[megoldva] LXC4 (fc34) nincs hálózat

Fórumok

Hi!

Fc34 alatt próbálom ismét az LXC-t, de nem lát ki a konténer, IP-t sem kap. (lxc-4.0.6-2.fc34.x86_64)

# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = x86_64

# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/fedora34/rootfs
lxc.uts.name = fedora34

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = ......

Elvileg a 10.0.3.0/24 tartományból osztana (lxcbr0)

Ha hozzáadom az IP-t akkor sem lát ki: "...a hálózat elérhetetlen".

lxc.net.0.ipv4.address = 10.0.3.100/24
#lxc.net.0.ipv4.gateway = 10.0.3.1

 

Mi hiányzik neki? (Egyik konténer/disztrib sem lát ki.)

Hozzászólások

Szia!

Én Proxmox alatt használok LXC-t, ott ez a konfig van:

lxc.net.0.type = veth
lxc.net.0.veth.pair = veth100i0
lxc.net.0.hwaddr = ...
lxc.net.0.name = eth0
 

hátha segít.

A kellően fejlett technológia, megkülönböztethetetlen a varázslattól.
Arthur C. Clark

Kapcsolja vissza a mikrofont!
Winston Churcill

Sajnos nem.

De hiába adok IP-t, a konténerben még csak nem is rendeli hozzá. :o

lxc.net.0.ipv4.address = 10.0.3.100/24
lxc.net.0.ipv4.gateway = 10.0.3.1

ip addr:

2: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:5a:0e:a2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::216:3eff:fe5a:ea2/64 scope link 
       valid_lft forever preferred_lft forever

# nem is megy a hálózat természetesen
~$ ping 8.8.8.8
ping: connect: A hálózat elérhetetlen

 

lxc-net:

 

lxc-net.service - LXC network bridge setup
     Loaded: loaded (/usr/lib/systemd/system/lxc-net.service; enabled; vendor preset: disabled)
     Active: active (exited) since Sat 2021-05-08 08:43:32 CEST; 20min ago
       Docs: man:lxc
   Main PID: 5899 (code=exited, status=0/SUCCESS)
      Tasks: 1 (limit: 6999)
     Memory: 2.0M
     CGroup: /system.slice/lxc-net.service
             └─6043 dnsmasq --conf-file=/etc/lxc/dnsmasq.conf -u dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --listen-address 10.0.3.1 --dhcp-range 10.0.3.2,10.0.3.254 --dhcp-lease-max=253 --dhcp-no-override >

máj 08 08:43:32 fedora-nb systemd[1]: Starting LXC network bridge setup...
máj 08 08:43:32 fedora-nb dnsmasq[6043]: started, version 2.85 cachesize 150
máj 08 08:43:32 fedora-nb dnsmasq[6043]: compile time options: IPv6 GNU-getopt DBus no-UBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile
máj 08 08:43:32 fedora-nb dnsmasq-dhcp[6043]: DHCP, IP range 10.0.3.2 -- 10.0.3.254, lease time 1h
máj 08 08:43:32 fedora-nb dnsmasq-dhcp[6043]: DHCP, sockets bound exclusively to interface lxcbr0
máj 08 08:43:32 fedora-nb dnsmasq[6043]: reading /etc/resolv.conf
máj 08 08:43:32 fedora-nb dnsmasq[6043]: using nameserver 127.0.0.53#53
máj 08 08:43:32 fedora-nb dnsmasq[6043]: read /etc/hosts - 9 addresses
máj 08 08:43:32 fedora-nb systemd[1]: Finished LXC network bridge setup.

ez mit mond?

# cat /proc/sys/net/ipv4/ip_forward

neked aztan fura humorod van...

Szerkesztve: 2021. 05. 09., v – 09:08

Kézzel beállítva van hálózat:

# in container:
$ ip addr add 10.0.3.100/24 dev eth0
$ ip route add default via 10.0.3.1 dev eth0

$ ip route
default via 10.0.3.1 dev eth0 
10.0.3.0/24 dev eth0 proto kernel scope link src 10.0.3.100

$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=17.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=18.5 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=54 time=23.0 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=54 time=45.2 ms

Csak nem állítja be az LXC. Hogy lehet rávenni az LXC-t hogy ezt be is állítsa a konténernek?

DNS nincs, pedig:

# in container:
$ vi /etc/systemd/resolved.conf
DNS=8.8.8.8

# container restart
$ cat /etc/resolv.conf
nameserver 8.8.8.8
search .

$ ping ns.google.com
ping: ns.google.com: A név vagy a szolgáltatás nem ismert

Elvileg a DNS is jó a konténerben: 

$ systemd-resolve --status
Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: uplink
Current DNS Server: 8.8.8.8
       DNS Servers: 8.8.8.8

Link 2 (eth0)
Current Scopes: LLMNR/IPv4 LLMNR/IPv6
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

De mégsem...

$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=32.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=13.5 ms

$ ping ns.google.com
ping: ns.google.com: A név vagy a szolgáltatás nem ismert


Próbáltam egy centos7 konténert is, belül állítottam be az IP-t, mert a DHCP mintha nem menne (dnsmasq):

* hoszton:

sudo systemctl status lxc-net
● lxc-net.service - LXC network bridge setup
     Loaded: loaded (/usr/lib/systemd/system/lxc-net.service; enabled; vendor preset: disabled)
     Active: active (exited) since Tue 2021-05-11 07:58:01 CEST; 16min ago
       Docs: man:lxc
   Main PID: 5891 (code=exited, status=0/SUCCESS)
      Tasks: 1 (limit: 6999)
     Memory: 2.3M
     CGroup: /system.slice/lxc-net.service
             └─6028 dnsmasq --conf-file=/etc/lxc/dnsmasq.conf -s lxc -S /lxc/ -u dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --listen-address 10.0.3.1 --dhcp-range 10.0.3.2,10.0.3.254 --dhcp-lease-max=253 --d>

máj 11 07:58:01 fedora-nb dnsmasq[6028]: started, version 2.85 cachesize 150
máj 11 07:58:01 fedora-nb dnsmasq[6028]: compile time options: IPv6 GNU-getopt DBus no-UBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth cryptohash DNSSEC loop-detect inotify dumpfile
máj 11 07:58:01 fedora-nb dnsmasq-dhcp[6028]: DHCP, IP range 10.0.3.2 -- 10.0.3.254, lease time 1h
máj 11 07:58:01 fedora-nb dnsmasq-dhcp[6028]: DHCP, sockets bound exclusively to interface lxcbr0
máj 11 07:58:01 fedora-nb dnsmasq[6028]: using only locally-known addresses for domain lxc
máj 11 07:58:01 fedora-nb dnsmasq[6028]: reading /etc/resolv.conf
máj 11 07:58:01 fedora-nb dnsmasq[6028]: using only locally-known addresses for domain lxc
máj 11 07:58:01 fedora-nb dnsmasq[6028]: using nameserver 127.0.0.53#53
máj 11 07:58:01 fedora-nb dnsmasq[6028]: read /etc/hosts - 9 addresses
máj 11 07:58:01 fedora-nb systemd[1]: Finished LXC network bridge setup.

* centos7 konténer:

$ cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 192.168.1.254

$ cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
BOOTPROTO=none
ONBOOT=yes
HOSTNAME=centos7
NM_CONTROLLED=no
TYPE=Ethernet
MTU=
DHCP_HOSTNAME=centos7
IPADDR=10.0.3.100
PREFIX=24
GATEWAY=10.0.3.1
DNS1=8.8.8.8
DNS2=192.168.1.254
DEFROUTE=yes

$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=762 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=25.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=54 time=18.7 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=54 time=17.7 ms

$ yum update
Betöltött bővítmények: fastestmirror
Loading mirror speeds from cached hostfile
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was
14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Ismeretlen hiba"


* LXC hoszt:

$ cat /etc/lxc/default.conf 
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx


$ cat /etc/lxc/dnsmasq.conf 
dhcp-host=fedora34,10.0.3.100


$ cat /etc/sysconfig/lxc
# LXC_AUTO - whether or not to start containers at boot
LXC_AUTO="true"

# BOOTGROUPS - What groups should start on bootup?
#	Comma separated list of groups.
#	Leading comma, trailing comma or embedded double
#	comma indicates when the NULL group should be run.
# Example (default): boot the onboot group first then the NULL group
BOOTGROUPS="onboot,"

# SHUTDOWNDELAY - Wait time for a container to shut down.
#	Container shutdown can result in lengthy system
#	shutdown times.  Even 5 seconds per container can be
#	too long.
SHUTDOWNDELAY=5

# OPTIONS can be used for anything else.
#	If you want to boot everything then
#	options can be "-a" or "-a -A".
OPTIONS=

# STOPOPTS are stop options.  The can be used for anything else to stop.
#	If you want to kill containers fast, use -k
STOPOPTS="-a -A -s"

USE_LXC_BRIDGE="true"  # overridden in lxc-net

[ ! -f /etc/sysconfig/lxc-net ] || . /etc/sysconfig/lxc-net


$ cat /etc/sysconfig/lxc-net 
# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
# containers.  Set to "false" if you'll use virbr0 or another existing
# bridge, or macvlan to your host's NIC.
USE_LXC_BRIDGE="true"

# If you change the LXC_BRIDGE to something other than lxcbr0, then
# you will also need to update your /etc/lxc/default.conf as well as the
# configuration (/var/lib/lxc/<container>/config) for any containers
# already created using the default config to reflect the new bridge
# name.
# If you have the dnsmasq daemon installed, you'll also have to update
# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
LXC_BRIDGE="lxcbr0"
LXC_BRIDGE_MAC="00:16:3e:00:00:00"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
# dnsmasq.  For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
# container 'mail1' always get ip address 10.0.3.100.
LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf

# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
# domain.  You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
# to /etc/dnsmasq.conf, after which 'container1.lxc' will resolve on your
# host.
LXC_DOMAIN="lxc"

 

Van ötlete valakinek?

A 10.0.3.1 átjáró ment enélkül is. De a netre nem látott ki. A firewalld beállítás egy iptables/nftables szabályt állít be, maszkok, NATol.

Ha kikapcsolom a szabályt, akkor leáll megint, ha bekapcsolom, akkor megy. Tehát ez a megoldás az esetemben. Valószínű Fc34 frissítéskor változott 1-2 dolog. Pl. Eddig nem lxcbr0 eszköz volt, hanem a libvirtd eszköz fájlt használta. (lxc3.*)

(Nem lxd, hanem lxc.)

A saját gépemen lxcbr0/virbr0 használtam teszt környezetnek. Verzióváltást mindig tesztelem. :) Szóval itt kell masq, pl.: https://discuss.linuxcontainers.org/t/how-is-nat-implemented-in-lxd-man…

(Az éles környezetben br0 interfész van, a hálókártya bridgelve van.)