Re: [lxc-users] "mesh networking" for lxc containers (similar to weave)?
Have you checked Fan? http://blog.dustinkirkland.com/2015/06/the-bits-have-hit-fan.html?m=1 2015-06-20 2:16 GMT-04:00 Janjaap Bos : > Yes, ZeroTier provides peer-to-peer virtual networking. It is cloud / > container / virtualiser agnostic. It will work anywhere and we use it for > connecting containers & vm's across clouds. Also to provide access to users > on Windows / OSX. > > Within the container you need access to the /dev/net/tun device and > depending on the flavour (lxc / lxd / docker) net_admin capabilities. > > You can download it at https://www.zerotier.com or build it from > https://github.com/zerotier/ZeroTierOne > > Since it is peer-to-peer there is very little overhead. Packets destined > for local peers will stay within the local net. You can create very large > distributed flat ether networks. Great for the type of cloud backplane you > described. > > Also, this enables you to live migrate instances while maintaining their > network configuration. > > 2015-06-20 3:37 GMT+02:00 Tomasz Chmielewski : > >> I know this is just "normal networking", however, there are at least two >> issues with your suggestions: >> >> - it assumes the hosts are in the same subnet (say, connected to the same >> switch), so it won't work if the hosts have two different public IPs (i.e. >> 46.1.2.3 and 124.8.9.10) >> >> - with just two hosts, you may overcome the above limitation with some >> VPN magic; however, it becomes problematic as the number of hosts grows >> (imagine 10 or more hosts, trying to set it up without SPOF / central VPN >> server; ideally, the hosts should talk to themselves using the shortest >> paths possible) >> >> >> Therefore, I'm asking if there is any better "magic", as you say, for lxc >> networking? >> Possibly it could be achieved with tinc, running on hosts only - >> http://www.tinc-vpn.org/ - but haven't really used it. >> And maybe people have other ideas? >> >> -- >> Tomasz Chmielewski >> http://wpkg.org >> >> >> On 2015-06-20 03:20, Christoph Lehmann wrote: >> >>> There is no magic with lxcs networking. Its just a bridge and some >>> iptables rules for NAT and a dhcp server. >>> >>> You can setup a bridge on your public interface, configure the >>> container to use that bridge and do the same on your second host. >>> >>> Am 19. Juni 2015 18:15:23 MESZ, schrieb Tomasz Chmielewski >>> : >>> >>> Are there any solutions which would let one build "mesh networking" for lxc containers, similar to what weave does for docker? Assumptions: - multiple servers (hosts) which are not in the same subnet (i.e. in different DCs in different countries), - containers share the same subnet (i.e. 10.0.0.0/8 [1]), no matter on which host they are running - if container is migrated to a different host, it is still reachable on the same IP address without any changes in the networking I suppose the solution would run only once on each of the hosts, rather than in each container. Is there something similar for lxc? >>> >>> -- >>> Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail >>> gesendet. >>> ___ >>> lxc-users mailing list >>> lxc-users@lists.linuxcontainers.org >>> http://lists.linuxcontainers.org/listinfo/lxc-users >>> >> >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users >> > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > -- Luis M. Ibarra ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Running LXD on Jessie
On Mon, Jun 22, 2015 at 02:49:44PM +0200, Micky Del Favero wrote: > Hi everybody! > > In the last few days I've managed to setup lxd on Devuan Jessie > (http://devuan.org/) but the same applied to Debian Jessie, I think it > may be helpful to other and so I'll explain what I've done. > > First of all you need to compile the last version of lxc (1.1.2 > https://linuxcontainers.org/downloads/lxc/lxc-1.1.2.tar.gz) and of lxd > (0.11 https://linuxcontainers.org/downloads/lxd/lxd-0.11.tar.gz), it's a > simple job so I won't explain it, and install them. > > I've also prepare 3 packages: lxc_1.1.2-micky0_amd64.deb, built copying > debian script from debian packaged version 1.0.6 changing what have to > be changed, and lxd_0.11-micky0_amd64.deb > lxd-client_0.11-micky0_amd64.deb porting debian/* scripts from Ubuntu to > Jessie, you can simply do a make install if you don't need the packages. > > Once you've installed lxc and lxd you need some packages: > > # apt-get install apparmor bridge-utils cgmanager cgroupfs-mount dnsmasq > > configure /etc/lxc/default.conf and /etc/default/lxc-net as you > prefer, mine are: > > root@nabla:~# cat /etc/lxc/default.conf > lxc.network.type = empty > root@nabla:~# > > root@nabla:~# cat /etc/default/lxc-net > USE_LXC_BRIDGE="true" > root@nabla:~# > > To runnign lxd you'll also need a kernel with the following options > enabled: > > CONFIG_SECURITY_APPARMOR=y > CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 > CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT=y > CONFIG_SECURITY_APPARMOR_HASH=y > CONFIG_DEFAULT_SECURITY_APPARMOR=y > > Jessie's kernel has only: > > CONFIG_SECURITY_APPARMOR=y > CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 > CONFIG_SECURITY_APPARMOR_HASH=y > > enabled, so I've try to compile my own kernel starting from Debian ones > (linux-source-3.16) but I wasn't able to find how to enable > CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT, without it lxd doesn't work so > for the moment i've installed ubuntu's kernel: > linux-image-3.16.0-41-generic_3.16.0-41.55~14.04.1_amd64.deb > linux-image-extra-3.16.0-41-generic_3.16.0-41.55~14.04.1_amd64.deb and > the package that the last one required, booting using ubuntu's kernel > all work as expected: > > micky@nabla:~$ lxd-images import lxc debian wheezy amd64 --alias debian > --alias debian/wheezy --alias debian/wheezy/amd64 > ... > Setup alias: debian/wheezy/amd64 > micky@nabla:~$ lxc launch debian debbie > Creating container...done > Starting container...done > micky@nabla:~$ lxd-images import lxc ubuntu trusty amd64 --alias ubuntu > --alias ubuntu/trusty --alias ubuntu/trusty/amd64 > ... > Setup alias: ubuntu/trusty/amd64 > micky@nabla:~$ lxc launch ubuntu utuba > Creating container...done > Starting container...done > micky@nabla:~$ lxc list > ++-++--+---+---+ > | NAME | STATE |IPV4| IPV6 | EPHEMERAL | SNAPSHOTS | > ++-++--+---+---+ > | debbie | RUNNING | 10.0.3.115 | | NO| 0 | > | utuba | RUNNING | 10.0.3.118 | | NO| 0 | > ++-++--+---+---+ > micky@nabla:~$ lxc exec debbie bash > root@debbie:~# hostname > debbie > root@debbie:~# exit > exit > micky@nabla:~$ > > Ciao, Micky > -- > The sysadmin has all the answers, expecially "No" Nice! -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Running LXD on Jessie
Hi everybody! In the last few days I've managed to setup lxd on Devuan Jessie (http://devuan.org/) but the same applied to Debian Jessie, I think it may be helpful to other and so I'll explain what I've done. First of all you need to compile the last version of lxc (1.1.2 https://linuxcontainers.org/downloads/lxc/lxc-1.1.2.tar.gz) and of lxd (0.11 https://linuxcontainers.org/downloads/lxd/lxd-0.11.tar.gz), it's a simple job so I won't explain it, and install them. I've also prepare 3 packages: lxc_1.1.2-micky0_amd64.deb, built copying debian script from debian packaged version 1.0.6 changing what have to be changed, and lxd_0.11-micky0_amd64.deb lxd-client_0.11-micky0_amd64.deb porting debian/* scripts from Ubuntu to Jessie, you can simply do a make install if you don't need the packages. Once you've installed lxc and lxd you need some packages: # apt-get install apparmor bridge-utils cgmanager cgroupfs-mount dnsmasq configure /etc/lxc/default.conf and /etc/default/lxc-net as you prefer, mine are: root@nabla:~# cat /etc/lxc/default.conf lxc.network.type = empty root@nabla:~# root@nabla:~# cat /etc/default/lxc-net USE_LXC_BRIDGE="true" root@nabla:~# To runnign lxd you'll also need a kernel with the following options enabled: CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT=y CONFIG_SECURITY_APPARMOR_HASH=y CONFIG_DEFAULT_SECURITY_APPARMOR=y Jessie's kernel has only: CONFIG_SECURITY_APPARMOR=y CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1 CONFIG_SECURITY_APPARMOR_HASH=y enabled, so I've try to compile my own kernel starting from Debian ones (linux-source-3.16) but I wasn't able to find how to enable CONFIG_SECURITY_APPARMOR_UNCONFINED_INIT, without it lxd doesn't work so for the moment i've installed ubuntu's kernel: linux-image-3.16.0-41-generic_3.16.0-41.55~14.04.1_amd64.deb linux-image-extra-3.16.0-41-generic_3.16.0-41.55~14.04.1_amd64.deb and the package that the last one required, booting using ubuntu's kernel all work as expected: micky@nabla:~$ lxd-images import lxc debian wheezy amd64 --alias debian --alias debian/wheezy --alias debian/wheezy/amd64 ... Setup alias: debian/wheezy/amd64 micky@nabla:~$ lxc launch debian debbie Creating container...done Starting container...done micky@nabla:~$ lxd-images import lxc ubuntu trusty amd64 --alias ubuntu --alias ubuntu/trusty --alias ubuntu/trusty/amd64 ... Setup alias: ubuntu/trusty/amd64 micky@nabla:~$ lxc launch ubuntu utuba Creating container...done Starting container...done micky@nabla:~$ lxc list ++-++--+---+---+ | NAME | STATE |IPV4| IPV6 | EPHEMERAL | SNAPSHOTS | ++-++--+---+---+ | debbie | RUNNING | 10.0.3.115 | | NO| 0 | | utuba | RUNNING | 10.0.3.118 | | NO| 0 | ++-++--+---+---+ micky@nabla:~$ lxc exec debbie bash root@debbie:~# hostname debbie root@debbie:~# exit exit micky@nabla:~$ Ciao, Micky -- The sysadmin has all the answers, expecially "No" ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] lxc with glusterfs
Hi all, I'm try to use lxc unprivileged over glusterfs, I follow the guide *1 and all works fine if I start a container from root (even over gluster) or if I use unprivileged container when lxcpath point to local filesystem instead of glusterfs. On the other hand when lxcpath point gluster mount point, i receive the following error: $ lxc-create -t download -n test1 -- -d ubuntu -r trusty -a amd_64 chown: changing ownership of ‘/mnt/lxc/test1’: Operation not permitted lxc-create: lxccontainer.c: do_create_container_dir: 778 Failed to chown container dir lxc-create: lxc_create.c: main: 274 Error creating container test1 The error message is clear, but from command line gluster mount point seems to works fine, I'm using lxc 1.1.2 with Ubuntu 14.04. Someone can help me to understand or have any hints? 1) https://linuxcontainers.org/lxc/getting-started/ Regards, Alessandro ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users