[lxc-users] LXD static IP in container
Michael Eager
eager at eagerm.com
Tue Feb 11 21:04:56 UTC 2020
On 2/11/20 11:00 AM, Mike Wright wrote:
> On 2/11/20 10:01 AM, Michael Eager wrote:
>> There's still a lot of confusion. :-/
>
> Yes, here too. I'm experimenting with the nic types but a lot of the
> problems I'm running into have to do with me misunderstanding the LXD
> command syntax. The docs are rather sparse and seem to be geared toward
> people who already understand this stuff, ie the Cliff Notes vs The Book.
I keep having the feeling I'm being told something, I just don't
know what. :-(
>> If nictype=bridged is set in the profile, then a container gets two IP
>> addresses. One from DHCP when the container is launched, the second is
>> a static IP when the container configures the NIC.
>
> The DHCP address is created by lxd based on the profile. The static
> address is being created by the container itself, so you have two
> separate events taking place. Use the profile OR the container
> networking scripts, not both (unless you know exactly what you are
> trying to accomplish).
I removed the eth0 device from the profile and added it to the container
config. I still get two IP addresses.
If I remove eth0 from both profile and container, it doesn't exist,
naturally, and the container has no IP address.
>> If nictype=routed, only the static IP is set. eth0 is present in the
>> container, but there is no network connectivity.
>
> My speculation is that something needs needs to set the route. The
> simplest route would be between the host and container and could allow
> disparate networks to connect, e.g. 10.X to 192.Y. Whether that is on
> the host, container, or both I've yet to figure out.
>
>> If nictype=macvlan, "lxc list" shows that the container has an IP
>> address from DHCP, but "nmcli connection show" does not display eth0
>> under DEVICE. "ip addr" does show eth0, but "ifup eth0" says no device
>> exists. (I'm really confused about this; dmesg shows "eth0 renamed from
>> mac...")
>
> This one makes sense to me. The container's utilities (nmcli & ilk) get
> their knowledge of the network from config files. "ip" gets its
> information from inspection and/or specification. Neither know about
> the other
>
>> If nictype=ipvlan, an IP address is obtained using DHCP, but no eth0
>> device appears in the container (i.e., nmcli shows no device, ifup
>> fails.) There is network connectivity. >
> See the comment about macvlan. The way I see this is macvlan is L2 and
> ipvlan is L3. Use whichever matches how you deal with network life, IPs
> or MACs.
To have the container handle NIC configuration, rather than LXD, the
container needs to see a device. Neither ipvlan or macvlan do this.
If I set nictype:ipvlan in the container config, even if I set
ipv4.address, the IP is from DHCP, not the address I specified. There
was a comment somewhere that ipvlan doesn't support DHCP, but that may
be for LXC, not LXD.
> Go to the link to the docs and look for "bridged, macvlan or ipvlan for
> connection to physical network". That sections explains the differences.
I did that, which is why I tried all the combinations above. The docs
say you can set this or that option, but there's little description of
what happens, or at least, not in the detail needed. "Sets up new
network device" is pretty general.
https://lxd.readthedocs.io/en/stable-3.0/networks/ mentions ipv4.dhcp,
but that apparently is only for LXD managed network device
configuration, not in a container configuration.
> Now, for those who know more than I (almost everybody?) PLEASE feel free
> to contribute to this thread and share some knowledge and PLEASE correct
> any errors.
Yes, please.
BTW: I just came across
https://discuss.linuxcontainers.org/t/using-static-ips-with-lxd/1291/5
which suggests that I should create an LXD
managed bridge, rather than use the existing bridge which LXC is using.
-- Mike Eager
More information about the lxc-users
mailing list