[Lxc-users] [lxc-devel] Request for inclusion into mainline LXC utils

Michael H. Warfield mhw at WittsEnd.com
Mon Jan 25 01:01:26 UTC 2010


On Sun, 2010-01-24 at 23:27 +0100, Suno Ano wrote: 
> Combining forces would be great. I just took a glance at
> https://sourceforge.net/projects/lxc-provider/ and the thing that sprung
> my eyes are
>  - it is a bit Ubuntu focused as it is coded right now
>  - assumes using a bridge i.e. also lxc.network.type=veth

> So, I am with Debian and in favor of macvlan, also totally annoyed by
> using bridges; I would rather not have to use a bride at all.

I don't want to start a flame war but, honestly, I feel that one follows
the other.  I have used Debian (vanilla, Knoppix, and Ubuntu) and even
spun a custom distro based on Knoppix and I am not at all surprised
that, if you are with Debian, you find bridges annoying.  I would too.

In my experience I find that, with that inane network subsystem centered
around the interfaces file, anything, outside of very simple networking
and routing, is excruciatingly painful to set up, and I do a LOT of
things that involve very complex network configurations with lots of
bridges and tunnels.

The custom distro that I did was an internal security related
distributed honeypot/honeynet project and the networking on that was my
biggest headache.  Since then, that project got shelved and, if I do
another go at it (the bosses are talking about it - sigh...), future
versions will be based on NST, a Fedora based run-live.  Because all the
internal communications with that distributed honeynet was purely IPv6
based, it will take half the work the Knoppix based effort was.

I have yet to figure out how to tell my Debian containers to set up
something as simple as an IPv6 autoconfigured interface.  Fedora
containers work right OOTB.  You would THINK it would be child's play.
But it insists that, if I define an inet6 interface, it either wants
dhcp or static and it doesn't like it if you tell it static and then
don't give it a static address.  Leaving it undefined doesn't seem to
help, either.  I get a link local address but it still won't autoconf.
I also don't see where the proper routing and structure for IPv6 is
suppose to get set up.  IPv6 is up.  I see the SIT0 device.  But the
IPv6 routing table contains none of the stock IPv6 init scripts
initialization for things like 6to4 routing or local address handling.
Take a look on a Debian system with static IPv6 addresses set up and
look at the v6 routing table with "ip -6 route ls" and you'll see 3 or 4
routes.  On a RedHat / Fedora system I've got something like a dozen
routes, most of which are there making sure certain things, like
compatibility addresses, DON'T get routed.  I just don't get the feeling
that IPv6 has gotten set up properly.

I just find the whole networking model in Debian to be frustrating.  It
is probably the number 1 primary reason why I don't use Debian more and
won't be incorporating it into future projects.

I had some problems with macvlan that may have been kernel rev related,
and I'm going to go back and retest some stuff, where I could ping and
connect to a host container from another physical system but nothing
worked from the host to the container.  Bridges on Fedora / RedHat are
trivial to set up, so I took the easy way out.  Sorry.  I'm a lazy

> IMHO first thing on the menu should really be about an API that allows
> to keep things generic enough for all users of lxc.

Oh...  On that, I think we can totally agree.  I heartily concur.

I'm working on some of my scripts that people are asking me to post.
I'm past the "works for me" stage, with the way I set things up, and
looking at "well, what if they don't want to do things the way I like to
do them".  I've almost totally rewritten my initial script for
converting OpenVZ configuration files over to LXC configuration files.
Once I sort out the bloody mess with trying to deal with OpenVZ
${VEID}.mount files and the LXC fstabs, I just might finally get around
to posting it.

Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
