Unable to assign IP address to the LXC container

Extron · January 23, 2024, 12:23pm

Hey, LXC beginner here. Whenever I create a container IP address is not assigned and I have tried assigning a static IP to the container. I have tried assigning it through config file

# Template used to create this container: /usr/share/lxc/templates/lxc-busybox
# Parameters passed to the template:
# Template script checksum (SHA-1): 21abc1440b73cdb95d96d5459b27c3a87df9976f
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)

lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:a1:a2:45
lxc.net.0.ipv4.gateway = 10.0.3.1
lxc.net.0.ipv4.address = 10.0.3.6/24
lxc.rootfs.path = dir:/var/lib/lxc/fih_lxc/rootfs
lxc.signal.halt = SIGUSR1
lxc.signal.reboot = SIGTERM
lxc.uts.name = "fih_lxc"
lxc.tty.max = 1
lxc.pty.max = 1
lxc.cap.drop = sys_module mac_admin mac_override sys_time

# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.apparmor.profile = unconfined

lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry = shm /dev/shm tmpfs defaults 0 0
lxc.mount.entry = /lib lib none ro,bind 0 0
lxc.mount.entry = /usr/lib usr/lib none ro,bind 0 0
lxc.mount.entry = /lib64 lib64 none ro,bind 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none ro,bind,optional 0 0

ifconfig output is

enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.209.0.124  netmask 255.255.255.0  broadcast 10.209.0.255
        inet6 fe80::fd68:9c90:17b1:4656  prefixlen 64  scopeid 0x20<link>
        ether 30:d0:42:f8:1c:43  txqueuelen 1000  (Ethernet)
        RX packets 572678  bytes 620169154 (620.1 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 280336  bytes 45411659 (45.4 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0x70900000-70920000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 65852  bytes 7722713 (7.7 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 65852  bytes 7722713 (7.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lxcbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:16:3e:00:00:00  txqueuelen 1000  (Ethernet)
        RX packets 918  bytes 159756 (159.7 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 193  bytes 25864 (25.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethG87TFQ: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fced:bdff:febe:edc7  prefixlen 64  scopeid 0x20<link>
        ether fe:ed:bd:be:ed:c7  txqueuelen 1000  (Ethernet)
        RX packets 412  bytes 133320 (133.3 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 35  bytes 5066 (5.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

IP a command

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 30:d0:42:f8:1c:43 brd ff:ff:ff:ff:ff:ff
    inet 10.209.0.124/24 brd 10.209.0.255 scope global dynamic noprefixroute enp0s31f6
       valid_lft 25208sec preferred_lft 25208sec
    inet6 fe80::fd68:9c90:17b1:4656/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff
35: vethG87TFQ@if34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxcbr0 state UP group default qlen 1000
    link/ether fe:ed:bd:be:ed:c7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::fced:bdff:febe:edc7/64 scope link 
       valid_lft forever preferred_lft forever

Let me know if there is anything else required.

stgraber · January 23, 2024, 2:42pm

Those config keys pre-configure the network namespace of the container.
If the container then has software inside of it which configures network on boot, this may get overriden.

Often a better solution is to instead rely on static DHCP leases.
This is covered here: Linux Containers - LXC - Getting started

Extron · January 24, 2024, 6:10am

I followed what was shared in the DHCP section. Here is the SOP:

root@rndterminal-01:~# sed -i 's|^#LXC_DHCP_CONFILE=.*$|LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf|' /etc/default/lxc-net
root@rndterminal-01:~# echo "dhcp-host=fih_lxc,10.209.0.100" >>/etc/lxc/dnsmasq.conf
root@rndterminal-01:~# service lxc-net restart
root@rndterminal-01:~# systemctl status lxc-net.service
● lxc-net.service - LXC network bridge setup
   Loaded: loaded (/lib/systemd/system/lxc-net.service; enabled; vendor preset: enabled)
   Active: active (exited) since Wed 2024-01-24 11:37:04 IST; 4s ago
  Process: 26944 ExecStop=/usr/lib/x86_64-linux-gnu/lxc/lxc-net stop (code=exited, status=0/SUCCESS)
  Process: 26974 ExecStart=/usr/lib/x86_64-linux-gnu/lxc/lxc-net start (code=exited, status=0/SUCCESS)
 Main PID: 26974 (code=exited, status=0/SUCCESS)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/lxc-net.service
           └─27041 dnsmasq --conf-file=/etc/lxc/dnsmasq.conf -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --listen-address 10.0.3.1 --dhcp-range 10.0.3.2,10.0.3.254 --dh

Jan 24 11:37:04 rndterminal-01.fih.gd lxc-net[26974]: iptables: No chain/target/match by that name.
Jan 24 11:37:04 rndterminal-01.fih.gd lxc-net[26974]: iptables: No chain/target/match by that name.
Jan 24 11:37:04 rndterminal-01.fih.gd dnsmasq[27041]: started, version 2.79 cachesize 150
Jan 24 11:37:04 rndterminal-01.fih.gd dnsmasq[27041]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC loop-detect inotify
Jan 24 11:37:04 rndterminal-01.fih.gd dnsmasq-dhcp[27041]: DHCP, IP range 10.0.3.2 -- 10.0.3.254, lease time 1h
Jan 24 11:37:04 rndterminal-01.fih.gd dnsmasq-dhcp[27041]: DHCP, sockets bound exclusively to interface lxcbr0
Jan 24 11:37:04 rndterminal-01.fih.gd dnsmasq[27041]: reading /etc/resolv.conf
Jan 24 11:37:04 rndterminal-01.fih.gd dnsmasq[27041]: using nameserver 127.0.0.53#53
Jan 24 11:37:04 rndterminal-01.fih.gd dnsmasq[27041]: read /etc/hosts - 8 addresses
Jan 24 11:37:04 rndterminal-01.fih.gd systemd[1]: Started LXC network bridge setup.

root@rndterminal-01:~# lxc-stop fih_lxc
root@rndterminal-01:~# lxc-start fih_lxc
root@rndterminal-01:~# lxc-ls --fancy
NAME     STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED 
fih_lxc  RUNNING 0         -      -    -    false        
fih_lxc1 STOPPED 0         -      -    -    false        
vas_lxc  STOPPED 0         -      -    -    false        
root@rndterminal-01:~# 
root@rndterminal-01:~# lxc-ls --fancy
NAME     STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED 
fih_lxc  RUNNING 0         -      -    -    false        
fih_lxc1 STOPPED 0         -      -    -    false        
vas_lxc  STOPPED 0         -      -    -    false

stgraber · January 24, 2024, 6:19am

What’s running in your container?

I wonder if it’s simply that busybox doesn’t bring up networking on startup.
The busybox template is extremely bare.

Did you test with a more full fledged distro like:

lxc-create -t download -n foo -- -d ubuntu -r jammy -a amd64
lxc-start -n foo

Extron · January 24, 2024, 6:31am

I’m using busybox for my project purposes. Are there any specific instructions for busybox containers

stgraber · January 24, 2024, 1:51pm

You may need to manually run a DHCP client inside the busybox container to have it get an IP address.

Extron · January 25, 2024, 6:09am

I have assigned the IP address using these commands

~ # udhcpc
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending select for 10.0.3.132
udhcpc: lease of 10.0.3.132 obtained, lease time 3600
~ # ifconfig eth0 10.209.0.135 netmask 255.255.255.0 up 
~ # route add default gw 10.209.0.1

As the gateway address mentioned above, how do I check whether the IP address assigned is working?
I tried to ping 8.8.8.8 but there’s no response.
ifconfig in the container

eth0      Link encap:Ethernet  HWaddr 00:16:3E:F0:43:98  
          inet addr:10.209.0.135  Bcast:10.209.0.255  Mask:255.255.255.0
          inet6 addr: fe80::216:3eff:fef0:4398/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:141 errors:0 dropped:0 overruns:0 frame:0
          TX packets:64 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:17369 (16.9 KiB)  TX bytes:9532 (9.3 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:47 errors:0 dropped:0 overruns:0 frame:0
          TX packets:47 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4200 (4.1 KiB)  TX bytes:4200 (4.1 KiB)

Extron · January 25, 2024, 7:32am

I was able to assign the IP address through lxcbr0

lxcbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.3.1  netmask 255.255.255.0  broadcast 0.0.0.0
        inet6 fe80::216:3eff:fe00:0  prefixlen 64  scopeid 0x20<link>
        ether 00:16:3e:00:00:00  txqueuelen 1000  (Ethernet)
        RX packets 148  bytes 19456 (19.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 263  bytes 36974 (36.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I used something like
ifconfig eth0 10.0.3.2 netmask 255.255.255.0 up and route add default gw 10.0.3.1
now I can ping the containers.

I can only ping the host and container, but I cannot ping 8.8.8.8. Could this be because my workplace has filtering options?

stgraber · January 25, 2024, 3:48pm

It’s quite possible that you have some kind of firewall on your host system which prevents routing the traffic out.

It’s also not impossible that your workplace firewall could interfere.

If you can ping 8.8.8.8 properly from the host system but not from a container, then I’d suggest looking at iptables/nft rules on the host system to make sure no firewall is getting in the way.

If the host also can’t ping 8.8.8.8, then it’s something outside of your system, likely your work firewalling it off.

Extron · January 29, 2024, 12:00pm

I was able to ping through the host, What changes can I make to fix this issue?

Also, I have to assign the IP address whenever I’m rebooting the host. Is there a way where I don’t have to assign an IP address to the container whenever I restart the host?