Tomasz Chmielewski <man...@wpkg.org> writes:
> While I can imagine setting up many OpenVPN tunnels between all LXD
> servers (LXD1-LXD2, LXD1-LXD3, LXD2-LXD3) and constantly adjusting the
> routes as containers are stopped/started/migrated, it's a bit of a
> management nightmare. And even more so if the number of LXD servers
> Hints, discussion?
If you use the same subnet for the container as in your example
10.10.10.0/24 there's no routing nightmare, you have only to setup
openvpn in bridge mode and so you'll need only 2 tunnels: LXD1-LXD2 and
LXD2-LXD3, obviously if LXD2 will go offline you'll have a problem.
If you'll have many containers using the same subnet for all will be
impossible so you'll need to managed routing between hosts to be able to
reach every container.
I'm about to design and deploy similar setup: many LXD hosts running
containers that can be started on a hosts and eventually migrated to
another host in the same or in a different datacenter.
I'm thinking not to use the same subnet for all containers but to use a
different subnet for every host, so following your example it will be
like the following:
LXD1: IP 188.8.131.52, Europe LXD2: IP 184.108.40.206, Asia
container1, 10.10.10.10 container4, 10.10.20.10
container2, 10.10.10.11 container5, 10.10.20.11
container3, 10.10.10.12 container6, 10.10.20.12
LXD3: IP 220.127.116.11, US
on every hosts a dhcp server is use to dynamically configure network on
starting container and, based on container's hostname, to dynamically
update dns servers so containers will be always reachable via hostname.
Routing problem remains, I'll probably choose to deploy some tunnels
between hosts to connect each other, then running an OSPF daemon for
dynamic routing management.
The sysadmin has all the answers, expecially "No"
lxc-users mailing list