[lxc-users] creating bridges inside a (macvlan) container
Fajar A. Nugraha
list at fajar.net
Thu Mar 26 05:35:25 UTC 2015
On Wed, Mar 25, 2015 at 9:01 PM, Chris Burroughs
<chris.burroughs at gmail.com> wrote:
> On 03/24/2015 06:00 PM, Fajar A. Nugraha wrote:
>>>
>>> create veth bridges inside a container on top of macvlan bridges?
>>
>>
>> It works just fine on Ubuntu with an old lxc-1.0.7.
>
>
> Thanks for checking! This is with lxc-1.0.7 on centos6
>
>> Did you perhaps NOT have the bridge module loaded yet on the host? Try
>> adding and removing a bridge on the host first to verify that
>> everything works (including loading the necessary modules), and then
>> retry your test on the container side.
>
>
> I tried doing the bridge cycle on the physical host first and get the same
> result.
So you can create bridge on the host just fine? In that case it
shouldn't be module issue.
- check how your containers are created. I'm using ubuntu container
using download template, which comes correctly configured to have
bridges inside containers.
- check for permissions
Since you use centos, it shouldn't be selinux issue. Probably device
permission issue. Try various lxc.cgroup.devices.allow entries. Again,
the ubuntu container using download template works fine, so you could
probably start from its generated config file (and its includes). Do
the same for lxc.cap.drop
>> Note that this is assuming you'd be using the bridge to create an
>> additional network, and NOT bridging the container's eth0 (which is a
>> macvlan device).
>
>
> I'm not sure I understand the details of linux networking enough to
> appreciate the difference.
Short version: bridging a macvlan device wont work
If you still don't understand the implication, then I suggest you
don't use macvlan, but rather stick with veth.
--
Fajar
More information about the lxc-users
mailing list