In the previous article I discussed about some basic LXC networking concepts. In this article I’ll discuss about the LXC configuration files that play a key role in automated provisioning of the interfaces and bridges.
Who Tells LXC to Create lxcbr0 ?
The answer is: /var/lib/lxc/test-container/config. The file has several sections and the networking section at the bottom of the file is what we are interested in.
$ sudo cat /var/lib/lxc/test-container/config # Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu # Parameters passed to the template: # For additional config options, please look at lxc.container.conf(5) # Common configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf # Container specific configuration lxc.rootfs = /var/lib/lxc/test-container/rootfs lxc.mount = /var/lib/lxc/test-container/fstab lxc.utsname = test-container lxc.arch = amd64 # Network configuration lxc.network.type = veth lxc.network.flags = up lxc.network.link = lxcbr0 lxc.network.hwaddr = 00:16:3e:b4:86:23
This is a container specific configuration file. There is a global or default configuration file at “/etc/lxc/default.conf” used by a container in the absence of a container specific configuration file.
$ cat /etc/lxc/default.conf lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:xx:xx:xx
Who configures the IP address for the lxcbr0 ? Who specifies the DHCP range for the containers connected to lxcbr0 ? For this we need to look at file: /etc/init/lxc-net.conf
$ cat /etc/init/lxc-net.conf description "lxc network" author "Serge Hallyn <email@example.com>" start on starting lxc stop on stopped lxc env USE_LXC_BRIDGE="true" env LXC_BRIDGE="lxcbr0" env LXC_ADDR="10.0.3.1" env LXC_NETMASK="255.255.255.0" env LXC_NETWORK="10.0.3.0/24" env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" env LXC_DHCP_MAX="253" env LXC_DHCP_CONFILE="" env varrun="/run/lxc" env LXC_DOMAIN="" ... ...
In addition to the lxcbr0 settings, the above file also programs the iptables with NAT rules(masquerade)such that the container can talk to the outside world or internet.
$ sudo iptables --list -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 10.0.3.0/24 !10.0.3.0/24 $
Interface Configuration Files:
The interface specific configurations are stored in /etc/network/interface. You can edit this file to make changes to the interface configuration. In the example below, eth0 is configured to use DHCP to talk to lxcbr0, acting as DHCP server, to get its IP address. However, if you want to assign a static IP address to the test-container, you may edit the file to do so. Changes to this file are carried across container reboot.
root@test-container:/# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp
To configure static IP address on eth0 change the eth0 configuration in the file to some like this:
... auto eth0 iface eth0 inet static address 10.0.3.124 gateway 10.0.3.1 netmask 255.255.255.0 ...