[lxc-users] lxc 2.0 adding a nic to a container on another vlan (was: access to snapshots from within the containers)

Fajar A. Nugraha list at fajar.net
Fri Jun 16 11:14:19 UTC 2017 

On Fri, Jun 16, 2017 at 5:01 PM, Michel Jansens <michel.jansens at ulb.ac.be>
wrote:

> Thanks a lot Stéphane for this information,
>
> I succeeded in attaching a bridge device from a specific vlan following
> your advise from https://github.com/lxc/lxd/issues/2551
> command I used is: lxc config device add welcome-lemur eth1 nic
> nictype=macvlan parent=brvlan3904 name=eth1
>
> In /etc/network/interfaces I added:
>
> #vlan 3904 interface on enp1s0f0
> auto vlan3904
> iface vlan3904 inet manual
>         vlan_raw_device enp1s0f0
> #add a bridge for vlan3904
> auto brvlan3904
> iface  brvlan3904 inet  manual
>        bridge_ports vlan3904
>
>
> I managed to add the brvlan3904 to multiple containers, but this doesn’t
> create an interface for each container in the brvlan3904 bridge,
>


That's what macvlan does. It works for some usecase (and can be easier,
since you DON'T need to create a bridge), but can cause some problems (e.g.
host can't connect to container's macvlan interface).




> and I don’t know what the security consequences are…
> Is This OK like this?
>
>
> Alternatively, to mimic how lxc br0 bridge looks (one interface for each
> container with vethXXXXXX like names), I tried to add more ports to the
> bridge,with dummy interfaces:
>
> ip link add welcomelemur type dummy
> brctl addif brvlan3904 welcomelemur
> ifconfig welcomelemur up
> lxc config device add welcome-lemur eth1 nic nictype=macvlan
> parent=brvlan3904 name=eth1
>
> But this gave me: error: Failed to create the new macvlan interface: exit
> status 2
> I tried using nictype=veth instead of mtacvlan but got 'error: Bad nic
> type: veth’
>
> How should I do this properly?
>
>

Did you want "nictype=bridged"?

https://github.com/lxc/lxd/blob/master/doc/containers.md#type-nic

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170616/4bb5b991/attachment.html>

More information about the lxc-users mailing list