http://project.altservice.com/http://project.altservice.com/favicon.ico?16163160252013-07-01T23:16:03ZALT Project ManagementGNU/Linux Administration - Support #132: Lightweight VPS Server with LXC on Debian 7 Wheezyhttp://project.altservice.com/issues/132?journal_id=2232013-07-01T23:16:03ZDaniel Curtistechsupport@altservice.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/223/diff?detail_id=259">diff</a>)</li></ul> GNU/Linux Administration - Support #132: Lightweight VPS Server with LXC on Debian 7 Wheezyhttp://project.altservice.com/issues/132?journal_id=2302013-07-03T19:34:58ZDaniel Curtistechsupport@altservice.com
<ul></ul>There were problems setting up virtual containers using LXC and libvirt. The simplest way I could resolve the problem was to create a self-contained virtual network on the VPS host running the linux container. The resolutions was as follows:
<ol>
<li>Create a routed virtual network using libvirt</li>
<li>Configure linux containers network configuration accordingly</li>
<li>Add firewall/iptables rule to VPS host forwarding traffic to the virtual network</li>
<li>Enable IP Forwarding on VPS host</li>
<li>Setup a gateway and network route on the DMZ router (for internal networking)</li>
<li>Add firewall rule to DMZ router ALLOWING traffic from virtual network to Internet (for external networking)</li>
</ol>
<a name="Create-a-routed-virtual-network-using-libvirt"></a>
<h2 >Create a routed virtual network using libvirt<a href="#Create-a-routed-virtual-network-using-libvirt" class="wiki-anchor">¶</a></h2>
<ul>
<li><code>lxc-route.xml</code><br /><pre><class code="xml">
<network>
<name>lxc-route</name>
<uuid>43f3f9b8-d709-9292-722d-90f69e52ebb5</uuid>
<forward dev='br0' mode='route'>
<interface dev='br0'/>
</forward>
<bridge name='virbr0' stp='on' delay='0' />
<ip address='192.168.100.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.100.2' end='192.168.100.254' />
</dhcp>
</ip>
</network>
</class></pre></li>
</ul>
<a name="Configure-linux-containers-network-configuration-accordingly"></a>
<h2 >Configure linux containers network configuration accordingly<a href="#Configure-linux-containers-network-configuration-accordingly" class="wiki-anchor">¶</a></h2>
<ul>
<li><code>/var/liv/lxc/container/config</code></li>
<ol>
<li>networking<br />lxc.utsname = container<br />lxc.network.type = veth<br />lxc.network.flags = up<br />lxc.network.link = virbr0<br />lxc.network.ipv4 = 192.168.100.10/24<br />lxc.network.ipv4.gateway = 192.168.100.1</li>
</ol></li>
</ul>
<a name="Add-firewalliptables-rule-to-VPS-host-forwarding-traffic-to-the-virtual-network"></a>
<h2 >Add firewall/iptables rule to VPS host forwarding traffic to the virtual network<a href="#Add-firewalliptables-rule-to-VPS-host-forwarding-traffic-to-the-virtual-network" class="wiki-anchor">¶</a></h2>
<pre>
* @/etc/rc.local@, before *exit* line:
iptables -I FORWARD 1 -i virbr0 -o virbr0 --dest 192.168.100.0/24 -j ACCEPT
</pre>
<a name="Enable-IP-Forwarding-on-VPS-host"></a>
<h2 >Enable IP Forwarding on VPS host<a href="#Enable-IP-Forwarding-on-VPS-host" class="wiki-anchor">¶</a></h2>
<ul>
<li><code>/etc/sysctl.conf</code><br /><pre>
net.ipv4.ip_forward = 1
</pre></li>
</ul>
<p>To enable the changes made in sysctl.conf you will need to run the command:<br /><pre>
sysctl -p /etc/sysctl.conf
</pre></p> GNU/Linux Administration - Support #132: Lightweight VPS Server with LXC on Debian 7 Wheezyhttp://project.altservice.com/issues/132?journal_id=2342013-07-09T19:36:27ZDaniel Curtistechsupport@altservice.com
<ul></ul><p>There was a problem moving the first virtual network to the new virtual network. I had first thought the problem to be in the <code>iptables</code> command specified in <code>/etc/rc.local</code> so I changed the command to allow forwarding to the correct virtual network.</p>
<p>This however did not fix the problem, so I had checked the /etc/resolve.conf to find that the DNS server set was the virtual router; instead of the real, DMZ router. The DMZ router manages the entire DNS infrastructure for the DMZ network. Once the /etc/resolv.conf was set to the correct values I was able to connect out to the Internet.</p> GNU/Linux Administration - Support #132: Lightweight VPS Server with LXC on Debian 7 Wheezyhttp://project.altservice.com/issues/132?journal_id=2852013-08-20T15:16:40ZDaniel Curtistechsupport@altservice.com
<ul><li><strong>File</strong> <a href="/attachments/65">lxc-debian-wheezy</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/65/lxc-debian-wheezy">lxc-debian-wheezy</a> added</li></ul><p>There are a couple of problems with the LXC Debian container creation script, as well as a lack of support for PowerPC repositories. I managed to find a script capable of creating working Debian containers on PowerPC hosts.</p> GNU/Linux Administration - Support #132: Lightweight VPS Server with LXC on Debian 7 Wheezyhttp://project.altservice.com/issues/132?journal_id=3032013-08-24T00:46:48ZDaniel Curtistechsupport@altservice.com
<ul><li><strong>Project</strong> changed from <i>Website Hosting</i> to <i>21</i></li></ul> GNU/Linux Administration - Support #132: Lightweight VPS Server with LXC on Debian 7 Wheezyhttp://project.altservice.com/issues/132?journal_id=3182013-09-16T21:07:48ZDaniel Curtistechsupport@altservice.com
<ul></ul>When adding a new VPS server, make sure to have the following puppet configuration parameters set:
<ol>
<li>Puppet Node SSL signed by the Puppet Master</li>
<li>Puppet Node defined</li>
<li>Puppet Classes Debian base, APT client, Kerberos client, LXC vServer, and Puppet client included</li>
<li>Unique Node <code>/etc/fstab</code> defined</li>
<li>Unique Node <code>/etc/rc.local</code> defined</li>
<li>Unique Node <code>/etc/network/interfaces</code> defined</li>
<li>Virtual Server template files defined</li>
</ol> GNU/Linux Administration - Support #132: Lightweight VPS Server with LXC on Debian 7 Wheezyhttp://project.altservice.com/issues/132?journal_id=3192013-09-17T22:17:40ZDaniel Curtistechsupport@altservice.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/319/diff?detail_id=345">diff</a>)</li></ul> GNU/Linux Administration - Support #132: Lightweight VPS Server with LXC on Debian 7 Wheezyhttp://project.altservice.com/issues/132?journal_id=16412015-02-16T05:44:56ZDaniel Curtistechsupport@altservice.com
<ul><li><strong>Project</strong> changed from <i>21</i> to <i>GNU/Linux Administration</i></li><li><strong>Category</strong> set to <i>Jails / Container</i></li></ul>