Re: [lxc-users] Networking issues with LXC containers in EC2

2016-01-12 Thread Fajar A. Nugraha
On Wed, Jan 13, 2016 at 10:03 AM, Fajar A. Nugraha wrote: > On Tue, Jan 12, 2016 at 9:29 PM, Peter Steele wrote: >> On 01/12/2016 05:59 AM, Fajar A. Nugraha wrote: >>> >>> On Tue, Jan 12, 2016 at 8:40 PM, Peter Steele wrote: I

Re: [lxc-users] Networking issues with LXC containers in EC2

2016-01-12 Thread Fajar A. Nugraha
On Tue, Jan 12, 2016 at 9:29 PM, Peter Steele wrote: > On 01/12/2016 05:59 AM, Fajar A. Nugraha wrote: >> >> On Tue, Jan 12, 2016 at 8:40 PM, Peter Steele wrote: >>> >>> I should have added that I have no issue running our software on a single >>> EC2

[lxc-users] compile lxd

2016-01-12 Thread mattias jonsson
How to do it? There is no configure ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Networking issues with LXC containers in EC2

2016-01-12 Thread Fajar A. Nugraha
On Tue, Jan 12, 2016 at 8:40 PM, Peter Steele wrote: > I should have added that I have no issue running our software on a single > EC2 instance with containers running on that instance. We can assign > multiple IPs to the instance itself, as well as to the containers running >

Re: [lxc-users] Networking issues with LXC containers in EC2

2016-01-12 Thread Peter Steele
I should have added that I have no issue running our software on a single EC2 instance with containers running on that instance. We can assign multiple IPs to the instance itself, as well as to the containers running under the instance, and the containers can all communicate with each other as

Re: [lxc-users] compile lxd

2016-01-12 Thread Tycho Andersen
On Tue, Jan 12, 2016 at 01:25:27PM +, mattias jonsson wrote: > How to do it? > There is no configure It's a go program, so there is no autoconf. See the readme: https://github.com/lxc/lxd#building-from-source > lxc-users mailing list > lxc-users@lists.linuxcontainers.org >

Re: [lxc-users] re Networking issues with LXC containers in EC2

2016-01-12 Thread Peter Steele
On 01/12/2016 08:43 AM, Peter Steele wrote: On 01/12/2016 06:35 AM, brian mullan wrote: Peter On AWS unless you are using VPC I don't think you can use secondary addresses because AWS won't route any of that traffic. Also with your addresses routing would be affected by the split-horizon

Re: [lxc-users] re Networking issues with LXC containers in EC2

2016-01-12 Thread brian mullan
All I did was install/configure PeerVPN on say server1 and server2 and make sure they connected. While logged into each of your servers you should then be able to ping 10.x.x.x IP address of the other PeerVPN member server(s) ... assuming you are using PeerVPN as an L2 VPN and not a L3 VPN. The

[lxc-users] re Networking issues with LXC containers in EC2

2016-01-12 Thread brian mullan
Peter On AWS unless you are using VPC I don't think you can use secondary addresses because AWS won't route any of that traffic. Also with your addresses routing would be affected by the split-horizon problem with the same network on 2 sides. You probably know this ... but on AWS each instance

Re: [lxc-users] re Networking issues with LXC containers in EC2

2016-01-12 Thread Peter Steele
On 01/12/2016 01:34 PM, brian mullan wrote: All I did was install/configure PeerVPN on say server1 and server2 and make sure they connected. While logged into each of your servers you should then be able to ping 10.x.x.x IP address of the other PeerVPN member server(s) ... assuming you are

Re: [lxc-users] re Networking issues with LXC containers in EC2

2016-01-12 Thread brian mullan
re: I *can* ping a container in host 2 but not host 2 itself welcome to networking... its a layer 2 network and each host itself is the tunnel end point. I had kept something that explained some of it and if I can find it send it to you tomorrow. Your br0 interfaces on the 2 servers you assign

Re: [lxc-users] re Networking issues with LXC containers in EC2

2016-01-12 Thread Mike Wright
On 01/12/2016 04:24 PM, brian mullan wrote: re: I *can* ping a container in host 2 but not host 2 itself welcome to networking... its a layer 2 network and each host itself is the tunnel end point. I had kept something that explained some of it and if I can find it send it to you tomorrow.

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

2016-01-12 Thread Serge Hallyn
Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch): > So  if I understood correctly, this means that lxd could potentially suffer > from a weakness in 'lxc monitor' meaning that it is more secure to run > unprivileged containers using the low level lxc-... functions? I mentioned the

Re: [lxc-users] re Networking issues with LXC containers in EC2

2016-01-12 Thread Peter Steele
On 01/12/2016 06:35 AM, brian mullan wrote: Peter On AWS unless you are using VPC I don't think you can use secondary addresses because AWS won't route any of that traffic. Also with your addresses routing would be affected by the split-horizon problem with the same network on 2 sides.