[lxc-users] Am I missing something?

Erik Haller erik.haller at gmail.com
Mon Sep 22 22:51:47 UTC 2014 

Here is my production configuration:

lxc.network.type = macvlan
lxc.network.macvlan.mode = bridge
lxc.network.flags = up
lxc.network.link = eth0
lxc.network.ipv4 = 192.168.7.70/16
lxc.network.ipv4.gateway = 192.168.7.1
# ...# mounts point

lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults  0 0

# /lib/modules is needed for iptables/ufw
lxc.mount.entry = /lib/modules /var/lib/lxc/lemon/rootfs/lib/modules none
ro,bind 0 0
# Nice to mount host home directories
lxc.mount.entry = /home /var/lib/lxc/lemon/rootfs/home none rw,rbind 0 0

# network interface name is limited to 16 chars
lxc.hook.pre-start = /bin/sh -c "exec mount -n -o remount,rw
/var/lib/lxc/lemon/rootfs"
lxc.hook.pre-start = /bin/sh -c "ip link add link eth0 name lemon type
macvlan mode bridge && ip link set lemon up"
lxc.hook.pre-start = /bin/sh -c "ip route add 192.168.7.70 dev lemon ||
true"

lxc.hook.post-stop = /bin/sh -c "ip route del 192.168.7.70 || true"
lxc.hook.post-stop = /bin/sh -c "ip link set lemon down && ip link del
lemon"
lxc.hook.post-stop = /bin/sh -c "exec mount -n -o remount,rw
/var/lib/lxc/lemon/rootfs"

Couple of notes:

   1. This a Debian lxc 0.9.0-aplha3 system. Works fine with
   lxc-stop|lxc-start. It's been in production ~ year.
   2. Hostname: lemon, change hostname throughout.
   3. Disable br0 bridge. Reboot. Try the above setup and get it running.
   macvlan and older bridging may be incompatible in linux.
   4. Change your lxc.network.link to eth0, do not use br0.
   5. Don't enable ip_forward. I don't have it enabled.
   6. Don't set the mac address. Remove lxc.network.hwaddr
   7. Note: macvlan takes 10-30 seconds of pinging from a different host
   after lxc-start. This is normal.



On Mon, Sep 22, 2014 at 7:43 AM, Chris Kloiber <ckloiber at cedardoc.com>
wrote:

>  Trying to wrap my mind around the lxc networking. I need to configure
> each container with it’s own static IP on the same subnet as the host. I
> think that requires a “macvlan/bridge” setup like this:
>
>   lxc.network.type = macvlan
>
> lxc.network.macvlan.mode = bridge
>
> lxc.network.flags = up
>
> lxc.network.link = br0
>
> lxc.network.ipv4 = 10.0.0.11/24 10.0.0.255
>
> lxc.network.ipv4.gateway = 10.0.0.1
>
> lxc-network.name = eth0
>
> lxc.network.mtu = 1500
> lxc.network.hwaddr= 00:16:3e:97:81:42
>
>  But this goes nowhere. The host does have a properly configured br0
> device (this is an ol6 system, btw) and net.ipv4.ip_forward = 1 Is
> enabled. The host iptables are disabled.
>
>  I’ve been beating my head against this for a week now. Please help, or
> tell me what other information I can provide. Thank you.
>
>
>>
> *Chris Kloiber*
>
> *CEDAR Document Technologies*
>
> One Ravinia Drive, Suite 200
>
> Atlanta, GA 30346
>
> 1(404)436-2470 (office)
>
> 1(678)512-9636 (cell)
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140922/be20084d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cedardoc.png
Type: image/png
Size: 10719 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140922/be20084d/attachment-0001.png>

More information about the lxc-users mailing list