...
| Code Block | ||
|---|---|---|
| ||
# Creates a macvlan interface called macvlan0 without an IP address iface mvlan0 inet manual pre-up ip link add mvlan0 link eth0 address 8a:38:2a:cc:d7:aa type macvlan mode bridge post-down ip link del macvlan0 auto mvlan0 |
Notice that the MAC address is locally generated. This interface is actually not directly used and the MAC address will not actually register with anything. I am uncertain if it matter, so I have put in a static rather than generated MAC address out of preference (I don't like the idea of it changing on every boot). Not using a MAC address at all here might work. Let me know.
This macvlan0 is a placeholder on the host that will be used by a container interface. I have only purchased one additional static IP address so not all scenarios are tested. Please fill out the chart if you can,
| # | Host | container1 | container2 | Results |
|---|---|---|---|---|
| 1 | mvlan0 | connect to mvlan0 with static-IP-1 with container2 off | connect to mvlan0 with static-IP-1 with container1 off | success |
| 2 | mvlan0 | connect to mvlan0 with static-IP-1 with container2 on | connect to mvlan0 with static-IP-2 with container1 on | Not sure... I need to buy another static IP to test |
Scenario 1 basically shows that a macvlan in the host may be used by multiple containers as long as one is off.
Scenario 2 may or may not in which case we would want to create a scenario 3 by adding an additional macvlan mvlan1.
Connect Container to macvlan on Host
...
| Code Block | ||
|---|---|---|
| ||
# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu # Parameters passed to the template: # For additional config options, please look at lxc.container.conf(5) # Common configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf # Container specific configuration lxc.rootfs = /var/lib/lxc/web/rootfs lxc.mount = /var/lib/lxc/web/fstab lxc.utsname = web lxc.arch = amd64 # Network configuration # macvlan for external IP lxc.network.type = macvlan lxc.network.macvlan.mode = bridge lxc.network.flags = up lxc.network.link = mvlan0 # Hardware address was generated during container creation so leave whatever is there alone. lxc.network.lxc.network.hwaddr = 00:16:3e:8d:4f:51 lxc.network.name = eth0 # Interface using LXC dhcp to communicate with other containers lxc.network.type = veth lxc.network.flags = up lxc.network.link = lxcbr0 lxc.network.hwaddr = 00:16:3e:91a2:7b7d:4f54 lxc.network.name = eth0eth1 |
This tells tells the container to use the macvlan network interface mvlan0 which we created in the host and in turn map it to the container's eth0 interface.
...
I generated a new MAC address here by creating a temporary container, copying the mac address and then destroying the container. The LXC mac address looks like a universally administered number which worked with my hosting provider. For some reason the locally administered did not appear to work (I'll need to do one more test again when time permits to confirm).
There is a command line way of generating an LXC mac address this (actually documented somewhere in this LXC documentation) but I have not had a chance to try it.
Also, note that I kept the automatically generated interface eth0 and renamed it eth1. This will allow the container to communicate to other containers who are using the LXC DHCP provided IP address in the internal LXC network.
| Note |
|---|
There is probably a way to setup the static ip address here in this config file for the container. I am pretty sure I saw an option. However, in the vein of individual container control, I would rather set that at the container level using steps outlined below. |
The last step is to Next, modify the interfaces file within the container to your selected static IP address. I find the fastest is from within the Host OS using root, /var/lib/lxc/<container name>/rootfs/etc/network/interfaces which in this case would be, /var/lib/lxc/web/rootfs/etc/network/interfaces,
| Code Block | ||
|---|---|---|
| ||
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 64.73.220.117 gateway 64.73.220.1 netmask 255.255.255.0 dns-nameservers 216.15.129.205 216.15.129.206 206 auto eth1 iface eth1 inet dhcp |
Above we now have to interfaces. That static is the public IP address purchased called eth0 and second is the internal LXC assigned address.
Update dnsmasq
Make sure to check your dnsmasq and make modifications accordingly. Using the example since we modified a container that was already using dnsmasq we needed to change the original /etc/lxc/dnsmasq.conf,
| Code Block | ||
|---|---|---|
| ||
# Specify static IPs per container name or mac address.
# Addresses should be outside of range in /etc/default/lxc-net (10.0.3.100 to 10.0.3.254)
dhcp-host=web,10.0.3.10
dhcp-host=app,10.0.3.20
dhcp-host=database,10.0.3.30 |
The new file looks like this,
| Code Block | ||
|---|---|---|
| ||
# Specify static IPs per container name or mac address.
# Addresses should be outside of range in /etc/default/lxc-net (10.0.3.100 to 10.0.3.254)
dhcp-host=00:16:3e:a2:7d:54,10.0.3.10
dhcp-host=app,10.0.3.20
dhcp-host=database,10.0.3.30 |
The container called "web" now has two interfaces. In order for dnsmasq to know which interface to use you must specify the mac address.
Multiple Interfaces
In most cases you will want multiple interfaces. In this example, we built a front-end container called "web", gave it a public IP address using mavlan. In addition, we create an "app" container which has an lxc internal IP address. In order for web and app to communicate, web must have a second interface that also uses an lxc provided internal IP address.
...