Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo host for vagrant-lxc
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
alinefr
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jul 2009
Posts: 112
Location: São Paulo, Brasil

PostPosted: Wed Oct 07, 2015 9:40 pm    Post subject: Gentoo host for vagrant-lxc Reply with quote

As a developer I've got used to vagrant way of doing things. Also, as most of stuff I develop for are to be run on ubuntu or RH servers I can made my life easier building it straight on those environments. But running vagrant on virtualbox is too resource intensive. So why not run it as a container? That's why I like lxc. It took me a while to get a working NAT network setup, and could not find any gentoo tutorial, so this DOC may help any newcomers.

Vagrant-LXC for gentoo hosts

1. Make sure your kernel are configured for BRIDGE, IPTABLES and NAT
Code:

[*] Networking support --->
    Networking options  --->
        <M> 802.1d Ethernet Bridging
        [*]   IGMP/MLD snooping
        [*]   VLAN filtering
        <M> 802.1Q/802.1ad VLAN Support 
        [*] Network packet filtering framework (Netfilter)  --->
            <M>     Bridged IP/ARP packets filtering
            Core Netfilter Configuration  --->
                {M} Netfilter Xtables support (required for ip_tables)
                IP: Netfilter Configuration  --->
                    <M> IPv4 connection tracking support (required for NAT)
                    -M- IPv4 NAT
                    -M-   IPv4 masquerade support
                    <M> IP tables support (required for filtering/masq/NAT)
                    <M>   Packet filtering
                    <M>   iptables NAT support
                    <M>     MASQUERADE target support


2. You need to install vagrant. Is better to get the latest binary version. So you need layman.

Code:

sudo layman -a johu
sudo emerge -av vagrant-bin


You may need to unmask vagrant-bin either by executing dispatch-conf or manually editing package.keywords.

3. We also need bridge-utils, dnsmasq, iptables and lxc

Code:

sudo emerge -av bridge-utils dnsmasq iptables redir lxc


You could use any private IP range. Is better to choose an uncommon one and of course, different than your home/work network. So I did choose 10.0.53.0/24.

4. Let's try to manually setup the network:

Code:

sudo brctl addbr lxcbr0
sudo ifconfig lxcbr0 10.0.53.1 netmask 255.255.255.0 up
sudo dnsmasq --strict-order --bind-interfaces --pid-file=/run/dnsmasq.pid --conf-file= --listen-address 10.0.53.1 --dhcp-range "10.0.53.2,10.0.53.254"  --dhcp-lease-max=253 --dhcp-no-override --except-interface=lo --interface=lxcbr0 --dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases --dhcp-authoritative


I'm assuming wlan0 is your external interface. Replace it for your interface.
Code:

sudo /sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo /sbin/iptables -A FORWARD -i wlan0 -o lxcbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -A FORWARD -i lxcbr0 -o wlan0 -j ACCEPT


As a default network configuration for any vagrant-lxc instance, add this to your /etc/lxc/default.conf:
Code:

lxc.network.type = veth
lxc.network.link = lxcbr0


For some weird reason the default container location goes to /etc/lxc. This is very bad. A lot of strange issues comes up if we fill too much data inside /etc. So we need to set a different path for our lxc containers. I like /var/cache/lxc. We set this in /etc/lxc/lxc.conf:
Code:

lxc.lxcpath = /var/cache/lxc


We need to install vagrant-lxc plugin:
Code:

vagrant plugin install vagrant-lxc


5. As a starting point we are going to bring up an Ubuntu Trusty lxc container.

I use to keep my vagrant projects inside ~/Projects
Code:

mkdir -p ~/Projects/teste
cd ~/Projects/teste
vagrant init beubi/trusty64
vagrant up --provider=lxc


So if everything is working you could now enter the new ubuntu vagrant VM by executing
Code:

vagrant ssh


Great but our network setup is not definitive. Let's make it!

/etc/conf.d/net:
Code:

brctl_lxcbr0="setfd 0
sethello 10
stp off"

config_lxcbr0="10.0.53.1/24"


/etc/dnsmasq.conf:
Code:

strict-order
bind-interfaces
listen-address=10.0.53.1
dhcp-range=10.0.53.2,10.0.53.254
dhcp-lease-max=253
except-interface=lo
interface=lxcbr0
dhcp-leasefile=/var/lib/misc/dnsmasq.lxcbr0.leases
dhcp-authoritative


Setup startup scripts
Code:

cd /etc/init.d
sudo ln -s net.lo net.lxcbr0
sudo rc-update add net.lxcbr0 default
sudo rc-update add dnsmasq default
sudo rc-update add iptables default
sudo /etc/init.d/iptables save


You may start those scripts right away but is better to do a full system reboot so you can make sure things are going to work forever.

lxcbr0 should be up and IP assigned.

Login to your vagrant VM and test your network:
Code:

cd ~/Projects/teste
vagrant ssh
ping 208.67.222.222
ping www.uol.com.br


vagrant-lxc github page:
https://github.com/fgrehm/vagrant-lxc

ZFS Sidenote

IF your filesystem is ZFS, you need to create a lxc pool in an image file [1]:
Code:

sudo truncate -s 100G /etc/lxc/containers.img
sudo zpool create lxc /etc/lxc/containers.img


lxc is the default pool name, for me it worked out of the box. In case you need a different name or if it has not worked out of the box, you could set it:
Code:

lxc config set storage.zfs_pool_name nameofzpool


[1] https://insights.ubuntu.com/2015/11/06/using-lxd-with-a-file-based-zfs-pool-on-ubuntu-wily/


Last edited by alinefr on Sun Jan 22, 2017 2:30 pm; edited 7 times in total
Back to top
View user's profile Send private message
face
n00b
n00b


Joined: 20 Mar 2004
Posts: 12

PostPosted: Sat Dec 19, 2015 11:56 am    Post subject: Thank you! Reply with quote

Thank you very much! Coming from ubuntu/mint desktop this is really helpful!
Back to top
View user's profile Send private message
alinefr
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jul 2009
Posts: 112
Location: São Paulo, Brasil

PostPosted: Fri Apr 08, 2016 4:00 am    Post subject: Update: 2016-04-08 Reply with quote

* Added kernel configuration for iptables and bridge
* Default lxc configuration
* ZFS instructions
Back to top
View user's profile Send private message
alinefr
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jul 2009
Posts: 112
Location: São Paulo, Brasil

PostPosted: Mon Jan 16, 2017 9:44 pm    Post subject: Reply with quote

* Added /etc/lxc/lxc.conf
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum