[libvirt-users] LXC: unable to configure networking for LXC
Hello, I would like to set up sshd under an LXC application container and to be able to connect into it from the host. I was able to achieve that with LXC tools CLI after setting up a bridge via brctl and creating a proper lxc.conf file for lxc-execute to use. However, I am unable to do so via libvirt. I am using libvirt version 0.7.1 installed on fedora 12. I first verified that the default network is up [root@enc12 avi]# virsh net-list --all Name State Autostart ----------------------------------------- default active yes and that the bridge exists [root@enc12 avi]# brctl show bridge name bridge id STP enabled interfaces virbr0 8000.000000000000 yes I then went over the explanations under http://www.libvirt.org/formatdomain.html#elementsNICS and http://wiki.libvirt.org/page/Networking and made sure net.ipv4.ip_forward = 1 under file /etc/sysctl.conf on the host after that, I created a container with the following xml specification: <domain type='lxc'> <name>ssh9</name> <memory>500000</memory> <os> <type>exe</type> <init>/usr/sbin/sshd</init> </os> <vcpu>1</vcpu> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/libexec/libvirt_lxc</emulator> <interface type='network'> <source network='default'/> </interface> <console type='pty' /> </devices> </domain> Below is the command that verifies LXC is running followed by dumpxml: [root@enc12 avi]# virsh -c lxc:/// list --all Id Name State ---------------------------------- 1551 ssh9 running <domain type='lxc' id='1551'> <name>ssh9</name> <uuid>ead3dc4f-9b3f-eec0-e83a-1d87e0ffb1eb</uuid> <memory>500000</memory> <currentMemory>500000</currentMemory> <vcpu>1</vcpu> <os> <type arch='i686'>exe</type> <init>/usr/sbin/sshd</init> </os> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/libexec/libvirt_lxc</emulator> <interface type='network'> <mac address='52:54:00:e8:e3:dd'/> <source network='default'/> <target dev='veth0'/> </interface> <console type='pty' tty='/dev/pts/1'> <source path='/dev/pts/1'/> <target port='0'/> </console> </devices> </domain> However, I can not see the IP address of the container so was not able to connect it. I can also see that the routing table configured on the host - routes any address destined to network 192.168.122 - into the bridge and I understood that the container should have constructed with one of the IPs in the range of 192.168.122.2 to 192.168.122.254 (as defined in dhcp tag under default network) but it did not happen. Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 9.148.28.32 * 255.255.255.240 U 1 0 0 eth0 192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0 default 9.148.28.33 0.0.0.0 UG 0 0 0 eth0 I wonder what am I missing here. Thanks, - Avi
At Thu, 11 Mar 2010 14:08:48 +0200, Avi Weit wrote:
I would like to set up sshd under an LXC application container and to be able to connect into it from the host. I was able to achieve that with LXC tools CLI after setting up a bridge via brctl and creating a proper lxc.conf file for lxc-execute to use. However, I am unable to do so via libvirt.
As far as I know, libvirt always assumes that the guest is responsible for obtaining an IP address e.g. using DHCP (which makes perfect sense in the context of virtualisation technologies which emulate a PC). So at this time, I think you need to have a script which runs dhclient before running sshd. Another alternative is just to run a full Linux distribution inside LXC, and then the LXC guest's init will be responsible for bringing up the network. However, I haven't managed to do this (init just dies immediately when I've tried it, on Fedora 12). Regards, -- Robin Green
Hi Robin, Thanks for this info, I tried the first example provided under http://www.libvirt.org/formatdomain.html#elementsNICS - Virtual Network which I can see an example that defines the following: <interface type='network'> <source network='default'/> </interface> and that is what I tried to create and start the container with. My understanding, but I may be wrong is that IP, MAC and tun device will automatically be created and assigned with values by libvirt. I understand, that this type of configuration uses the Libvirt's default network which is configured below and has a range of dhcp IPs. [root@enc12 avi]# virsh net-dumpxml default <network> <name>default</name> <uuid>9c949214-562a-4c31-a098-235dd368caca</uuid> <forward mode='nat'/> <bridge name='virbr0' stp='on' delay='0' /> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.122.2' end='192.168.122.254' /> </dhcp> </ip> </network> explicitly defining the container with IP of 192.168.122.2 - did not work. Here is the interface portion of the XML I defined the container with <interface type='network'> <source network='default'/> <ip address ='192.168.122.2'/> </interface> In LXC tools I did not have to configure anything from inside container. All settings - tun, internal network interface of the container, MAC and IP were created automatically. I would like to verify if I indeed must to configure the networking from *inside* the container? Thanks again, - Avi Robin Green <greenrd@greenrd.org> wrote on 09/03/2010 03:52:41 AM:
From:
Robin Green <greenrd@greenrd.org>
To:
Avi Weit/Haifa/IBM@IBMIL
Cc:
libvirt-users@redhat.com
Date:
11/03/2010 03:24 PM
Subject:
Re: [libvirt-users] LXC: unable to configure networking for LXC
At Thu, 11 Mar 2010 14:08:48 +0200, Avi Weit wrote:
I would like to set up sshd under an LXC application container and to be able to connect into it from the host. I was able to achieve that with LXC tools CLI after setting up a bridge via brctl and creating a proper lxc.conf file for lxc-execute to use. However, I am unable to do so via libvirt.
As far as I know, libvirt always assumes that the guest is responsible for obtaining an IP address e.g. using DHCP (which makes perfect sense in the context of virtualisation technologies which emulate a PC). So at this time, I think you need to have a script which runs dhclient before running sshd.
Another alternative is just to run a full Linux distribution inside LXC, and then the LXC guest's init will be responsible for bringing up the network. However, I haven't managed to do this (init just dies immediately when I've tried it, on Fedora 12).
Regards, -- Robin Green
participants (2)
-
Avi Weit -
Robin Green