LXC on CentOS

Finally put LXC network to pass, do not know right, remember

It's all the same place at first.

Yum Install Libcgroup LXC lxc-templates

Installing LXC Cgroup

Then remember

Chkconfig--level 345 libcgroup on Cgroup always start

Add a bridge

Ifcfg-eth0 changed to the following

Device= "Eth0"
onboot= "Yes"
Type=ethernet
Ipv6init=no
Userctl=no
Bridge=virbr0
Create a new ifcfg-virbr0 with the following content

Device=virbr0
Type=bridge
Bootproto=static
dns1=192.168.8.254
gateway=192.168.8.254
ipaddr=192.168.8.50
netmask=255.255.255.0
Onboot=yes
Restart the bridge and it will be created.

And then

Lxc-create-n testcentos-t CentOS

Create a container with CentOS as a template

And then

Vi/var/lib/lxc/testcentos/config

Lxc.network.type = Veth
Lxc.network.flags = up
Lxc.network.link = Virbr0
LXC.NETWORK.HWADDR = Fe:7c:d6:5a:ed:10
Lxc.network.ipv4 = 192.168.8.55/24
Lxc.network.ipv4.gateway = 192.168.8.50
Lxc.network.name = eth0
Lxc.rootfs =/var/lib/lxc/testcentos/rootfs

When it's finished.

Cat/var/lib/lxc/testcentos/tmp_root_pass

Take a look at the root password

And then

Lxc-start-n testcentos-d

Start the container, and

Lxc-console-n Testcentos

Landing container

After logging in, the problem comes, what about the network? I've been doing this for a long

Sysctl net.ipv4.ip_forward=1

Turn forwarding on

Then iptables set a rule

Iptables-t nat-a postrouting-o eth0-s 192.168.8.55-j Masquerade

There was a problem with the rule, a bit of a problem at the beginning, and later changed to

Iptables-t nat-a postrouting-o virbr0-s 192.168.8.55-j Masquerade

There's no problem, it's weird. Don't understand why. But it's just a guarantee of access to the lab's external network, and the lab's internal network is still out of the way.

Finally ping the lab internal address in the container, and then dump the ICMP packet on the VIRBR0

Tcpdump-n-I virbr0 ICMP

Found no packet passed, and then found a problem with the routing in the container.

destination     gateway         Genmask          flags Metric ref    use Iface
192.168.8.0    *                255.255.255.0 uh     0      0        0 eth0
Link-local       *                255.255.0.0     u     1002   0         0 eth0
default         192.168.8.50     0.0.0.0         ug    0       0        0 eth0
means that the IP of all 192.168.8.0 network segments does not need to be forwarded directly to be accessed. This is wrong, and finally in

Vi/var/lib/lxc/testcentos/config

Change the IP of the container to Lxc.network.ipv4 = 192.168.8.55/32

And get rid of the/etc/sysconfig/network-scripts/ifcfg-eth0 inside the container netmask

Finally, we have access to it.

A few questions, why I do not see a similar approach on all documents, everyone is redirected directly to Eth0 finished?

In addition, the IP settings inside the container are not the same as others. Maybe everyone else is adding a subnet?

In any case, this container can be used, given his excellent computational performance

LXC on CentOS