Discussion:
LXD network access on wifi-only host witout bridge adapter
(too old to reply)
Jeff Kowalczyk
2016-09-12 21:54:25 UTC
Permalink
What is the recommended configuration for LXD network access in host
environments with only wlan0 active?

I'm attempting to use LXD 2.1 on a laptop for development and testing.
It seems that adding a bridge lxcbr0 to wlan0 is unsupported or at
best problematic depending on adapter.

LXD host details:
- Gentoo Linux ~amd64 OS
- Intel iwlwifi Wireless-N 1000 NIC
- connman manages either wlan0 or eth0 active, exclusive.
I could set eth0 to a static IP if necessary, at the cost of wired
DHCP functionality.
- dnsmasq installed but not running, would need to config DHCP for LXD
containers only.

Thanks,
Jeff Kowalczyk
Fajar A. Nugraha
2016-09-13 03:33:49 UTC
Permalink
Post by Jeff Kowalczyk
What is the recommended configuration for LXD network access in host
environments with only wlan0 active?
I'm attempting to use LXD 2.1 on a laptop for development and testing.
It seems that adding a bridge lxcbr0 to wlan0 is unsupported or at
best problematic depending on adapter.
it wont't work. Wireless AP will only allow your laptop MAC and deny other
bridged MACs.
Post by Jeff Kowalczyk
- Gentoo Linux ~amd64 OS
- Intel iwlwifi Wireless-N 1000 NIC
- connman manages either wlan0 or eth0 active, exclusive.
I could set eth0 to a static IP if necessary, at the cost of wired
DHCP functionality.
- dnsmasq installed but not running, would need to config DHCP for LXD
containers only.
For outgoing access, the default NAT (can be configured on lxdbr0) will
work.

For incoming access to the container, port forwarding (with iptables,
haproxy, or whatever software of your choice) is easiest.
--
Fajar
Jeff Kowalczyk
2016-09-13 19:22:55 UTC
Permalink
Post by Fajar A. Nugraha
For outgoing access, the default NAT (can be configured on lxdbr0) will
work.
Thanks. Can bridge lxdbr0 be used without physical eth0 active? If
possible, I'd prefer to keep eth0 as DHCP for occasional wired use.
Fajar A. Nugraha
2016-09-14 01:10:30 UTC
Permalink
Post by Jeff Kowalczyk
Post by Fajar A. Nugraha
For outgoing access, the default NAT (can be configured on lxdbr0) will
work.
Thanks. Can bridge lxdbr0 be used without physical eth0 active? If
possible, I'd prefer to keep eth0 as DHCP for occasional wired use.
By default lxdbr0 exists by itself, without the need of any physical
network adapter as slave.

So yes, it can be used without eth0 active, assuming that you also some
kind of dhcp and NAT/proxy active for the containers (which should be
enabled by default)
--
Fajar
Jeff Kowalczyk
2016-10-07 22:32:12 UTC
Permalink
By default lxdbr0 exists by itself, without the need of any physical network
adapter as slave.
So yes, it can be used without eth0 active, assuming that you also some kind
of dhcp and NAT/proxy active for the containers (which should be enabled by
default)
I'm running lxd-2.4.1 now, and would like to take another shot at
using the new networking commands to getting basic networking up and
running. I was unable to get a bridged connection up with an inactive
eth0 using lxd-2.1.

The host OS is Gentoo Linux, so I may need to manually recreate
infrastructure handled by package install on Ubuntu. Greatly
appreciated if lxd requisites on the host can be spelled out in detail
so I don't miss a critical item.

Host info:
- Gentoo Linux
- dnsmasq installed w stock config but not running, not listening for
DHCP or NAT on host
- connman daemon manages wlan0 and eth0, only one active at a time in
current config
- wlan0 active with dhcp
- eth0 inactive, configured for dhcp when wired connection available
- Host LAN address 192.168.1.x

Objectives:
- LXD containers internet access out via host as gateway, host IP is via DHCP
- LXD containers on shared network to interact with each other
- Host access to LXD containers, explicit port forwarding is fine if
that would work better with wifi-only host.

Any suggestions on how to achieve this using lxd-2.4.1's new network commands?

% lxc network list
NAME,TYPE,MANAGED,USED BY
eth0,physical,NO,0
wlan0,physical,NO,0

Does LXD 2.4.1 provide/use an internal DHCP server and NAT proxy, or
is dnsmasq or similar required to be configured and running on the
host? I'm accustomed to qemu-kvm and its internal DHCP/NAT. Is LXD
doing something similar?

Any manual routes I need to add?

Thanks,
Jeff
Stéphane Graber
2016-10-07 23:05:30 UTC
Permalink
Post by Jeff Kowalczyk
By default lxdbr0 exists by itself, without the need of any physical network
adapter as slave.
So yes, it can be used without eth0 active, assuming that you also some kind
of dhcp and NAT/proxy active for the containers (which should be enabled by
default)
I'm running lxd-2.4.1 now, and would like to take another shot at
using the new networking commands to getting basic networking up and
running. I was unable to get a bridged connection up with an inactive
eth0 using lxd-2.1.
The host OS is Gentoo Linux, so I may need to manually recreate
infrastructure handled by package install on Ubuntu. Greatly
appreciated if lxd requisites on the host can be spelled out in detail
so I don't miss a critical item.
- Gentoo Linux
- dnsmasq installed w stock config but not running, not listening for
DHCP or NAT on host
- connman daemon manages wlan0 and eth0, only one active at a time in
current config
- wlan0 active with dhcp
- eth0 inactive, configured for dhcp when wired connection available
- Host LAN address 192.168.1.x
- LXD containers internet access out via host as gateway, host IP is via DHCP
- LXD containers on shared network to interact with each other
- Host access to LXD containers, explicit port forwarding is fine if
that would work better with wifi-only host.
Any suggestions on how to achieve this using lxd-2.4.1's new network commands?
% lxc network list
NAME,TYPE,MANAGED,USED BY
eth0,physical,NO,0
wlan0,physical,NO,0
Does LXD 2.4.1 provide/use an internal DHCP server and NAT proxy, or
is dnsmasq or similar required to be configured and running on the
host? I'm accustomed to qemu-kvm and its internal DHCP/NAT. Is LXD
doing something similar?
LXD managed bridges come with dnsmasq as a DNS and DHCP(v6) server. LXD
also configures ebtables and iptables as required and toggles any needed
sysctls.

In most cases, all you need is:

lxc network create blah
lxc network attach-profile blah default eth0

Which will create a bridged called blah with IPv4 and IPv6 connectivity
and then add it to the default profile.


You can set static leases for IPv4 and IPv6 by setting ipv4.address or
ipv6.address on the network device entry.

We don't do port forwarding directly in LXD, so you'll still need to do
that by hand.
Post by Jeff Kowalczyk
Any manual routes I need to add?
Thanks,
Jeff
_______________________________________________
lxc-users mailing list
http://lists.linuxcontainers.org/listinfo/lxc-users
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
Jeff Kowalczyk
2016-10-08 05:25:37 UTC
Permalink
Post by Stéphane Graber
Post by Jeff Kowalczyk
Does LXD 2.4.1 provide/use an internal DHCP server and NAT proxy, or
is dnsmasq or similar required to be configured and running on the
host? I'm accustomed to qemu-kvm and its internal DHCP/NAT. Is LXD
doing something similar?
LXD managed bridges come with dnsmasq as a DNS and DHCP(v6) server. LXD
also configures ebtables and iptables as required and toggles any needed
sysctls.
lxc network create blah
lxc network attach-profile blah default eth0
Which will create a bridged called blah with IPv4 and IPv6 connectivity
and then add it to the default profile.
You can set static leases for IPv4 and IPv6 by setting ipv4.address or
ipv6.address on the network device entry.
We don't do port forwarding directly in LXD, so you'll still need to do
that by hand.
Thanks, this clears things up. I really like the way the new
networking functions work. Many thanks to the LXD and LXC teams.

To make sure I'm understanding correctly: network attach-profile blah
eth0 can work even when eth0 is inactive with no IP address?

I encounter an error on network create, am I missing certain IPV6 or
NF related kernel (4.8.0) config options? I've previously added config
items when lxc requests them.
% lxc network list
NAME, TYPE, MANAGED, USED BY
eth0, physical, NO, 0
wlan0, physical, NO, 0

% lxc network create network0
error: Failed to list ipv6 rules for network0 (table nat)

% lxc network attach-profile network0 default eth0
% lxc network list
NAME, TYPE, MANAGED, USED BY
eth0, physical, NO, 0
network0, bridge, YES, 0
wlan0, physical, NO, 0

% lxc launch ubuntu-daily:16.04 ubuntu-dev
Creating ubuntu-dev
Retrieving image: 100%
Starting ubuntu-dev
error: Missing parent 'network0' for nic 'eth0'
Try `lxc info --show-log local:ubuntu-dev` for more info

% lxc info --show-log local:ubuntu-dev
Name: ubuntu-dev
Remote: unix:/var/lib/lxd/unix.socket
Architecture: x86_64
Created: 2016/10/08 04:55 UTC
Status: Stopped
Type: persistent
Profiles: default

Log:

lxc 20161007215531.030 INFO lxc_confile - confile.c:config_idmap:1500
- read uid map: type u nsid 0 hostid 1000000 range 65536

lxc 20161007215531.030 INFO lxc_confile - confile.c:config_idmap:1500
- read uid map: type g nsid 0 hostid 1000000 range 65536

lxc 20161007215531.047 WARN lxc_cgmanager -
cgroups/cgmanager.c:cgm_get:989 - do_cgm_get exited with error

(... same)

Network shows as in use. Is this by stopped container or network attach-profile?

% lxc network list
NAME, TYPE, MANAGED, USED BY
eth0, physical, NO, 0
network0, bridge, YES, 0
wlan0, physical, NO, 0

% lxc delete ubuntu-dev

Container without network starts OK:

% lxc network detach-profile network0 default eth0

% lxc network delete network0
Network network0 deleted

% lxc launch ubuntu-daily:16.04 ubuntu-dev
Creating ubuntu-dev
The container you are starting doesn’t have any network attached to it.
To create a new network, use: lxc network create
To assign a network to a container, use: lxc network assign
Starting ubuntu-dev
Jeff Kowalczyk
2016-10-11 18:50:22 UTC
Permalink
On Fri, Oct 7, 2016 at 10:25 PM, Jeff Kowalczyk
Post by Jeff Kowalczyk
% lxc network create network0
error: Failed to list ipv6 rules for network0 (table nat)
The problem was fixed by adding Linux kernel config I had overlooked:

DUMMY: needed for network commands
IP6_NF_NAT: needed for network commands
IP6_NF_TARGET_MASQUERADE: needed for network commands
NET_IPGRE: needed for network commands
NET_IPGRE_DEMUX: needed for network commands
NF_NAT_MASQUERADE_IPV6: needed for network commands

I can now add networks without error.

$ lxc network show network0
name: network0
config:
ipv4.address: 10.76.73.1/24
ipv4.nat: "true"
ipv6.address: fd42:a3b6:96a3:6e7e::1/64
ipv6.nat: "true"
managed: true
type: bridge
usedby:
- /1.0/containers/ubuntu-dev

I can also use the LXD network commands to bridge to eth0 without a
wired connection active. This completely solves my original question,
Thanks!

Network interfaces as follows in this configuration:

% sudo ifconfig
eth0: flags=-28669<UP,BROADCAST,MULTICAST,DYNAMIC> mtu 1500
ether (snip) txqueuelen 1000 (Ethernet)

lo: (snip)

network0: flags=-28605<UP,BROADCAST,RUNNING,MULTICAST,DYNAMIC> mtu 1500
inet 10.76.73.1 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fd42:a3b6:96a3:6e7e::1 prefixlen 64 scopeid 0x0<global>
inet6 fe80::fcae:caff:fe4c:9a9c prefixlen 64 scopeid 0x20<link>
ether (snip) txqueuelen 1000 (Ethernet)

veth1C0VGX: flags=-28605<UP,BROADCAST,RUNNING,MULTICAST,DYNAMIC> mtu 1500
inet 169.254.55.40 netmask 255.255.0.0 broadcast 169.254.255.255
inet6 fe80::fcae:caff:fe4c:9a9c prefixlen 64 scopeid 0x20<link>
ether (snip) txqueuelen 1000 (Ethernet)

wlan0: flags=-28605<UP,BROADCAST,RUNNING,MULTICAST,DYNAMIC> mtu 1500
inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::76e5:bff:fe10:e842 prefixlen 64 scopeid 0x20<link>
ether (snip) txqueuelen 1000 (Ethernet)

Loading...