Re: [Lxc-users] Network configuration
On Wed, 2011-02-02 at 12:07 -0800, Dean Mao wrote: Yeah, it's quite easy to do this. Here's my lxc network config from one of my machines: lxc.network.type = veth lxc.network.flags = up lxc.network.link = br1 lxc.network.ipv4 = 192.168.0.4/24 My outside network is eth0/br0, and my inside network is just br1. I add these rules to forward br0 to br1: iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE iptables -A FORWARD -i br0 -o br1 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i br1 -o br0 -j ACCEPT The br1 bridge connects all the lxc containers together on the same host, eth0/br0 offers a connection to the outside world should one of the containers require it. Doesn't this require br1 and the containers to be on the same network? Is works for me as long as the internal interface bridge and the containers share the same network, but I would like to have something like this: eth0 - external network eth1 - 10.0.0.0/16 network containers - 192.168.0.0/16 network Thank, Andre -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Network configuration
On Thu, 2011-02-03 at 09:13 -0200, Andre Nathan wrote: eth0 - external network eth1 - 10.0.0.0/16 network containers - 192.168.0.0/16 network Hmm I managed to do this creating a dummy interface and setting up a bridge on it, so now I have eth0 - external network eth1 - 10.0.0.0/16 network dummy0/br0 - 192.168.0.0/16 network Is this configuration supported? Thanks Andre -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Network configuration
The bridges are essentially dummy interfaces -- you can add as many as you want, and have them on random networks if you want, and have complicated routing schemes between them. I don't think you need to create a dummy interface anywhere. You can just add a new bridge with brctl addbr br7 if you wanted to add a bridge 7... then configure it with ifconfig br7 172.16.0.1 netmask 255.255.255.0 up and you'll have a new network on the same computer. On Thu, Feb 3, 2011 at 3:44 AM, Andre Nathan an...@digirati.com.br wrote: On Thu, 2011-02-03 at 09:13 -0200, Andre Nathan wrote: eth0 - external network eth1 - 10.0.0.0/16 network containers - 192.168.0.0/16 network Hmm I managed to do this creating a dummy interface and setting up a bridge on it, so now I have eth0 - external network eth1 - 10.0.0.0/16 network dummy0/br0 - 192.168.0.0/16 network Is this configuration supported? Thanks Andre -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] Ubuntu sshd template
On 2/3/2011 1:47 PM, Trent W. Buck wrote: Gary Ballantyne gary.ballant...@haulashore.com writes: # /usr/bin/lxc-execute -n foo -f /usr/share/doc/lxc/examples/lxc-veth.conf /bin/bash The container fired up, and I could ping to/from the host. However, when I left the container (with exit) things got weird. In a second terminal (already connected to the host), I got repeated errors of the form: [ 1396.169010] unregister_netdevice: waiting for lo to become free. Usage count = 3. I don't know about that one, sorry. IIRC I got the lxc-ssh container to DTRT on 10.04, but it's entirely possible I was getting those dmesg errors and not seeing them, because I wasn't on a local tty. Good point -- the errors are only shown on the local tty. UPDATE: oh, I see you're just using lxc-veth for bash... I dunno anything about that. I guess you could be getting that when bash tries to initialize itself (e.g. setting $HOSTNAME)? Do you get the same problems with /bin/dash or (say) /bin/pwd instead? Same behavior with dash. There is no science behind using lxc-veth, only that: (a), it went well in 9.10; (b), it appears to use a bridge (which I read somewhere was the safest/easiest option); and (c), it seemed a reasonable place to start. Where the bracketed number changes for each error. (A new error appears every 10 seconds or so). The bracketed number is the number of seconds since boot. The message is being emitted by the kernel. Any suggestions? Show us your .conf. Here is the .conf -- I have only changed .ipv4 from the lxc-veth.conf that ships with the installation. lxc.utsname = beta lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.hwaddr = 4a:49:43:49:79:bf lxc.network.ipv4 = 10.89.233.55/24 lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597 Here is /etc/network/interfaces (I have followed a recipe to set up the bridge, but don't really know what I am doing here.) # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 #iface eth0 inet dhcp iface eth0 inet manual auto br0 iface br0 inet static address 10.89.233.57 network 10.89.233.0 netmask 255.255.255.0 broadcast 10.89.233.255 gateway 10.89.233.1 bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off Maybe show us some diagnostics, too These are after a reboot, followed by # /usr/bin/lxc-execute -n foo -f /usr/share/doc/lxc/examples/lxc-veth.conf /bin/bash. After exit-ing the container, the usual errors started appearing in the local tty and I was told (on the remote tty): lxc-execute: Device or resource busy - failed to remove cgroup '/cgroup/foo' I am not sure if it is helpful to repeat the diagnostics below at this stage or not -- please let me know if it would be helpful. Cheers. lxc-ps auxf From the container: root@beta:/usr/share/doc/lxc/examples# lxc-ps auxf CONTAINER USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND fooroot 1 0.0 0.1 2000 548 pts/0S10:22 0:00 /usr/lib/lxc/lxc-init -- /bin/bash fooroot 2 0.0 0.3 5204 1772 pts/0S10:22 0:00 /bin/bash fooroot14 0.0 0.5 6332 2596 pts/0S+ 10:22 0:00 \_ /usr/bin/perl /usr/bin/lxc-ps auxf root15 0.0 0.1 4556 964 pts/0R+ 10:22 0:00 \_ ps auxf From the host: # lxc-ps auxf CONTAINER USER PID %CPU %MEMVSZ RSS TTY STAT START TIME COMMAND root 2 0.0 0.0 0 0 ?SFeb03 0:00 [kthreadd] root 3 0.0 0.0 0 0 ?SFeb03 0:00 \_ [ksoftirqd/0] root 4 0.0 0.0 0 0 ?SFeb03 0:00 \_ [migration/0] root 5 0.0 0.0 0 0 ?SFeb03 0:00 \_ [watchdog/0] root 6 0.0 0.0 0 0 ?SFeb03 0:01 \_ [events/0] root 7 0.0 0.0 0 0 ?SFeb03 0:00 \_ [cpuset] root 8 0.0 0.0 0 0 ?SFeb03 0:00 \_ [khelper] root 9 0.0 0.0 0 0 ?SFeb03 0:00 \_ [netns] root10 0.0 0.0 0 0 ?SFeb03 0:00 \_ [async/mgr] root11 0.0 0.0 0 0 ?SFeb03 0:00 \_ [pm] root12 0.0 0.0 0 0 ?SFeb03 0:00 \_ [sync_supers] root13 0.0 0.0 0 0 ?SFeb03 0:00 \_ [bdi-default] root14 0.0 0.0 0 0 ?SFeb03 0:00 \_ [kintegrityd/0] root15 0.0 0.0 0 0 ?SFeb03 0:00 \_ [kblockd/0] root16 0.0 0.0 0 0 ?SFeb03 0:00 \_ [kacpid] root17 0.0 0.0 0 0 ?SFeb03
Re: [Lxc-users] Network configuration
On Thu, 2011-02-03 at 09:09 -0800, Dean Mao wrote: You can just add a new bridge with brctl addbr br7 if you wanted to add a bridge 7... then configure it with ifconfig br7 172.16.0.1 netmask 255.255.255.0 up and you'll have a new network on the same computer. Didn't know that... I thought it would always require an associated interface. Thanks! Andre -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
