I can confirm for Fedora 34, network is completely borked indeed. In my case, my issue come from the fact that /sys doesn’t seems to be mounted read-only inside the container (a systemd requirement as described here https://systemd.io/CONTAINER_INTERFACE). Therefore, there is udevd triggered and everything goes wrong.
I fixed it by adding the following configuration in my profiles to force /sys to be mounted RO :
config:
raw.lxc: lxc.mount.auto=sys
As described in the documentation : sys:mixed (or sys): mount /sys as read-only but with /sys/devices/virtual/net writable.
See the line after you typed dnf update? Where it says CentOS Linux 8 - AppStream? That means you are running CentOS 8 Stream. Networking is currently borked (not working) in CentOS 8 Stream containers. Normal CentOS 8 containers work fine and can be installed with: lxc launch images:centos/8 centos-8
I just spent a week trying to figure out how I screwed up a new LXD install, only to figure out I did nothing wrong and CentOS 8 Stream containers don’t currently work. My new test procedure after an LXD install is to run:
lxc image list images: | grep -v cloud | grep -Po '^\| \K[^ ]+(?=.+x86_64.+CONTAINER)' | sed 'h;s#[^[:alnum:]]#-#g;x;G;s/\n/ /;s/^ */images:/' | xargs -n2 lxc launch
lxc list
lxc stop --all
This will install all popular distros and show me which ones got IPs and which ones shutdown correctly. If many containers work correctly, then my LXD install is probably fine. This also lets me open bug reports for those that don’t get both IPv4 and IPv6 addresses and shut down correctly so they can be fixed before I need them.
If you have less than 32GB RAM, watch your utilization and stop the above before it completes if necessary. Check the ones that are running, shut them all down, and then rerun the first command and it will continue where it left off without restarting the ones you already tested.
To delete all containers: lxc delete $(lxc list -c n --format csv)
CentOS 8 containers can be upgraded to Stream and will continue to work as long as you don’t let NetworkManager be updated. Just add exclude=NetworkManager* to /etc/yum.conf before running:
in CentOS7 container same problem:
$ You just created a Centos 7 x86_64 (20210509_07:08) container.
No network:
$ ip addr add 10.0.3.101/24 dev eth0
$ ip route add default via 10.0.3.1 dev eth0
$ ip route
default via 10.0.3.1 dev eth0
10.0.3.0/24 dev eth0 proto kernel scope link src 10.0.3.101
$ cat /etc/resolv.conf
nameserver 8.8.8.8
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=112 time=16.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=112 time=17.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=112 time=33.4 ms
It is LXC4 problem (settings, template…). LXC3 worked fine (but it had some problem). There is usually problem at new version (after upgrade).
Could anybody show a sample dnsmasq config?
/etc/lxc/dnsmasq.conf
/etc/dnsmasq.conf
Default no ip, no route.
Manualy it works except DNS.
# in container:
$ ip addr add 10.0.3.100/24 dev eth0
$ ip route add default via 10.0.3.1 dev eth0
$ ip route
default via 10.0.3.1 dev eth0
10.0.3.0/24 dev eth0 proto kernel scope link src 10.0.3.100
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=17.3 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=18.5 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=54 time=23.0 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=54 time=45.2 ms
# in container:
$ vi /etc/systemd/resolved.conf
DNS=8.8.8.8
# container restart
$ cat /etc/resolv.conf
nameserver 8.8.8.8
search .
$ ping ns.google.com
ping: ns.google.com: Name or service in unknown
Can anybody help?
Fedora34 container:
$ ip a
2: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:5a:0e:a2 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.102/24 brd 10.0.3.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe5a:ea2/64 scope link
valid_lft forever preferred_lft forever
$ ip r
default via 10.0.3.1 dev eth0 proto static
10.0.3.0/24 dev eth0 proto kernel scope link src 10.0.3.102
$ systemd-resolve --status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: uplink
Current DNS Server: 8.8.8.8
DNS Servers: 8.8.8.8
Link 2 (eth0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 8.8.4.4
DNS Servers: 8.8.8.8 8.8.4.4
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=112 time=24.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=112 time=23.4 ms