LXD host cannot see port/services of the containers

sarlacpit · November 11, 2019, 5:01pm

I have seen some historical answers to this question though I am not sure they are relevant
I have a lxd server with several containers using macvlans so the rest of my network can see them and they are working fine. The paradox is that that i require the lxd server to also utilise the container services.
An example, I have a AAA server which lxd needs to see and it cannot, it think it’s down. Everythibng else on the network can see it. Do I have to do some funky stuff to get it to work or is this a limitation of the kernel?

Many thanks

stgraber · November 11, 2019, 8:30pm

It’s a kernel limitation of macvlan.
https://linuxcontainers.org/lxd/docs/master/containers#bridged,-macvlan-or-ipvlan-for-connection-to-physical-network

gpatel-fr · November 11, 2019, 9:33pm

you can make it work by removing the ip address from the physical device (but keeping it up) and creating a macvlan on it, on which you can attribute the original ip address. It does not work with netplan AFAIK, so if you have a distro with netplan you have to remove it and install ifupdown. If your computer is a workstation and as such uses network-manager it begins to be a bit funky indeed.

simos · November 11, 2019, 10:40pm

The alternative is to use a bridge, as in

devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: bridge0
    type: nic

You need to create the bridge (bridged0) on the host yourself, and attach it to a network interface.

sarlacpit · November 13, 2019, 11:30am

Thanks for your replies. Sorry for my delayed response.
I’ll work around it as suggested.