How to use proxy vip in lxd

Ham · November 30, 2021, 7:04pm

Hi,
I am a newbie.

I created an lxc containers, but the network connectivity to the outside world through proxy is not working. . I defined the proxy up using lxc config core https_proxy parameter but still not working. Is there any other alternate way to define proxy in lxc? So that all containers should reach the external URLs via proxy.

tomp · December 1, 2021, 8:52am

Please show lxc config show <instance> --expanded and sudo ss -tlpn on the host and inside the instance.

Ham · December 2, 2021, 12:21pm

@tomp ,
Please find the output below. I am not able to reach the outside world using the proxy server from the lxc containers.

I am trying to bootstrap a juju controller using the localhost cloud lxd. I set the proxies for the juju, snap, and also for the current shell. Also per the document included the no_proxy variable also.

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 20 :22222 : users:((“tcpserver”,pid=1117,fd=3))
LISTEN 0 128 127.9.8.7:33327 : users:((“signalfx-agent”,pid=6936,fd=14))
LISTEN 0 5 127.0.0.1:12019 : users:((“python”,pid=1094,fd=13))
LISTEN 0 128 :12020 : users:((“python”,pid=1094,fd=12))
LISTEN 0 32 10.15.182.1:53 : users:((“dnsmasq”,pid=17351,fd=7))
LISTEN 0 5 10.254.165.1:53 : users:((“dnsmasq”,pid=30005,fd=7))
LISTEN 0 128 127.9.8.7:44597 : users:((“signalfx-agent”,pid=6936,fd=7))
LISTEN 0 128 :22 : users:((“sshd”,pid=1836,fd=3))
LISTEN 0 128 127.0.0.1:8095 : users:((“signalfx-agent”,pid=6936,fd=8))
LISTEN 0 128 :::22 ::: users:((“sshd”,pid=1836,fd=4))
LISTEN 0 128 :::9080 ::: users:((“signalfx-agent”,pid=6936,fd=10))
LISTEN 0 128 :::8443 ::: users:((“lxd”,pid=17107,fd=23))

lxc config show
config:
core.https_address: ‘[::]’
core.proxy_http: http://80
core.proxy_https: http://***:80
core.trust_password: true

tomp · December 2, 2021, 1:17pm

What about the other command I asked for? And the output of ss -tlpn inside the container?

Ham · December 6, 2021, 1:39pm

Hi @tomp ,

Please find the output below
lxc config show juju-6dd654-0 --expanded
architecture: x86_64
config:
boot.autostart: “true”
image.architecture: amd64
image.description: ubuntu 16.04 LTS amd64 (release) (20211001)
image.label: release
image.os: ubuntu
image.release: xenial
image.serial: “20211001”
image.type: squashfs
image.version: “16.04”
security.nesting: “true”
user.juju-controller-uuid: cd30c744-b4a8-4
user.juju-is-controller: “true”
user.juju-model-uuid: f238bbc
user.user-data: |
#cloud-config
output:
all: ‘| tee -a /var/log/cloud-init-output.log’
runcmd:
- set -xe
- install -D -m 644 /dev/null ‘/var/lib/juju/nonce.txt’
- printf ‘%s\n’ ‘user-admin:bootstrap’ > ‘/var/lib/juju/nonce.txt’
ssh_keys:
rsa_private: |
-----BEGIN RSA PRIVATE KEY-----
***********************************
-----END RSA PRIVATE KEY-----
rsa_public: |
ssh-rsa

users:
- groups:
  - adm
  - audio
  - cdrom
  - dialout
  - dip
  - floppy
  - netdev
  - plugdev
  - sudo
  - video
  lock_passwd: true
  name: ubuntu
  shell: /bin/bash
  ssh-authorized-keys:
  - ssh-rsa

    Juju:juju-client-key
  sudo:
  - ALL=(ALL) NOPASSWD:ALL

volatile.base_image: 712a5836865525eecd8b429afa7430e8a2480aeff68804c59a0524dc8b7683ab
volatile.eth0.host_name: veth3d2b78e3
volatile.eth0.hwaddr: 00:16:3e:99:09:62
volatile.idmap.base: “0”
volatile.idmap.current: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.idmap.next: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.idmap: ‘[{“Isuid”:true,“Isgid”:false,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000},{“Isuid”:false,“Isgid”:true,“Hostid”:1000000,“Nsid”:0,“Maprange”:1000000000}]’
volatile.last_state.power: RUNNING
volatile.uuid: 0394915a-2141-4531-bd14-0ce309b340e7
devices:
eth0:
name: eth0
network: lxdbr1
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:

default
juju-controller
stateful: false
description: “”

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 12****: 36381 : users:(("",pid=1957,fd=22))
LISTEN 0 128 127.0.0.1:8095 : users:(("",pid=1957,fd=16))
LISTEN 0 128 127.0.0.1:8000 : users:((“python3”,pid=29402,fd=5),(“python3”,pid=2591,fd=5),(“python3”,pid=2587,fd=5))
LISTEN 0 128 127.0.0.1:8002 : users:((“python3”,pid=29436,fd=5),(“python3”,pid=2637,fd=5),(“python3”,pid=2636,fd=5))
LISTEN 0 128 :9443 : users:((“nginx”,pid=1901,fd=8),(“nginx”,pid=1900,fd=8),(“nginx”,pid=1899,fd=8))
LISTEN 0 128 127.0.0.1:8005 : users:((“python3”,pid=29477,fd=5),(“python3”,pid=2674,fd=5),(“python3”,pid=2673,fd=5))
LISTEN 0 128 127.0.0.1:11211 : users:((“memcached”,pid=2749,fd=26))
LISTEN 0 128 12*:40075 : users:((“",pid=1957,fd=7))
LISTEN 0 20 :22222 : users:((“tcpserver”,pid=1406,fd=3))
LISTEN 0 32 10.22.38.1:53 : users:(("**",pid=5074,fd=7))
LISTEN 0 32 10.250.62.1:53 : users:((“dnsmasq”,pid=25103,fd=7))
LISTEN 0 128 :22 : users:((“sshd”,pid=2811,fd=3))
LISTEN 0 128 127.0.0.1:8089 : users:((“thttpd”,pid=8322,fd=0))
LISTEN 0 128 :::80 ::: users:((“nginx”,pid=29551,fd=3),(“nginx”,pid=2737,fd=3))
LISTEN 0 128 :::22 ::: users:((“sshd”,pid=2811,fd=4))
LISTEN 0 128 :::8088 :::* users:((“docker-proxy”,pid=3534,fd=4))
LISTEN 0 128 :::9080 :::* users:((”*****: pid=1957,fd=13))
LISTEN 0 128 :::8443 ::: users:((“lxd”,pid=4571,fd=22))

State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :22 : users:((“sshd”,pid=410,fd=3))
LISTEN 0 128 :::22 ::: users:((“sshd”,pid=410,fd=4))
root@juju-6dd654-0:~#

tomp · December 7, 2021, 1:41pm

The https_proxy config option only affects LXD’s outbound requests, not outbound requests from the containers.

You can set an environment variable normally to get your container’s applications to use a proxy.

Ham · December 7, 2021, 3:08pm

Thanks for time @tomp,
Even I tried to set environment variables inside the containers, but it didn’t work. I noticed I am not able to ping the proxy from inside the container thought the proxy is reachable from my server.
Even I checked with proxy and firewall team for any blocks, all traffics are allowed.

I installed lxd using snap and initalised using lxd init using below values.

lxd init
Would you like to use LXD clustering? (yes/no) [default=no]: no
Do you want to configure a new storage pool? (yes/no) [default=yes]: no
Would you like to connect to a MAAS server? (yes/no) [default=no]: no
Would you like to create a new local network bridge? (yes/no) [default=yes]: yes
What should the new bridge be called? [default=lxdbr0]: lxdbr4
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: none
Would you like the LXD server to be available over the network? (yes/no) [default=no]: yes
Address to bind LXD to (not including port) [default=all]: all
Port to bind LXD to [default=8443]: 8443
Invalid input: Can’t bind address “[::]:8443”: listen tcp 0.0.0.0:8443: bind: address already in use

Port to bind LXD to [default=8443]: 8445
Trust password for new clients:

I also noticed the lxd default profile, the network type is not marked as bridge. I edited the configuration, it went through the proxy and did the update, but again it got failed. Now, it again throws me the error, proxy is not reachable.
config: {
description: Default LXD profile
devices:
eth0:
name: eth0
network: lxdbr1
type: nic
root:
path: /
pool: default
type: disk
name: default
used_by:

/1.0/instances/juju-ea38ed-0
/1.0/instances/juju-e34205-0
/1.0/instances/juju-682068-0

can you guide me on this ?