I would like to understand what the difference is between getting a new base image (e.g. Ubuntu 16.04) and apt updating running containers.
Do I need to update the containers myself, or can I rely on the image being updated? Or is that decoupled as soon as the container gets created?
I've been updating them myself so far.
I realize this answer is coming in late, but I'll share what my (limited) experience with LXD/LXC has been thus far.
Remember that a container is an instance based on an image. However, updating the container (e.g. running
sudo apt-get install <package-name>) will not update the image; only the container.In this sense, the container and the image become "decoupled" (I'd say "out of sync"). If you want an image that has the changes you've made to a container, then what I think you need to do is take a snapshot of the container. For example:
A handy way to do this is to tag them by date, so that you can more easily identify which snapshots to use. For example, this is the way in which I'm doing it:
What I think you'll get from a new/recent base image (e.g.
ubuntu:lts/amd64) is simply things such as the latest package versions, security updates, etc.This observation comes from my experience doing Ubuntu installs from the ISO downloaded from the site (which starts out with 50+ outdated packages that need to be updated, at the time of this writing) vs the base images, which already appear to have the updates applied.
That being said, starting a container from said base image would require that you re-install all your custom configuration, packages, and other changes, and so on.