LXD manually set IP for instance over a bridged network

yang · September 5, 2020, 8:36pm

I have created a simple network bridge on Ubuntu 20.04 using Netplan with the following configuration:

network:
 version: 2
 renderer: networkd
 ethernets:
   enp0s31f6:
     dhcp4: false
 bridges:
   br0:
     interfaces: [enp0s31f6]
     dhcp4: false
     addresses: [192.168.1.11/24]
     gateway4: 192.168.1.1
     nameservers:
       addresses: [1.1.1.1,8.8.8.8]

I then launch and attach the bridge as a device to a container, giving it a LAN IP:

$ lxc launch ubuntu:20.04 ubc1
$ lxc list
+------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| NAME |  STATE  |        IPV4         |                     IPV6                      |   TYPE    | SNAPSHOTS |
+------+---------+---------------------+-----------------------------------------------+-----------+-----------+
| ubc1 | RUNNING | 10.14.76.225 (eth0) | fd42:5d8b:fede:b425:216:3eff:fe59:477d (eth0) | CONTAINER | 0         |
+------+---------+---------------------+-----------------------------------------------+-----------+-----------+

$ lxc config device add ubc1 eth0 nic nictype=bridged parent=br0
$ lxc list
+------+---------+---------------------+------+-----------+-----------+
| NAME |  STATE  |        IPV4         | IPV6 |   TYPE    | SNAPSHOTS |
+------+---------+---------------------+------+-----------+-----------+
| ubc1 | RUNNING | 192.168.1.14 (eth0) |      | CONTAINER | 0         |
+------+---------+---------------------+------+-----------+-----------+

After this initial setup I would like to give my ubc1 container a new IP, say for example 192.168.1.18, how would I go about doing this?

I have tried setting the IPV4 address on the device and restarting the container without much luck:

$ lxc config device set ubc1 eth0 ipv4.address 192.168.1.18
$ lxc restart ubc1
$ lxc list
+------+---------+---------------------+------+-----------+-----------+
| NAME |  STATE  |        IPV4         | IPV6 |   TYPE    | SNAPSHOTS |
+------+---------+---------------------+------+-----------+-----------+
| ubc1 | RUNNING | 192.168.1.14 (eth0) |      | CONTAINER | 0         |
+------+---------+---------------------+------+-----------+-----------+

All help would be appreciated.

cemzafer · September 5, 2020, 9:02pm

Hi @yang,
Could you try like that? The following command change the ip address of the ubc1 container.

lxc config device override ubc1 eth0 ipv4.address=192.168.1.18

Or, you can remove the eth0 device first and add the eth0 device like this,

lxc config device add ubc1 eth0 nic nictype=bridged parent=br0 ipv4.address=<ip_addr>

Regards.

yang · September 5, 2020, 9:33pm

HI @cemzafer thank you for your answer, I have tried as suggested but the IP address remains the same, could it have anything to do with my local DHCP server?

simos · September 6, 2020, 2:23am

In LXD you can have managed and unmanaged networks. If the network is unmanaged, it just means that LXD does not manage it. Hence, LXD would not know information about the IP address, etc.
You have a case of unmanaged network (br0), in addition to a managed network (lxdbr0).

You can view what LXD considers as managed and unmanaged, if you run lxc network list.

About bridged networking, also see https://blog.simos.info/how-to-make-your-lxd-containers-get-ip-addresses-from-your-lan-using-a-bridge/ In your case, you already created the bridge. You then need to setup some LXD profile that can attach the bridge to a container. Or use the instruction shown above by @cemzafer.

yang · September 6, 2020, 10:23am

Thank you for the clarification, it seems my solution to changing the IP of the container using an unmanaged bridge would be to SSH into the container and change the network settings from within.

yang · September 6, 2020, 1:07pm

While on the topic, is it possible to have an LXD managed bridge that assigns IPs to containers from the LAN?

simos · September 6, 2020, 4:04pm

Alternatively, you could create a proxy device that would sort-of enable port-forwarding for connections reaching to the host, getting forwarded to the container.
See, for example, How to use the LXD Proxy Device to map ports between the host and the containers – Mi blog lah! Requires LXD 3.0 or newer.

The very latest LXD, LXD 4.5, is able to create a managed macvlan. That is, the container is accessible from the LAN but the IP address it takes, has been provided by LXD. See more at LXD 4.4 has been released (managed macvlan).

All in all, I suggest the proxy device, possibly with the NAT option.

yang · September 7, 2020, 9:19am

We are looking for a solution where the containers are in the same LAN where the host lives and we can assign them IPs from the LAN, what would be the best solution?

simos · September 7, 2020, 11:46am

You can setup the DHCP server of the LAN to assign static IP addresses to the containers.
Instead of an LXD issue, it becomes a router issue and your router handles the IP addresses.

yang · September 7, 2020, 12:28pm

Thank you for answering. Our most important scenario is static assignement of public IPs to our containers - those IPs belong to the same network where the host lives and should be transparently available (bridged) to the containers. What would be the recommended LXD configuration for this?

simos · September 7, 2020, 4:52pm

I assume your host is connected to the LAN with an Ethernet card (and not a WiFi adapter).
In that case, you can use either a bridge or macvlan. Between the two, macvlan has the feature that the containers will not be able to access the host over the network. Due to this, macvlan is probably not what you would like to use.

See, for example, https://blog.simos.info/how-to-make-your-lxd-containers-get-ip-addresses-from-your-lan-using-a-bridge/ In effect, you have created already the bridge on your host and it is supposed to be working fine. Then, you create a LXD profile with the bridge configuration, and finally create containers using that LXD profile (or apply the profile to an existing container).

yang · September 7, 2020, 5:53pm

Yes, the host is connected through Ethernet.

In the given scenario, how would you manage static IPs?

I currently have a bridge that has been applied to a profile as specified and when applied to containers they get their respective LAN IPs and are working fine.

However I would also like to set a static LAN IP for certain containers. Could you give any advice on this scenario?

simos · September 7, 2020, 7:38pm

I see that the terminology is actually different.
If your router is DLink, see DHCP Reservation in https://www.linksys.com/us/support-article?articleNum=137180

yang · September 7, 2020, 10:23pm

Thank you again for answering.

In our particular case it is a datacenter public network, where there is no DHCP and ranges of IPs have to be assigned statically. Can LXD manage these settings somehow?

simos · September 8, 2020, 5:18am

I see.

You can create LXD profiles for each container so that they their network configuration from cloud-init instructions.

Or you can setup a DHCP server on the host to cater for the containers. This would be a separate DHCP server from the one of LXD, and would bind on the bridge.

Or, you can try managed macvlan with LXD 4.5 or newer.