Hello,
I recently upgraded the host of my lxc container from ubuntu 20.04 to ubuntu 22.04
After that, i wasn’t able to access dns from my container :
lxc_root@srv-nsi:~$ lxc-console jupyter
Welcome to Ubuntu 20.04.5 LTS (GNU/Linux 5.15.0-67-generic x86_64)
root@jupyter:/# ping google.com
ping: google.com: Temporary failure in name resolution
root@jupyter:/# ping 142.250.203.238
PING 142.250.203.238 (142.250.203.238) 56(84) bytes of data.
64 bytes from 142.250.203.238: icmp_seq=1 ttl=113 time=12.2 ms
64 bytes from 142.250.203.238: icmp_seq=2 ttl=113 time=12.0 ms
--- 142.250.203.238 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 11.974/12.091/12.208/0.117 ms
I tried to create another container to do some tests, but my new container doesn’t even have an ip address :
lxc_root@srv-nsi:~$ systemd-run --unit=my-unit --user --scope -p "Delegate=yes" -- lxc-create -t download -n test -- -d ubuntu -r focal -a amd64
Running scope as unit: my-unit.scope
The cached copy has expired, re-downloading...
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
---
You just created an Ubuntu focal amd64 (20230314_07:43) container.
To enable SSH, run: apt install openssh-server
No default root or user password are set by LXC.
lxc_root@srv-nsi:~$ lxc-start test
lxc_root@srv-nsi:~$ lxc-ls --fancy
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
jupyter RUNNING 1 - 10.0.3.2 - true
test RUNNING 0 - - - true
I followed all instructions in https://linuxcontainers.org/lxc/getting-started/
my config :
lxc_root@srv-nsi:~$ lxc-checkconfig
LXC version 5.0.0~git2209-g5a7b9ce67
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-5.15.0-67-generic
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
--- Control groups ---
Cgroups: enabled
Cgroup namespace: enabled
Cgroup v1 mount points:
/sys/fs/cgroup/systemd
/sys/fs/cgroup/cpu,cpuacct
/sys/fs/cgroup/net_cls,net_prio
/sys/fs/cgroup/blkio
/sys/fs/cgroup/hugetlb
/sys/fs/cgroup/perf_event
/sys/fs/cgroup/freezer
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/pids
/sys/fs/cgroup/memory
/sys/fs/cgroup/devices
/sys/fs/cgroup/rdma
/sys/fs/cgroup/misc
Cgroup v2 mount points:
/sys/fs/cgroup/unified
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, not loaded
--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities:
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
lxc_root@srv-nsi:~$ cat /etc/lxc/lxc-usernet
# USERNAME TYPE BRIDGE COUNT
lxc_root veth lxcbr0 10
lxc_root@srv-nsi:~$ cat /etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
lxc_root@srv-nsi:~$ cat /etc/default/lxc
# LXC_AUTO - whether or not to start containers at boot
LXC_AUTO="true"
# BOOTGROUPS - What groups should start on bootup?
# Comma separated list of groups.
# Leading comma, trailing comma or embedded double
# comma indicates when the NULL group should be run.
# Example (default): boot the onboot group first then the NULL group
BOOTGROUPS="onboot,"
# SHUTDOWNDELAY - Wait time for a container to shut down.
# Container shutdown can result in lengthy system
# shutdown times. Even 5 seconds per container can be
# too long.
SHUTDOWNDELAY=5
# OPTIONS can be used for anything else.
# If you want to boot everything then
# options can be "-a" or "-a -A".
OPTIONS=
# STOPOPTS are stop options. The can be used for anything else to stop.
# If you want to kill containers fast, use -k
STOPOPTS="-a -A -s"
USE_LXC_BRIDGE="false" # overridden in lxc-net
[ ! -f /etc/default/lxc-net ] || . /etc/default/lxc-net
lxc_root@srv-nsi:~$ cat /etc/default/lxc-net
# This file is auto-generated by lxc.postinst if it does not
# exist. Customizations will not be overridden.
# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
# containers. Set to "false" if you'll use virbr0 or another existing
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="true"
# If you change the LXC_BRIDGE to something other than lxcbr0, then
# you will also need to update your /etc/lxc/default.conf as well as the
# configuration (/var/lib/lxc/<container>/config) for any containers
# already created using the default config to reflect the new bridge
# name.
# If you have the dnsmasq daemon installed, you'll also have to update
# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
# container 'mail1' always get ip address 10.0.3.100.
#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
# to your system dnsmasq configuration file (normally /etc/dnsmasq.conf,
# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems that use NetworkManager).
# Once these changes are made, restart the lxc-net and network-manager services.
# 'container1.lxc' will then resolve on your host.
#LXC_DOMAIN="lxc"
I can’t find what I’m doing wrong.
Thanks in advance for any help.
[edit :] I managed to obtain a fixed IP address in my test container using netplan, but it doesn’t have a dns access neither. dhcp doesn’t seem to work for the containers.