When working with LXD containers across multiple hosts, especially in environments with restricted network access, standard container migration becomes non-trivial. The key challenge lies in properly exporting both container data and metadata while maintaining compatibility between LXD versions.
The correct workflow involves:
# First publish the container as an image
lxc publish container-name --alias temp-image
# Then export the image (this creates two files)
lxc image export temp-image
# Clean up temporary image
lxc image delete temp-imageThe error metadata.yaml: Not found in archive typically occurs when:
- Exporting directly from container instead of published image
- Using older LXD versions (pre-2.0.2)
- Missing the metadata tarball during import
Here's the full working process between two hosts:
# On source host
lxc stop my-container
lxc publish my-container --alias migration-image
lxc image export migration-image
# This generates two files:
# - meta-migration-image-XXXXXXXX.tar.xz
# - migration-image-XXXXXXXX.tar.xz
# Transfer both files to destination host (using scp/rsync/etc)
scp meta-migration-image-* root@remote:/tmp/
scp migration-image-* root@remote:/tmp/
# On destination host
lxc image import /tmp/meta-migration-image-XXX.tar.xz /tmp/migration-image-XXX.tar.xz --alias imported-container
lxc launch imported-container new-container-nameWhen hosts can't communicate directly:
- Export to intermediate storage (USB drive, S3 bucket)
- Use split file transfer with checksums
- Verify image integrity before import:
sha256sum *.tar.xz > checksums.txt
# Transfer checksums file separately
# On destination:
sha256sum -c checksums.txtImportant version-specific behaviors:
| LXD Version | Export Behavior |
|---|---|
| 2.0.0-2.0.2 | Single tarball (bug) |
| 2.0.3+ | Split metadata+rootfs |
| 3.0+ | Optional compression formats |
When network allows direct communication:
# Add remote host
lxc remote add remote-host --password=XXX --accept-certificate
# Copy directly between hosts
lxc copy local:container-name remote-host:new-container-nameWhen working with LXD containers across multiple Ubuntu hosts with restricted network access, the standard approach involves creating container images and transferring them between systems. The key steps are:
# On source host
lxc stop my-container
lxc publish my-container --alias my-image
lxc image export my-image
The error tar: metadata.yaml: Not found in archive typically occurs when using older LXD versions (pre-2.0.8) or when the export process doesn't properly bundle all required components. Modern LXD versions generate two files:
metadata.tar.xz- Container configurationrootfs.tar.xz- Actual filesystem
Here's the complete working solution:
# On source host
lxc stop my-container
lxc publish my-container --alias temp-image
lxc image export temp-image
# This creates two files:
# - aaf012...metadata.tar.xz
# - aaf012...rootfs.tar.xz
# Transfer both files to destination host via scp/rsync
scp aaf012*.tar.xz user@remote:/tmp/
# On destination host
lxc image import /tmp/aaf012...metadata.tar.xz /tmp/aaf012...rootfs.tar.xz --alias imported-image
lxc launch imported-image new-container
For hosts with direct network access, configure remotes:
# On source host
lxc remote add remote-host --accept-certificate --password=
# Copy image directly
lxc image copy local:my-image remote-host: --alias copied-image
# On destination host
lxc launch remote-host:copied-image new-container
If you encounter problems:
- Verify LXD versions match (minimum 2.0.8 recommended)
- Check disk space in /var/lib/lxd
- Ensure proper permissions on transferred files
- For custom images, include all dependencies
Remember that published containers become immutable images. Any changes require republishing the updated container.