture and creation date.
Built-in image stores
LXD ships with two remote image stores available out of the box. images: is the community store hosted by Canonical โ it provides daily-built images for Ubuntu, Debian, Fedora, Alpine, Arch, CentOS, openSUSE and many more Linux distributions for both containers and VMs. ubuntu: and ubuntu-daily: provide official Canonical-maintained LTS and interim Ubuntu images. All images are cached locally on first pull โ subsequent launches of the same image are near-instant.
orbitnova lxd image list images: | grep ubuntu
Image aliases
Every image can have one or more human-readable
aliases that map to its SHA-256 fingerprint.
Aliases like ubuntu:24.04 or
my-company/app-base let teams refer to images
by name rather than by a 64-character fingerprint.
Aliases can be updated to point to a newer image โ making
rolling updates across your fleet trivial.
orbitnova lxd image alias create prod-base
Publishing custom images
Stop a container, configure it exactly as you need, then publish it as a new image. That image becomes a reusable template for the entire team โ stored locally or pushed to a private remote image server. Every published image records its source instance, OS details, architecture and expiry date in its metadata.
orbitnova lxd image publish my-container --alias app-base:v2
Image caching & auto-refresh
When you launch from a remote image store, LXD downloads and caches the image locally. Cached images are flagged as auto-refresh by default โ LXD checks the upstream store periodically and updates the local copy when a newer version is available, without any manual intervention. Set a custom expiry to control how long cached images are retained.
orbitnova lxd image refresh ubuntu:24.04
Private remote image servers
Host your own LXD image server and register it as a remote on any OrbitNova node. Teams can push their hardened, company-approved base images to the private server and make them available across all projects and regions. Supports both simple streams (static HTTP) and LXD API (authenticated REST) as the backend.
orbitnova lxd remote add company-images https://images.internal.company.com
Windows VM images
LXD supports Windows virtual machine images alongside Linux images. Bring your own Windows ISO, convert it to an LXD-compatible VM image with VirtIO drivers pre-installed, and launch Windows Server or Windows 11 instances through the same CLI commands you use for Linux workloads โ no separate hypervisor management needed.
orbitnova lxd image import windows-server-2025.tar.gz --alias windows-server-2025
Image commands.
Full image management from list to publish, all from one terminal.
LXD Profiles
A profile is a named, reusable block of LXD configuration โ CPU limits, memory caps, network interfaces, storage mounts, kernel parameters and more. Apply one or more profiles to any instance at launch or at runtime. Changes to a profile propagate immediately to every instance using it.
The default profile
Every LXD server and every project starts with a default profile that is automatically applied to every new instance unless you override it. It typically defines the root disk device and the primary network interface. Editing the default profile instantly affects all instances that haven't overridden those settings โ making fleet-wide config changes a single-command operation.
orbitnova lxd profile show default
Resource limits via cgroups
Profiles let you enforce hard resource boundaries using Linux
cgroups and ulimits. Set a CPU limit
(limits.cpu), memory cap (limits.memory),
disk quota (limits.disk) and network I/O throttle
(limits.network.priority) โ all declaratively, all
per-profile. Instances inherit exactly what they need, nothing more.
orbitnova lxd profile set production limits.cpu=4 limits.memory=8GB
Network interface configuration
Attach one or more network interfaces to instances through
a profile. Define the interface name, the parent bridge or
OVN network, MAC address policy, and MTU. Switching an instance
from one network to another is as simple as changing which
profile it uses โ no manual ip commands required.
orbitnova lxd profile device add web-profile eth0 nic nictype=bridged parent=on-bridge0
Storage device definitions
Profiles define which storage pool an instance's root disk is provisioned from and its maximum size. Additional disk devices โ such as a shared data volume or a Ceph block device โ can also be declared in a profile and automatically attached to every instance that uses it.
orbitnova lxd profile device add db-profile root disk pool=ceph-pool size=100GB
Multiple profiles per instance
A single instance can use multiple profiles
applied in order โ later profiles override earlier ones for
any conflicting keys. This lets you compose configurations
from small, focused profiles: a base profile for
common settings, a network-prod profile for
production networking and a gpu profile for
hardware passthrough โ applied together at launch.
orbitnova lxd launch ubuntu:24.04 ml-node --profile base --profile network-prod --profile gpu
Security & kernel settings
Profiles can set security options like
security.nesting (containers inside containers),
security.privileged (only when required),
security.secureboot for VMs, and raw kernel
parameters via raw.lxc or raw.qemu.
Centralising these in a profile means security policies are
applied consistently across every instance in the fleet.
orbitnova lxd profile set secure-profile security.nesting=false security.privileged=false
Project-scoped profiles
Profiles live inside a project. The default profile
in the staging project is completely independent
of the default profile in production.
This means each team or environment can have its own resource
limits, networking and storage policies without risk of
configuration bleed across projects.
orbitnova lxd profile list --project staging
Profile commands.
Create, edit and apply profiles entirely from the CLI.
Images + Profiles working together.
The real power comes when you combine both. An image defines what runs โ the OS and software. A profile defines how it runs โ resources, network and storage. Together they give you fully reproducible, composable infrastructure.
Choose or build your image
Pull from the built-in store or publish a custom image with your application and dependencies pre-installed. Tag it with a meaningful alias.
orbitnova lxd image publish base-container --alias app-base:v3
Create your profiles
Define a base profile for common settings, then specialist profiles for networking, storage or security. Keep each profile small and focused.
orbitnova lxd profile create web-prod
Configure the profile
Set resource limits, attach network interfaces and define storage devices. Everything goes in the profile โ not hardcoded per instance.
orbitnova lxd profile set web-prod limits.cpu=2 limits.memory=4GB
Launch with image + profiles
Combine your image and one or more profiles at launch. Every instance is identical, reproducible and ready in under a second.
orbitnova lxd launch app-base:v3 web-01 --profile base --profile web-prod
From image to running instance.
Build a custom image, define a profile, launch an instance โ all in one terminal session. Reproducible every time.