Containers not getting ipv4

Hello i have a small Qustion.
I Guess i am doing something wrong but not sure what.

So i Create a New Network with
lxc network create lxd
Then i add that to a Profile as lxd0 and restart the containers. They will get an ipv6 but not a ipv4 address. I tryed to enable ipv4.dhcp and dhcp range but that didnt help either.

Hi!

When you create a managed network (as you did with lxc network created lxd0), you get a DHCP server from LXD (not a system DHCP server).
If you have some other DHCP server on your host, it may conflict with the one by LXD.

So, show us the output of

  1. lxc network list
  2. lxc network show lxd0
  3. sudo lsof -i :53 (on the host)

Thanks for the answer. Here is what you neded.
Im not sure if its a bug or just me

    config:
    ipv4.address: 10.154.214.1/24
    ipv4.nat: "true"
    ipv6.address: fd42:4f83:c0f1:edef::1/64
    ipv6.nat: "true"
    description: ""
    name: lxd0
    type: bridge
    used_by: []
    managed: true
    status: Created
    locations:
    - master1
+------+----------+---------+-------------+---------+---------+
| NAME |   TYPE   | MANAGED | DESCRIPTION | USED BY |  STATE  |
+------+----------+---------+-------------+---------+---------+
| eth0 | physical | NO      |             | 0       |         |
+------+----------+---------+-------------+---------+---------+
| lxd0 | bridge   | YES     |             | 0       | CREATED |
+------+----------+---------+-------------+---------+---------+

and there is no ouput on lsof -i
also have deleted all Containers since they werent working

I assume that you are using Ubuntu, and have either the deb package of LXD, or the snap package of LXD. If that is not the case, then tell us.

The command to show (on the host) what processes are listening on port 53 (domain), is the following.

sudo lsof -i :53 

If you do not get anything in the output, then something is wrong.
You might get Command not found or something. If you get that, you are supposed to sudo apt install lsof.

What Linux distribution are you using for the container?

I am using Ubuntu 19.10 and here is the output.

COMMAND    PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    systemd-r  663 systemd-resolve   12u  IPv4  31267      0t0  UDP localhost:domain
    systemd-r  663 systemd-resolve   13u  IPv4  31268      0t0  TCP localhost:domain (LISTEN)
    dnsmasq   1448             lxd    8u  IPv4  36347      0t0  UDP ubu01:domain
    dnsmasq   1448             lxd    9u  IPv4  36348      0t0  TCP ubu01:domain (LISTEN)
    dnsmasq   1448             lxd   10u  IPv6  36349      0t0  UDP ubu01:domain
    dnsmasq   1448             lxd   11u  IPv6  36350      0t0  TCP ubu01:domain (LISTEN)
    dnsmasq   1448             lxd   12u  IPv6  36351      0t0  UDP ubu01:domain
    dnsmasq   1448             lxd   13u  IPv6  36352      0t0  TCP ubu01:domain (LISTEN)
    dnsmasq   7757             lxd    8u  IPv4  49314      0t0  UDP ubu01:domain
    dnsmasq   7757             lxd    9u  IPv4  49315      0t0  TCP ubu01:domain (LISTEN)
    dnsmasq   7757             lxd   10u  IPv6  49316      0t0  UDP ubu01:domain
    dnsmasq   7757             lxd   11u  IPv6  49317      0t0  TCP ubu01:domain (LISTEN)
    dnsmasq   7757             lxd   12u  IPv6  49318      0t0  UDP ubu01:domain
    dnsmasq   7757             lxd   13u  IPv6  49319      0t0  TCP ubu01:domain (LISTEN)

I also tried my steps in the test area of LXD but same resulPreformatted textt cannot get an ip address. Im prety sure i am doing something wrong. What did i do. Create new network. network to profile, add profile to new container. No IP, set ipv4.dhcp, no ip, edited network and added parent eth0, no ip. What am i doing wrong?

Please can you show output of:

lxc config show <container> --expanded

Thanks

Here you go. Didnt know you could look at it thanks for the tip!

architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 18.04 LTS amd64 (release) (20200129.1)
  image.label: release
  image.os: ubuntu
  image.release: bionic
  image.serial: "20200129.1"
  image.type: squashfs
  image.version: "18.04"
  volatile.base_image: 9e7158fc0683d41f7f692ce8b17598716d7eee925c6a593432df59488bf4131f
  volatile.eth0.host_name: maceb847ce2
  volatile.eth0.hwaddr: 00:16:3e:41:e8:cb
  volatile.eth0.last_state.created: "false"
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
  volatile.lxd0.host_name: vethd558a5d4
  volatile.lxd0.hwaddr: 00:16:3e:25:97:2b
  volatile.lxd0.name: eth1
  volatile.test.host_name: veth6393cf99
  volatile.test.hwaddr: 00:16:3e:3b:1e:5b
  volatile.test.name: eth2
devices:
  eth0:
    name: eth0
    nictype: macvlan
    parent: eth0
    type: nic
  lxd0:
    nictype: bridged
    parent: lxd0
    type: nic
  root:
    path: /
    pool: local
    type: disk
  test:
    nictype: bridged
    parent: test
    type: nic
ephemeral: false
profiles:
- default
- land
stateful: false
description: ""

The container gets three network interfaces,

  1. eth0 (macvlan), which must get an IP address from your host’s network, and cannot get it from an LXD managed network.
  2. lxd0 (bridged to an interface lxd0 , LXD should give an IP address here), and
  3. test (that must exist on the host and have a dedicated independent DHCP server already running, because there is no managed LXD network with the name test).

Therefore, for eth0 with macvlan to work, your computer should not connect to the network with WIFI because WIFI security (WPA) does not allow more than one MAC address to connect to the WiFI router. In addition, if you use LXD inside a virtual machine (KVM, VMWare, VirtualBox), it will probably not work because by default because these virtualization environment require specific configuration for macvlan.

The interface lxd0 should work and get an IP address, but I do not know whether the container sticks to the first network interface (which cannot get an IP address) and ignores the rest. This is up to the container image, and whether it tries to use DHCP only for the eth0, or tries all available interfaces.

The interface test should give you the error Error: Common start logic: Failed to start device ‘test’: Parent device ‘test’ doesn’t exist if there is not test network interface on the host.

I suggest to clean up the list of network interfaces.
If you read a guide on setting up network interfaces for LXD, which one was it? We might be able to help get it better by explaining more about network interfaces.

Thanks! I tried it on my productin system with no macvlan only a bridge and it worked. I Guess what you were saying is kinda the key. My only remaining question is why this still did not work in the testing enviorment of LXD since it gets an ip address over MCVLAN but not over a second connected bridge.

I Have read this guide:
https://lxd.readthedocs.io/en/latest/networks/
And i have also gone through some of your guides.

I also have one small question, I can add a conection to a container via:

lxc config device add proxy myport80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80

is it posible to set

listen=tcp:0.0.0.0:9999 connect=10.10.10.2:80

as of the container? since i have multiple game server which i want to put into containers and dont want to screw with the config. Like in Docker port forwarding?

For the first question, it is up to the container image whether it will try to DHCP the configuration of an interface. The instructions are found in /etc/netplan/. I think the default is to do just eth0.
You can affect this file and make Ubuntu to get an IP address from additional interfaces by using cloud-init in your LXD profile. The configuration you will put in the LXD profile will make it into the netplan configuration in the container. It is really neat.

On the second question, you want to specify the allocated IP of the container instead of localhost?
You can definitely do so, but I think it is cleaner to use the localhost. Because if the IP address changes, you do not need to edit the proxy device. It is a matter of personal preference in the end.

Thanks, What i was trying to do yesturday to give a container a Public IPV6 that didnt seem to work. I cant just add a proxy since i want every container to have their owen public ipv6? Is that currently posible?

As well as using the proxy, there are several options for getting public IPs into containers (which the proxy doesn’t really achieve, as the source address of outbound connections from the container will not use the public IP):

  • MACVLAN: This requires either manual config of IPs inside the container, or SLAAC/DHCPv6 to be running on the parent network. It also does not allow the container to communicate with the host, and will require the parent network port to allow multiple MAC addresses (which some ISPs do not allow).
  • IPVLAN: This requires static address configuration and cannot use SLAAC/DHCPv6, like MACVLAN it does not allow the container to talk to the host, but unlike MACVLAN, the containers will share the parent port’s MAC address.
  • Routed: This required static address configuration (like IPVLAN), but does allow the container to talk to the host, and like IPVLAN will share the parent port’s MAC address.
  • Bridged: This requires some more complex setup, but if you create a new bridge and connect the parent port to it, then multiple containers can also be connected to the bridge which will act like a ‘switch’. This allows the containers to talk to the host, and will support SLAAC/DHCPv6. However like MACVLAN, the parent network port will need to support multiple MAC addresses.

The default bridged network created by lxd, called lxdbr0 works like the last option, but because it is not connected to the wider parent network, your containers will not get public IPs, and will re-use the host’s IP for outbound connections (NAT).

So you can see that there are various options, but the best option will depend on your requirements and any restrictions that your network provider enforces.

Thanks!