[lxc-users] Networking Issues
Hollenback, Luke
Luke.Hollenback at ballardtech.com
Thu Jul 27 00:33:08 UTC 2017
Hi all,
We are trying to convert our libvirt-lxc containers to LXC containers on CentOS 7 due to race conditions that are causing a lot of instability during our testing of the former. I am currently testing against LXC 1.0.9 because it was easily available to me in the EPEL repo, but I hope to upgrade to an LXC 2.x.x version in the future.
For the most part, this is working great. I can even run lxc-start or lxc-autostart manually and see everything-including our five veth interfaces-successfully come online for the container.
The problem, however, is that if I allow the default lxc.service systemd service, or my custom systemd service, to automatically start the container on boot, only a single interface comes online (as in, gets an IP address...though I can attach to the container and do an ip addr show and see that all interfaces are up, just with no IP addresses). Further, if I try to restart the container manually after systemd automatically starts the container, only a single interface continues to come online.
I currently have SELinux disabled to try to eliminate at least one possibly source of issue. Thinking that maybe networking isn't up yet (even though the services require networking-online.service), I have tried adding in a four minute delay prior to letting the service attempt to auto-start LXC containers to no avail.
Interestingly, after disabling all the above-discussed LXC services, I also tried using the @reboot "hack" to run lxc-autostart as root to no avail.
For what it is worth, this container (and others that will follow) can/should be run as root (unprivledged?). We plan to use SELinux to "sandbox" them.
I'll paste the current configuration file I'm working with below. If there are specific log files that would be nice to see as well, please let me know. Any help/pointers/etc would be deeply appreciated.
Thanks so much,
Luke
================================================================================
# Distribution configuration
lxc.include = /usr/share/lxc/config/centos.common.conf
lxc.arch = x86_64
# Container specific configuration
lxc.rootfs = /var/lib/libvirt/filesystems/newcontainer
lxc.utsname = newcontainer
# SELinux context
#lxc.se_context = system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023
lxc.logfile = /newcontainer.log
lxc.loglevel = 1
# Enable auto start
lxc.start.auto = 1
# Set up some system limits
#lxc.cgroup.memory.limit_in_bytes = 488282K
#lxc.cgroup.memory.memsw.limit_in_bytes = 500000K
#lxc.cgroup.cpuset.cpus = 0
# Network configuration
lxc.network.0.type = veth
lxc.network.0.flags = up
lxc.network.0.link = br-base
lxc.network.0.hwaddr = 52:54:00:af:83:80
lxc.network.1.type = veth
lxc.network.1.flags = up
lxc.network.1.link = br-eth0
lxc.network.1.hwaddr = 52:54:00:6e:5a:47
lxc.network.2.type = veth
lxc.network.2.flags = up
lxc.network.2.link = br-eth2
lxc.network.2.hwaddr = 52:54:00:4d:b5:6e
lxc.network.3.type = veth
lxc.network.3.flags = up
lxc.network.3.link = br-eth3
lxc.network.3.hwaddr = 52:54:00:eb:a3:24
lxc.network.4.type = veth
lxc.network.4.flags = up
lxc.network.4.link = br-eth4
lxc.network.4.hwaddr = 52:54:00:ec:a4:4a
================================================================================
This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail.
Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170727/b44978b1/attachment-0001.html>
More information about the lxc-users
mailing list