Hi All.
I'm utterly failing to configuring a simple static IP address for a
single container.
Here is the use case:
Host server running Gentoo, static IP address is: 192.168.0.35
Gentoo container with static IP address of 192.168.0.36
I'm needing some general instructions -- not Ubuntu specific.
I'm passing a kernel parameter so that old interface naming is used,
i.e., my host nic is called eth0.
1) How should the network be configured on the host? Is a bridge
required? Are 2 NICs required? Should the interface be configured as
eth0 or br0 or both? Multiple IP addresses for eth0? Multi addresses
assigned to br0? Should my bridge, if I need one, be called lxdbr0?
2) What configuration should be performed using the lxc command line?
That seems to be a convenient way to get the entries in iptables. I
assume those are needed. Do I need entries in the container's iptables?
3) How should the network be configured within the container? Should the
container interface be a bridge: br0, lxdbr0, or simply eth0? I've found
the only way to get a static IP address to show up in the output of 'lxc
list' is to configure it inside the container, i.e., by commenting out
dhcp and adding static IP entries for eth0 (container) IP address,
default route, and dns servers.
4) Is openvswitch required, is it a dependency? What about dhcp? Is dhcp
a requirement for using static IP addresses? Sounds like a silly
question but I've seen discussions that suggest dhcp may be a
requirement under all circumstances.
Here is an example of what I've tried:
Host:
ip -4 route show:
default via 192.168.0.1 dev eth0 metric 3
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.35
ip -4 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000
inet 192.168.0.35/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet 192.168.0.36/24 brd 192.168.0.255 scope global secondary eth0
valid_lft forever preferred_lft forever
(Note this time I have 2 ip addresses on the host's eth0. I've tried
with just one as well. I've also tried with br0 instead of eth0, and so on.)
lxc network list:
+------+----------+---------+---------+
| NAME | TYPE | MANAGED | USED BY |
+------+----------+---------+---------+
| eth0 | physical | NO | 0 |
+------+----------+---------+---------+
| eth1 | physical | NO | 0 |
+------+----------+---------+---------+
lxc network create lxdbr0 ipv4.address=192.168.0.36/24 ipv4.nat=true
ipv4.dhcp=false ipv4.firewall=false ipv4.routing=true ipv6.address=none
lxc network list
+--------+----------+---------+---------+
| NAME | TYPE | MANAGED | USED BY |
+--------+----------+---------+---------+
| eth0 | physical | NO | 0 |
+--------+----------+---------+---------+
| eth1 | physical | NO | 0 |
+--------+----------+---------+---------+
| lxdbr0 | bridge | YES | 0 |
+--------+----------+---------+---------+
lxc network attach lxdbr0 gentoo default eth0
lxc list
+--------+---------+---------------------+------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+--------+---------+---------------------+------+------------+-----------+
| gentoo | RUNNING | 192.168.0.36 (eth0) | | PERSISTENT | 0 |
+--------+---------+---------------------+------+------------+-----------+
lxc exec gentoo /bin/bash
In the container:
ip -4 route show
default via 192.168.0.1 dev eth0 metric 12
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.36
ip -4 addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
12: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP group default qlen 1000 link-netnsid 0
inet 192.168.0.36/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
ping 192.168.0.11
PING 192.168.0.11 (192.168.0.11) 56(84) bytes of data.
From 192.168.0.36 icmp_seq=1 Destination Host Unreachable
From 192.168.0.36 icmp_seq=2 Destination Host Unreachable
From 192.168.0.36 icmp_seq=3 Destination Host Unreachable
So... the container is not on the network.
The iptables are different on host vs. container. Does this matter?
Host:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
dpt:domain /* generated for LXD network lxdbr0 */
ACCEPT udp -- anywhere anywhere udp
dpt:domain /* generated for LXD network lxdbr0 */
ACCEPT udp -- anywhere anywhere udp
dpt:bootps /* generated for LXD network lxdbr0 */
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spt:domain /* generated for LXD network lxdbr0 */
ACCEPT udp -- anywhere anywhere udp
spt:domain /* generated for LXD network lxdbr0 */
ACCEPT udp -- anywhere anywhere udp
spt:bootps /* generated for LXD network lxdbr0 */
Container:
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Where do I go from here? I'm running out of ideas. Greatly appreciate
any directions you can send me.
-Mike
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
