I've set up a container via systemd-nspawn tool, and I wanted to use the private network feature. The line that launches the container includes --network-bridge= and --network-veth options. The whole systemd .service file looks like this:
[Unit] Description=My little container [Service] Type=simple KillMode=process ExecStart=/usr/bin/systemd-nspawn -jbD /media/Kabi/debian-tree/ \ --network-bridge=br_lxc \ --network-veth \ --bind /media/Kabi/apache/:/apache/ \ --bind /media/Kabi/backup_packages/apt/archives/:/var/cache/apt/archives/ \ --bind /media/Kabi/repozytorium:/repozytorium \ 3 The bridge interface was created through the /etc/network/interface file, and it looks as follows: auto br_lxc iface br_lxc inet static address 192.168.10.100 netmask 255.255.255.0 broadcast 192.168.10.255 bridge_ports none bridge_waitport 0 bridge_fd 0 The container is able to boot: # systemctl status mycontainer.service ● mycontainer.service - My little container Loaded: loaded (/etc/systemd/system/mycontainer.service; static; vendor preset: enabled) Active: active (running) since Tue 2015-02-03 01:57:24 CET; 12s ago Main PID: 84905 (systemd-nspawn) CGroup: /system.slice/mycontainer.service └─84905 /usr/bin/systemd-nspawn -jbD /media/Kabi/debian-tree/ --network-bridge=br_lxc --network-veth --bind /media/Kabi/apache/:/apache/ --bind /media/Kabi/backup_packages/apt/arch... Feb 03 01:57:25 morfikownia systemd-nspawn[84905]: [ OK ] Started Console Getty. Feb 03 01:57:25 morfikownia systemd-nspawn[84905]: [ OK ] Reached target Login Prompts. Feb 03 01:57:25 morfikownia systemd-nspawn[84905]: [ OK ] Started System Logging Service. Feb 03 01:57:25 morfikownia systemd-nspawn[84905]: [ OK ] Started Cleanup of Temporary Directories. Feb 03 01:57:27 morfikownia systemd-nspawn[84905]: [ OK ] Started LSB: Start and stop the mysql database server daemon. Feb 03 01:57:28 morfikownia systemd-nspawn[84905]: [ OK ] Started LSB: Apache2 web server. Feb 03 01:57:28 morfikownia systemd-nspawn[84905]: [ OK ] Reached target Multi-User System. Feb 03 01:57:28 morfikownia systemd-nspawn[84905]: Starting Update UTMP about System Runlevel Changes... Feb 03 01:57:28 morfikownia systemd-nspawn[84905]: [ OK ] Started Update UTMP about System Runlevel Changes. Feb 03 01:57:29 morfikownia systemd-nspawn[84905]: Debian GNU/Linux 8 www console # machinectl MACHINE CONTAINER SERVICE debian-tree container nspawn 1 machines listed. # machinectl status debian-tree debian-tree Since: Tue 2015-02-03 01:57:24 CET; 2min 54s ago Leader: 84906 (systemd) Service: nspawn; class container Root: /media/Kabi/debian-tree Iface: br_lxc Address: 192.168.10.10 fe80::541b:d0ff:febc:c38c%7 OS: Debian GNU/Linux 8 (jessie) Unit: machine-debian\x2dtree.scope ├─84906 /lib/systemd/systemd 3 └─system.slice ├─dbus.service │ └─85024 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation ├─cron.service │ └─85003 /usr/sbin/cron -f ├─apache2.service │ ├─85427 /usr/sbin/apache2 -k start │ ├─85454 /usr/sbin/apache2 -k start │ ├─85485 /usr/sbin/apache2 -k start │ ├─85486 /usr/sbin/apache2 -k start │ ├─85488 /usr/sbin/apache2 -k start │ ├─85489 /usr/sbin/apache2 -k start │ └─85491 /usr/sbin/apache2 -k start ├─systemd-journald.service │ └─84941 /lib/systemd/systemd-journald ├─systemd-logind.service │ └─85006 /lib/systemd/systemd-logind ├─mysql.service │ ├─85057 /bin/sh /usr/bin/mysqld_safe │ └─85415 /usr/sbin/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysql/error.log --pid-file=/var/run... ├─console-getty.service │ └─85055 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt102 └─rsyslog.service └─85051 /usr/sbin/rsyslogd -n Inside of the container I added the following configuration to its network interface: auto host0 iface host0 inet static address 192.168.10.10 network 192.168.10.0/24 netmask 255.255.255.0 broadcast 192.168.10.255 gateway 192.168.10.100 Communication works (ping from the container): root@www:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=52 time=32.6 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=52 time=32.2 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=52 time=30.3 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 30.377/31.754/32.600/1.003 ms I'm also able to visit the apache page from the host: $ curl 192.168.10.10 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> ... Here are the relevant interfaces on the host: ... br_lxc Link encap:Ethernet HWaddr ae:7f:0e:ec:9f:56 inet addr:192.168.10.100 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::8867:45ff:fe62:f014/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:332 errors:0 dropped:0 overruns:0 frame:0 TX packets:341 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:296686 (289.7 KiB) TX bytes:66196 (64.6 KiB) ... vb-debian-tree Link encap:Ethernet HWaddr ae:7f:0e:ec:9f:56 inet6 addr: fe80::ac7f:eff:feec:9f56/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:648 (648.0 B) ... and inside of the container: host0 Link encap:Ethernet HWaddr 56:1b:d0:bc:c3:8c inet addr:192.168.10.10 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::541b:d0ff:febc:c38c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:8 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:648 (648.0 B) TX bytes:648 (648.0 B) and the bridge: # brctl show bridge name bridge id STP enabled interfaces br_lxc 8000.ae7f0eec9f56 no vb-debian-tree So, everything works pretty well. Now there's a problem, how to add socket activation to this container? I tried to add the mycontainer.socket systemd file, which looks like this: [Unit] Description=The HTTP/HTTPS socket of my little container [Socket] ListenStream=192.168.10.10:80 ListenStream=192.168.10.10:443 FreeBind=true The option FreeBind is required -- otherwise the socket can't listen because there's no such interface with that IP. When I start the socket, I get the following: # systemctl start mycontainer.socket # systemctl status mycontainer.socket ● mycontainer.socket - The HTTP/HTTPS socket of my little container Loaded: loaded (/etc/systemd/system/mycontainer.socket; static; vendor preset: enabled) Active: active (listening) since Tue 2015-02-03 02:10:04 CET; 12s ago Listen: 192.168.10.10:80 (Stream) 192.168.10.10:443 (Stream) Feb 03 02:10:04 morfikownia systemd[1]: Starting The HTTP/HTTPS socket of my little container. Feb 03 02:10:04 morfikownia systemd[1]: Listening on The HTTP/HTTPS socket of my little container. But when I try to connect to the apache inside of the container, I get this: $ curl 192.168.10.10 curl: (7) Failed to connect to 192.168.10.10 port 80: No route to host The container doens't boot. And I don't get it, socket is listening: # netstat -tupan | grep init tcp 0 0 192.168.10.10:80 0.0.0.0:* LISTEN 1/init tcp 0 0 192.168.10.10:443 0.0.0.0:* LISTEN 1/init tcp6 0 0 :::6566 :::* LISTEN 1/init So, why the container isn't activated when the connection comes to the ports? The following message comes from iptables, maybe it can be useful: Feb 03 02:20:30 morfikownia kernel: *IPTABLES*IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.10.100 DST=192.168.10.100 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=45138 PROTO=ICMP TYPE=3 CODE=1 [SRC=192.168.10.100 DST=192.168.10.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16054 DF PROTO=TCP SPT=59539 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ] When the container is up (the manual way, without the socket) and everything works as it should, the message looks like this: Feb 03 02:22:46 morfikownia kernel: *IPTABLES*IN=br_lxc OUT= PHYSIN=vb-debian-tree MAC=ae:7f:0e:ec:9f:56:56:1b:d0:bc:c3:8c:08:00 SRC=192.168.10.10 DST=192.168.10.100 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=59568 WINDOW=28960 RES=0x00 ACK SYN URGP=0 I've been trying to solve this, but I have really no idea what's wrong and how to fix this issue.
pgpD1sFDObMkk.pgp
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel