Re: [lxc-users] LXD containers lose outbound network

Mon, 27 Jun 2016 06:02:41 -0700

Please forgive the long-winded explanation but I think better to be explicit rather than leave people guessing. I have been using LXD containers ever since its birth and prefer it to LXC containers (my personal preference.) 
The ease of use and migration between hosts is a definite plus.
I have seen people fighting with external facing containers for awhile and although I do not profess to know everything about this issue, I have found something that consistently works for me. 

1- I use mainly defaults during system installation.
2- generally use default or bridge profiles.
3- Modify as per below


Lately I specifically notice that [email protected] is having 
trouble with Internet facing containers which I had for awhile.

The issue seems to have cured itself by following the sequence below.

I hope this helps someone.
#----------------------------------------
#----------------------------------------

I have noticed that on occasion the profile gets mangled upon "lxc copy" 
of or "lxc init" of a new container.
Therefore I have set up a process whereby a standard procedure is 
followed to delete all interfaces and reinstall.

The process is below #====~
SO FOR ALL INTERNET FACING CONTAINERS I USE "bridge" ONLY
#----------------------------------------
#----------------------------------------
This is my setup
:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04 LTS"
#----------------------------------------
:~# dpkg -l | grep lxc

ii  liblxc1              2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools (library)
ii  lxc                  2.0.0-0ubuntu2     all     Transitional package 
for lxc1
ii  lxc-common           2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools (common tools)
ii  lxc-templates        2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools (templates)
ii  lxc1                 2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools
ii  lxcfs                2.0.0-0ubuntu2.1   amd64   FUSE based 
filesystem for LXC
ii  python3-lxc          2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools (Python 3.x bindings)

:~# dpkg -l | grep lxd

ii  lxd                  2.0.2-0ubuntu1~16.04.1 amd64   Container 
hypervisor based on LXC - daemon
ii  lxd-client           2.0.2-0ubuntu1~16.04.1 amd64   Container 
hypervisor based on LXC - client

#----------------------------------------
/etc/default/lxd-bridge   # I generally use defaults
#----------------------
# WARNING: This file is generated by a debconf template!
# It is recommended to update it by using "dpkg-reconfigure -p medium lxd"
etc...
#----------------------------------------
egrep -v '(^#|^$)' /etc/default/lxd-bridge
#--------------------
USE_LXD_BRIDGE="true"
LXD_BRIDGE="lxdbr0"
UPDATE_PROFILE="true"
LXD_CONFILE=""
LXD_DOMAIN="lxd"
LXD_IPV4_ADDR=""
LXD_IPV4_NETMASK=""
LXD_IPV4_NETWORK=""
LXD_IPV4_DHCP_RANGE=""
LXD_IPV4_DHCP_MAX=""
LXD_IPV4_NAT="true"
LXD_IPV6_ADDR=""
LXD_IPV6_MASK=""
LXD_IPV6_NETWORK=""
LXD_IPV6_NAT="false"
LXD_IPV6_PROXY="true"
#----------------------------------------

One difference between this and [email protected] profile is the 
last line which I don't use anyway.

All others are default settings from "dpkg-reconfigure -p medium lxd"
#----------------------------------------
#----------------------------------------
IF INTERNET ACCESS IS DESIRED
#----------------------------------------
lxc copy container1 container2
lxc profile create bridge
lxc profile edit bridge
lxc profile apply container2 bridge
#----------------------------------
###
### On external/internet access containers I use "bridge" ONLY
### "default" is not used
###
### On internal access containers that need a SPECIFIC ip address.
### I use "default,bridge"
### and specify either eth1 or eth2
### or none if specific ip address not desired.
###
### No matter what configuration I use
### eth0 is always parented by lxdbr0
### eth1 is always parented by br0
### eth2 is always parented by br1
#----------------------------------------
lxc profile edit bridge
#----------------------------------------
name: bridge
config:
  security.nesting: "true"
  security.privileged: "true"
description: ""
devices:
    eth1:               # the container nic
        nictype: bridged
        parent: br0     # the host nic
        type: nic
    eth2:               # the container nic
        nictype: bridged
        parent: br1     # the host nic
        type: nic
#----------------------------------------
lxc profile edit default
#----------------------------------------
name: default
config: {}
description: Default LXD profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
#========================================
#========================================
#========================================
# ON THE SERVER
# These are the commands I use to achieve the above results

# As I mentioned above the sequence sometimes has to be repeated a 
couple of times in order to succeed.

# Especially lxc config edit ${CONTAINER}
#
# If at first you don't succeed,
# lxc stop ${CONTAINER}
# and repeat the sequence
#
# Success is shown by lxc start ${CONTAINER} resulting in ...
# lxc start ${CONTAINER}
# "lxc list" showing desired ip addresses.
#----------------------------------------

#!/bin/bash  # or copy and paste the following lines directly into shell 
prompt.

#----------
CONTAINER=x2go1248    # or whatever you desired container name
lxc config device remove ${CONTAINER} eth0 && \
lxc config device remove ${CONTAINER} eth1 && \
lxc config device remove ${CONTAINER} eth2 && \
#

lxc config device add ${CONTAINER} eth0 nic nictype=bridged 
parent=lxdbr0 && \

lxc config device add ${CONTAINER} eth1 nic nictype=bridged parent=br0 && \
lxc config device add ${CONTAINER} eth2 nic nictype=bridged parent=br1 && \
#
lxc profile apply ${CONTAINER} bridge   # or "default,bridge"
#------------------------------------
#-- These commands usually done separately
lxc config edit ${CONTAINER}
#
lxc start ${CONTAINER}
#========================================
#========================================
#========================================
# Modify these commands to fit your requirements
#------------------------------------------------
##### ON THE SERVER
##### WARNING #####

##### THIS WILL OVERWRITE 
/var/lib/lxd/containers/${CONTAINER}/rootfs/etc/network/interfaces #####

#-----------------
CONTAINER=x2go1248    # or whatever you desired container name
#-----------------

cat <<EOF > 
/var/lib/lxd/containers/${CONTAINER}/rootfs/etc/network/interfaces

# The primary network interface
#auto eth0                 # Not needed for external/internet access.
#iface eth0 inet dhcp      # Not needed for external/internet access.
#
auto eth1                  # This is my external facing LAN
iface eth1 inet static
    address 192.168.2.248/16
    gateway 192.168.2.1
    dns-nameservers 208.67.220.220 8.8.8.8
#
auto eth2                  # This is my internal LAN
iface eth2 inet static
    address 172.31.30.248/12
EOF
#========================================


_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users



_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users





















					Reply via email to