Over the past year I have had to setup a few LXC containers on OL7. Most of the hosts have been VMs and I have been able to use the following in the config file to get the containers to be accessible on the network:
Also, in that case the containers have static IPs, etc. Recently I setup LXC on a physical server that that has a bond interface. The bond uses DHCP. I tried the following and got an interesting result:
With this setting in the config, the container gets a DHCP address. But the networking is erratic. You can ping the container every so often, sometimes you can access it via ssh, but for the most part it is inaccessible. If I attach to the container, I can ping other hosts sporadically.
By default, and install of LXC on OL7 will create a bride interface that assigns IPs to the containers. This is fine, and you can use iptables to forward traffic to the containers. But I wanted them to be accessible over the network, and so far it was not working.
I started looking at making a new bridge and had mixed success. But after much reading, I finally found a recipe that works. But it sill seems odd that just setting the link to bond0, kind of, works. Here is a solution that I found works.
Create a new bridge.
When you bring up the bond interface, you will lose network connectivity for a moment. It will eventually come back online. Then you can add the following into your container config.
lxc.network.type = macvlan
lxc.network.link = eth0
Also, in that case the containers have static IPs, etc. Recently I setup LXC on a physical server that that has a bond interface. The bond uses DHCP. I tried the following and got an interesting result:
lxc.network.type = macvlan
lxc.network.link = bond0
With this setting in the config, the container gets a DHCP address. But the networking is erratic. You can ping the container every so often, sometimes you can access it via ssh, but for the most part it is inaccessible. If I attach to the container, I can ping other hosts sporadically.
By default, and install of LXC on OL7 will create a bride interface that assigns IPs to the containers. This is fine, and you can use iptables to forward traffic to the containers. But I wanted them to be accessible over the network, and so far it was not working.
I started looking at making a new bridge and had mixed success. But after much reading, I finally found a recipe that works. But it sill seems odd that just setting the link to bond0, kind of, works. Here is a solution that I found works.
Create a new bridge.
nmcli c add type bridge ifname macvlan0 con-name macvlan0Add bond0 as a slave to the new bridge
nmcli con modify macvlan0 bridge.stp no
nmcli c add type bridge-slave ifname bond0 con-name macvlan0-slave-bond0 master macvlan0Bring up the brige and the bond.
nmcli up macvlan0
nmcli up bond0
When you bring up the bond interface, you will lose network connectivity for a moment. It will eventually come back online. Then you can add the following into your container config.
lxc.network.type = macvlan
lxc.network.link = macvlan0
Comments
Post a Comment