[lxc-users] Magic incantation or sacrificial chickens necessary?
Erik Haller
erik.haller at gmail.com
Thu Sep 25 17:00:23 UTC 2014
Here is my production configuration. It should work with Redhat:
lxc.network.type = macvlan
lxc.network.macvlan.mode = bridge
lxc.network.flags = up
lxc.network.link = eth0
lxc.network.ipv4 = 192.168.7.70/16 <http://192.168.7.70/16>
lxc.network.ipv4.gateway = 192.168.7.1
# ...# mounts point
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
# /lib/modules is needed for iptables/ufw
lxc.mount.entry = /lib/modules /var/lib/lxc/lemon/rootfs/lib/modules
none ro,bind 0 0
# Nice to mount host home directories
lxc.mount.entry = /home /var/lib/lxc/lemon/rootfs/home none rw,rbind 0 0
# network interface name is limited to 16 chars
lxc.hook.pre-start = /bin/sh -c "exec mount -n -o remount,rw
/var/lib/lxc/lemon/rootfs"
lxc.hook.pre-start = /bin/sh -c "ip link add link eth0 name lemon
type macvlan mode bridge && ip link set lemon up"
lxc.hook.pre-start = /bin/sh -c "ip route add 192.168.7.70 dev lemon
|| true"
lxc.hook.post-stop = /bin/sh -c "ip route del 192.168.7.70 || true"
lxc.hook.post-stop = /bin/sh -c "ip link set lemon down && ip link
del lemon"
lxc.hook.post-stop = /bin/sh -c "exec mount -n -o remount,rw
/var/lib/lxc/lemon/rootfs"
Couple of notes:
1. This a Debian lxc 0.9.0-aplha3 system. Works fine with
lxc-stop|lxc-start. It's been in production ~ year.
2. Hostname: lemon, change hostname throughout.
3. Disable br0 bridge. Reboot. Try the above setup and get it
running. macvlan and older bridging may be incompatible in linux.
4. Change your lxc.network.link to eth0, do not use br0.
5. Don't enable ip_forward. I don't have it enabled.
6. Don't set the mac address. Remove lxc.network.hwaddr
7. Note: macvlan takes 10-30 seconds of pinging from a different
host after lxc-start. This is normal.
On 9/25/14 9:52 AM, Chris Kloiber wrote:
> Would anyone know what is required (both on the host and within a
> container) using Red Hat based distributions such as Oracle Linux 6.5
> or 7.0 as both the Host and the container to have each container have
> its own static, Public IP (no iptables NAT nonsense) and be reachable
> from anywhere? I can't seem to find a documented example that works
> for me anywhere on my own or with the help of Google...
>
> Thanks in advance.
>
>
> Chris Kloiber
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140925/4ca029db/attachment.html>
More information about the lxc-users
mailing list