<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#333333">
Please forgive the long-winded explanation but I think better to be
explicit rather than leave people guessing.<br>
I have been using LXD containers ever since its birth and prefer it
to LXC containers (my personal preference.)<br>
The ease of use and migration between hosts is a definite plus.<br>
I have seen people fighting with external facing containers for
awhile and although I do not profess to know everything about this
issue, I have found something that consistently works for me.<br>
<br>
1- I use mainly defaults during system installation.<br>
2- generally use default or bridge profiles.<br>
3- Modify as per below<br>
<br>
Lately I specifically notice that <a class="moz-txt-link-abbreviated" href="mailto:david.andel@bli.uzh.ch">david.andel@bli.uzh.ch</a> is having
trouble with Internet facing containers which I had for awhile.<br>
The issue seems to have cured itself by following the sequence
below.<br>
<br>
I hope this helps someone.<br>
#----------------------------------------<br>
#----------------------------------------<br>
I have noticed that on occasion the profile gets mangled upon "lxc
copy" of or "lxc init" of a new container.<br>
Therefore I have set up a process whereby a standard procedure is
followed to delete all interfaces and reinstall.<br>
The process is below #====~<br>
SO FOR ALL INTERNET FACING CONTAINERS I USE "bridge" ONLY<br>
#----------------------------------------<br>
#----------------------------------------<br>
This is my setup<br>
:~# cat /etc/lsb-release<br>
DISTRIB_ID=Ubuntu<br>
DISTRIB_RELEASE=16.04<br>
DISTRIB_CODENAME=xenial<br>
DISTRIB_DESCRIPTION="Ubuntu 16.04 LTS"<br>
#----------------------------------------<br>
:~# dpkg -l | grep lxc<br>
ii liblxc1 2.0.0-0ubuntu2 amd64 Linux Containers
userspace tools (library)<br>
ii lxc 2.0.0-0ubuntu2 all Transitional
package for lxc1<br>
ii lxc-common 2.0.0-0ubuntu2 amd64 Linux Containers
userspace tools (common tools)<br>
ii lxc-templates 2.0.0-0ubuntu2 amd64 Linux Containers
userspace tools (templates)<br>
ii lxc1 2.0.0-0ubuntu2 amd64 Linux Containers
userspace tools<br>
ii lxcfs 2.0.0-0ubuntu2.1 amd64 FUSE based
filesystem for LXC<br>
ii python3-lxc 2.0.0-0ubuntu2 amd64 Linux Containers
userspace tools (Python 3.x bindings)<br>
:~# dpkg -l | grep lxd<br>
ii lxd 2.0.2-0ubuntu1~16.04.1 amd64 Container
hypervisor based on LXC - daemon<br>
ii lxd-client 2.0.2-0ubuntu1~16.04.1 amd64 Container
hypervisor based on LXC - client<br>
#----------------------------------------<br>
/etc/default/lxd-bridge # I generally use defaults<br>
#----------------------<br>
# WARNING: This file is generated by a debconf template!<br>
# It is recommended to update it by using "dpkg-reconfigure -p
medium lxd"<br>
etc...<br>
#----------------------------------------<br>
egrep -v '(^#|^$)' /etc/default/lxd-bridge<br>
#--------------------<br>
USE_LXD_BRIDGE="true"<br>
LXD_BRIDGE="lxdbr0"<br>
UPDATE_PROFILE="true"<br>
LXD_CONFILE=""<br>
LXD_DOMAIN="lxd"<br>
LXD_IPV4_ADDR=""<br>
LXD_IPV4_NETMASK=""<br>
LXD_IPV4_NETWORK=""<br>
LXD_IPV4_DHCP_RANGE=""<br>
LXD_IPV4_DHCP_MAX=""<br>
LXD_IPV4_NAT="true"<br>
LXD_IPV6_ADDR=""<br>
LXD_IPV6_MASK=""<br>
LXD_IPV6_NETWORK=""<br>
LXD_IPV6_NAT="false"<br>
LXD_IPV6_PROXY="true"<br>
#----------------------------------------<br>
One difference between this and <a class="moz-txt-link-abbreviated" href="mailto:david.andel@bli.uzh.ch">david.andel@bli.uzh.ch</a> profile is
the last line which I don't use anyway.<br>
All others are default settings from "dpkg-reconfigure -p medium
lxd"<br>
#----------------------------------------<br>
#----------------------------------------<br>
IF INTERNET ACCESS IS DESIRED<br>
#----------------------------------------<br>
lxc copy container1 container2<br>
lxc profile create bridge<br>
lxc profile edit bridge<br>
lxc profile apply container2 bridge<br>
#----------------------------------<br>
###<br>
### On external/internet access containers I use "bridge" ONLY<br>
### "default" is not used<br>
###<br>
### On internal access containers that need a SPECIFIC ip address.<br>
### I use "default,bridge"<br>
### and specify either eth1 or eth2<br>
### or none if specific ip address not desired.<br>
###<br>
### No matter what configuration I use<br>
### eth0 is always parented by lxdbr0<br>
### eth1 is always parented by br0<br>
### eth2 is always parented by br1<br>
#----------------------------------------<br>
lxc profile edit bridge<br>
#----------------------------------------<br>
name: bridge<br>
config:<br>
security.nesting: "true"<br>
security.privileged: "true"<br>
description: ""<br>
devices:<br>
eth1: # the container nic<br>
nictype: bridged<br>
parent: br0 # the host nic<br>
type: nic<br>
eth2: # the container nic<br>
nictype: bridged<br>
parent: br1 # the host nic<br>
type: nic<br>
#----------------------------------------<br>
lxc profile edit default<br>
#----------------------------------------<br>
name: default<br>
config: {}<br>
description: Default LXD profile<br>
devices:<br>
eth0:<br>
name: eth0<br>
nictype: bridged<br>
parent: lxdbr0<br>
type: nic<br>
#========================================<br>
#========================================<br>
#========================================<br>
# ON THE SERVER<br>
# These are the commands I use to achieve the above results<br>
# As I mentioned above the sequence sometimes has to be repeated a
couple of times in order to succeed.<br>
# Especially lxc config edit ${CONTAINER}<br>
#<br>
# If at first you don't succeed,<br>
# lxc stop ${CONTAINER}<br>
# and repeat the sequence<br>
#<br>
# Success is shown by lxc start ${CONTAINER} resulting in ...<br>
# lxc start ${CONTAINER}<br>
# "lxc list" showing desired ip addresses.<br>
#----------------------------------------<br>
#!/bin/bash # or copy and paste the following lines directly into
shell prompt.<br>
#----------<br>
CONTAINER=x2go1248 # or whatever you desired container name<br>
lxc config device remove ${CONTAINER} eth0 && \<br>
lxc config device remove ${CONTAINER} eth1 && \<br>
lxc config device remove ${CONTAINER} eth2 && \<br>
#<br>
lxc config device add ${CONTAINER} eth0 nic nictype=bridged
parent=lxdbr0 && \<br>
lxc config device add ${CONTAINER} eth1 nic nictype=bridged
parent=br0 && \<br>
lxc config device add ${CONTAINER} eth2 nic nictype=bridged
parent=br1 && \<br>
#<br>
lxc profile apply ${CONTAINER} bridge # or "default,bridge"<br>
#------------------------------------<br>
#-- These commands usually done separately<br>
lxc config edit ${CONTAINER}<br>
#<br>
lxc start ${CONTAINER}<br>
#========================================<br>
#========================================<br>
#========================================<br>
# Modify these commands to fit your requirements<br>
#------------------------------------------------<br>
##### ON THE SERVER<br>
##### WARNING #####<br>
##### THIS WILL OVERWRITE
/var/lib/lxd/containers/${CONTAINER}/rootfs/etc/network/interfaces
#####<br>
#-----------------<br>
CONTAINER=x2go1248 # or whatever you desired container name<br>
#-----------------<br>
cat <<EOF >
/var/lib/lxd/containers/${CONTAINER}/rootfs/etc/network/interfaces<br>
# The primary network interface<br>
#auto eth0 # Not needed for external/internet
access.<br>
#iface eth0 inet dhcp # Not needed for external/internet
access.<br>
#<br>
auto eth1 # This is my external facing LAN<br>
iface eth1 inet static<br>
address 192.168.2.248/16<br>
gateway 192.168.2.1<br>
dns-nameservers 208.67.220.220 8.8.8.8<br>
#<br>
auto eth2 # This is my internal LAN<br>
iface eth2 inet static<br>
address 172.31.30.248/12<br>
EOF<br>
#========================================<br>
<br>
<br>
<pre wrap="">_______________________________________________
lxc-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>
<a class="moz-txt-link-freetext" href="http://lists.linuxcontainers.org/listinfo/lxc-users">http://lists.linuxcontainers.org/listinfo/lxc-users</a></pre>
<br>
</body>
</html>