[lxc-users] LXD containers lose outbound network

ronkaluta rkaluta at gmail.com
Mon Jun 27 13:02:14 UTC 2016 

Please forgive the long-winded explanation but I think better to be 
explicit rather than leave people guessing.
I have been using LXD containers ever since its birth and prefer it to 
LXC containers (my personal preference.)
The ease of use and migration between hosts is a definite plus.
I have seen people fighting with external facing containers for awhile 
and although I do not profess to know everything about this issue, I 
have found something that consistently works for me.

1- I use mainly defaults during system installation.
2- generally use default or bridge profiles.
3- Modify as per below

Lately I specifically notice that david.andel at bli.uzh.ch is having 
trouble with Internet facing containers which I had for awhile.
The issue seems to have cured itself by following the sequence below.

I hope this helps someone.
#----------------------------------------
#----------------------------------------
I have noticed that on occasion the profile gets mangled upon "lxc copy" 
of or "lxc init" of a new container.
Therefore I have set up a process whereby a standard procedure is 
followed to delete all interfaces and reinstall.
The process is below #====~
SO FOR ALL INTERNET FACING CONTAINERS I USE "bridge" ONLY
#----------------------------------------
#----------------------------------------
This is my setup
:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04 LTS"
#----------------------------------------
:~# dpkg -l | grep lxc
ii  liblxc1              2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools (library)
ii  lxc                  2.0.0-0ubuntu2     all     Transitional package 
for lxc1
ii  lxc-common           2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools (common tools)
ii  lxc-templates        2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools (templates)
ii  lxc1                 2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools
ii  lxcfs                2.0.0-0ubuntu2.1   amd64   FUSE based 
filesystem for LXC
ii  python3-lxc          2.0.0-0ubuntu2     amd64   Linux Containers 
userspace tools (Python 3.x bindings)
:~# dpkg -l | grep lxd
ii  lxd                  2.0.2-0ubuntu1~16.04.1 amd64   Container 
hypervisor based on LXC - daemon
ii  lxd-client           2.0.2-0ubuntu1~16.04.1 amd64   Container 
hypervisor based on LXC - client
#----------------------------------------
/etc/default/lxd-bridge   # I generally use defaults
#----------------------
# WARNING: This file is generated by a debconf template!
# It is recommended to update it by using "dpkg-reconfigure -p medium lxd"
etc...
#----------------------------------------
egrep -v '(^#|^$)' /etc/default/lxd-bridge
#--------------------
USE_LXD_BRIDGE="true"
LXD_BRIDGE="lxdbr0"
UPDATE_PROFILE="true"
LXD_CONFILE=""
LXD_DOMAIN="lxd"
LXD_IPV4_ADDR=""
LXD_IPV4_NETMASK=""
LXD_IPV4_NETWORK=""
LXD_IPV4_DHCP_RANGE=""
LXD_IPV4_DHCP_MAX=""
LXD_IPV4_NAT="true"
LXD_IPV6_ADDR=""
LXD_IPV6_MASK=""
LXD_IPV6_NETWORK=""
LXD_IPV6_NAT="false"
LXD_IPV6_PROXY="true"
#----------------------------------------
One difference between this and david.andel at bli.uzh.ch profile is the 
last line which I don't use anyway.
All others are default settings from "dpkg-reconfigure -p medium lxd"
#----------------------------------------
#----------------------------------------
IF INTERNET ACCESS IS DESIRED
#----------------------------------------
lxc copy container1 container2
lxc profile create bridge
lxc profile edit bridge
lxc profile apply container2 bridge
#----------------------------------
###
### On external/internet access containers I use "bridge" ONLY
### "default" is not used
###
### On internal access containers that need a SPECIFIC ip address.
### I use "default,bridge"
### and specify either eth1 or eth2
### or none if specific ip address not desired.
###
### No matter what configuration I use
### eth0 is always parented by lxdbr0
### eth1 is always parented by br0
### eth2 is always parented by br1
#----------------------------------------
lxc profile edit bridge
#----------------------------------------
name: bridge
config:
   security.nesting: "true"
   security.privileged: "true"
description: ""
devices:
     eth1:               # the container nic
         nictype: bridged
         parent: br0     # the host nic
         type: nic
     eth2:               # the container nic
         nictype: bridged
         parent: br1     # the host nic
         type: nic
#----------------------------------------
lxc profile edit default
#----------------------------------------
name: default
config: {}
description: Default LXD profile
devices:
   eth0:
     name: eth0
     nictype: bridged
     parent: lxdbr0
     type: nic
#========================================
#========================================
#========================================
# ON THE SERVER
# These are the commands I use to achieve the above results
# As I mentioned above the sequence sometimes has to be repeated a 
couple of times in order to succeed.
# Especially lxc config edit ${CONTAINER}
#
# If at first you don't succeed,
# lxc stop ${CONTAINER}
# and repeat the sequence
#
# Success is shown by lxc start ${CONTAINER} resulting in ...
# lxc start ${CONTAINER}
# "lxc list" showing desired ip addresses.
#----------------------------------------
#!/bin/bash  # or copy and paste the following lines directly into shell 
prompt.
#----------
CONTAINER=x2go1248    # or whatever you desired container name
lxc config device remove ${CONTAINER} eth0 && \
lxc config device remove ${CONTAINER} eth1 && \
lxc config device remove ${CONTAINER} eth2 && \
#
lxc config device add ${CONTAINER} eth0 nic nictype=bridged 
parent=lxdbr0 && \
lxc config device add ${CONTAINER} eth1 nic nictype=bridged parent=br0 && \
lxc config device add ${CONTAINER} eth2 nic nictype=bridged parent=br1 && \
#
lxc profile apply ${CONTAINER} bridge   # or "default,bridge"
#------------------------------------
#-- These commands usually done separately
lxc config edit ${CONTAINER}
#
lxc start ${CONTAINER}
#========================================
#========================================
#========================================
# Modify these commands to fit your requirements
#------------------------------------------------
##### ON THE SERVER
##### WARNING #####
##### THIS WILL OVERWRITE 
/var/lib/lxd/containers/${CONTAINER}/rootfs/etc/network/interfaces #####
#-----------------
CONTAINER=x2go1248    # or whatever you desired container name
#-----------------
cat <<EOF > 
/var/lib/lxd/containers/${CONTAINER}/rootfs/etc/network/interfaces
# The primary network interface
#auto eth0                 # Not needed for external/internet access.
#iface eth0 inet dhcp      # Not needed for external/internet access.
#
auto eth1                  # This is my external facing LAN
iface eth1 inet static
     address 192.168.2.248/16
     gateway 192.168.2.1
     dns-nameservers 208.67.220.220 8.8.8.8
#
auto eth2                  # This is my internal LAN
iface eth2 inet static
     address 172.31.30.248/12
EOF
#========================================


_______________________________________________
lxc-users mailing list
lxc-users at lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160627/03cf438b/attachment.html>

More information about the lxc-users mailing list