Outils pour utilisateurs


https://www.flockport.com/enable-lxc-networking-in-debian-jessie-fedora-and-others/

Enable LXC neworking in Debian Jessie

The LXC packages in Ubuntu ships enable LXC networking properly. This is basically done by a init script called lxc-net which setups the lxcbr0 bridge and a number of iptables rule to set up networking. The Flockport LXC packages for Wheezy do the same.

Debian Jessie ships with an updated version of LXC 1.06 but does not set up the LXC networking by default. Neither so the Fedora or CentOS LXC packages.

Debian Jessie

It's actually quite simple and we will show you how. First download the lxc-net script here and follow the instructions below.

apt-get install lxc dnsmasq-base bridge-utils
touch /etc/default/lxc
touch /etc/lxc/dnsmasq.conf
echo 'USE_LXC_BRIDGE="true"' > /etc/default/lxc
cp lxc-net /etc/init.d/
chmod +x /etc/init.d/lxc-net
systemctl enable lxc-net
systemctl start lxc-net
systemctl status lxc-net

To ensure containers created have the lxcbr0 bridge enabled by default add the config below to /etc/lxc/default.conf

lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx

And that's it. This should enable the lxcbr0 bridge which will be available for container networking.

le fameux script lxc-net

#!/bin/sh
### BEGIN INIT INFO
# Provides:             lxc-net
# Required-Start:       $syslog $remote_fs
# Required-Stop:        $syslog $remote_fs
# Should-Start:
# Should-Stop:
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Linux Containers Network Configuration
# Description:          Linux Containers Network Configuration
# X-Start-Before:
# X-Stop-After:
# X-Interactive:        
### END INIT INFO

# Ubuntu's lxc-net upstart config adopted for Debian by Flockport.com
# original author: Serge Hallyn <serge.hallyn@canonical.com>

USE_LXC_BRIDGE="false"
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
LXC_DHCP_CONFILE="/etc/lxc/dnsmasq.conf"
varrun="/var/run/lxc"
LXC_DOMAIN="lxc"

. /lib/lsb/init-functions

start() {
    [ -f /etc/default/lxc ] && . /etc/default/lxc

    [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; }

    if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
        if [ ! -f ${varrun}/network_up ]; then
            # bridge exists, but we didn't start it
            exit 0;
        fi
        exit 0;
    fi

    cleanup() {
        # dnsmasq failed to start, clean up the bridge
        iptables -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
        iptables -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
        iptables -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
        iptables -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
        iptables -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
        iptables -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
        iptables -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
        iptables -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
        ifconfig ${LXC_BRIDGE} down || true
        brctl delbr ${LXC_BRIDGE} || true
    }

    # set up the lxc network
    brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; exit 0; }
    echo 1 > /proc/sys/net/ipv4/ip_forward
    mkdir -p ${varrun}
    ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
    iptables -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
    iptables -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
    iptables -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
    iptables -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
    iptables -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
    iptables -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
    iptables -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
    iptables -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill

    LXC_DOMAIN_ARG=""
    if [ -n "$LXC_DOMAIN" ]; then
        LXC_DOMAIN_ARG="-s $LXC_DOMAIN"
    fi
    dnsmasq $LXC_DOMAIN_ARG -u dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
    touch ${varrun}/network_up
}

stop() {
    [ -f /etc/default/lxc ] && . /etc/default/lxc
    [ -f "${varrun}/network_up" ] || exit 0;
    # if $LXC_BRIDGE has attached interfaces, don't shut it down
    ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;

    if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
        ifconfig ${LXC_BRIDGE} down
        iptables -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
        iptables -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
        iptables -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
        iptables -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
        iptables -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
        iptables -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
        iptables -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
        iptables -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
	pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
        rm -f ${varrun}/dnsmasq.pid
        brctl delbr ${LXC_BRIDGE}
    fi
    rm -f ${varrun}/network_up
}

case "${1}" in
    start)
        log_daemon_msg "Starting Linux Containers"

        start
        ;;

    stop)
        log_daemon_msg "Stopping Linux Containers"

        stop
        ;;

    restart|force-reload)
        log_daemon_msg "Restarting Linux Containers"

        stop
        start
        ;;
esac