Re: [lxc-users] Magic incantation or sacrificial chickens necessary?

Thu, 25 Sep 2014 10:00:58 -0700 

   Here is my production configuration. It should work with Redhat:

   lxc.network.type = macvlan
   lxc.network.macvlan.mode = bridge
   lxc.network.flags = up
   lxc.network.link = eth0
   lxc.network.ipv4 = 192.168.7.70/16 <http://192.168.7.70/16>
   lxc.network.ipv4.gateway = 192.168.7.1
   # ...# mounts point

   lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
   lxc.mount.entry = sysfs sys sysfs defaults  0 0

   # /lib/modules is needed for iptables/ufw
   lxc.mount.entry = /lib/modules /var/lib/lxc/lemon/rootfs/lib/modules
   none ro,bind 0 0
   # Nice to mount host home directories
   lxc.mount.entry = /home /var/lib/lxc/lemon/rootfs/home none rw,rbind 0 0

   # network interface name is limited to 16 chars
   lxc.hook.pre-start = /bin/sh -c "exec mount -n -o remount,rw
   /var/lib/lxc/lemon/rootfs"
   lxc.hook.pre-start = /bin/sh -c "ip link add link eth0 name lemon
   type macvlan mode bridge && ip link set lemon up"
   lxc.hook.pre-start = /bin/sh -c "ip route add 192.168.7.70 dev lemon
   || true"

   lxc.hook.post-stop = /bin/sh -c "ip route del 192.168.7.70 || true"
   lxc.hook.post-stop = /bin/sh -c "ip link set lemon down && ip link
   del lemon"
   lxc.hook.post-stop = /bin/sh -c "exec mount -n -o remount,rw
   /var/lib/lxc/lemon/rootfs"

   Couple of notes:

    1. This a Debian lxc 0.9.0-aplha3 system. Works fine with
       lxc-stop|lxc-start. It's been in production ~ year.
    2. Hostname: lemon, change hostname throughout.
    3. Disable br0 bridge. Reboot. Try the above setup and get it
       running. macvlan and older bridging may be incompatible in linux.
    4. Change your lxc.network.link to eth0, do not use br0.
    5. Don't enable ip_forward. I don't have it enabled.
    6. Don't set the mac address. Remove lxc.network.hwaddr
    7. Note: macvlan takes 10-30 seconds of pinging from a different
       host after lxc-start. This is normal.

On 9/25/14 9:52 AM, Chris Kloiber wrote:
Would anyone know what is required (both on the host and within a container) using Red Hat based distributions such as Oracle Linux 6.5 or 7.0 as both the Host and the container to have each container have its own static, Public IP (no iptables NAT nonsense) and be reachable from anywhere? I can't seem to find a documented example that works for me anywhere on my own or with the help of Google... 

Thanks in advance.


Chris Kloiber


_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users



_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Reply via email to