Setting up remote lxd & copy over a local container

LXD
1

Continuing the discussion from Backup the container and install it on another server:

  • I want to move a container from my local host (lxd 3.11 from snap) to a new remote cloud server (running lxd 3.0.3-0ubuntu1~18.04.1).
  • The local host has a dynamic ip, the remote host lives on a hetzner cloudserver and has a static ip. For now, this only has to work once, so I don’t think the dynamic IP of my local host is much of a problem.

Now based on the linked Topic I assume there are 3 steps involved on my local lxd host

1. basic settings

lxc config set core.https_address [local-public-ip]
lxc config set core.trust_password SOME-PASSWORD

2. adding the remote

lxc remote add [remote-name] [remote-public-ip]

2. copy my local container to the remote

lxc copy CONTAINER_NAME/SNAPSHOT_NAME target:CONTAINER_NAME

now with the first action I am running into an error where I have used the public ip addresse I found in my router’s settings (which is a dynamoc ip I assume)

lxc config set core.https_address [xx.yyy.zzz.xx]
Error: cannot listen on https socket: listen tcp [xx.yyy.zzz.xx]:8443: bind: cannot assign requested address

can’t make much of that error. Can someone help?

2

solved this bit. It did not work due to this problem. After dis-/enableing the lxd snap I can set the IP address.

however I am facing a connection problem with the remote IP now

lxc remote add hetzner [xx.yyy.zzz.xxx]
Generating a client certificate. This may take a minute...
Error: Get https://[xx.yyy.zzz.xxx]:8443: Unable to connect to: [xx.yyy.zzz.xxx]:8443
3

Can you do a quick test and telnet from the source host towards the IP / port of the destination server?
You might want to check firewall or routing towards your destination server.

4

I haven’t used telnet before much and it’s long ago, so I hope this is correct

telnet [95.yyy.zzz.149] 8443
Trying [95.yyy.zzz.149]...
telnet: Unable to connect to remote host: Connection refused

getting the same “Unable to connect to remote host: Connection refused” error, when I use the blank IP without specifying any port (telnet [95.yyy.zzz.149])

5

I assume you are not adding the [ and ] ?

I would double check on the destination host if you have any rules that might be blocking.
First check that indeed LXD is listening on the correct IP / interface:

sudo netstat -ltpn | grep lxd

Check any firewall rules that might be blocking:
sudo iptables -S
sudo iptables -t nat -S

6

sudo netstat -ltpn | grep lxd

turns back empty

~# sudo iptables -S

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lxdbr0 -p tcp -m tcp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A INPUT -i lxdbr0 -p udp -m udp --dport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A FORWARD -o lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A FORWARD -i lxdbr0 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p tcp -m tcp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 53 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
-A OUTPUT -o lxdbr0 -p udp -m udp --sport 67 -m comment --comment "generated for LXD network lxdbr0" -j ACCEPT
root@ubuntu-2gb-hel1-1:~# 
root@ubuntu-2gb-hel1-1:~# 
root@ubuntu-2gb-hel1-1:~# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s 10.58.20.0/24 ! -d 10.58.20.0/24 -m comment --comment "generated for LXD network lxdbr0" -j MASQUERADE

iptables -t nat -S

-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s 10.58.20.0/24 ! -d 10.58.20.0/24 -m comment --comment "generated for LXD network lxdbr0" -j MASQUERADE

ufw is disabled

7

So it seems that LXD is not listening on the interface, can you try to restart the lxd snap with sudo snap restart lxd and run sudo netstat -ltpn | grep lxd to see if it is now listening?
If not can you share lxc config show.

8

its not the snap lxd on the remote server. so I did a systemctl restart lxd

after which nothing has changed in regards to

now

~# lxc config show

config: {}

and (as we are at it)

:~# lxc profile show default

config: {}
description: Default LXD profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: lxdbr0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:
- /1.0/containers/[my-container]
9

should I run the commands …

lxc config set core.https_address [local-public-ip]
lxc config set core.trust_password SOME-PASSWORD

…on the remote as well?

10

Should be only necessary on the remote where you are trying to copy your local container to.

11

well, that’s exactly where I haven’t done it yet because it sounded as if you had to process this on the local server). Will try that and report back once done. thx thus far

12

after I have applied the

lxc config set core.https_address [local-public-ip]
lxc config set core.trust_password SOME-PASSWORD

on my remote server, I got an error on the lxc copy

lxc copy [container]/[snapshot] [remote-host]:[container-name]

Error: Failed container creation: Error transferring container data: Unable to connect to: 78.xxx.yyy.76:8443

78.xxx.yyy.76 is my local hosts public IP which I had set with the core.https:address command earlier

EDIT:
on my local host

sudo netstat -ltpn | grep lxd
tcp6       0      0 :::34207                :::*                    LISTEN      29941/lxd

so this wants to talk to IPv6?