Re: [ovs-discuss] Openvswitch with LXC

2021-02-04 Thread Raymond Burkholder 

On 2/4/21 12:41 AM, George Papathanail wrote:


I managed to attach the lxc interface to the ovs-bridge
sudoovs-vsctl show
8cd3e1a6-eaa9-4341-b5c8-677e381c8306Bridgeswitch0PortvethlQXvGc 
InterfacevethlQXvGc Portswitch0Interfaceswitch0type: internal 
ovs_version: "2.13.1"
The problem now is that the container did not take IP. P.S I only have 
one physical interface so I did not bind it with the bridge.


You need to remove your ip information from the physical interface, bind 
the physical interface to the bridge, assign the address info to the 
bridge (or other virtual interface).


This creates a common bridge between the 'outside' world and your 
container.  And provides local machine address to the outside world on 
that same sole physical interface
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Openvswitch with LXC

2021-02-04 Thread Numan Siddique 
On Thu, Feb 4, 2021 at 1:11 PM George Papathanail
 wrote:
>
> Thank you Rayomond,
>
> I followed these steps:
>
> 1) sudo lxc-start -n c2 -d --logfile=logs
> 2) ovs-vsctl add-br switch0
> ip add add 192.168.100.1/24 dev switch0
>
> I have these two scripts:
> BRIDGE=switch0 ovs-vsctl --may-exist add-br $BRIDGE ovs-vsctl --if-exists 
> del-port $BRIDGE $5 ovs-vsctl --may-exist add-port $BRIDGE $5
>
> # cat /etc/lxc/ifdown #!/bin/bash ovsBr=switch0 ovs-vsctl --if-exists 
> del-port ${ovsBr} $5
>
>
> I managed to attach the lxc interface to the ovs-bridge
> sudo ovs-vsctl show
> 8cd3e1a6-eaa9-4341-b5c8-677e381c8306 Bridge switch0 Port vethlQXvGc Interface 
> vethlQXvGc Port switch0 Interface switch0 type: internal ovs_version: "2.13.1"
> The problem now is that the container did not take IP. P.S I only have one 
> physical interface so I did not bind it with the bridge.
>
>
>
> Στις Πέμ, 4 Φεβ 2021 στις 8:28 π.μ., ο/η Raymond Burkholder 
>  έγραψε:
>>
>> Pretty simple:
>>
>> 1) read the man page on lxc.container.conf
>> 2) build one or two interface up/down files
>>
>> Don't guarantee this works without a bit of extra massaging, but should be 
>> enough to get started:
>>
>> # cat /etc/lxc/scripts/ovs.port.up.sh
>> #!/bin/bash
>> logger "lxc_name=${LXC_NAME}"
>> logger "lxc_config=${LXC_CONFIG_FILE}"
>> logger "values = $1 $2 $3 $4 $5"
>> logger "vlan=${VLAN} $5"
>> BRIDGE=ovsbr0
>> ovs-vsctl --may-exist add-br $BRIDGE
>> ovs-vsctl --may-exist add-port $BRIDGE $5
>> if [ "$VLAN" != "" ]; then
>>   ovs-vsctl set port $5 tag=$VLAN
>>   fi
>>
>>
>> There might be other tidbits at:
>> https://blog.raymond.burkholder.net/index.php?/categories/7-LXC
>>
>>
>> On 2/3/21 10:12 AM, George Papathanail wrote:
>>
>> Hello everyone, I'm trying to connect LXC with Openvswitch and to have a 
>> setup like this:
>>
>>
>>
>> I'm kindly asking for your input, or if there is a tutorial please let me 
>> know

From what I have read, LXD  supports OVN. Maybe you can try with OVN
if you prefer ?

https://discuss.linuxcontainers.org/t/lxd-4-5-has-been-released/8824

Thanks
Numan

>>
>> Thank you in advance
>>
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>> ___
>> discuss mailing list
>> disc...@openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Openvswitch with LXC

2021-02-03 Thread George Papathanail 
Thank you Rayomond,

I followed these steps:

1) sudo lxc-start -n c2 -d --logfile=logs
2) ovs-vsctl add-br switch0
ip add add 192.168.100.1/24 dev switch0

I have these two scripts:
BRIDGE=switch0 ovs-vsctl --may-exist add-br $BRIDGE ovs-vsctl --if-exists
del-port $BRIDGE $5 ovs-vsctl --may-exist add-port $BRIDGE $5

# cat /etc/lxc/ifdown #!/bin/bash ovsBr=switch0 ovs-vsctl --if-exists
del-port ${ovsBr} $5


I managed to attach the lxc interface to the ovs-bridge
sudo ovs-vsctl show
8cd3e1a6-eaa9-4341-b5c8-677e381c8306 Bridge switch0 Port vethlQXvGc
Interface vethlQXvGc Port switch0 Interface switch0 type: internal
ovs_version: "2.13.1"
The problem now is that the container did not take IP. P.S I only have one
physical interface so I did not bind it with the bridge.



Στις Πέμ, 4 Φεβ 2021 στις 8:28 π.μ., ο/η Raymond Burkholder <
r...@oneunified.net> έγραψε:

> Pretty simple:
>
> 1) read the man page on lxc.container.conf
> 2) build one or two interface up/down files
>
> Don't guarantee this works without a bit of extra massaging, but should be
> enough to get started:
>
> # cat /etc/lxc/scripts/ovs.port.up.sh
> #!/bin/bash
> logger "lxc_name=${LXC_NAME}"
> logger "lxc_config=${LXC_CONFIG_FILE}"
> logger "values = $1 $2 $3 $4 $5"
> logger "vlan=${VLAN} $5"
> BRIDGE=ovsbr0
> ovs-vsctl --may-exist add-br $BRIDGE
> ovs-vsctl --may-exist add-port $BRIDGE $5
> if [ "$VLAN" != "" ]; then
>   ovs-vsctl set port $5 tag=$VLAN
>   fi
>
>
> There might be other tidbits at:
> https://blog.raymond.burkholder.net/index.php?/categories/7-LXC
>
>
> On 2/3/21 10:12 AM, George Papathanail wrote:
>
> Hello everyone, I'm trying to connect LXC with Openvswitch and to have a
> setup like this:
>
>
>
> I'm kindly asking for your input, or if there is a tutorial please let me
> know
>
> Thank you in advance
>
> ___
> discuss mailing 
> listdiscuss@openvswitch.orghttps://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
>
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Openvswitch with LXC

2021-02-03 Thread Raymond Burkholder 

Pretty simple:

1) read the man page on lxc.container.conf
2) build one or two interface up/down files

Don't guarantee this works without a bit of extra massaging, but should 
be enough to get started:


# cat /etc/lxc/scripts/ovs.port.up.sh
#!/bin/bash
logger "lxc_name=${LXC_NAME}"
logger "lxc_config=${LXC_CONFIG_FILE}"
logger "values = $1 $2 $3 $4 $5"
logger "vlan=${VLAN} $5"
BRIDGE=ovsbr0
ovs-vsctl --may-exist add-br $BRIDGE
ovs-vsctl --may-exist add-port $BRIDGE $5
if [ "$VLAN" != "" ]; then
  ovs-vsctl set port $5 tag=$VLAN
  fi


There might be other tidbits at:
https://blog.raymond.burkholder.net/index.php?/categories/7-LXC


On 2/3/21 10:12 AM, George Papathanail wrote:
Hello everyone, I'm trying to connect LXC with Openvswitch and to have 
a setup like this:




I'm kindly asking for your input, or if there is a tutorial please let 
me know


Thank you in advance

___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss


___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] Openvswitch with LXC

2021-02-03 Thread George Papathanail 
Hello everyone, I'm trying to connect LXC with Openvswitch and to have a
setup like this:

[image: lxc.png]

I'm kindly asking for your input, or if there is a tutorial please let me
know

Thank you in advance
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04

2018-05-14 Thread Orabuntu-LXC 
In addition to what Paul has mentioned, here is example of what I use
(switch as a systemd service):

/etc/systemd/system/sw1.service

-rw-r--r-- 1 root root  268 Mar 10 13:45 sw1.service



[Unit]
Description=sw1 Service
Wants=network-online.target
After=network-online.target

[Service]
Type=oneshot
User=root
RemainAfterExit=yes
ExecStart=/etc/network/openvswitch/crt_ovs_sw1.sh
ExecStop=/usr/bin/ovs-vsctl del-br sw1

[Install]
WantedBy=multi-user.target



Then ExecStart and ExecStop can be customized as you want with a command or
script reference.  I use my own custom script (e.g. crt_ovs_sw1.sh), but as
Paul mentioned, you can use the scripts provided as well.


On Mon, May 14, 2018 at 5:55 AM, <den...@exemail.com.au> wrote:

> Paul
>
> Thanks for that command.  I tried it and found that my br-int was not up .
>
> After  "sudo ip link set br-int up" and "sudo ip addr add 192.168.1.1/24
> dev br-int" it worked and I could ping as expected.
>
> For Ubuntu 18.04 I have added the following to /etc/network/interfaces
>
> allow-ovs br-int
> iface br-int inet static
> address 192.168.1.1
> netmask 255.255.255.0
> ovs_type OVSBridge
>
> But on reboot br-int is not coming up correctly after reboot.
>
> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
> default qlen 1000
> link/ether c6:8e:e2:7b:0f:4f brd ff:ff:ff:ff:ff:ff
>
> Is this the correct way to define a Openvswitch bridge with IP on Ubuntu?
>
>
> Thanks
>
> Densha
>
> It looks> Before you rebuild, I suggest you ping at the interval of 0.01,
> then, take
> > "ovs-ofctl dump-flows br-int" and save it to a file. The relevant columns
> > are table and n_packets. Wait a couple of seconds, then take the dump
> > again. Compare and find the entries that increment at the rate of your
> > ping.
> >
> > If you don't see the hits in the tables - check iptables, kmod, etc.
> >
> > If you ser them, use trace to figure out why your traffic is being
> > dropped.
> >
> > Regards,
> > Paul
> >
> >
> > Get Outlook for iOS<https://aka.ms/o0ukef>
> > 
> > From: ovs-discuss-boun...@openvswitch.org
> > <ovs-discuss-boun...@openvswitch.org> on behalf of den...@exemail.com.au
> > <den...@exemail.com.au>
> > Sent: Saturday, May 12, 2018 11:45:57 PM
> > To: Orabuntu-LXC
> > Cc: ovs-discuss@openvswitch.org
> > Subject: Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu
> 18.04
> >
> > Thanks.  I tried that and still unable to ping from the LXC container to
> > the IP address set on the bridge.
> >
> > I will rebuild everything from scratch and retry.
> >
> >> Check sysctl settings.  Check/set these on the LXC host machine in the
> >> /etc/sysctl.conf (or in a new file in the /etc/sysctl.d directory, e.g
> >> you
> >> could call it  /etc/sysctl.d/60-lxc.conf) :
> >>
> >> net.ipv4.conf.default.rp_filter=0
> >> net.ipv4.conf.all.rp_filter=0
> >> net.ipv4.ip_forward=1
> >>
> >> Reference:
> >> https://thenewstack.io/solving-a-common-beginners-
> problem-when-pinging-from-an-openstack-instance/
> >>
> >>
> >>
> >> On Sat, May 12, 2018 at 7:09 AM, <den...@exemail.com.au> wrote:
> >>
> >>> Thanks for the response and links.  I will watch the OvS Con videos.
> >>>
> >>> I have now successfully started the container, but unable to ping out
> >>> or
> >>> into the container.
> >>>
> >>> I have modified my /var/lib/vm1/conf to be
> >>>
> >>> # Network configuration
> >>> lxc.net.0.type = veth
> >>> lxc.net.0.link = br-int <- Name of my internal container bridge
> >>> lxc.net.0.flags = up
> >>> lxc.net.0.name=eth0
> >>> lxc.net.0.hwaddr = 00:16:3e:d2:23:a8 .<- This was in the conf when
> >>> created.
> >>>
> >>>
> >>> When I start the container - I can see the port be added to the bridge
> >>> on
> >>> the host system
> >>>
> >>> # sudo lxc-start -n vm1
> >>> # sudo ovs-vsctl show
> >>> c3d9247e-68f1-4ae1-be0e-4bb86fd2c541
> >>> Bridge br-dmz
> >>> Port br-dmz
> >>> Interface br-dmz
> >>> type: internal
> >>> Bridge br-int
> >>> Port "veth4U4B0B"  <- New port added when
>

Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04

2018-05-14 Thread Paul Greenberg 
It is not coming up because you do not have startup script for the interface. 
Perhaps you have it, but you need to modify it to fit your setup.
Check https://github.com/openvswitch/ovs/blob/master/debian/ifupdown.sh and 
https://github.com/openvswitch/ovs/blob/master/rhel/etc_sysconfig_network-scripts_ifdown-ovs
 for examples.

Regards,
Paul


Get Outlook for iOS<https://aka.ms/o0ukef>

From: den...@exemail.com.au <den...@exemail.com.au>
Sent: Monday, May 14, 2018 6:55:22 AM
To: Paul Greenberg
Cc: Orabuntu-LXC; ovs-discuss@openvswitch.org
Subject: Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04

Paul

Thanks for that command.  I tried it and found that my br-int was not up .

After  "sudo ip link set br-int up" and "sudo ip addr add 192.168.1.1/24
dev br-int" it worked and I could ping as expected.

For Ubuntu 18.04 I have added the following to /etc/network/interfaces

allow-ovs br-int
iface br-int inet static
address 192.168.1.1
netmask 255.255.255.0
ovs_type OVSBridge

But on reboot br-int is not coming up correctly after reboot.

5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether c6:8e:e2:7b:0f:4f brd ff:ff:ff:ff:ff:ff

Is this the correct way to define a Openvswitch bridge with IP on Ubuntu?


Thanks

Densha

It looks> Before you rebuild, I suggest you ping at the interval of 0.01,
then, take
> "ovs-ofctl dump-flows br-int" and save it to a file. The relevant columns
> are table and n_packets. Wait a couple of seconds, then take the dump
> again. Compare and find the entries that increment at the rate of your
> ping.
>
> If you don't see the hits in the tables - check iptables, kmod, etc.
>
> If you ser them, use trace to figure out why your traffic is being
> dropped.
>
> Regards,
> Paul
>
>
> Get Outlook for iOS<https://aka.ms/o0ukef>
> 
> From: ovs-discuss-boun...@openvswitch.org
> <ovs-discuss-boun...@openvswitch.org> on behalf of den...@exemail.com.au
> <den...@exemail.com.au>
> Sent: Saturday, May 12, 2018 11:45:57 PM
> To: Orabuntu-LXC
> Cc: ovs-discuss@openvswitch.org
> Subject: Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04
>
> Thanks.  I tried that and still unable to ping from the LXC container to
> the IP address set on the bridge.
>
> I will rebuild everything from scratch and retry.
>
>> Check sysctl settings.  Check/set these on the LXC host machine in the
>> /etc/sysctl.conf (or in a new file in the /etc/sysctl.d directory, e.g
>> you
>> could call it  /etc/sysctl.d/60-lxc.conf) :
>>
>> net.ipv4.conf.default.rp_filter=0
>> net.ipv4.conf.all.rp_filter=0
>> net.ipv4.ip_forward=1
>>
>> Reference:
>> https://thenewstack.io/solving-a-common-beginners-problem-when-pinging-from-an-openstack-instance/
>>
>>
>>
>> On Sat, May 12, 2018 at 7:09 AM, <den...@exemail.com.au> wrote:
>>
>>> Thanks for the response and links.  I will watch the OvS Con videos.
>>>
>>> I have now successfully started the container, but unable to ping out
>>> or
>>> into the container.
>>>
>>> I have modified my /var/lib/vm1/conf to be
>>>
>>> # Network configuration
>>> lxc.net.0.type = veth
>>> lxc.net.0.link = br-int <- Name of my internal container bridge
>>> lxc.net.0.flags = up
>>> lxc.net.0.name=eth0
>>> lxc.net.0.hwaddr = 00:16:3e:d2:23:a8 .<- This was in the conf when
>>> created.
>>>
>>>
>>> When I start the container - I can see the port be added to the bridge
>>> on
>>> the host system
>>>
>>> # sudo lxc-start -n vm1
>>> # sudo ovs-vsctl show
>>> c3d9247e-68f1-4ae1-be0e-4bb86fd2c541
>>> Bridge br-dmz
>>> Port br-dmz
>>> Interface br-dmz
>>> type: internal
>>> Bridge br-int
>>> Port "veth4U4B0B"  <- New port added when
>>> container starts
>>> Interface "veth4U4B0B"
>>> Port br-int
>>> Interface br-int
>>> type: internal
>>> Port "enp2s0"
>>> Interface "enp2s0"
>>> ovs_version: "2.9.0"
>>>
>>> The bridge br-int has self IP 192.168.10.1/24 - that I added using
>>> (after
>>> reboot)
>>>
>>> # sudo ip addr del 192.168.0.1/24 dev br-int
>>>
>>> 5: br-int: <BROADCAST,MULTICAST> mtu 1

Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04

2018-05-13 Thread Paul Greenberg 
Before you rebuild, I suggest you ping at the interval of 0.01, then, take 
"ovs-ofctl dump-flows br-int" and save it to a file. The relevant columns are 
table and n_packets. Wait a couple of seconds, then take the dump again. 
Compare and find the entries that increment at the rate of your ping.

If you don't see the hits in the tables - check iptables, kmod, etc.

If you ser them, use trace to figure out why your traffic is being dropped.

Regards,
Paul


Get Outlook for iOS<https://aka.ms/o0ukef>

From: ovs-discuss-boun...@openvswitch.org <ovs-discuss-boun...@openvswitch.org> 
on behalf of den...@exemail.com.au <den...@exemail.com.au>
Sent: Saturday, May 12, 2018 11:45:57 PM
To: Orabuntu-LXC
Cc: ovs-discuss@openvswitch.org
Subject: Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04

Thanks.  I tried that and still unable to ping from the LXC container to
the IP address set on the bridge.

I will rebuild everything from scratch and retry.

> Check sysctl settings.  Check/set these on the LXC host machine in the
> /etc/sysctl.conf (or in a new file in the /etc/sysctl.d directory, e.g you
> could call it  /etc/sysctl.d/60-lxc.conf) :
>
> net.ipv4.conf.default.rp_filter=0
> net.ipv4.conf.all.rp_filter=0
> net.ipv4.ip_forward=1
>
> Reference:
> https://thenewstack.io/solving-a-common-beginners-problem-when-pinging-from-an-openstack-instance/
>
>
>
> On Sat, May 12, 2018 at 7:09 AM, <den...@exemail.com.au> wrote:
>
>> Thanks for the response and links.  I will watch the OvS Con videos.
>>
>> I have now successfully started the container, but unable to ping out or
>> into the container.
>>
>> I have modified my /var/lib/vm1/conf to be
>>
>> # Network configuration
>> lxc.net.0.type = veth
>> lxc.net.0.link = br-int <- Name of my internal container bridge
>> lxc.net.0.flags = up
>> lxc.net.0.name=eth0
>> lxc.net.0.hwaddr = 00:16:3e:d2:23:a8 .<- This was in the conf when
>> created.
>>
>>
>> When I start the container - I can see the port be added to the bridge
>> on
>> the host system
>>
>> # sudo lxc-start -n vm1
>> # sudo ovs-vsctl show
>> c3d9247e-68f1-4ae1-be0e-4bb86fd2c541
>> Bridge br-dmz
>> Port br-dmz
>> Interface br-dmz
>> type: internal
>> Bridge br-int
>> Port "veth4U4B0B"  <- New port added when
>> container starts
>> Interface "veth4U4B0B"
>> Port br-int
>> Interface br-int
>> type: internal
>> Port "enp2s0"
>> Interface "enp2s0"
>> ovs_version: "2.9.0"
>>
>> The bridge br-int has self IP 192.168.10.1/24 - that I added using
>> (after
>> reboot)
>>
>> # sudo ip addr del 192.168.0.1/24 dev br-int
>>
>> 5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
>> default qlen 1000
>> link/ether 00:01:80:82:f8:59 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.10.1/24 scope global br-int
>>valid_lft forever preferred_lft forever
>>
>> and the new port
>>
>> 8: veth4U4B0B@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue master ovs-system state UP group default qlen 1000
>> link/ether fe:b8:87:1b:1e:5e brd ff:ff:ff:ff:ff:ff link-netnsid 0
>> inet6 fe80::fcb8:87ff:fe1b:1e5e/64 scope link
>>valid_lft forever preferred_lft forever
>>
>> Inside the container I set the IP of eth0 device using
>>
>> ubuntu@vm1:~$ sudo ip addr add 192.168.10.2/24 dev eth0
>>
>> ubuntu@vm1:~$ ip a
>> 7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>> state UP group default qlen 1000
>> link/ether 00:16:3e:d2:23:a8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
>> inet 192.168.10.2/24 scope global eth0
>>valid_lft forever preferred_lft forever
>> inet6 fe80::216:3eff:fed2:23a8/64 scope link
>>valid_lft forever preferred_lft forever
>>
>> However I still cannot ping the self IP of the bridge.
>>
>> Is there anything obvious that I have configured wrong?
>>
>> Thanks
>>
>> Densha
>>
>>
>> > These materials might help:
>> >
>> > 1.  Presentation on running LXC on OpenvSwitch at OvS Con:
>> >
>> > https://www.youtube.com/watch?v=MXewSiDvQl4=221s (presentation I
>> gave
>> at
>> > OvS Con).
>> >
>> > I discuss in the pr

Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04

2018-05-12 Thread densha 
Thanks.  I tried that and still unable to ping from the LXC container to
the IP address set on the bridge.

I will rebuild everything from scratch and retry.

> Check sysctl settings.  Check/set these on the LXC host machine in the
> /etc/sysctl.conf (or in a new file in the /etc/sysctl.d directory, e.g you
> could call it  /etc/sysctl.d/60-lxc.conf) :
>
> net.ipv4.conf.default.rp_filter=0
> net.ipv4.conf.all.rp_filter=0
> net.ipv4.ip_forward=1
>
> Reference:
> https://thenewstack.io/solving-a-common-beginners-problem-when-pinging-from-an-openstack-instance/
>
>
>
> On Sat, May 12, 2018 at 7:09 AM,  wrote:
>
>> Thanks for the response and links.  I will watch the OvS Con videos.
>>
>> I have now successfully started the container, but unable to ping out or
>> into the container.
>>
>> I have modified my /var/lib/vm1/conf to be
>>
>> # Network configuration
>> lxc.net.0.type = veth
>> lxc.net.0.link = br-int <- Name of my internal container bridge
>> lxc.net.0.flags = up
>> lxc.net.0.name=eth0
>> lxc.net.0.hwaddr = 00:16:3e:d2:23:a8 .<- This was in the conf when
>> created.
>>
>>
>> When I start the container - I can see the port be added to the bridge
>> on
>> the host system
>>
>> # sudo lxc-start -n vm1
>> # sudo ovs-vsctl show
>> c3d9247e-68f1-4ae1-be0e-4bb86fd2c541
>> Bridge br-dmz
>> Port br-dmz
>> Interface br-dmz
>> type: internal
>> Bridge br-int
>> Port "veth4U4B0B"  <- New port added when
>> container starts
>> Interface "veth4U4B0B"
>> Port br-int
>> Interface br-int
>> type: internal
>> Port "enp2s0"
>> Interface "enp2s0"
>> ovs_version: "2.9.0"
>>
>> The bridge br-int has self IP 192.168.10.1/24 - that I added using
>> (after
>> reboot)
>>
>> # sudo ip addr del 192.168.0.1/24 dev br-int
>>
>> 5: br-int:  mtu 1500 qdisc noop state DOWN group
>> default qlen 1000
>> link/ether 00:01:80:82:f8:59 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.10.1/24 scope global br-int
>>valid_lft forever preferred_lft forever
>>
>> and the new port
>>
>> 8: veth4U4B0B@if7:  mtu 1500 qdisc
>> noqueue master ovs-system state UP group default qlen 1000
>> link/ether fe:b8:87:1b:1e:5e brd ff:ff:ff:ff:ff:ff link-netnsid 0
>> inet6 fe80::fcb8:87ff:fe1b:1e5e/64 scope link
>>valid_lft forever preferred_lft forever
>>
>> Inside the container I set the IP of eth0 device using
>>
>> ubuntu@vm1:~$ sudo ip addr add 192.168.10.2/24 dev eth0
>>
>> ubuntu@vm1:~$ ip a
>> 7: eth0@if8:  mtu 1500 qdisc noqueue
>> state UP group default qlen 1000
>> link/ether 00:16:3e:d2:23:a8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
>> inet 192.168.10.2/24 scope global eth0
>>valid_lft forever preferred_lft forever
>> inet6 fe80::216:3eff:fed2:23a8/64 scope link
>>valid_lft forever preferred_lft forever
>>
>> However I still cannot ping the self IP of the bridge.
>>
>> Is there anything obvious that I have configured wrong?
>>
>> Thanks
>>
>> Densha
>>
>>
>> > These materials might help:
>> >
>> > 1.  Presentation on running LXC on OpenvSwitch at OvS Con:
>> >
>> > https://www.youtube.com/watch?v=MXewSiDvQl4=221s (presentation I
>> gave
>> at
>> > OvS Con).
>> >
>> > I discuss in the preso that for LXC 2.1+, you now have the option to
>> > configure OpenvSwitch for LXC in two different ways.  You can
>> configure
>> it
>> > using, as you mentioned, the scripts (and this was the way we had to
>> do
>> it
>> > in LXC 1.0.x and  2.0.x.  This method has advantage that VLAN's can
>> also
>> > be
>> > configured pretty easily in these scripts too.
>> >
>> > lxc.net.0.script.up
>> > lxc.net.0.script.down
>> >
>> > Or, starting from 2.1.x you can also configure it directly in the LXC
>> > config using for example these parameters:
>> >
>> >   lxc.net.0.type = veth
>> >   lxc.net.0.link = ovsbr0
>> >   lxc.net.0.flags = up
>> >   lxc.net.0.name = eth0
>> >
>> > which is also discussed here:
>> > https://discuss.linuxcontainers.org/t/lxc-2-1-has-been-released/487
>> >
>> > 2.  Also, my Orabuntu-LXC software projects is specifically designed
>> for
>> > deploying an entire LXC VLAN-tagged infrastructure on OpenvSwitch with
>> > just
>> > a single command:
>> >
>> > https://github.com/gstanden/orabuntu-lxc
>> >
>> > See if these references above help you set it up, and if not, let me
>> know.
>> >
>> > HTH, Gilbert
>> >
>> >
>> >
>> > On Sat, May 12, 2018 at 2:32 AM,  wrote:
>> >
>> >>
>> >> I am attempting to use LXC containers with OpenVswitch on Ubuntu
>> 18.04
>> >> LTS
>> >> server.  However, I am unable to work out the syntax for the
>> container
>> >> settings.  The container is failing to start due to unable to create
>> the
>> >> network.
>> >>
>> >> I did a vanilla install onto a media play with two NIC cards - enp1s0
>> >>

Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04

2018-05-12 Thread Orabuntu-LXC 
Check sysctl settings.  Check/set these on the LXC host machine in the
/etc/sysctl.conf (or in a new file in the /etc/sysctl.d directory, e.g you
could call it  /etc/sysctl.d/60-lxc.conf) :

net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
net.ipv4.ip_forward=1

Reference:
https://thenewstack.io/solving-a-common-beginners-problem-when-pinging-from-an-openstack-instance/



On Sat, May 12, 2018 at 7:09 AM,  wrote:

> Thanks for the response and links.  I will watch the OvS Con videos.
>
> I have now successfully started the container, but unable to ping out or
> into the container.
>
> I have modified my /var/lib/vm1/conf to be
>
> # Network configuration
> lxc.net.0.type = veth
> lxc.net.0.link = br-int <- Name of my internal container bridge
> lxc.net.0.flags = up
> lxc.net.0.name=eth0
> lxc.net.0.hwaddr = 00:16:3e:d2:23:a8 .<- This was in the conf when
> created.
>
>
> When I start the container - I can see the port be added to the bridge on
> the host system
>
> # sudo lxc-start -n vm1
> # sudo ovs-vsctl show
> c3d9247e-68f1-4ae1-be0e-4bb86fd2c541
> Bridge br-dmz
> Port br-dmz
> Interface br-dmz
> type: internal
> Bridge br-int
> Port "veth4U4B0B"  <- New port added when
> container starts
> Interface "veth4U4B0B"
> Port br-int
> Interface br-int
> type: internal
> Port "enp2s0"
> Interface "enp2s0"
> ovs_version: "2.9.0"
>
> The bridge br-int has self IP 192.168.10.1/24 - that I added using (after
> reboot)
>
> # sudo ip addr del 192.168.0.1/24 dev br-int
>
> 5: br-int:  mtu 1500 qdisc noop state DOWN group
> default qlen 1000
> link/ether 00:01:80:82:f8:59 brd ff:ff:ff:ff:ff:ff
> inet 192.168.10.1/24 scope global br-int
>valid_lft forever preferred_lft forever
>
> and the new port
>
> 8: veth4U4B0B@if7:  mtu 1500 qdisc
> noqueue master ovs-system state UP group default qlen 1000
> link/ether fe:b8:87:1b:1e:5e brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet6 fe80::fcb8:87ff:fe1b:1e5e/64 scope link
>valid_lft forever preferred_lft forever
>
> Inside the container I set the IP of eth0 device using
>
> ubuntu@vm1:~$ sudo ip addr add 192.168.10.2/24 dev eth0
>
> ubuntu@vm1:~$ ip a
> 7: eth0@if8:  mtu 1500 qdisc noqueue
> state UP group default qlen 1000
> link/ether 00:16:3e:d2:23:a8 brd ff:ff:ff:ff:ff:ff link-netnsid 0
> inet 192.168.10.2/24 scope global eth0
>valid_lft forever preferred_lft forever
> inet6 fe80::216:3eff:fed2:23a8/64 scope link
>valid_lft forever preferred_lft forever
>
> However I still cannot ping the self IP of the bridge.
>
> Is there anything obvious that I have configured wrong?
>
> Thanks
>
> Densha
>
>
> > These materials might help:
> >
> > 1.  Presentation on running LXC on OpenvSwitch at OvS Con:
> >
> > https://www.youtube.com/watch?v=MXewSiDvQl4=221s (presentation I gave
> at
> > OvS Con).
> >
> > I discuss in the preso that for LXC 2.1+, you now have the option to
> > configure OpenvSwitch for LXC in two different ways.  You can configure
> it
> > using, as you mentioned, the scripts (and this was the way we had to do
> it
> > in LXC 1.0.x and  2.0.x.  This method has advantage that VLAN's can also
> > be
> > configured pretty easily in these scripts too.
> >
> > lxc.net.0.script.up
> > lxc.net.0.script.down
> >
> > Or, starting from 2.1.x you can also configure it directly in the LXC
> > config using for example these parameters:
> >
> >   lxc.net.0.type = veth
> >   lxc.net.0.link = ovsbr0
> >   lxc.net.0.flags = up
> >   lxc.net.0.name = eth0
> >
> > which is also discussed here:
> > https://discuss.linuxcontainers.org/t/lxc-2-1-has-been-released/487
> >
> > 2.  Also, my Orabuntu-LXC software projects is specifically designed for
> > deploying an entire LXC VLAN-tagged infrastructure on OpenvSwitch with
> > just
> > a single command:
> >
> > https://github.com/gstanden/orabuntu-lxc
> >
> > See if these references above help you set it up, and if not, let me
> know.
> >
> > HTH, Gilbert
> >
> >
> >
> > On Sat, May 12, 2018 at 2:32 AM,  wrote:
> >
> >>
> >> I am attempting to use LXC containers with OpenVswitch on Ubuntu 18.04
> >> LTS
> >> server.  However, I am unable to work out the syntax for the container
> >> settings.  The container is failing to start due to unable to create the
> >> network.
> >>
> >> I did a vanilla install onto a media play with two NIC cards - enp1s0
> >> and
> >> enp2s0.
> >>
> >> I installed, created, tested and then destroyed a container using lxc to
> >> confirm that lxc was functioning correctly on the server.
> >>
> >> #sudo apt-get install lxc lxc-templates wget bridge-utils
> >> #sudo lxc-checkconfig
> >> #sudo lxc-create -n vm1 -t ubuntu
> >> #sudo lxc-start -n vm1
> >> #sudo lxc-console

Re: [ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04

2018-05-12 Thread Orabuntu-LXC 
These materials might help:

1.  Presentation on running LXC on OpenvSwitch at OvS Con:

https://www.youtube.com/watch?v=MXewSiDvQl4=221s (presentation I gave at
OvS Con).

I discuss in the preso that for LXC 2.1+, you now have the option to
configure OpenvSwitch for LXC in two different ways.  You can configure it
using, as you mentioned, the scripts (and this was the way we had to do it
in LXC 1.0.x and  2.0.x.  This method has advantage that VLAN's can also be
configured pretty easily in these scripts too.

lxc.net.0.script.up
lxc.net.0.script.down

Or, starting from 2.1.x you can also configure it directly in the LXC
config using for example these parameters:

  lxc.net.0.type = veth
  lxc.net.0.link = ovsbr0
  lxc.net.0.flags = up
  lxc.net.0.name = eth0

which is also discussed here:
https://discuss.linuxcontainers.org/t/lxc-2-1-has-been-released/487

2.  Also, my Orabuntu-LXC software projects is specifically designed for
deploying an entire LXC VLAN-tagged infrastructure on OpenvSwitch with just
a single command:

https://github.com/gstanden/orabuntu-lxc

See if these references above help you set it up, and if not, let me know.

HTH, Gilbert



On Sat, May 12, 2018 at 2:32 AM,  wrote:

>
> I am attempting to use LXC containers with OpenVswitch on Ubuntu 18.04 LTS
> server.  However, I am unable to work out the syntax for the container
> settings.  The container is failing to start due to unable to create the
> network.
>
> I did a vanilla install onto a media play with two NIC cards - enp1s0 and
> enp2s0.
>
> I installed, created, tested and then destroyed a container using lxc to
> confirm that lxc was functioning correctly on the server.
>
> #sudo apt-get install lxc lxc-templates wget bridge-utils
> #sudo lxc-checkconfig
> #sudo lxc-create -n vm1 -t ubuntu
> #sudo lxc-start -n vm1
> #sudo lxc-console -n vm1
> #sudo lxc-stop -n vm1
> #sudo lxc-destroy -n vm1
>
> I then removed lxc bridge - lxcbr0 by setting USE_LXC_BRIDGE to false in
> /etc/default/lxc-net and removed lxcbr0 device and rebooted.
>
> # sudo ip link set lxcbr0 down
> # sudo brctl delbr lxcbr0
>
> I then installed openvswitch and created two bridges br-dmz (dmz
> containers - 172.18.0.0/24) and br-int (internal containers -
> 192.168.0.0/24).  I have added physical NIC port enp2s0 to br-int as I
> have a local WAP installed on that interface.
>
> #sudo apt-get install openvswitch-switch
> #sudo ovs-vsctl add-br br-dmz
> #sudo ovs-vsctl add-br br-int
> #sudo ovs-vsctl add-port br-int enp2s0
>
> #sudo ip addr add 172.18.0.1/24 dev br-dmz
> #sudo ip addr add 192.168.10.1/24 dev br-int
>
> #sudo ovs-vsctl show
> c3d9247e-68f1-4ae1-be0e-4bb86fd2c541
> Bridge br-dmz
> Port br-dmz
> Interface br-dmz
> type: internal
> Bridge br-int
> Port br-int
> Interface br-int
> type: internal
> Port "enp2s0"
> Interface "enp2s0"
> ovs_version: "2.9.0"
>
> #ip a
>
> 5: br-dmz:  mtu 1500 qdisc noop state DOWN group
> default qlen 1000
> link/ether 7e:86:2a:79:24:4e brd ff:ff:ff:ff:ff:ff
> inet 172.18.0.1/24 scope global br-dmz
>valid_lft forever preferred_lft forever
> 6: br-int:  mtu 1500 qdisc noop state DOWN group
> default qlen 1000
> link/ether 00:01:80:82:f8:59 brd ff:ff:ff:ff:ff:ff
> inet 192.168.10.1/24 scope global br-int
>valid_lft forever preferred_lft forever
>
>
> I created a LXC container VM1 and I would like to attach to br-int
>
> sudo lxc-create -n vm1 -t ubuntu
>
> Edit VMs config vi /var/lib/lxc/vm1/config
>
> lxc.net.0.link = br-int<- from lxcbr0
> lxc.net.0.script.up=/etc/lxc/ifup   <- added
> lxc.net.0.script.down=/etc/lxc/ifdown   <- added
>
> Created scripts to ifup / ifdown interface
>
> vi /etc/lxc/ifup
> #!/bin/bash
> BRIDGE=br-int
> ovs-vsctl --may-exist add-br $BRIDGE
> ovs-vsctl --if-exists del-port $BRIDGE $5
> ovs-vsctl --may-exist add-port $BRIDGE $5
>
> vi /etc/lxc/ifdown
> #!/bin/bash
> ovsBr=br-int
> ovs-vsctl --if-exists del-port ${ovsBr} $5
>
> chmod +x /etc/lxc/if*
>
> When I try to start the container using openvswitch I get the following
> error.
>
> sudo lxc-start -n vm1 --logfile log.txt
>
> lxc-start vm1 20180512072653.582 ERRORlxc_conf - conf.c:run_buffer:347
> - Script exited with status 1
> lxc-start vm1 20180512072653.610 ERRORlxc_network -
> network.c:lxc_create_network_priv:2436 - Failed to create network device
> lxc-start vm1 20180512072653.610 ERRORlxc_start -
> start.c:lxc_spawn:1545 - Failed to create the network
> lxc-start vm1 20180512072653.610 ERRORlxc_start -
> start.c:__lxc_start:1866 - Failed to spawn container "vm1"
> lxc-start vm1 20180512072653.610 ERRORlxc_container -
> lxccontainer.c:wait_on_daemonized_start:824 - Received container state
> "STOPPING" instead of "RUNNING"
>
>
> Any idea what I have missed that is causing the container netwok to not be
>

[ovs-discuss] Openvswitch and LXC integration on Ubuntu 18.04

2018-05-12 Thread densha 

I am attempting to use LXC containers with OpenVswitch on Ubuntu 18.04 LTS
server.  However, I am unable to work out the syntax for the container
settings.  The container is failing to start due to unable to create the
network.

I did a vanilla install onto a media play with two NIC cards - enp1s0 and
enp2s0.

I installed, created, tested and then destroyed a container using lxc to
confirm that lxc was functioning correctly on the server.

#sudo apt-get install lxc lxc-templates wget bridge-utils
#sudo lxc-checkconfig
#sudo lxc-create -n vm1 -t ubuntu
#sudo lxc-start -n vm1
#sudo lxc-console -n vm1
#sudo lxc-stop -n vm1
#sudo lxc-destroy -n vm1

I then removed lxc bridge - lxcbr0 by setting USE_LXC_BRIDGE to false in
/etc/default/lxc-net and removed lxcbr0 device and rebooted.

# sudo ip link set lxcbr0 down
# sudo brctl delbr lxcbr0

I then installed openvswitch and created two bridges br-dmz (dmz
containers - 172.18.0.0/24) and br-int (internal containers -
192.168.0.0/24).  I have added physical NIC port enp2s0 to br-int as I
have a local WAP installed on that interface.

#sudo apt-get install openvswitch-switch
#sudo ovs-vsctl add-br br-dmz
#sudo ovs-vsctl add-br br-int
#sudo ovs-vsctl add-port br-int enp2s0

#sudo ip addr add 172.18.0.1/24 dev br-dmz
#sudo ip addr add 192.168.10.1/24 dev br-int

#sudo ovs-vsctl show
c3d9247e-68f1-4ae1-be0e-4bb86fd2c541
Bridge br-dmz
Port br-dmz
Interface br-dmz
type: internal
Bridge br-int
Port br-int
Interface br-int
type: internal
Port "enp2s0"
Interface "enp2s0"
ovs_version: "2.9.0"

#ip a

5: br-dmz:  mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 7e:86:2a:79:24:4e brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/24 scope global br-dmz
   valid_lft forever preferred_lft forever
6: br-int:  mtu 1500 qdisc noop state DOWN group
default qlen 1000
link/ether 00:01:80:82:f8:59 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 scope global br-int
   valid_lft forever preferred_lft forever


I created a LXC container VM1 and I would like to attach to br-int

sudo lxc-create -n vm1 -t ubuntu

Edit VMs config vi /var/lib/lxc/vm1/config

lxc.net.0.link = br-int<- from lxcbr0
lxc.net.0.script.up=/etc/lxc/ifup   <- added
lxc.net.0.script.down=/etc/lxc/ifdown   <- added

Created scripts to ifup / ifdown interface

vi /etc/lxc/ifup
#!/bin/bash
BRIDGE=br-int
ovs-vsctl --may-exist add-br $BRIDGE
ovs-vsctl --if-exists del-port $BRIDGE $5
ovs-vsctl --may-exist add-port $BRIDGE $5

vi /etc/lxc/ifdown
#!/bin/bash
ovsBr=br-int
ovs-vsctl --if-exists del-port ${ovsBr} $5

chmod +x /etc/lxc/if*

When I try to start the container using openvswitch I get the following
error.

sudo lxc-start -n vm1 --logfile log.txt

lxc-start vm1 20180512072653.582 ERRORlxc_conf - conf.c:run_buffer:347
- Script exited with status 1
lxc-start vm1 20180512072653.610 ERRORlxc_network -
network.c:lxc_create_network_priv:2436 - Failed to create network device
lxc-start vm1 20180512072653.610 ERRORlxc_start -
start.c:lxc_spawn:1545 - Failed to create the network
lxc-start vm1 20180512072653.610 ERRORlxc_start -
start.c:__lxc_start:1866 - Failed to spawn container "vm1"
lxc-start vm1 20180512072653.610 ERRORlxc_container -
lxccontainer.c:wait_on_daemonized_start:824 - Received container state
"STOPPING" instead of "RUNNING"


Any idea what I have missed that is causing the container netwok to not be
created.

Thanks

Densha










___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss