[lxc-users] lxc-ls show containers which does not exist with lxc 1.0.6

[John Y.]

before craete a container:

#lxc-ls
show nothing

#lxc-ls --active
test2  test2-1 test2-2  test2-3  test2-4

create lxc:
#lxc-start -n test2 -f /root/yaowj/lxc.xml -d

#lxc-ls --active
test2  test2-1 test2-2  test2-3  test2-4  test2-5

I create test2, but it show test2-5.
But I can get info by use test2.

#lxc-info -n test2
Name:   test2
State:  RUNNING
PID:32251
CPU use:1.79 seconds
BlkIO use:  0 bytes
Memory use: 1.25 MiB
KMem use:   0 bytes

#ps -ef | grep test2
root 32246 1  0 23:41 ?00:00:00 lxc-start -n test2 -f
/root/yaowj/lxc.xml -d


1. Why there are some lxc still in lxc-ls when I use `lxc-stop -n test2 -k`
(or use `kill -9 pid`) to stop it?
2. How to remove these unused lxc info?

Thanks,
John
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LAN for LXD containers (with multiple LXD servers)?

[Tomasz Chmielewski]

On 2016-09-19 05:12, Tilak Waelde wrote:

Hope this helps.  Happy to share my LXD configurations with anyone...


Please do! I'd really love to see a description of a production lxd /
lxc setup with proper networking and multiple hosts!

I haven't played around with it yet, but is it possible to include
some sort of VRF-lite[0] into such a setup for multi tenancy purposes?
Other than by using VLANs one could use the same IP ranges multiple
times from what I've come to understand?
I'm not sure how a user could put the containers interfaces into a
different network namespace..


Hi,

after some experimenting with VXLAN, I've summed up a working "LAN for 
multiple LXC servers" here:


https://lxadm.com/Unicast_VXLAN:_overlay_network_for_multiple_servers_with_dozens_of_containers


It is using in kernel VXLAN, and thus performs very well (almost wire 
speed, and much much better than any userspace programs).


On the other hand, it provides no encryption between LXD servers (or, in 
fact, any other virtualization), so may depend on your exact 
requirements.



Tomasz Chmielewski
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LAN for LXD containers (with multiple LXD servers)?

[Sergiusz Pawlowicz]

On Mon, Sep 19, 2016 at 8:48 PM, brian mullan  wrote:

> Automatically builds tunnels through firewalls and NATs without any further
> setup (for example, port forwarding).

I would not appreciate something which "automatically" (whatever it
means) traverse my firewalls, to be honest. We should treat our data
seriously, Brian.

Serge
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] LAN for LXD containers (with multiple LXD servers)?

[brian mullan]

Tomasz

After experimenting with TINC, OpenVPN & others I found and have used
PeerVPN to do this:

https://peervpn.net/

PeerVPN is a full-mesh VPN and is auto-learning..

   - Ethernet tunneling support using TAP devices.
   - IPv6 support.
   - Full mesh network topology.
   - Automatically builds tunnels through firewalls and NATs without any
   further setup (for example, port forwarding).
   - Shared key encryption and authentication support.

At the time *I found PeerVPN much simpler to configure that TINC !*

A PeerVPN mesh is extremely easy to configure as you only have to install
PeerVPN on each host server and edit its config file on that server.

The brief tutorial page (https://peervpn.net/tutorial/) shows that config
for a basic PeerVPN only requires about 7 lines on each of your servers.

In Apr 2015 I documented a proof-of-concept test setup

I'd done to interconnect LXC containers on AWS, DIgital Ocean and here
locally (so much like you want to do I think).

*NOTE:  * that documentation *was before* my use of LXD !

*The reason I mention this is that with the advent of LXD the entire
> container IP addressing setup using PeerVPN becomes even easier ! *   This
> is because when I did those tests I never took the time to create a single
> DHCP source for all lxc containers on all hosts.   In my 2015
> proof-of-concept test of PeerVPN I just a quick & dirty config using the
> assumption that no 2 containers (for my test purposes) would get assigned
> the same 10.0.3.x IP address by their local Server/Host.


Today, LXD *during installation* allows you much more control over each
Server/Host's LXDBR0 bridge IP and the 10.x.x.x IP address range that is
used for that Host's lxc containers.

*So if you were to use PeerVPN,  during LXD installation on each server
just reserve a portion of the 10.x.x.x IP address range for each
Server/Host to avoid any possibility of any 2 containers on any 2 Hosts
getting assigned the same IP.*

The last config step on each Server/Host is to connect the PeerVPN mesh
Tunnel End Point (TEP to the local LXDBR0 bridge to enable all the
containers attached to that bridge to pass data over the VPN tunnel to the
other servers since my documentation set up a Layer 2 VPN (note PeerVPN
supports a Layer 3 tunnel as well I believe).

Since the PeerVPN TEP "interface" ... called "peervpn0" in my tutorial
example is just like any other Linux ethernet interface you only have to
use the "ip link" command to connect "peervpn0" to the LXD "lxdbr0" bridge.

*$ sudo ip link set dev peervpn0 master lxdbr0*

After you've done that on all 3 hosts your containers on all the hosts
should be able to reach each other since they would all be on what
logically is the same "ethernet" via the VPN & the fact that you setup all
of the LXD installs with the same same 10.x.x.x network.

Also, the containers on each Server/Host still get external Internet access
(if you permit it) via their local Host.

Anyway, I thought I'd send this info in case it is helpful as this should
work with servers locally or remotely using LXD.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users