From 3fbd17720f70c4a5d7a0c796e0201922559bdfd8 Mon Sep 17 00:00:00 2001 From: Trent Palmer Date: Tue, 20 Feb 2018 22:19:29 +0000 Subject: [PATCH] extend docs/lxd_container_home_server_networking_for_dummies.md --- ...iner_home_server_networking_for_dummies.md | 79 +++++++++++++++++++ site/index.html | 2 +- .../index.html | 66 ++++++++++++++++ site/search/search_index.json | 12 ++- site/sitemap.xml | 38 ++++----- 5 files changed, 176 insertions(+), 21 deletions(-) diff --git a/docs/lxd_container_home_server_networking_for_dummies.md b/docs/lxd_container_home_server_networking_for_dummies.md index e5b5e06..aefe4b9 100644 --- a/docs/lxd_container_home_server_networking_for_dummies.md +++ b/docs/lxd_container_home_server_networking_for_dummies.md @@ -256,6 +256,47 @@ your home network, and a second interface *eth1* connected to a non-natted subne a static ip on which it will be able to talk directly to the other containers and the host machine. +### exposed profile with a regular linux br0 interface bridge + +You can configure an Ubuntu server with a br0 interface + +```conf +# /etc/network/interfaces +auto lo +iface lo inet loopback + +# br0 bridge in dhcp configuration with ethernet +# port ens2 added to it. +auto br0 +iface br0 inet dhcp + bridge_ports ens2 + bridge_stp off + bridge_maxwait 0 +``` + +and a cooresponding profile.... + +```yaml +config: {} +description: exposed LXD profile +devices: + eth0: + nictype: bridged + parent: br0 + type: nic + eth1: + nictype: bridged + parent: lxdbr1 + type: nic + root: + path: / + pool: default + type: disk +name: exposed +used_by: [] +``` + + ## Assign Containers to Profiles and configure them to connect correctly. There are a lot of different ways that a Linux instance can solicit network services. So for @@ -306,6 +347,44 @@ iface eth1 inet static network 10.151.18.0 ``` +### ubuntu:16.04 using only dhcp for two nics +So the example here is tested with eth0 and eth1 connected to +br0 and lxdbr1 respectively. You need post-up hooks for both eth0 and +eth1 inside the containers, in order to specify the default route, eth0 gets it's configuration +dynamically by default from cloud-init. So disable cloud-init by +creating the following file on the container. + +```conf +# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg +network: {config: disabled} +``` + +Then, on the container describe the interfaces. + +```conf +# /etc/network/interfaces +auto lo +iface lo inet loopback + +auto eth1 +iface eth1 inet dhcp +post-up route del default dev eth1 + +auto eth0 +iface eth0 inet dhcp +post-up route add default dev eth0 via 192.168.1.1 +``` + +and delete /etc/network/interfaces.d/50-cloud-init.cfg + +```bash +rm /etc/network/interfaces.d/50-cloud-init.cfg +``` + +The advantage to this scenario is now you can make copies of the container +without having to update the network descriptions, because both interfaces +will solicit addresses via dhcp. + ### debian stretch The configuration for a debian stretch container is the same, except the the file diff --git a/site/index.html b/site/index.html index 336c3f8..88bfe59 100644 --- a/site/index.html +++ b/site/index.html @@ -261,5 +261,5 @@ diff --git a/site/lxd_container_home_server_networking_for_dummies/index.html b/site/lxd_container_home_server_networking_for_dummies/index.html index be834b4..053b8cc 100644 --- a/site/lxd_container_home_server_networking_for_dummies/index.html +++ b/site/lxd_container_home_server_networking_for_dummies/index.html @@ -407,6 +407,41 @@ to a macvlan, addressable from your lan, just like any other arbitrary computer your home network, and a second interface eth1 connected to a non-natted subnet, with a static ip on which it will be able to talk directly to the other containers and the host machine.

+

exposed profile with a regular linux br0 interface bridge

+

You can configure an Ubuntu server with a br0 interface

+
# /etc/network/interfaces
+auto lo
+iface lo inet loopback
+
+# br0 bridge in dhcp configuration with ethernet
+# port ens2 added to it.
+auto br0
+iface br0 inet dhcp
+      bridge_ports ens2
+      bridge_stp off
+      bridge_maxwait 0
+
+ +

and a cooresponding profile....

+
config: {}
+description: exposed LXD profile
+devices:
+  eth0:
+    nictype: bridged
+    parent: br0
+    type: nic
+  eth1:
+    nictype: bridged
+    parent: lxdbr1
+    type: nic
+  root:
+    path: /
+    pool: default
+    type: disk
+name: exposed
+used_by: []
+
+

Assign Containers to Profiles and configure them to connect correctly.

There are a lot of different ways that a Linux instance can solicit network services. So for now I will just describe a method that will work here for a lxc container from ubuntu:16.04, as @@ -447,6 +482,37 @@ iface eth1 inet static network 10.151.18.0 +

ubuntu:16.04 using only dhcp for two nics

+

So the example here is tested with eth0 and eth1 connected to +br0 and lxdbr1 respectively. You need post-up hooks for both eth0 and +eth1 inside the containers, in order to specify the default route, eth0 gets it's configuration +dynamically by default from cloud-init. So disable cloud-init by +creating the following file on the container.

+
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
+network: {config: disabled}
+
+ +

Then, on the container describe the interfaces.

+
# /etc/network/interfaces
+auto lo
+iface lo inet loopback
+
+auto eth1
+iface eth1 inet dhcp
+post-up route del default dev eth1
+
+auto eth0
+iface eth0 inet dhcp
+post-up route add default dev eth0 via 192.168.1.1
+
+ +

and delete /etc/network/interfaces.d/50-cloud-init.cfg

+
rm /etc/network/interfaces.d/50-cloud-init.cfg
+
+ +

The advantage to this scenario is now you can make copies of the container +without having to update the network descriptions, because both interfaces +will solicit addresses via dhcp.

debian stretch

The configuration for a debian stretch container is the same, except the the file /etc/network/interfaces will also describe eth0, but you only have to add the diff --git a/site/search/search_index.json b/site/search/search_index.json index a560b69..dccaed0 100644 --- a/site/search/search_index.json +++ b/site/search/search_index.json @@ -27,7 +27,7 @@ }, { "location": "/lxd_container_home_server_networking_for_dummies/", - "text": "LXD Container Home Server Networking For Dummies\n\n\nWhy?\n\n\nIf you're going to operate a fleet of LXD containers for home\nentertainment, you probably want some of them exposed with their\nown ip addresses on your home network, so that you can use them\nas containerized servers for various applications.\n\n\nOthers containers, you might want to be inaccessable from the lan,\nin a natted subnet, where they can solicit connections to the\noutside world from within their natted subnet, but are not addressable\nfrom the outside. A database server that you connect a web app to, for\ninstance, or a web app that you have a reverse proxy in front of.\n\n\nBut these are two separate address spaces, so ideally all of the containers\nwould have a second interface of their own, by which they could connect\nto a third network, that would be a private network that all of the containers\ncan use to talk directly to each other (or the host machine).\n\n\nIt's pretty straightforward, you just have to glue all the pieces together.\n\n\nThree Part Overview.\n\n\n\n\n\n\nDefine and create some bridges. \n\n\n\n\n\n\nDefine profiles that combine the network\ninterfaces in different combinations. In addition to two\nbridges you will have a macvlan with which to expose the containers\nthat you want exposed, but the macvlan doesn't come into\nplay until here in step two when you define profiles. \n\n\n\n\n\n\nAssign each container which profile it should use,\nand then configure the containers to use the included\nnetwork interfaces correctly. \n\n\n\n\n\n\nBuild Sum Moar Bridges\n\n\nThe containers will all have two network interfaces from\ntheir own internal point of view, \neth0\n and \neth1\n. \n\n\nIn this\nscheme we create a bridge for a natted subnet and a bridge for\na non-natted subnet. All of the containers will connect to the\nnon-natted subnet on their second interface, \neth1\n, and some\nof the containers will connect to the natted subnet on their \nfirst interface \neth0\n. The containers that don't connect\nto the natted subnet will instead connect to a macvlan\non their first interface \neth0\n, but that isn't part of this\nstep.\n\n\nbridge for a natted subnet\n\n\nIf you haven't used lxd before, you'll want to run the command \nlxd init\n.\nBy default this creates exactly the bridge we want, called \nlxdbr0\n.\n\n\nOtherwise you would use the following command to create \nlxdbr0\n.\n\n\nlxc network create lxdbr0\n\n\n\n\nTo generate a table of all the existing interfaces.\n\n\nlxd network list\n\n\n\n\nThis bridge is for our natted subnet, so we just want to go with\nthe default configuration.\n\n\nlxc network show lxdbr0\n\n\n\n\nThis cats a yaml file where you can see the randomly\ngenerated network for \nlxdbr0\n.\n\n\nconfig:\n ipv4.address: 10.99.153.1/24\n ipv4.nat: \"true\"\n ipv6.address: fd42:211e:e008:954b::1/64\n ipv6.nat: \"true\"\ndescription: \"\"\nname: lxdbr0\ntype: bridge\nused_by: []\nmanaged: true\n\n\n\n\nbridge for a non-natted subnet\n\n\nCreate \nlxdbr1\n\n\nlxc network create lxdbr1\n\n\n\n\nUse the following commands to remove nat from \nlxdbr1.\n\n\nlxc network set lxdbr1 ipv4.nat false\nlxc network set lxdbr1 ipv6.nat false\n\n\n\n\nOf if you use this next command, your favourite\ntext editor will pop open, preloaded with the complete yaml file\nand you can edit the configuration there.\n\n\nlxc network edit lxdbr1\n\n\n\n\nEither way you're looking for a result such as the following.\nNotice that the randomly generated address space is different\nthat the one for \nlxdbr0\n, and that the *nat keys are set\nto \"false\".\n\n\nconfig:\n ipv4.address: 10.151.18.1/24\n ipv4.nat: \"false\"\n ipv6.address: fd42:89d4:f465:1b20::1/64\n ipv6.nat: \"false\"\ndescription: \"\"\nname: lxdbr1\ntype: bridge\nused_by: []\nmanaged: true\n\n\n\n\nProfiles\n\n\nrecycle the default\n\n\nWhen you first ran \nlxd init\n, that created a default profile.\nConfirm with the following.\n\n\nlxc profile list\n\n\n\n\nTo see what the default profile looks like.\n\n\nlxc profile show default\n\n\n\n\nconfig:\n environment.http_proxy: \"\"\n security.privileged: \"true\"\n user.network_mode: \"\"\ndescription: Default LXD profile\ndevices:\n eth0:\n nictype: bridged\n parent: lxdbr0\n type: nic\n root:\n path: /\n pool: default\n type: disk\nname: default\nused_by: []\n\n\n\n\nprofile the natted\n\n\nThe easiest way to create a new profile is start by copying another one.\n\n\nlxc profile copy default natted\n\n\n\n\nedit the new \nnatted\n profile\n\n\nlxc profile edit natted\n\n\n\n\nAnd add an \neth1\n interface attached to \nlxdbr1\n. \neth0\n and \neth1\n will\nbe the interfaces visible from the container's point of view.\n\n\nconfig:\n environment.http_proxy: \"\"\n security.privileged: \"true\"\n user.network_mode: \"\"\ndescription: Natted LXD profile\ndevices:\n eth0:\n nictype: bridged\n parent: lxdbr0\n type: nic\n eth1:\n nictype: bridged\n parent: lxdbr1\n type: nic\n root:\n path: /\n pool: default\n type: disk\nname: natted\nused_by: []\n\n\n\n\nAny container assigned to the \nnatted\n profile, will have an interface \neth0\n connected\nto a natted subnet, and a second interface \neth1\n connected to a non-natted subnet, with\na static ip on which it will be able to talk directly to the other containers and the host\nmachine.\n\n\nprofile the exposed\n\n\nCreate the \nexposed\n profile\n\n\nlxc profile copy natted exposed\n\n\n\n\nand edit the new \nexposed\n profile\n\n\nlxc profile edit exposed\n\n\n\n\nchange the nictype for \neth0\n from \nbridged\n to \nmacvlan\n, and the parent should be\nthe name of the physical ethernet connection on the host machine, instead of a bridge.\n\n\nconfig:\n environment.http_proxy: \"\"\n security.privileged: \"true\"\n user.network_mode: \"\"\ndescription: Exposed LXD profile\ndevices:\n eth0:\n nictype: macvlan\n parent: eno1\n type: nic\n eth1:\n nictype: bridged\n parent: lxdbr1\n type: nic\n root:\n path: /\n pool: default\n type: disk\nname: exposed\nused_by: []\n\n\n\n\nAny container assigned to the \nexposed\n profile, will have an interface \neth0\n connected\nto a macvlan, addressable from your lan, just like any other arbitrary computer on\nyour home network, and a second interface \neth1\n connected to a non-natted subnet, with\na static ip on which it will be able to talk directly to the other containers and the host\nmachine.\n\n\nAssign Containers to Profiles and configure them to connect correctly.\n\n\nThere are a lot of different ways that a Linux instance can solicit network services. So for\nnow I will just describe a method that will work here for a lxc container from ubuntu:16.04, as\nwell as a debian stretch container from images.linuxcontainers.org.\n\n\nStart a new container and assign the profile. We'll use an arbitrary whimsical container name,\n\nquick-joey\n. This process is the same for either the \nnatted\n profile or the \nexposed\n profile.\n\n\nlxc init ubuntu:16.04 quick-joey\n# assign the profile\nlxc profile assign quick-joey exposed\n# start quick-joey\nlxc start quick-joey\n# and start a bash shell\nlxc exec quick-joey bash\n\n\n\n\nWith either an ubuntu:16.04 container, or a debian stretch container, for either the \nnatted\n or\n\nexposed\n profile, because of all the above configuration work they will automatically connect on\ntheir \neth0\n interfaces and be able to talk to the internet. You need to edit \n/etc/network/interfaces\n,\nthe main difference being what that file looks like before you edit it.\n\n\nYou need to tell these containers how to connect to the non-natted subnet on \neth1\n.\n\n\nubuntu:16.04\n\n\nIf you start a shell on an ubuntu:16.04 container, you see that \n/etc/network/interfaces\n\ndescribes the loopback device for localhost, then sources \n/etc/network/interfaces.d/*.cfg\n where\nsome magical cloud-config jazz is going on. You just want to add a static ip description for \neth1\n\nto the file \n/etc/network/interfaces\n. And obviously take care that the static ip address you assign is\nunique and on the same subnet with \nlxdbr1\n.\n\n\nReminder: the address for \nlxdbr1\n is 10.151.18.1/24, (but it will be different on your machine).\n\n\nauto lo\niface lo inet loopback\n\nsource /etc/network/interfaces.d/*.cfg\n# what you add goes below here\nauto eth1\niface eth1 inet static\n address 10.151.18.123\n netmask 255.255.255.0\n broadcast 255.255.255.255 \n network 10.151.18.0\n\n\n\n\ndebian stretch\n\n\nThe configuration for a debian stretch container is the same, except the the file\n\n/etc/network/interfaces\n will also describe eth0, but you only have to add the \ndescription for eth1.\n\n\nsystemd-networkd\n\n\nThis seems to work.\n\n\n# eth0.network\n[Match]\nName=eth0\n\n[Network]\nDHCP=ipv4\n\n\n\n\n# eth1.network\n[Match]\nName=eth1\n\n[Network]\nDHCP=ipv4\n\n[DHCP]\nUseRoutes=false\n\n\n\n\nthe /etc/hosts file\n\n\nOnce you assign the containers static ip addresses for their \neth1\n\ninterfaces, you can use the \n/etc/hosts\n file on each container to make them\naware of where the other containers and the host machine are.\n\n\nFor instance, if you want the container \nquick-joey\n to talk directly\nto the host machine, which will be at the ip address of \nlxdbr1\n, start a shell\non the container \nquick-joey\n\n\nlxc exec quick-joey bash\n\n\n\n\nand edit \n/etc/hosts\n\n\n# /etc/hosts\n10.151.18.1 mothership\n\n\n\n\nOr you have a container named \nfat-cinderella\n, that needs to be able to talk\ndirectly \nquick-joey\n.\n\n\nlxc exec fat-cinderella bash\nvim /etc/hosts\n\n\n\n\n# /etc/hosts\n10.151.18.123 quick-joey\n\n\n\n\netcetera", + "text": "LXD Container Home Server Networking For Dummies\n\n\nWhy?\n\n\nIf you're going to operate a fleet of LXD containers for home\nentertainment, you probably want some of them exposed with their\nown ip addresses on your home network, so that you can use them\nas containerized servers for various applications.\n\n\nOthers containers, you might want to be inaccessable from the lan,\nin a natted subnet, where they can solicit connections to the\noutside world from within their natted subnet, but are not addressable\nfrom the outside. A database server that you connect a web app to, for\ninstance, or a web app that you have a reverse proxy in front of.\n\n\nBut these are two separate address spaces, so ideally all of the containers\nwould have a second interface of their own, by which they could connect\nto a third network, that would be a private network that all of the containers\ncan use to talk directly to each other (or the host machine).\n\n\nIt's pretty straightforward, you just have to glue all the pieces together.\n\n\nThree Part Overview.\n\n\n\n\n\n\nDefine and create some bridges. \n\n\n\n\n\n\nDefine profiles that combine the network\ninterfaces in different combinations. In addition to two\nbridges you will have a macvlan with which to expose the containers\nthat you want exposed, but the macvlan doesn't come into\nplay until here in step two when you define profiles. \n\n\n\n\n\n\nAssign each container which profile it should use,\nand then configure the containers to use the included\nnetwork interfaces correctly. \n\n\n\n\n\n\nBuild Sum Moar Bridges\n\n\nThe containers will all have two network interfaces from\ntheir own internal point of view, \neth0\n and \neth1\n. \n\n\nIn this\nscheme we create a bridge for a natted subnet and a bridge for\na non-natted subnet. All of the containers will connect to the\nnon-natted subnet on their second interface, \neth1\n, and some\nof the containers will connect to the natted subnet on their \nfirst interface \neth0\n. The containers that don't connect\nto the natted subnet will instead connect to a macvlan\non their first interface \neth0\n, but that isn't part of this\nstep.\n\n\nbridge for a natted subnet\n\n\nIf you haven't used lxd before, you'll want to run the command \nlxd init\n.\nBy default this creates exactly the bridge we want, called \nlxdbr0\n.\n\n\nOtherwise you would use the following command to create \nlxdbr0\n.\n\n\nlxc network create lxdbr0\n\n\n\n\nTo generate a table of all the existing interfaces.\n\n\nlxd network list\n\n\n\n\nThis bridge is for our natted subnet, so we just want to go with\nthe default configuration.\n\n\nlxc network show lxdbr0\n\n\n\n\nThis cats a yaml file where you can see the randomly\ngenerated network for \nlxdbr0\n.\n\n\nconfig:\n ipv4.address: 10.99.153.1/24\n ipv4.nat: \"true\"\n ipv6.address: fd42:211e:e008:954b::1/64\n ipv6.nat: \"true\"\ndescription: \"\"\nname: lxdbr0\ntype: bridge\nused_by: []\nmanaged: true\n\n\n\n\nbridge for a non-natted subnet\n\n\nCreate \nlxdbr1\n\n\nlxc network create lxdbr1\n\n\n\n\nUse the following commands to remove nat from \nlxdbr1.\n\n\nlxc network set lxdbr1 ipv4.nat false\nlxc network set lxdbr1 ipv6.nat false\n\n\n\n\nOf if you use this next command, your favourite\ntext editor will pop open, preloaded with the complete yaml file\nand you can edit the configuration there.\n\n\nlxc network edit lxdbr1\n\n\n\n\nEither way you're looking for a result such as the following.\nNotice that the randomly generated address space is different\nthat the one for \nlxdbr0\n, and that the *nat keys are set\nto \"false\".\n\n\nconfig:\n ipv4.address: 10.151.18.1/24\n ipv4.nat: \"false\"\n ipv6.address: fd42:89d4:f465:1b20::1/64\n ipv6.nat: \"false\"\ndescription: \"\"\nname: lxdbr1\ntype: bridge\nused_by: []\nmanaged: true\n\n\n\n\nProfiles\n\n\nrecycle the default\n\n\nWhen you first ran \nlxd init\n, that created a default profile.\nConfirm with the following.\n\n\nlxc profile list\n\n\n\n\nTo see what the default profile looks like.\n\n\nlxc profile show default\n\n\n\n\nconfig:\n environment.http_proxy: \"\"\n security.privileged: \"true\"\n user.network_mode: \"\"\ndescription: Default LXD profile\ndevices:\n eth0:\n nictype: bridged\n parent: lxdbr0\n type: nic\n root:\n path: /\n pool: default\n type: disk\nname: default\nused_by: []\n\n\n\n\nprofile the natted\n\n\nThe easiest way to create a new profile is start by copying another one.\n\n\nlxc profile copy default natted\n\n\n\n\nedit the new \nnatted\n profile\n\n\nlxc profile edit natted\n\n\n\n\nAnd add an \neth1\n interface attached to \nlxdbr1\n. \neth0\n and \neth1\n will\nbe the interfaces visible from the container's point of view.\n\n\nconfig:\n environment.http_proxy: \"\"\n security.privileged: \"true\"\n user.network_mode: \"\"\ndescription: Natted LXD profile\ndevices:\n eth0:\n nictype: bridged\n parent: lxdbr0\n type: nic\n eth1:\n nictype: bridged\n parent: lxdbr1\n type: nic\n root:\n path: /\n pool: default\n type: disk\nname: natted\nused_by: []\n\n\n\n\nAny container assigned to the \nnatted\n profile, will have an interface \neth0\n connected\nto a natted subnet, and a second interface \neth1\n connected to a non-natted subnet, with\na static ip on which it will be able to talk directly to the other containers and the host\nmachine.\n\n\nprofile the exposed\n\n\nCreate the \nexposed\n profile\n\n\nlxc profile copy natted exposed\n\n\n\n\nand edit the new \nexposed\n profile\n\n\nlxc profile edit exposed\n\n\n\n\nchange the nictype for \neth0\n from \nbridged\n to \nmacvlan\n, and the parent should be\nthe name of the physical ethernet connection on the host machine, instead of a bridge.\n\n\nconfig:\n environment.http_proxy: \"\"\n security.privileged: \"true\"\n user.network_mode: \"\"\ndescription: Exposed LXD profile\ndevices:\n eth0:\n nictype: macvlan\n parent: eno1\n type: nic\n eth1:\n nictype: bridged\n parent: lxdbr1\n type: nic\n root:\n path: /\n pool: default\n type: disk\nname: exposed\nused_by: []\n\n\n\n\nAny container assigned to the \nexposed\n profile, will have an interface \neth0\n connected\nto a macvlan, addressable from your lan, just like any other arbitrary computer on\nyour home network, and a second interface \neth1\n connected to a non-natted subnet, with\na static ip on which it will be able to talk directly to the other containers and the host\nmachine.\n\n\nexposed profile with a regular linux br0 interface bridge\n\n\nYou can configure an Ubuntu server with a br0 interface\n\n\n# /etc/network/interfaces\nauto lo\niface lo inet loopback\n\n# br0 bridge in dhcp configuration with ethernet\n# port ens2 added to it.\nauto br0\niface br0 inet dhcp\n bridge_ports ens2\n bridge_stp off\n bridge_maxwait 0\n\n\n\n\nand a cooresponding profile....\n\n\nconfig: {}\ndescription: exposed LXD profile\ndevices:\n eth0:\n nictype: bridged\n parent: br0\n type: nic\n eth1:\n nictype: bridged\n parent: lxdbr1\n type: nic\n root:\n path: /\n pool: default\n type: disk\nname: exposed\nused_by: []\n\n\n\n\nAssign Containers to Profiles and configure them to connect correctly.\n\n\nThere are a lot of different ways that a Linux instance can solicit network services. So for\nnow I will just describe a method that will work here for a lxc container from ubuntu:16.04, as\nwell as a debian stretch container from images.linuxcontainers.org.\n\n\nStart a new container and assign the profile. We'll use an arbitrary whimsical container name,\n\nquick-joey\n. This process is the same for either the \nnatted\n profile or the \nexposed\n profile.\n\n\nlxc init ubuntu:16.04 quick-joey\n# assign the profile\nlxc profile assign quick-joey exposed\n# start quick-joey\nlxc start quick-joey\n# and start a bash shell\nlxc exec quick-joey bash\n\n\n\n\nWith either an ubuntu:16.04 container, or a debian stretch container, for either the \nnatted\n or\n\nexposed\n profile, because of all the above configuration work they will automatically connect on\ntheir \neth0\n interfaces and be able to talk to the internet. You need to edit \n/etc/network/interfaces\n,\nthe main difference being what that file looks like before you edit it.\n\n\nYou need to tell these containers how to connect to the non-natted subnet on \neth1\n.\n\n\nubuntu:16.04\n\n\nIf you start a shell on an ubuntu:16.04 container, you see that \n/etc/network/interfaces\n\ndescribes the loopback device for localhost, then sources \n/etc/network/interfaces.d/*.cfg\n where\nsome magical cloud-config jazz is going on. You just want to add a static ip description for \neth1\n\nto the file \n/etc/network/interfaces\n. And obviously take care that the static ip address you assign is\nunique and on the same subnet with \nlxdbr1\n.\n\n\nReminder: the address for \nlxdbr1\n is 10.151.18.1/24, (but it will be different on your machine).\n\n\nauto lo\niface lo inet loopback\n\nsource /etc/network/interfaces.d/*.cfg\n# what you add goes below here\nauto eth1\niface eth1 inet static\n address 10.151.18.123\n netmask 255.255.255.0\n broadcast 255.255.255.255 \n network 10.151.18.0\n\n\n\n\nubuntu:16.04 using only dhcp for two nics\n\n\nSo the example here is tested with eth0 and eth1 connected to\nbr0 and lxdbr1 respectively. You need post-up hooks for both eth0 and\neth1 inside the containers, in order to specify the default route, eth0 gets it's configuration\ndynamically by default from cloud-init. So disable cloud-init by\ncreating the following file on the container.\n\n\n# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg\nnetwork: {config: disabled}\n\n\n\n\nThen, on the container describe the interfaces.\n\n\n# /etc/network/interfaces\nauto lo\niface lo inet loopback\n\nauto eth1\niface eth1 inet dhcp\npost-up route del default dev eth1\n\nauto eth0\niface eth0 inet dhcp\npost-up route add default dev eth0 via 192.168.1.1\n\n\n\n\nand delete /etc/network/interfaces.d/50-cloud-init.cfg\n\n\nrm /etc/network/interfaces.d/50-cloud-init.cfg\n\n\n\n\nThe advantage to this scenario is now you can make copies of the container\nwithout having to update the network descriptions, because both interfaces\nwill solicit addresses via dhcp.\n\n\ndebian stretch\n\n\nThe configuration for a debian stretch container is the same, except the the file\n\n/etc/network/interfaces\n will also describe eth0, but you only have to add the \ndescription for eth1.\n\n\nsystemd-networkd\n\n\nThis seems to work.\n\n\n# eth0.network\n[Match]\nName=eth0\n\n[Network]\nDHCP=ipv4\n\n\n\n\n# eth1.network\n[Match]\nName=eth1\n\n[Network]\nDHCP=ipv4\n\n[DHCP]\nUseRoutes=false\n\n\n\n\nthe /etc/hosts file\n\n\nOnce you assign the containers static ip addresses for their \neth1\n\ninterfaces, you can use the \n/etc/hosts\n file on each container to make them\naware of where the other containers and the host machine are.\n\n\nFor instance, if you want the container \nquick-joey\n to talk directly\nto the host machine, which will be at the ip address of \nlxdbr1\n, start a shell\non the container \nquick-joey\n\n\nlxc exec quick-joey bash\n\n\n\n\nand edit \n/etc/hosts\n\n\n# /etc/hosts\n10.151.18.1 mothership\n\n\n\n\nOr you have a container named \nfat-cinderella\n, that needs to be able to talk\ndirectly \nquick-joey\n.\n\n\nlxc exec fat-cinderella bash\nvim /etc/hosts\n\n\n\n\n# /etc/hosts\n10.151.18.123 quick-joey\n\n\n\n\netcetera", "title": "LXD Container Home Server Networking For Dummies" }, { @@ -80,6 +80,11 @@ "text": "Create the exposed profile lxc profile copy natted exposed and edit the new exposed profile lxc profile edit exposed change the nictype for eth0 from bridged to macvlan , and the parent should be\nthe name of the physical ethernet connection on the host machine, instead of a bridge. config:\n environment.http_proxy: \"\"\n security.privileged: \"true\"\n user.network_mode: \"\"\ndescription: Exposed LXD profile\ndevices:\n eth0:\n nictype: macvlan\n parent: eno1\n type: nic\n eth1:\n nictype: bridged\n parent: lxdbr1\n type: nic\n root:\n path: /\n pool: default\n type: disk\nname: exposed\nused_by: [] Any container assigned to the exposed profile, will have an interface eth0 connected\nto a macvlan, addressable from your lan, just like any other arbitrary computer on\nyour home network, and a second interface eth1 connected to a non-natted subnet, with\na static ip on which it will be able to talk directly to the other containers and the host\nmachine.", "title": "profile the exposed" }, + { + "location": "/lxd_container_home_server_networking_for_dummies/#exposed-profile-with-a-regular-linux-br0-interface-bridge", + "text": "You can configure an Ubuntu server with a br0 interface # /etc/network/interfaces\nauto lo\niface lo inet loopback\n\n# br0 bridge in dhcp configuration with ethernet\n# port ens2 added to it.\nauto br0\niface br0 inet dhcp\n bridge_ports ens2\n bridge_stp off\n bridge_maxwait 0 and a cooresponding profile.... config: {}\ndescription: exposed LXD profile\ndevices:\n eth0:\n nictype: bridged\n parent: br0\n type: nic\n eth1:\n nictype: bridged\n parent: lxdbr1\n type: nic\n root:\n path: /\n pool: default\n type: disk\nname: exposed\nused_by: []", + "title": "exposed profile with a regular linux br0 interface bridge" + }, { "location": "/lxd_container_home_server_networking_for_dummies/#assign-containers-to-profiles-and-configure-them-to-connect-correctly", "text": "There are a lot of different ways that a Linux instance can solicit network services. So for\nnow I will just describe a method that will work here for a lxc container from ubuntu:16.04, as\nwell as a debian stretch container from images.linuxcontainers.org. Start a new container and assign the profile. We'll use an arbitrary whimsical container name, quick-joey . This process is the same for either the natted profile or the exposed profile. lxc init ubuntu:16.04 quick-joey\n# assign the profile\nlxc profile assign quick-joey exposed\n# start quick-joey\nlxc start quick-joey\n# and start a bash shell\nlxc exec quick-joey bash With either an ubuntu:16.04 container, or a debian stretch container, for either the natted or exposed profile, because of all the above configuration work they will automatically connect on\ntheir eth0 interfaces and be able to talk to the internet. You need to edit /etc/network/interfaces ,\nthe main difference being what that file looks like before you edit it. You need to tell these containers how to connect to the non-natted subnet on eth1 .", @@ -90,6 +95,11 @@ "text": "If you start a shell on an ubuntu:16.04 container, you see that /etc/network/interfaces \ndescribes the loopback device for localhost, then sources /etc/network/interfaces.d/*.cfg where\nsome magical cloud-config jazz is going on. You just want to add a static ip description for eth1 \nto the file /etc/network/interfaces . And obviously take care that the static ip address you assign is\nunique and on the same subnet with lxdbr1 . Reminder: the address for lxdbr1 is 10.151.18.1/24, (but it will be different on your machine). auto lo\niface lo inet loopback\n\nsource /etc/network/interfaces.d/*.cfg\n# what you add goes below here\nauto eth1\niface eth1 inet static\n address 10.151.18.123\n netmask 255.255.255.0\n broadcast 255.255.255.255 \n network 10.151.18.0", "title": "ubuntu:16.04" }, + { + "location": "/lxd_container_home_server_networking_for_dummies/#ubuntu1604-using-only-dhcp-for-two-nics", + "text": "So the example here is tested with eth0 and eth1 connected to\nbr0 and lxdbr1 respectively. You need post-up hooks for both eth0 and\neth1 inside the containers, in order to specify the default route, eth0 gets it's configuration\ndynamically by default from cloud-init. So disable cloud-init by\ncreating the following file on the container. # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg\nnetwork: {config: disabled} Then, on the container describe the interfaces. # /etc/network/interfaces\nauto lo\niface lo inet loopback\n\nauto eth1\niface eth1 inet dhcp\npost-up route del default dev eth1\n\nauto eth0\niface eth0 inet dhcp\npost-up route add default dev eth0 via 192.168.1.1 and delete /etc/network/interfaces.d/50-cloud-init.cfg rm /etc/network/interfaces.d/50-cloud-init.cfg The advantage to this scenario is now you can make copies of the container\nwithout having to update the network descriptions, because both interfaces\nwill solicit addresses via dhcp.", + "title": "ubuntu:16.04 using only dhcp for two nics" + }, { "location": "/lxd_container_home_server_networking_for_dummies/#debian-stretch", "text": "The configuration for a debian stretch container is the same, except the the file /etc/network/interfaces will also describe eth0, but you only have to add the \ndescription for eth1.", diff --git a/site/sitemap.xml b/site/sitemap.xml index 7abebd5..11bc1ea 100644 --- a/site/sitemap.xml +++ b/site/sitemap.xml @@ -4,7 +4,7 @@ / - 2018-02-18 + 2018-02-20 daily @@ -12,7 +12,7 @@ /apt_pinning_artful_aardvark_packages_in_xenial_xerus/ - 2018-02-18 + 2018-02-20 daily @@ -20,7 +20,7 @@ /lxd_container_home_server_networking_for_dummies/ - 2018-02-18 + 2018-02-20 daily @@ -28,7 +28,7 @@ /lxd_container_foo/ - 2018-02-18 + 2018-02-20 daily @@ -36,7 +36,7 @@ /how_to_reassign_a_static_ip_address_with_dnsmasq/ - 2018-02-18 + 2018-02-20 daily @@ -44,7 +44,7 @@ /serve_and_share_apps_from_your_phone_with_fdroid/ - 2018-02-18 + 2018-02-20 daily @@ -52,7 +52,7 @@ /nspawn/ - 2018-02-18 + 2018-02-20 daily @@ -60,7 +60,7 @@ /gentoo_lxd_container/ - 2018-02-18 + 2018-02-20 daily @@ -68,7 +68,7 @@ /mastodon_on_arch/ - 2018-02-18 + 2018-02-20 daily @@ -76,7 +76,7 @@ /debian_nspawn_container_on_arch_for_testing_apache_configurations/ - 2018-02-18 + 2018-02-20 daily @@ -84,7 +84,7 @@ /dynamic_cacheing_nginx_reverse_proxy_for_pacman/ - 2018-02-18 + 2018-02-20 daily @@ -92,7 +92,7 @@ /freebsd_jails_on_freenas/ - 2018-02-18 + 2018-02-20 daily @@ -100,7 +100,7 @@ /arch_redis_nspawn/ - 2018-02-18 + 2018-02-20 daily @@ -108,7 +108,7 @@ /arch_postgresql_nspawn/ - 2018-02-18 + 2018-02-20 daily @@ -116,7 +116,7 @@ /misc_tips_troubleshooting/ - 2018-02-18 + 2018-02-20 daily @@ -124,7 +124,7 @@ /self_signed_certs/ - 2018-02-18 + 2018-02-20 daily @@ -132,7 +132,7 @@ /selfoss_on_centos7/ - 2018-02-18 + 2018-02-20 daily @@ -140,7 +140,7 @@ /stupid_package_manager_tricks/ - 2018-02-18 + 2018-02-20 daily @@ -148,7 +148,7 @@ /stupid_kvm_tricks/ - 2018-02-18 + 2018-02-20 daily