Changes between Version 9 and Version 10 of TipAndDoc/Linux/LXC

Timestamp:

Sep 18, 2012 2:03:22 AM (12 years ago)

Author:

mitty

Comment:

--

TipAndDoc/Linux/LXC

@@ -98 +98 @@
 
  * /etc/init/lxc-net.conf も参考になる
+
+ = USE_LXC_BRIDGE="false" =
+ * 手動でLXCコンテナのNAT設定を行う
+ * eth0 -> br0にブリッジされていて、KVMで使用
+  * LXCとKVMの共存のテスト
+
+ == ip forwarding ==
+ * mitty@precise:~$ cat /etc/sysctl.d/60-ip_forward.conf
+{{{
+net.ipv4.ip_forward=1
+net.ipv6.conf.all.forwarding=1
+}}}
+
+ * mitty@precise:~$ cat /etc/network/interfaces
+{{{
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto eth0
+iface eth0 inet manual
+
+auto br0
+iface br0 inet dhcp
+        bridge_ports eth0 eth0
+        bridge_maxwait 0
+
+auto lxcbr0
+iface lxcbr0 inet static
+        bridge_ports none
+        bridge_maxwait 0
+        address 10.0.0.254
+        netmask 255.255.255.0
+        post-up iptables -A POSTROUTING -s 10.0.0.0/24 -t nat -j MASQUERADE
+        pre-down iptables -D POSTROUTING -s 10.0.0.0/24 -t nat -j MASQUERADE
+}}}
+
+ == change apt repository mirror and disable auto start lxcbr0 ==
+ * デフォルトのミラーが遅いので、ftp.tsukubaに変更
+ * lxcの起動スクリプトによるlxcbr0の作成を抑制
+
+ * mitty@precise:~$ cat /etc/default/lxc
+{{{
+MIRROR="http://ftp.tsukuba.wide.ad.jp/Linux/ubuntu"
+
+USE_LXC_BRIDGE="false"
+}}}
+
+ == host settings ==
+
+ * mitty@precise:~$ ifconfig -a
+{{{
+br0       Link encap:Ethernet  HWaddr 52:54:00:bc:53:bc
+          inet addr:192.168.10.172  Bcast:192.168.10.255  Mask:255.255.255.0
+          inet6 addr: fe80::5054:ff:febc:53bc/64 Scope:Link
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:948 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0
+          RX bytes:116870 (116.8 KB)  TX bytes:111171 (111.1 KB)
+
+eth0      Link encap:Ethernet  HWaddr 52:54:00:bc:53:bc
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:1400 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:945 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000
+          RX bytes:150975 (150.9 KB)  TX bytes:110725 (110.7 KB)
+
+lo        Link encap:Local Loopback
+          inet addr:127.0.0.1  Mask:255.0.0.0
+          inet6 addr: ::1/128 Scope:Host
+          UP LOOPBACK RUNNING  MTU:16436  Metric:1
+          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0
+          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
+
+lxcbr0    Link encap:Ethernet  HWaddr 4a:5a:12:a4:0a:ac
+          inet addr:10.0.0.254  Bcast:10.0.0.255  Mask:255.255.255.0
+          inet6 addr: fe80::485a:12ff:fea4:aac/64 Scope:Link
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0
+          RX bytes:0 (0.0 B)  TX bytes:408 (408.0 B)
+}}}
+
+ * mitty@precise:~$ ip route
+{{{
+default via 192.168.10.254 dev br0  metric 100
+10.0.0.0/24 dev lxcbr0  proto kernel  scope link  src 10.0.0.254
+192.168.10.0/24 dev br0  proto kernel  scope link  src 192.168.10.172
+}}}
+
+ * mitty@precise:~$ brctl show
+{{{
+bridge name     bridge id               STP enabled     interfaces
+br0             8000.525400bc53bc       no              eth0
+lxcbr0          8000.000000000000       no
+}}}
+
+ === iptables on host ===
+ * mitty@precise:~$ sudo iptables -L -t nat -vx
+{{{
+Chain PREROUTING (policy ACCEPT 30 packets, 10827 bytes)
+    pkts      bytes target     prot opt in     out     source               destination
+
+Chain INPUT (policy ACCEPT 4 packets, 323 bytes)
+    pkts      bytes target     prot opt in     out     source               destination
+
+Chain OUTPUT (policy ACCEPT 83 packets, 5999 bytes)
+    pkts      bytes target     prot opt in     out     source               destination
+
+Chain POSTROUTING (policy ACCEPT 83 packets, 5999 bytes)
+    pkts      bytes target     prot opt in     out     source               destination
+       0        0 MASQUERADE  all  --  any    any     10.0.0.0/24          anywhere
+}}}
+
+ * MASQUERADEが正しく設定されている
+
+ == make LXC container with ubuntu template ==
+ * mitty@precise:~$ sudo lxc-create -t ubuntu -n lxc-test
+{{{
+
+No config file specified, using the default config
+debootstrap is /usr/sbin/debootstrap
+Checking cache download in /var/cache/lxc/precise/rootfs-amd64 ...
+installing packages: vim,ssh
+Downloading ubuntu precise minimal ...
+I: Retrieving Release
+I: Retrieving Release.gpg
+I: Checking Release signature
+
+....
+
+I: Checking component main on http://ftp.tsukuba.wide.ad.jp/Linux/ubuntu...
+
+....
+
+Processing triggers for initramfs-tools ...
+Download complete
+Copy /var/cache/lxc/precise/rootfs-amd64 to /var/lib/lxc/lxc-test/rootfs ...
+Copying rootfs to /var/lib/lxc/lxc-test/rootfs ...
+
+##
+# The default user is 'ubuntu' with password 'ubuntu'!
+# Use the 'sudo' command to run tasks as root in the container.
+##
+
+'ubuntu' template installed
+'lxc-test' created
+}}}
+
+ === set container IP with LXC/config ===
+ * LXCコンテナのconfigファイルからIPアドレスを指定する
+ * 結論としては、デフォルトゲートウェイなどを設定できないので、不便
+
+ * mitty@precise:~$ sudo vim /var/lib/lxc/lxc-test/config
+{{{
+lxc.network.ipv4 = 10.0.0.10/24
+}}}
+
+ * mitty@precise:~$ sudo lxc-start -n lxc-test -d
+ * mitty@precise:~$ ping 10.0.0.10 -c 1
+{{{
+PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data.
+64 bytes from 10.0.0.10: icmp_req=1 ttl=64 time=0.060 ms
+
+--- 10.0.0.10 ping statistics ---
+1 packets transmitted, 1 received, 0% packet loss, time 0ms
+rtt min/avg/max/mdev = 0.060/0.060/0.060/0.000 ms
+}}}
+
+ * mitty@precise:~$ ssh 10.0.0.10 -l ubuntu
+  * ubuntu@lxc-test:~$ ifconfig
+{{{
+eth0      Link encap:Ethernet  HWaddr 00:16:3e:ba:3e:ef
+          inet addr:10.0.0.10  Bcast:10.0.0.255  Mask:255.255.255.0
+}}}
+  * ubuntu@lxc-test:~$ ip route
+{{{
+10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.10
+}}}
+  * ubuntu@lxc-test:~$ ping 8.8.8.8
+{{{
+connect: Network is unreachable
+}}}
+
+ === set container IP with interfaces ===
+ * ホストOS上から、あらかじめコンテナのinterfacesファイルを設定して、起動する
+ * 間違いが無く、かつ楽そう
+
+ * mitty@precise:~$ sudo vim /var/lib/lxc/lxc-test/rootfs/etc/network/interfaces
+{{{
+auto eth0
+iface eth0 inet static
+        address 10.0.0.1
+        netmask 255.255.255.0
+        gateway 10.0.0.254
+}}}
+
+ * mitty@precise:~$ ssh 10.0.0.1 -l ubuntu
+  * ubuntu@lxc-test:~$ ifconfig
+{{{
+eth0      Link encap:Ethernet  HWaddr 00:16:3e:ba:3e:ef
+          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
+}}}
+  * ubuntu@lxc-test:~$ ip route
+{{{
+default via 10.0.0.254 dev eth0  metric 100
+10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.1
+}}}
+  * ubuntu@lxc-test:~$ ping 8.8.8.8 -c 1
+{{{
+PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
+64 bytes from 8.8.8.8: icmp_req=1 ttl=52 time=7.66 ms
+
+--- 8.8.8.8 ping statistics ---
+1 packets transmitted, 1 received, 0% packet loss, time 0ms
+rtt min/avg/max/mdev = 7.667/7.667/7.667/0.000 ms
+}}}