LXD Newbie - setting up public ip

I´m completely new to Linux containers and i just wanted to figure out what is the best common way to set public static ip´s for my containers?
I´m using a root server and my LXD version is 2.0.11 on 16.04.2-Ubuntu. I have a few more public IP´s available: 138.201.151.XX/29
At the moment i created a subnet with lxdbr0 for the public ip´s and use the LXD_CONFILE="/etc/default/dns.conf" to attach always the same IP.

But in general i don’t want that. I just would like to attach each ip statically to each container. What would be the right approach to do that?

Thank you for help!

Look at this: Another 'networking issue' or 'how to connect containers to more than one network using a bridge or macvlan'

I think bridge or macvlan mode could be worth what you need.

Once the mode is configurate and the container created, you can configure the IP via /etc/network/interfaces (inside the container)

Salutes!

yes it works - i tested it in my local LAN. Thank you!

Now will test it on the root server. In general I understand the most important thing is to set the interfaces file correctly. Do you think I can just copy the entries of eth0 over to br0 and comment out the eth0 entries? I want to avoid to block myself from the rootserver because i dont have physical access to the machine.

If you use macvlan mode you do not have to change the network config in the host (you create a macvlan profile, assign it to the containers and config the network inside container). I have read that macvlan is faster than bridge but the host can’t communicate with his containers. Look at Macvlan vs network bridge

In Another ‘networking issue’ or ‘how to connect containers to more than one network using a bridge or macvlan’ you can see an interfaces file that I have used in several Ubuntu 16.04 hosts without problems (previously I installed the bridge-utils and verify the interface’s name). I can not assure 100% that you have no problems; but you can ask the hosting company if they have any limitations regarding the use of containers and bridge mode (or macvlan).

thank you mgregal for the help. Im just struggeling with the bridged network now and want to make it running. Maybe later I will also test macvlan but now i want to make the bridge runing before.

On the host the bridge is allready running fine but the containers i cant “convince” to get an ip with the new profile. Something I´m doing wrong - probably its the ip configuration inside the container or the profile is wrong. br0 is comming up fine and eth0 is using it. The containers are also running with the old profile and br0. But as I change the profile the container is not getting the IP adress.

maybe you can see an error in my config? I will post the files here:

This is my interfaces file from the host:

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto br0
iface br0 inet static
address 136.243.106.231
netmask 255.255.255.192
gateway 136.243.106.193
dns-nameservers 8.8.8.8 8.8.4.4
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
up route add -net 136.243.106.192 netmask 255.255.255.192 gw 136.243.106.193 dev eth0

iface eth0 inet6 static
address 2a01:4f8:171:fe6::2
netmask 64
gateway fe80:

This is the bridge profile

config:
environment.http_proxy: “”
user.network_mode: “”
description: LXD profile for bridge
devices:
eth0:
name: eth0
nictype: bridged
parent: br0
type: nic
name: bridge
used_by:

This is the interfaces file on the guest:

auto lo
iface lo inet loopback

iface etho inet static
address 138.201.151.51/29
gateway 136.243.106.231
dns-nameservers 8.8.8.8 8.8.4.4

Maybe the etho in the interfaces life on the container should be eth0
auto lo
iface lo inet loopback

iface etho inet static  <---- eth0
address 138.201.151.51/29
gateway 136.243.106.231
dns-nameservers 8.8.8.8 8.8.4.4

Is the right gateway? The container is in the net 138.201.151.48/29 and the gateway is 136.243.106.231 (another network). I think his gateway should be a host directly accessible

Oh yes this is a typo :-). But its still not getting an ip

Its insteresting that the eth0 in the container doesnt get an Ip at all:

root@XXXX:~# ifconfig -a
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::216:3eff:fe2d:2b0a  prefixlen 64  scopeid 0x20<link>
        ether 00:16:3e:2d:2b:0a  txqueuelen 1000  (Ethernet)
        RX packets 46  bytes 3124 (3.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13  bytes 2361 (2.3 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Put auto eth0:
auto lo
iface lo inet loopback

auto eth0 <--------- 
iface eth0 inet static  
address 138.201.151.51/29
gateway 136.243.106.231
dns-nameservers 8.8.8.8 8.8.4.4

Hm ok i added also auto eth0. But eth0 in the contaier still has no ip (output form ifconfig -a). As if the settings in container/etc/network/interfaces would not affect the eth0 interface.

its silly because if i use the default profile the eth0 interface in the container gets an ip independently what is set in the inetrfaces file on the container:

eth0 from the cotainer with profile “default” is set

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 138.201.151.51  netmask 255.255.255.248  broadcast 138.201.151.55
        inet6 fd43:1f19:80ac:e49c:216:3eff:fe2d:2b0a  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::216:3eff:fe2d:2b0a  prefixlen 64  scopeid 0x20<link>
        ether 00:16:3e:2d:2b:0a  txqueuelen 1000  (Ethernet)
        RX packets 48  bytes 9938 (9.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 65  bytes 5567 (5.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Can you put the default profile?

Proof this:

1. stop the container
2. lxc assign default,bridge <-- assigns two profiles. You can change the list of profiles which apply to a given container and the overlapping parameters will take a value from the last applied profile.
3. start the container and verify if container has IP and connection

Maybe i should delete the lxdbr0 bridge?

$ ifconfig -a
br0       Link encap:Ethernet  HWaddr f8:32:e4:71:a1:d8
          inet addr:136.243.106.231  Bcast:136.243.106.255  Mask:255.255.255.192
          inet6 addr: fe80::fa32:e4ff:fe71:a1d8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5756 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6807 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:833070 (833.0 KB)  TX bytes:5281455 (5.2 MB)

eth0      Link encap:Ethernet  HWaddr f8:32:e4:71:a1:d8
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7681 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6898 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1023461 (1.0 MB)  TX bytes:5297509 (5.2 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:968 (968.0 B)  TX bytes:968 (968.0 B)

lxdbr0    Link encap:Ethernet  HWaddr fe:a8:91:87:55:2f
          inet addr:138.201.151.49  Bcast:0.0.0.0  Mask:255.255.255.248
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:3389 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3996 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4972396 (4.9 MB)  TX bytes:700742 (700.7 KB)

vethD3HALI Link encap:Ethernet  HWaddr fe:a8:91:87:55:2f
          inet6 addr: fe80::fca8:91ff:fe87:552f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:249 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1214 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:17932 (17.9 KB)  TX bytes:310556 (310.5 KB)

vethUCBS8R Link encap:Ethernet  HWaddr fe:79:9d:59:a2:2c
          inet6 addr: fe80::fc79:9dff:fe59:a22c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17 errors:0 dropped:0 overruns:0 frame:0
          TX packets:181 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3183 (3.1 KB)  TX bytes:11362 (11.3 KB)

OK I assigned the two profiles but the container doesnt get an IP adress.

$ sudo lxc list
+------+---------+-----------------------+-----------------------------------------------+------------+-----------+
| saul | RUNNING |                       |                                               | PERSISTENT | 1         |
+------+---------+-----------------------+-----------------------------------------------+------------+-----------+

It isn’t necessary delete but I would change the values for lxdbr0 (to not use the same network for lxdbr0 and for containers in bridge mode with br0).

Lxdbr0 is like a NAT network in Virtualbox; that is to say, containers in that network will receive a IP via an internal dhcp server (lxd do this) and they will be able to access internet via iptables (doing SNAT through the public IP of the host). Services running in those container only will be accessible via iptables DNAT. You can see NAT rules via: sudo iptables -t nat -L -n . In my computer:
manuel@pcmanuel:~$ sudo iptables -t nat -L -n
[sudo] password for manuel:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  10.0.0.0/24         !10.0.0.0/24          /* generated for LXD network lxdbr0 */

You can change the lxdbr0 values with: lxc network edit lxdbr0

I have a bridge br0 and lxdbr0 without problems (and even more internal networks). Some containers work in bridge mode with br0 (they require a real IP config for the lan network) and others in bridge mode with lxdbr0.

OK i edited the /etc/default/lxd-bridge file manually (lxc network command is missing in lxd 2.0 i guess) and restarted the bridge. Now the container is getting an IP from 10.0.8.0/24 range in default profile. But it didnt solved the problem. The container doesnt still get an IP with bridge profile attached.

this is also my default profile:

config:
  environment.http_proxy: ""
  user.network_mode: ""
description: Default LXD profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
name: default
used_by: []

I also created a macvlan profile now. But the container also doesnt get an IP.

Container interfaces file:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
   address 138.201.151.50/29   <--- My subnet wit pubic IP´s
   gateway 136.243.106.231   <--- IP Adress of the Host
   dns-nameservers 8.8.8.8 8.8.4.4

Host interfaces file:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto eth0
iface eth0 inet static
  address 136.243.106.231   <--- Host public IP
  netmask 255.255.255.192
  gateway 136.243.106.193
  up route add -net 136.243.106.192 netmask 255.255.255.192 gw 136.243.106.193 dev eth0

iface eth0 inet6 static
  address 2a01:4f8:171:fe6::2
  netmask 64
  gateway fe80::1

macvlan profile

config:
  environment.http_proxy: ""
  user.network_mode: ""
description: LXD macvlan profile
devices:
  eth0:
    name: eth0
    nictype: macvlan
    parent: eth0
    type: nic
name: macvlan
used_by: []

default profile

config:
  environment.http_proxy: ""
  user.network_mode: ""
description: Default LXD profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
name: default
used_by: []

Hi,

I tried your profiles and interface file in my computer and they worked (both the macvlan profile and bridge profile). Both the host and container are Ubuntu 16.04.4 LTS.

My lxd version is 2.21 from backports repositories

oh thats cool :-D. Thank you! Unfortunately here its not working! Struggeling all the time but have no idea at the moment where is the bug. Maybe it has to do with network settings of my hoster? This is a root server from hetzner.de (no virtual machine). Another probem might be that the IP of the host bridge br0 is not in the subnet which I use for the containers?

server IP is 136.243.106.231
gateway 136.243.106.193

ip´s for the container: 138.201.151.48/29

@simos has a lot of tutorials about LXD and two of them are about Hetzner:

Maybe, you see something we do not see.

Another probem might be that the IP of the host bridge br0 is not in the subnet which I use for the containers?

No, in labs with my pupils I have a bridge br0 and I created a lot of containers with IPs from different networks. The container should catch the IP, netmask, gateway and dns from interface file. The only thing I see strange is the gateway for the container ( 136.243.106.231) because it’s in a different network.