Context Navigation

Changes between Version 53 and Version 54 of TipAndDoc/Linux/LXC

Timestamp:: Apr 23, 2016 4:32:28 PM (10 years ago)
Author:: mitty
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

TipAndDoc/Linux/LXC

-                      v53
+                      v54
  * [http://bryanalves.github.io/2015/07/02/enabling-lxc-archlinux-with-systemd-networkd/ Enabling LXC on Archlinux with systemd-networkd – Bryan's Blah Blog]
  > I’m on a laptop with wireless, so I can’t just create a bridge and give IPs to containers from an upstream DHCP server. I needed to do NAT and essentially simulate/replicate how docker networking works.
- = Ubuntu 12.04 =
- * http://manpages.ubuntu.com/manpages/precise/man5/lxc.conf.5.html
- * mitty@precise:~$ sudo aptitude install lxc
-{{{
-The following NEW packages will be installed:
-  bridge-utils{a} cgroup-lite{a} cloud-utils{a} debootstrap{a}
-  dnsmasq-base{a} euca2ools{a} libapparmor1{a} libcap2-bin{a} libgmp10{a}
-  libnetfilter-conntrack3{a} libpam-cap{a} libyaml-0-2{a} lxc
-  python-boto{a} python-crypto{a} python-m2crypto{a} python-paramiko{a}
-  python-yaml{a}
-packages upgraded, 18 newly installed, 0 to remove and 0 not upgraded.
-Need to get 2,873 kB of archives. After unpacking 16.1 MB will be used.
-}}}
- == lxcbr0 ==
- * mitty@precise:~$ ifconfig lxcbr0
-{{{
-lxcbr0    Link encap:Ethernet  HWaddr 12:5e:23:12:4a:0f
-          inet addr:10.0.3.1  Bcast:10.0.3.255  Mask:255.255.255.0
-          inet6 addr: fe80::105e:23ff:fe12:4a0f/64 Scope:Link
-          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
-          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
-          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
-          collisions:0 txqueuelen:0
-          RX bytes:0 (0.0 B)  TX bytes:554 (554.0 B)
-}}}
-  * /etc/default/lxc
-{{{
-USE_LXC_BRIDGE="true"
-LXC_BRIDGE="lxcbr0"
-LXC_ADDR="10.0.3.1"
-LXC_NETMASK="255.255.255.0"
-LXC_NETWORK="10.0.3.0/24"
-LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
-LXC_DHCP_MAX="253"
-}}}
-  * /etc/lxc/lxc.conf
-{{{
-lxc.network.type=veth
-lxc.network.link=lxcbr0
-lxc.network.flags=up
-}}}
-  * /etc/dnsmasq.d/lxc
-{{{
-bind-interfaces
-except-interface=lxcbr0
-}}}
- * /etc/init/lxc-net.conf も参考になる
- = USE_LXC_BRIDGE="false" =
- * 手動でLXCコンテナのNAT設定を行う
- * eth0 -> br0にブリッジされていて、KVMで使用
-  * LXCとKVMの共存のテスト
- == ip forwarding ==
- * mitty@precise:~$ cat /etc/sysctl.d/60-ip_forward.conf
-{{{
-net.ipv4.ip_forward=1
-net.ipv6.conf.all.forwarding=1
-}}}
- * mitty@precise:~$ cat /etc/network/interfaces
-{{{
-# This file describes the network interfaces available on your system
-# and how to activate them. For more information, see interfaces(5).
-# The loopback network interface
-auto lo
-iface lo inet loopback
-# The primary network interface
-auto eth0
-iface eth0 inet manual
-auto br0
-iface br0 inet dhcp
-        bridge_ports eth0 eth0
-        bridge_maxwait 0
-auto lxcbr0
-iface lxcbr0 inet static
-        bridge_ports none
-        bridge_maxwait 0
-        address 10.0.0.254
-        netmask 255.255.255.0
-        post-up iptables -A POSTROUTING -s 10.0.0.0/24 -t nat -j MASQUERADE
-        pre-down iptables -D POSTROUTING -s 10.0.0.0/24 -t nat -j MASQUERADE
-}}}
- == change apt repository mirror and disable auto start lxcbr0 ==
- * デフォルトのミラーが遅いので、ftp.tsukubaに変更
- * lxcの起動スクリプトによるlxcbr0の作成を抑制
- * mitty@precise:~$ cat /etc/default/lxc
-{{{
-MIRROR="http://ftp.tsukuba.wide.ad.jp/Linux/ubuntu"
-USE_LXC_BRIDGE="false"
-}}}
- == host settings ==
- * mitty@precise:~$ ifconfig -a
-{{{
-br0       Link encap:Ethernet  HWaddr 52:54:00:bc:53:bc
-          inet addr:192.168.10.172  Bcast:192.168.10.255  Mask:255.255.255.0
-          inet6 addr: fe80::5054:ff:febc:53bc/64 Scope:Link
-          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
-          RX packets:1340 errors:0 dropped:0 overruns:0 frame:0
-          TX packets:948 errors:0 dropped:0 overruns:0 carrier:0
-          collisions:0 txqueuelen:0
-          RX bytes:116870 (116.8 KB)  TX bytes:111171 (111.1 KB)
-eth0      Link encap:Ethernet  HWaddr 52:54:00:bc:53:bc
-          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
-          RX packets:1400 errors:0 dropped:0 overruns:0 frame:0
-          TX packets:945 errors:0 dropped:0 overruns:0 carrier:0
-          collisions:0 txqueuelen:1000
-          RX bytes:150975 (150.9 KB)  TX bytes:110725 (110.7 KB)
-lo        Link encap:Local Loopback
-          inet addr:127.0.0.1  Mask:255.0.0.0
-          inet6 addr: ::1/128 Scope:Host
-          UP LOOPBACK RUNNING  MTU:16436  Metric:1
-          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
-          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
-          collisions:0 txqueuelen:0
-          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
-lxcbr0    Link encap:Ethernet  HWaddr 4a:5a:12:a4:0a:ac
-          inet addr:10.0.0.254  Bcast:10.0.0.255  Mask:255.255.255.0
-          inet6 addr: fe80::485a:12ff:fea4:aac/64 Scope:Link
-          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
-          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
-          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
-          collisions:0 txqueuelen:0
-          RX bytes:0 (0.0 B)  TX bytes:408 (408.0 B)
-}}}
- * mitty@precise:~$ ip route
-{{{
-default via 192.168.10.254 dev br0  metric 100
-.0.0.0/24 dev lxcbr0  proto kernel  scope link  src 10.0.0.254
-.168.10.0/24 dev br0  proto kernel  scope link  src 192.168.10.172
-}}}
- * mitty@precise:~$ brctl show
-{{{
-bridge name     bridge id               STP enabled     interfaces
-br0             8000.525400bc53bc       no              eth0
-lxcbr0          8000.000000000000       no
-}}}
- === iptables on host ===
- * mitty@precise:~$ sudo iptables -L -t nat -vx
-{{{
-Chain PREROUTING (policy ACCEPT 30 packets, 10827 bytes)
-    pkts      bytes target     prot opt in     out     source               destination
-Chain INPUT (policy ACCEPT 4 packets, 323 bytes)
-    pkts      bytes target     prot opt in     out     source               destination
-Chain OUTPUT (policy ACCEPT 83 packets, 5999 bytes)
-    pkts      bytes target     prot opt in     out     source               destination
-Chain POSTROUTING (policy ACCEPT 83 packets, 5999 bytes)
-    pkts      bytes target     prot opt in     out     source               destination
-        0 MASQUERADE  all  --  any    any     10.0.0.0/24          anywhere
-}}}
- * MASQUERADEが正しく設定されている
- == make LXC container with ubuntu template ==
- * mitty@precise:~$ sudo lxc-create -t ubuntu -n lxc-test
-{{{
-No config file specified, using the default config
-debootstrap is /usr/sbin/debootstrap
-Checking cache download in /var/cache/lxc/precise/rootfs-amd64 ...
-installing packages: vim,ssh
-Downloading ubuntu precise minimal ...
-I: Retrieving Release
-I: Retrieving Release.gpg
-I: Checking Release signature
-....
-I: Checking component main on http://ftp.tsukuba.wide.ad.jp/Linux/ubuntu...
-....
-Processing triggers for initramfs-tools ...
-Download complete
-Copy /var/cache/lxc/precise/rootfs-amd64 to /var/lib/lxc/lxc-test/rootfs ...
-Copying rootfs to /var/lib/lxc/lxc-test/rootfs ...
-##
-# The default user is 'ubuntu' with password 'ubuntu'!
-# Use the 'sudo' command to run tasks as root in the container.
-##
-'ubuntu' template installed
-'lxc-test' created
-}}}
- === set container IP with LXC/config ===
- * LXCコンテナのconfigファイルからIPアドレスを指定する
- * 結論としては、デフォルトゲートウェイなどを設定できないので、不便
- * mitty@precise:~$ sudo vim /var/lib/lxc/lxc-test/config
-{{{
-lxc.network.ipv4 = 10.0.0.10/24
-}}}
- * mitty@precise:~$ sudo lxc-start -n lxc-test -d
- * mitty@precise:~$ ping 10.0.0.10 -c 1
-{{{
-PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data.
-bytes from 10.0.0.10: icmp_req=1 ttl=64 time=0.060 ms
---- 10.0.0.10 ping statistics ---
-packets transmitted, 1 received, 0% packet loss, time 0ms
-rtt min/avg/max/mdev = 0.060/0.060/0.060/0.000 ms
-}}}
- * mitty@precise:~$ ssh 10.0.0.10 -l ubuntu
-  * ubuntu@lxc-test:~$ ifconfig
-{{{
-eth0      Link encap:Ethernet  HWaddr 00:16:3e:ba:3e:ef
-          inet addr:10.0.0.10  Bcast:10.0.0.255  Mask:255.255.255.0
-}}}
-  * ubuntu@lxc-test:~$ ip route
-{{{
-.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.10
-}}}
-  * ubuntu@lxc-test:~$ ping 8.8.8.8
-{{{
-connect: Network is unreachable
-}}}
- === set container IP with interfaces ===
- * ホストOS上から、あらかじめコンテナのinterfacesファイルを設定して、起動する
- * 間違いが無く、かつ楽そう
- * mitty@precise:~$ sudo vim /var/lib/lxc/lxc-test/rootfs/etc/network/interfaces
-{{{
-auto eth0
-iface eth0 inet static
-        address 10.0.0.1
-        netmask 255.255.255.0
-        gateway 10.0.0.254
-}}}
- * mitty@precise:~$ ssh 10.0.0.1 -l ubuntu
-  * ubuntu@lxc-test:~$ ifconfig
-{{{
-eth0      Link encap:Ethernet  HWaddr 00:16:3e:ba:3e:ef
-          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
-}}}
-  * ubuntu@lxc-test:~$ ip route
-{{{
-default via 10.0.0.254 dev eth0  metric 100
-.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.1
-}}}
-  * ubuntu@lxc-test:~$ ping 8.8.8.8 -c 1
-{{{
-PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
-bytes from 8.8.8.8: icmp_req=1 ttl=52 time=7.66 ms
---- 8.8.8.8 ping statistics ---
-packets transmitted, 1 received, 0% packet loss, time 0ms
-rtt min/avg/max/mdev = 7.667/7.667/7.667/0.000 ms
-}}}
  = two NICs in one container =