[lxc-users] LXC 2.0.8-0ubuntu1~14.04.1 and ip_nonlocal_bind
Flo
florian.engelmann at gmail.com
Tue Nov 7 15:15:32 UTC 2017
Hi,
after upgrading a trusty host to LXC 2.0.8 and Kernel (hwe)
linux-image-generic-lts-xenial 4.4.0.96.80 starting haproxy with
frontends trying to bind non local IPs fails with:
/usr/sbin/haproxy -db -f /etc/haproxy/haproxy.cfg
[ALERT] 310/161105 (9217) : Starting frontend xxxxxxx: cannot bind
socket [192.168.0.100:80]
[ALERT] 310/161105 (9217) : Starting frontend yyyyyyy: cannot bind
socket [192.168.0.101:80]
[ALERT] 310/161105 (9217) : Starting frontend zzzzzzz: cannot bind
socket [192.168.0.102:80]
cat /proc/sys/net/ipv4/ip_nonlocal_bind
1
cat /var/lib/lxc/lbxxxxxxxxt/config | grep -v ^#
lxc.start.auto = 1
lxc.start.delay = 3
lxc.start.order = 200
lxc.pivotdir = lxc_putold
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections
none bind,optional 0 0
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none
bind,optional 0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024
lxc.cap.drop = sys_module mac_admin mac_override sys_time
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 254:0 rm
lxc.cgroup.devices.allow = c 10:229 rwm
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 10:228 rwm
lxc.cgroup.devices.allow = c 10:232 rwm
lxc.rootfs = /dev/lxc/xxxxxxxxxx
lxc.mount = /var/lib/lxc/xxxxxxxxxxx/fstab
lxc.utsname = xxxxxxxxx
lxc.arch = amd64
lxc.network.type = veth
lxc.network.link = testf
lxc.network.flags = up
lxc.network.name = front
lxc.network.hwaddr = 00:16:3f:1c:18:xx
lxc.network.type = veth
lxc.network.link = testb
lxc.network.flags = up
lxc.network.name = back
lxc.network.hwaddr = 00:16:3b:fe:29:xx
lxc.cgroup.memory.limit_in_bytes = 2G
lxc.cgroup.memory.memsw.limit_in_bytes = 4G
lxc.mount.auto = cgroup:mixed
lxc.autodev = 1
lxc.hook.autodev = sh -c "mknod -m 0666 ${LXC_ROOTFS_MOUNT}/dev/fuse c 10 229"
Anything missing?
All the best,
Florian
More information about the lxc-users
mailing list