[lxc-users] Configuring LXC containers to use a host bridge under Ubuntu Wily

Sat Aug 29 18:55:38 UTC 2015

Greetings, Mark Constable!

> So not to hijack Peter Steeles CentOS thread I'd like to ask a similar question
> about the best way to tweak either the LXC network settings or
> /etc/network/interfaces to provide the missing pieces for non-NAT bridging.

Actually, you'll need both for "best non-NAT bridging".

> I modify lxc-net to bring up a bridge using my "native" internal LAN network range
> and this starts up just fine when the lxd deamon is started by systemd but I have
> to manually use /etc/rc.local to bind the lxcbr0 bridge to enp4s0f1 (or eth0).

> ~ egrep -v "^(#|$)" /etc/default/lxc-net
> USE_LXC_BRIDGE="true"
> LXC_BRIDGE="lxcbr0"
> LXC_ADDR="192.168.0.2"
> LXC_NETMASK="255.255.255.0"
> LXC_NETWORK="192.168.0.0/24"
> LXC_DHCP_RANGE="192.168.0.3,192.168.0.99"
> LXC_DHCP_MAX="96"
> LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
> LXC_DOMAIN="lxc"

Crap. Entirely. From top to bottom, and across the length span.

> ~ egrep -v "^(#|$)" /etc/rc.local

printf "%s\n" "#!/bin/sh" "exit 0" | sudo tee /etc/rc.local

And LEAVE IT AT THAT.
rc.local is a crutch. Healthy system don't need crutches to function.

> ifconfig enp4s0f1 up
> brctl addif lxcbr0 enp4s0f1
> route add default gw 192.168.0.1
> echo "
> nameserver 192.168.0.2
> search lxc" > /etc/resolv.conf

> The above has been working for me for 6 months but it's "tacky" and I'd like to
> complete these bridging steps "properly". My attempts with /etc/network/interfaces
> fail because the bridge is already up via either /etc/network/interfaces or lxc-net.

> - is it possible to do these /etc/rc.local steps via lxc-net?

You don't need them to begin with.

> - if not could anyone offer a hint for the correct way to do the above via the
>    /etc/network/interfaces file?

Assuming eth0 is your physical network interface, container configuration
should look like this:

lxc.network.type = macvlan
lxc.network.macvlan.mode = bridge
lxc.network.link = eth0
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.network.name = eth0 (This is not necessary, but I like it this way.)

And if you want to also communicate with the host, the /etc/network/interfaces
you will need like this one:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto mac0
iface mac0 inet static
  address 192.168.0.1
  netmask 255.255.255.0
  gateway 192.168.0.2
  pre-up ip link set eth0 up
  pre-up ip link add $IFACE link eth0 type macvlan mode bridge
  post-down ip link delete $IFACE type macvlan

OF COURSE, you will need to tweak your firewall rules to use a new interface
name.
This is the bare-bone setup that lets you get started without additional
tools.
If you need a Better Beast(tm), consider downloading the
http://www.rootdir.org/xnix/macvlan/153/macvlan.sh.gz and installing as
ifupdown handler.

> $ macvlan.sh --help
> IPROUTE2 MACVLAN helper script $Rev: 150 $
>
> Switches:
>
>   -I,--install  install the helper from current location.
>   -V,--version  print version info
>   --help        print help page
>
> Use /etc/network/interfaces to configure your macvlan interfaces.
> Special parameters:
>
>   macvlan_link <physical eth device>
>         (mandatory) specifies raw device to create macvlan device on
>
>   macvlan_mode { private | vepa | bridge | passthru }
>         (optional) sets interface mode. Default is 'private'.
>
> Use 'hwaddress ether ...' to assign persistent MAC address to the interface.
> Make sure the bit 0x02 is set in your custom MAC to avoid collisions.
>
> SEE ALSO
>
>   macvlan.sh --examples, macvlan.sh --help-full, ip(8)

And the article (in Russian, but...) http://forum.ubuntu.ru/index.php?topic=260065.0

-- 
With best regards,
Andrey Repin
Saturday, August 29, 2015 21:38:21

Sorry for my terrible english...