Adding both bridged and local private networking in single host

Mark_Gerber · August 1, 2018, 10:50am

So I wanted to have a setup where, I have the host which has static IP. Some containers work as webservers - these have static ip. Other containers which for testing need local private subnet but need to NAT to access internet. My setup is xenial.

lxc --version
2.0.11

Step 1: Setup bridged for your for baremetal host with ethernet enp0s10

/etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto br0
iface br0 inet static 
           address public-ip.address
           netmask .....
           network ....
           broadcast  ....
           gateway ....
        # dns-* options are implemented by the resolvconf package, if installed
           dns-nameservers .............
           dns-search .............

##  bridge options
bridge_ports enp0s10
## auto enp2s0
iface enp0s10 inet manual

Step 2:
launch your container xenial-public . Attach
lxc config device add xenial-public eth3 nic name=eth3 nictype=bridged parent=br0

Step 3: Edit your container via lxc exec xenial-public bash to give it a different public ipaddress

/etc/network/interfaces.d/50-cloud-init.cfg
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
auto lo
iface lo inet loopback

# The primary network interface
auto eth3
iface eth3 inet static
               address public-ip.address
               netmask .....
               network ....
               broadcast  ....
               gateway ....
            # dns-* options are implemented by the resolvconf package, if installed
               dns-nameservers .............
               dns-search .............

Step 4: Go back to the host. Create a local lxdbr0 bridge. . This was necessary for me as I did not configure a lxdbr0 when doing lxd init.

sudo dpkg-reconfigure -p medium lxd
Answer names and range for private subnet.
Now launch any image, it will automagically get the local private subnet,
lxc launch ubuntu:xenial xenial-private

Did test this and works OK for me. Thanks (helped me migrate from Virtualbox).
One small question: will this work when I upgrade the host xenial to bionic. Will netplan do the magic?

simos · August 1, 2018, 11:03am

First of all, you can simplify the creation of public and nat containers by using profiles.
You can specify the appropriate profile when you create a new container and you can assign a profile to an existing container in order to change the network configuration.
See, for example, https://blog.simos.info/how-to-make-your-lxd-containers-get-ip-addresses-from-your-lan-using-a-bridge/

I am not sure if an upgrade to 18.04 will remove ifupdown even if there is existing network configuration in favor of netplan. I do not think there is a facility for the migration of old configuration to new configuration.
You can always revert to ifupdown in 18.04 by following the instructions at https://askubuntu.com/questions/1031709/ubuntu-18-04-switch-back-to-etc-network-interfaces

Ideally, it would be good to migrate to netplan.

If your server is critical, you can set up a new server with 16.04 and the configuration you describe above, then perform the upgrade and see what happens. If you do this, please report back.