I want to tweak the properties of network interface from within my Alpine container after startup. I verified that the command works from within the container, but I don’t know how to apply it during container startup. I tried the init directories/scripts without any luck.
Do you have any pointers on how to achieve that? I know Ubuntu containers have cloud-init, but I don’t think Alpine does.
I think the stock Alpine container images (such as images:alpine/3.6) do not have cloud-init.
You can verify by launching an Alpine container and checking if cloud-init is there.
A direction to solve this, would be to create an Alpine container image that supports cloud-init.
Have a look at this, https://blog.simos.info/how-to-create-a-minimal-container-image-for-lxc-lxd-with-distrobuilder/ which describes how to use the distrobuilder tool to re-create the Alpine container image.
You can build on that to add cloud-init support.
I think the issue (why Alpine wiki didn’t help) is that many of the usual startup hooks don’t fire in a container, since it doesn’t “boot” in the usual sense. That apparently includes the /etc/network/if-*.d/ directories, which might get processed if you created interfaces via /etc/network/interfaces, but not if LXD does the job from outside.
As a workaround, I enabled the local service:
alpine$: rc-update add local default
I then created a shell script /etc/local.d/some-script.start (hence the local service):
#!/bin/ash
ip (…) dev eth0 # modify veth endpoint created by LXD
Finally, chmod 755 some-script.start and you’re good to go.
Setting a static ip address this way works too; lxc ls will display it correctly. Haven’t tested thoroughly yet, but traffic over the bridge appears to be routed normally.
Small addendum in case anyone stumbles upon this; the following works with LXD-created (v)eth interfaces:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.0.3.50
netmask 255.255.255.0
gateway 10.0.3.1
It’s cruicial to note that CIDR (10.0.3.50/24) notation doesn’t work for Alpine’s implementation, so the deprecated netmask option has to be set instead.