[lxc-users] Magic incantation or sacrificial chickens necessary?

Erik Haller erik.haller at gmail.com
Thu Sep 25 17:00:23 UTC 2014


    Here is my production configuration. It should work with Redhat:

    lxc.network.type = macvlan
    lxc.network.macvlan.mode = bridge
    lxc.network.flags = up
    lxc.network.link = eth0
    lxc.network.ipv4 = 192.168.7.70/16 <http://192.168.7.70/16>
    lxc.network.ipv4.gateway = 192.168.7.1
    # ...# mounts point

    lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
    lxc.mount.entry = sysfs sys sysfs defaults  0 0

    # /lib/modules is needed for iptables/ufw
    lxc.mount.entry = /lib/modules /var/lib/lxc/lemon/rootfs/lib/modules
    none ro,bind 0 0
    # Nice to mount host home directories
    lxc.mount.entry = /home /var/lib/lxc/lemon/rootfs/home none rw,rbind 0 0

    # network interface name is limited to 16 chars
    lxc.hook.pre-start = /bin/sh -c "exec mount -n -o remount,rw
    /var/lib/lxc/lemon/rootfs"
    lxc.hook.pre-start = /bin/sh -c "ip link add link eth0 name lemon
    type macvlan mode bridge && ip link set lemon up"
    lxc.hook.pre-start = /bin/sh -c "ip route add 192.168.7.70 dev lemon
    || true"

    lxc.hook.post-stop = /bin/sh -c "ip route del 192.168.7.70 || true"
    lxc.hook.post-stop = /bin/sh -c "ip link set lemon down && ip link
    del lemon"
    lxc.hook.post-stop = /bin/sh -c "exec mount -n -o remount,rw
    /var/lib/lxc/lemon/rootfs"

    Couple of notes:

     1. This a Debian lxc 0.9.0-aplha3 system. Works fine with
        lxc-stop|lxc-start. It's been in production ~ year.
     2. Hostname: lemon, change hostname throughout.
     3. Disable br0 bridge. Reboot. Try the above setup and get it
        running. macvlan and older bridging may be incompatible in linux.
     4. Change your lxc.network.link to eth0, do not use br0.
     5. Don't enable ip_forward. I don't have it enabled.
     6. Don't set the mac address. Remove lxc.network.hwaddr
     7. Note: macvlan takes 10-30 seconds of pinging from a different
        host after lxc-start. This is normal.

On 9/25/14 9:52 AM, Chris Kloiber wrote:
> Would anyone know what is required (both on the host and within a 
> container) using Red Hat based distributions such as Oracle Linux 6.5 
> or 7.0 as both the Host and the container to have each container have 
> its own static, Public IP (no iptables NAT nonsense) and be reachable 
> from anywhere? I can't seem to find a documented example that works 
> for me anywhere on my own or with the help of Google...
>
> Thanks in advance.
>
>
> Chris Kloiber
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140925/4ca029db/attachment.html>


More information about the lxc-users mailing list