| View previous topic :: View next topic |
| Author |
Message |
alinefr
Tux's lil' helper
Joined: 05 Jul 2009
Posts: 113
Location: São Paulo, Brasil
|
 Posted: Wed Oct 07, 2015 9:40 pm Post subject: Gentoo host for vagrant-lxc |
 |
|
As a developer I've got used to vagrant way of doing things. Also, as most of stuff I develop for are to be run on ubuntu or RH servers I can made my life easier building it straight on those environments. But running vagrant on virtualbox is too resource intensive. So why not run it as a container? That's why I like lxc. It took me a while to get a working NAT network setup, and could not find any gentoo tutorial, so this DOC may help any newcomers.
Vagrant-LXC for gentoo hosts
1. Make sure your kernel are configured for BRIDGE, IPTABLES and NAT
| Code: |
[*] Networking support --->
Networking options --->
<M> 802.1d Ethernet Bridging
[*] IGMP/MLD snooping
[*] VLAN filtering
<M> 802.1Q/802.1ad VLAN Support
[*] Network packet filtering framework (Netfilter) --->
<M> Bridged IP/ARP packets filtering
Core Netfilter Configuration --->
{M} Netfilter Xtables support (required for ip_tables)
IP: Netfilter Configuration --->
<M> IPv4 connection tracking support (required for NAT)
-M- IPv4 NAT
-M- IPv4 masquerade support
<M> IP tables support (required for filtering/masq/NAT)
<M> Packet filtering
<M> iptables NAT support
<M> MASQUERADE target support
|
2. You need to install vagrant. Is better to get the latest binary version. So you need layman.
| Code: |
sudo layman -a johu
sudo emerge -av vagrant-bin
|
You may need to unmask vagrant-bin either by executing dispatch-conf or manually editing package.keywords.
3. We also need bridge-utils, dnsmasq, iptables and lxc
| Code: |
sudo emerge -av bridge-utils dnsmasq iptables redir lxc
|
You could use any private IP range. Is better to choose an uncommon one and of course, different than your home/work network. So I did choose 10.0.53.0/24.
4. Let's try to manually setup the network:
| Code: |
sudo brctl addbr lxcbr0
sudo ifconfig lxcbr0 10.0.53.1 netmask 255.255.255.0 up
sudo dnsmasq --strict-order --bind-interfaces --pid-file=/run/dnsmasq.pid --conf-file= --listen-address 10.0.53.1 --dhcp-range "10.0.53.2,10.0.53.254" --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative
|
I'm assuming wlan0 is your external interface. Replace it for your interface.
| Code: |
sudo /sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo /sbin/iptables -A FORWARD -i wlan0 -o lxcbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -A FORWARD -i lxcbr0 -o wlan0 -j ACCEPT
|
As a default network configuration for any vagrant-lxc instance, add this to your /etc/lxc/default.conf:
| Code: |
lxc.network.type = veth
lxc.network.link = lxcbr0
|
For some weird reason the default container location goes to /etc/lxc. This is very bad. A lot of strange issues comes up if we fill too much data inside /etc. So we need to set a different path for our lxc containers. I like /var/cache/lxc. We set this in /etc/lxc/lxc.conf:
| Code: |
lxc.lxcpath = /var/cache/lxc
|
We need to install vagrant-lxc plugin:
| Code: |
vagrant plugin install vagrant-lxc
|
5. As a starting point we are going to bring up an Ubuntu Trusty lxc container.
I use to keep my vagrant projects inside ~/Projects
| Code: |
mkdir -p ~/Projects/teste
cd ~/Projects/teste
vagrant init beubi/trusty64
vagrant up --provider=lxc
|
So if everything is working you could now enter the new ubuntu vagrant VM by executing
Great but our network setup is not definitive. Let's make it!
/etc/conf.d/net:
| Code: |
brctl_lxcbr0="setfd 0
sethello 10
stp off"
config_lxcbr0="10.0.53.1/24"
|
/etc/dnsmasq.conf:
| Code: |
strict-order
bind-interfaces
listen-address=10.0.53.1
dhcp-range=10.0.53.2,10.0.53.254
dhcp-lease-max=253
except-interface=lo
interface=lxcbr0
dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases
dhcp-authoritative
|
Setup startup scripts
| Code: |
cd /etc/init.d
sudo ln -s net.lo net.lxcbr0
sudo rc-update add net.lxcbr0 default
sudo rc-update add dnsmasq default
sudo rc-update add iptables default
sudo /etc/init.d/iptables save
|
You may start those scripts right away but is better to do a full system reboot so you can make sure things are going to work forever.
lxcbr0 should be up and IP assigned.
Login to your vagrant VM and test your network:
| Code: |
cd ~/Projects/teste
vagrant ssh
ping 208.67.222.222
ping www.uol.com.br
|
vagrant-lxc github page:
https://github.com/fgrehm/vagrant-lxc
ZFS Sidenote
IF your filesystem is ZFS, you need to create a lxc pool in an image file [1]:
| Code: |
sudo truncate -s 100G /etc/lxc/containers.img
sudo zpool create lxc /etc/lxc/containers.img
|
lxc is the default pool name, for me it worked out of the box. In case you need a different name or if it has not worked out of the box, you could set it:
| Code: |
lxc config set storage.zfs_pool_name nameofzpool
|
[1] https://insights.ubuntu.com/2015/11/06/using-lxd-with-a-file-based-zfs-pool-on-ubuntu-wily/
Last edited by alinefr on Sun Jan 22, 2017 2:30 pm; edited 7 times in total |
|
| Back to top |
|
 |
face
n00b
Joined: 20 Mar 2004
Posts: 12
|
| Posted: Sat Dec 19, 2015 11:56 am Post subject: Thank you! |
|
|
| Thank you very much! Coming from ubuntu/mint desktop this is really helpful! |
|
| Back to top |
|
|
alinefr
Tux's lil' helper
Joined: 05 Jul 2009
Posts: 113
Location: São Paulo, Brasil
|
| Posted: Fri Apr 08, 2016 4:00 am Post subject: Update: 2016-04-08 |
|
|
* Added kernel configuration for iptables and bridge
* Default lxc configuration
* ZFS instructions |
|
| Back to top |
|
|
alinefr
Tux's lil' helper
Joined: 05 Jul 2009
Posts: 113
Location: São Paulo, Brasil
|
| Posted: Mon Jan 16, 2017 9:44 pm Post subject: |
|
|
| * Added /etc/lxc/lxc.conf |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Documentation, Tips & Tricks
