[lxc-users] Configuring LXC containers to use a host bridge under CentOS 7
Neil Greenwood
neil.greenwood at gmail.com
Sat Aug 29 08:09:01 UTC 2015
Hi Peter,
On 28 August 2015 23:11:51 BST, Peter Steele <pwsteele at gmail.com> wrote:
>On 08/28/2015 02:08 PM, Serge Hallyn wrote:
>> Can you show the host and container network details and container
>> xml for your libvirt-lxc setup? If machines A and B are on the
>> same LAN, with containers on A, are you saying that B can ping
>> the containers on A?
>
>Yes, in our libvirt-LXC setup, containers on machine A can ping
>containers on machine B. They all have static IPs taken from the same
>subnet. This was easy to setup in libvirt-LXC. In fact, I just used the
>
>default behavior provided by libvirt.
>
>Each server has a br0 bridge interface with a static IP assigned to it.
>
>This is independent of anything to do with libvirt per se, the bridge
>is
>setup using a standard CentOS 7 configuration file. For example, one of
>
>my servers has a ifcfg-br0 file that looks like this:
>
># cat /etc/sysconfig/network-scripts/ifcfg-br0:
>DEVICE=br0
>NAME=br0
>BOOTPROTO=none
>ONBOOT=yes
>TYPE=Bridge
>USERCTL=no
>NM_CONTROLLED=no
>IPADDR=172.16.110.202
>NETMASK=255.255.0.0
>GATEWAY=172.16.0.1
>DOMAIN=local.localdomain
>DEFROUTE=yes
>
>The containers themselves are created using a command similar to this:
>
>virt-install --connect=lxc:/// \
> --os-variant=rhel7 \
> --network bridge=br0,mac=RANDOM \
> --name=test1 \
> --vcpus=2 \
> --ram=4096 \
> --container \
> --nographics \
> --noreboot \
> --noautoconsole \
> --wait=60 \
> --filesystem /lxc/test1/rootfs/,/
>
>The xml that this generates for the containers is pretty basic:
>
> <interface type='bridge'>
> <mac address='00:16:3e:e1:54:36'/>
> <source bridge='br0'/>
> </interface>
>
>The container ends up with an eth0 interface with the specified mac
>address, bridged through br0. The br0 interface itself is not visible
>in
>the container, only lo and eth0.
>
>I did not have to configure anything specifically on the server beyond
>the ifcfg-br0 file. I relied on the default behavior and configuration
>provided by libvirt-LXC. There *is* a network related configuration for
>
>libvirt, but it's only used if a container uses NAT instead of
>bridging:
>
># virsh net-dumpxml default
><network>
> <name>default</name>
> <uuid>43852829-3a0e-4b27-a365-72e48037020f</uuid>
> <forward mode='nat'>
> <nat>
> <port start='1024' end='65535'/>
> </nat>
> </forward>
> <bridge name='virbr0' stp='on' delay='0'/>
> <mac address='52:54:00:f9:cd:a3'/>
> <ip address='192.168.122.1' netmask='255.255.255.0'>
> <dhcp>
> <range start='192.168.122.2' end='192.168.122.254'/>
> </dhcp>
> </ip>
></network>
>
>I don't think the info in this xml plays any role in containers
>configured with bridged networking.
>
>The command I use to create my LXC containers looks like this:
>
># lxc-create -t /bin/true -n test1 --dir=/lxc/test1/rootfs
>
>I populate the rootfs manually using the same template that I use with
>libvirt-LXC, and subsequently customize the container with its own
>ifcfg-eth0 file, /etc/hosts, etc.
>
>I'm clearly missing a configuration step that's needed to setup LXC
>containers with bridged networking like I have with libvirt -LXC...
>
Do you have a ifcfg-br0 in your LXC configuration? If the VMs can see each other, I think most of the settings are correct apart from the bridge not being connected to the host's eth0. I'm not that familiar with Centos networking though, so I don't know which bit you need to change.
Neil
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the lxc-users
mailing list