Re: [lxc-users] Will there be an extra section added to the LXD 2.0 blog post series for the new Networking capabilities?

2016-09-28 Thread Stéphane Graber 
On Thu, Sep 29, 2016 at 12:24:29PM +0900, Tomasz Chmielewski wrote:
> On 2016-09-29 12:14, Stéphane Graber wrote:
> 
> >>>It's not going to be part of the 2.0 series since it's not in LXD 2.0,
> >>>but I'll likely be posting something about the new network stuff in the
> >>>next few weeks.
> >>
> >>"cross-host tunnels with GRE or VXLAN"
> >>
> >>Interesting!
> >>
> >>Will it be limited to 2 LXD servers only, or will it allow an arbitrary
> >>number of LXD servers (2, 3, 4 and more)?
> >
> >You can add as many tunnels to the configuration as you want.
> >
> >The default VXLAN configuration also uses multicast, so any host that's
> >part of the same multicast group will be connected.
> 
> Multicast... so that's not going to work for most of people with popular
> server hostings, since they don't offer multicast.

Well, you get to choose. You can have any number of:
 - GRE tunnels (unicast IPv4)
 - VXLAN group (multicast IPv4)
 - VXLAN point-to-point (unicast IPv4)

For example:
  # GRE unicast
  tunnel.tun-a.protocol: gre
  tunnel.tun-a.local: 1.2.3.4
  tunnel.tun-a.remote: 1.2.3.5

  # VXLAN multicast (default group and id)
  tunnel.tun-b.protocol: vxlan

  # VXLAN unicast
  tunnel.tun-c.protocol: vxlan
  tunnel.tun-c.local: 1.2.3.4
  tunnel.tun-c.remote: 1.2.3.5

As I said, you can have any number of those tunnels defined for any
bridge, well, up to the bridge capacity, but that's 4096 or so and even
then, all you need to do is set "bridge.driver: openvswitch" and that
limit will be gone :)

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Will there be an extra section added to the LXD 2.0 blog post series for the new Networking capabilities?

2016-09-28 Thread Tomasz Chmielewski 

On 2016-09-29 12:14, Stéphane Graber wrote:


>It's not going to be part of the 2.0 series since it's not in LXD 2.0,
>but I'll likely be posting something about the new network stuff in the
>next few weeks.

"cross-host tunnels with GRE or VXLAN"

Interesting!

Will it be limited to 2 LXD servers only, or will it allow an 
arbitrary

number of LXD servers (2, 3, 4 and more)?


You can add as many tunnels to the configuration as you want.

The default VXLAN configuration also uses multicast, so any host that's
part of the same multicast group will be connected.


Multicast... so that's not going to work for most of people with popular 
server hostings, since they don't offer multicast.



Tomasz Chmielewski
https://lxadm.com
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Will there be an extra section added to the LXD 2.0 blog post series for the new Networking capabilities?

2016-09-28 Thread Stéphane Graber 
On Thu, Sep 29, 2016 at 12:11:06PM +0900, Tomasz Chmielewski wrote:
> On 2016-09-29 12:03, Stéphane Graber wrote:
> >On Wed, Sep 28, 2016 at 10:56:48PM -0400, brian mullan wrote:
> >>The current 12 part blog post series is really helpful & informative:
> >>
> >>https://www.stgraber.org/2016/03/11/lxd-2-0-blog-post-series-012/
> >>
> >>But all the newly announced LXD 2.3 networking features
> >> are pretty exciting and it would
> >>be
> >>great to
> >>see a chapter on that included in that Blog Post Series too in order to
> >>jump start folks on how to use all of the new capabilities.
> >
> >It's not going to be part of the 2.0 series since it's not in LXD 2.0,
> >but I'll likely be posting something about the new network stuff in the
> >next few weeks.
> 
> "cross-host tunnels with GRE or VXLAN"
> 
> Interesting!
> 
> Will it be limited to 2 LXD servers only, or will it allow an arbitrary
> number of LXD servers (2, 3, 4 and more)?
> 
> 
> Tomasz Chmielewski
> https://lxadm.com

You can add as many tunnels to the configuration as you want.

The default VXLAN configuration also uses multicast, so any host that's
part of the same multicast group will be connected.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Will there be an extra section added to the LXD 2.0 blog post series for the new Networking capabilities?

2016-09-28 Thread Tomasz Chmielewski 

On 2016-09-29 12:03, Stéphane Graber wrote:

On Wed, Sep 28, 2016 at 10:56:48PM -0400, brian mullan wrote:

The current 12 part blog post series is really helpful & informative:

https://www.stgraber.org/2016/03/11/lxd-2-0-blog-post-series-012/

But all the newly announced LXD 2.3 networking features
 are pretty exciting and it 
would be

great to
see a chapter on that included in that Blog Post Series too in order 
to

jump start folks on how to use all of the new capabilities.


It's not going to be part of the 2.0 series since it's not in LXD 2.0,
but I'll likely be posting something about the new network stuff in the
next few weeks.


"cross-host tunnels with GRE or VXLAN"

Interesting!

Will it be limited to 2 LXD servers only, or will it allow an arbitrary 
number of LXD servers (2, 3, 4 and more)?



Tomasz Chmielewski
https://lxadm.com
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Will there be an extra section added to the LXD 2.0 blog post series for the new Networking capabilities?

2016-09-28 Thread Stéphane Graber 
On Wed, Sep 28, 2016 at 10:56:48PM -0400, brian mullan wrote:
> The current 12 part blog post series is really helpful & informative:
> 
> https://www.stgraber.org/2016/03/11/lxd-2-0-blog-post-series-012/
> 
> But all the newly announced LXD 2.3 networking features
>  are pretty exciting and it would be
> great to
> see a chapter on that included in that Blog Post Series too in order to
> jump start folks on how to use all of the new capabilities.
> 
> Brian

It's not going to be part of the 2.0 series since it's not in LXD 2.0,
but I'll likely be posting something about the new network stuff in the
next few weeks.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Will there be an extra section added to the LXD 2.0 blog post series for the new Networking capabilities?

2016-09-28 Thread brian mullan 
The current 12 part blog post series is really helpful & informative:

https://www.stgraber.org/2016/03/11/lxd-2-0-blog-post-series-012/

But all the newly announced LXD 2.3 networking features
 are pretty exciting and it would be
great to
see a chapter on that included in that Blog Post Series too in order to
jump start folks on how to use all of the new capabilities.

Brian
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] Mounting ISO files inside LXD container

2016-09-28 Thread Joshua Schaeffer 
I'm getting an error when I try to mount an ISO file into a container and
I'm not sure how to fix the problem. I've searched a bit and found somewhat
similar issues[1][2] but they were mostly related to LXC containers not LXD.

When I try to mount an ISO I get an error:

root@broodwar:~# mount -t iso9660 -o loop /root/Win10_English_x32.iso
/mnt/windows/x32
mount: /mnt/windows/x32: mount failed: Unknown error -1

I though it was because I didn't have a loop device in my container, so I
added one, but I still get an error:

root@kerrigan:~# lxc config device add broodwar loop unix-block
path=/dev/loop0

root@broodwar:~# ls -l /dev/loop*
brw-rw 1 root root 7, 0 Sep 28 16:00 /dev/loop0

Running mount -v gives no extra messages. The ISO file itself is good, I
can mount it successfully on the host, just not the container. Does anyone
know how to fix this issue?

Thanks,
Joshua Schaeffer

[1]
https://lists.linuxcontainers.org/pipermail/lxc-users/2015-November/010560.html
[2]
http://askubuntu.com/questions/376345/allow-loop-mounting-files-inside-lxc-containers
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Q: Connecting a container to a static IP alias?

2016-09-28 Thread Andrey Repin 
Greetings, Michael Peek!

> On 09/27/2016 12:01 PM, Andrey Repin wrote:
>> Just remove alias from host and configure the address inside a VM. 

> Thanks, that gets me one step closer.  The VM has the right address on
> the inside.  But how do I get the *.117 address on the outside?

There's no inside or outside. It either have it or not.

> I tried creating the container with several variations of:

> lxc init images:ubuntu/xenial/amd64 my-ubuntu-1 --config
> lxc.network.type=[phys|maclan] --config lxc.network.link=enp0s10:testvm1

Same mistake.

> --config lxc.network.ipv4=X.X.X.117

> Thanks for any help you can give!

macvlan and ***enp0s10*** … Which is your real physical adapter.


-- 
With best regards,
Andrey Repin
Thursday, September 29, 2016 00:15:04

Sorry for my terrible english...
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Q: Connecting a container to a static IP alias?

2016-09-28 Thread Michael Peek 
On 09/27/2016 12:01 PM, Andrey Repin wrote:
> Just remove alias from host and configure the address inside a VM. 

Thanks, that gets me one step closer.  The VM has the right address on
the inside.  But how do I get the *.117 address on the outside?  I tried
creating the container with several variations of:

lxc init images:ubuntu/xenial/amd64 my-ubuntu-1 --config
lxc.network.type=[phys|maclan] --config lxc.network.link=enp0s10:testvm1
--config lxc.network.ipv4=X.X.X.117

Thanks for any help you can give!

M
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] tun device in unprivileged Debian Stretch lxc Container

2016-09-28 Thread Mike Wright 

On 09/22/2016 05:14 PM, Paul Dino Jones wrote:

Hi all,

I could have sworn in the past I was able to make an unprivileged
container use openvpn, but yesterday, i started an unprivileged
container and was not able to use openvpn because I did not have a
/dev/net/tun. I was able to get it started in a normal privileged
container after performing a mknod. Which makes sense because an
unprivileged user isn't going to be able to create that tun device.

I'm just wondering if there is something I'm missing since I think it
used to work.


If it does not exist create /dev/net/tun

  mknod /dev/net/tun c 10 200

In lxc parlance you would add a line like this to your config file

lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=file

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] tun device in unprivileged Debian Stretch lxc Container

2016-09-28 Thread Mike Wright 

On 09/28/2016 07:11 AM, Mike Wright wrote:

On 09/22/2016 05:14 PM, Paul Dino Jones wrote:

Hi all,

I could have sworn in the past I was able to make an unprivileged
container use openvpn, but yesterday, i started an unprivileged
container and was not able to use openvpn because I did not have a
/dev/net/tun


If it does not exist create /dev/net/tun
  mknod /dev/net/tun c 10 200
In lxc parlance you would add a line like this to your config file
lxc.mount.entry = /dev/snd dev/snd none bind,optional,create=file


...damn cut and paste

lxc.mount.entry = /dev/net/tun /dev/net/tun none bind,optional,create=fild

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] tun device in unprivileged Debian Stretch lxc Container

2016-09-28 Thread Janjaap Bos 
you need to map the device (lxc config), no need to do mknod in container.

2016-09-23 2:14 GMT+02:00 Paul Dino Jones :

> Hi all,
>
> I could have sworn in the past I was able to make an unprivileged
> container use openvpn, but yesterday, i started an unprivileged
> container and was not able to use openvpn because I did not have a
> /dev/net/tun. I was able to get it started in a normal privileged
> container after performing a mknod. Which makes sense because an
> unprivileged user isn't going to be able to create that tun device.
>
> I'm just wondering if there is something I'm missing since I think it
> used to work.
>
> Regards,
> Paul
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users