It is also interesting to see, that the mac adresses of idp0 do not match its configuration. If you just comment it out in the config, just as a test?
And if you, again just for a test, replace lxc.net.0.veth.pair with lxc.net.0.name?
But fist of all I would make sure, I do not have any duplicate mac adresses in my system.
In addition, the idp is the only interface within a namespace (netnsid 13). Not sure, what makes this different from you other configurations.
]]>My lxc containers are no longer attached to the specified bridge, even if container log tells otherwise, so I have no network connection within container unless I manually attach the veth to hosts bridge.
Anyone else having this problem?
I'm running
linux-5.9.14.arch1-1
systemd-247.1-4
bridge-utils-1.7-1
iproute2-5.9.0-1
lxc-4.0.5-1
My bridges are configured by systemd-networkd and working fine (non relevant interfaces stripped out), as
ip link
shows
3: i_trunk0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br_trunk0 state UP mode DEFAULT group default qlen 1000
link/ether bc:5f:f4:bc:c4:9a brd ff:ff:ff:ff:ff:ff
4: br1032_clients: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 72:a5:ca:97:37:eb brd ff:ff:ff:ff:ff:ff
5: br1033_infra: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether de:c3:ab:cc:75:48 brd ff:ff:ff:ff:ff:ff
6: br1034_smart: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 1e:dc:a6:b7:66:cc brd ff:ff:ff:ff:ff:ff
7: br1035_guests: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether f6:c7:0c:9b:68:ff brd ff:ff:ff:ff:ff:ff
9: br_trunk0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether be:8d:2e:d3:7b:97 brd ff:ff:ff:ff:ff:ff
10: v1034_smart@br_trunk0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1034_smart state UP mode DEFAULT group default qlen 1000
link/ether be:8d:2e:d3:7b:97 brd ff:ff:ff:ff:ff:ff
11: v1033_infra@br_trunk0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1033_infra state UP mode DEFAULT group default qlen 1000
link/ether be:8d:2e:d3:7b:97 brd ff:ff:ff:ff:ff:ff
12: v1036_anovpn@br_trunk0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1036_anovpn state UP mode DEFAULT group default qlen 1000
link/ether be:8d:2e:d3:7b:97 brd ff:ff:ff:ff:ff:ff
13: v1032_clients@br_trunk0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1032_clients state UP mode DEFAULT group default qlen 1000
link/ether be:8d:2e:d3:7b:97 brd ff:ff:ff:ff:ff:ff
14: v1035_guests@br_trunk0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1035_guests state UP mode DEFAULT group default qlen 1000
link/ether be:8d:2e:d3:7b:97 brd ff:ff:ff:ff:ff:ff
32: veth_idp01@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether fe:b0:1b:50:fa:83 brd ff:ff:ff:ff:ff:ff link-netnsid 13
My containers configuration
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = x86_64
# Container specific configuration
lxc.rootfs.path = zfs:pool2/vms/idp01
lxc.uts.name = idp01
lxc.start.auto = 1
lxc.start.delay = 15
lxc.start.order = 120
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br1033_infra
lxc.net.0.veth.pair = veth_idp01
lxc.net.0.hwaddr = fe:6b:c7:bc:fb:c5
lxc.log.level = 2
lxc.log.file = /var/log/lxc/idp01_v1.log
lxc.console.logfile = /var/log/lxc/idp01_v1_console.log
lxc.mount.entry = /data/pool1/lfs/bfs01/pacman_cache var/cache/pacman/pkg none bind 0 0
# soft memory limit (guaranteed) when host memory is under pressure
lxc.cgroup.memory.soft_limit_in_bytes = 512M
# hard memory limit when enough host memory is free
lxc.cgroup.memory.limit_in_bytes = 4G
# aggregated memory+swap (memsw) limit
lxc.cgroup.memory.memsw.limit_in_bytes = 6G
And /var/log/lxc/idp01_v1.log shows
xc-start idp01_v1 20201230144417.725 INFO lxccontainer - lxccontainer.c:do_lxcapi_start:979 - Set process title to [lxc monitor] /var/lib/lxc idp01_v1
lxc-start idp01_v1 20201230144417.725 INFO lsm - lsm/lsm.c:lsm_init:40 - Initialized LSM security driver nop
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:do_resolve_add_rule:517 - Set seccomp rule to reject force umounts
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:do_resolve_add_rule:517 - Set seccomp rule to reject force umounts
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:do_resolve_add_rule:517 - Set seccomp rule to reject force umounts
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:do_resolve_add_rule:517 - Set seccomp rule to reject force umounts
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "[all]"
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "kexec_load errno 1"
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "open_by_handle_at errno 1"
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "init_module errno 1"
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "finit_module errno 1"
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "delete_module errno 1"
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start idp01_v1 20201230144417.726 INFO seccomp - seccomp.c:parse_config_v2:1025 - Merging compat seccomp contexts into main context
lxc-start idp01_v1 20201230144417.726 INFO start - start.c:lxc_init:837 - Container "idp01_v1" is initialized
lxc-start idp01_v1 20201230144417.765 WARN cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.monitor.idp01_v1"
lxc-start idp01_v1 20201230144417.765 INFO cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1368 - The monitor process uses "lxc.monitor.idp01_v1" as cgroup
lxc-start idp01_v1 20201230144417.766 WARN cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create directory "/sys/fs/cgroup/cpuset//lxc.payload.idp01_v1"
lxc-start idp01_v1 20201230144417.766 INFO cgfsng - cgroups/cgfsng.c:cgfsng_payload_create:1471 - The container process uses "lxc.payload.idp01_v1" as cgroup
lxc-start idp01_v1 20201230144417.767 INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWNS
lxc-start idp01_v1 20201230144417.767 INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWPID
lxc-start idp01_v1 20201230144417.767 INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWUTS
lxc-start idp01_v1 20201230144417.767 INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWIPC
lxc-start idp01_v1 20201230144417.767 INFO start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWNET
lxc-start idp01_v1 20201230144417.767 INFO cgfsng - cgroups/cgfsng.c:cgfsng_setup_limits_legacy:2881 - Limits for the legacy cgroup hierarchies have been setup
lxc-start idp01_v1 20201230144417.767 WARN cgfsng - cgroups/cgfsng.c:cgfsng_setup_limits:2942 - Invalid argument - Ignoring cgroup2 limits on legacy cgroup system
lxc-start idp01_v1 20201230144417.769 INFO network - network.c:instantiate_veth:285 - Retrieved mtu 1500 from br1033_infra
lxc-start idp01_v1 20201230144417.770 INFO network - network.c:instantiate_veth:333 - Attached "veth_idp01" to bridge "br1033_infra"
lxc-start idp01_v1 20201230144417.770 INFO start - start.c:do_start:1198 - Unshared CLONE_NEWCGROUP
lxc-start idp01_v1 20201230144417.786 INFO conf - conf.c:setup_utsname:752 - Set hostname to "idp01"
lxc-start idp01_v1 20201230144417.821 INFO network - network.c:lxc_setup_network_in_child_namespaces:3532 - Network has been setup
lxc-start idp01_v1 20201230144417.822 INFO conf - conf.c:mount_autodev:1059 - Preparing "/dev"
lxc-start idp01_v1 20201230144417.822 INFO conf - conf.c:mount_autodev:1109 - Prepared "/dev"
lxc-start idp01_v1 20201230144417.823 INFO conf - conf.c:run_script_argv:340 - Executing script "/usr/share/lxcfs/lxc.mount.hook" for container "idp01_v1", config section "lxc"
lxc-start idp01_v1 20201230144417.847 INFO conf - conf.c:lxc_fill_autodev:1152 - Populating "/dev"
lxc-start idp01_v1 20201230144417.847 INFO conf - conf.c:lxc_fill_autodev:1220 - Populated "/dev"
lxc-start idp01_v1 20201230144417.847 INFO utils - utils.c:lxc_mount_proc_if_needed:1247 - I am 1, /proc/self points to "1"
lxc-start idp01_v1 20201230144417.848 INFO conf - conf.c:lxc_allocate_ttys:956 - Finished creating 4 tty devices
lxc-start idp01_v1 20201230144417.848 INFO conf - conf.c:lxc_setup_ttys:901 - Finished setting up 4 /dev/tty<N> device(s)
lxc-start idp01_v1 20201230144417.848 INFO conf - conf.c:setup_personality:1610 - Set personality to "0x0"
lxc-start idp01_v1 20201230144417.848 NOTICE conf - conf.c:lxc_setup:3445 - The container "idp01_v1" is set up
lxc-start idp01_v1 20201230144417.848 INFO cgfsng - cgroups/cgfsng.c:cgfsng_setup_limits_legacy:2881 - Limits for the legacy cgroup hierarchies have been setup
lxc-start idp01_v1 20201230144417.849 NOTICE utils - utils.c:lxc_setgroups:1413 - Dropped additional groups
lxc-start idp01_v1 20201230144417.849 NOTICE start - start.c:start:2086 - Exec'ing "/sbin/init"
lxc-start idp01_v1 20201230144417.850 NOTICE start - start.c:post_start:2097 - Started "/sbin/init" with pid "3923110"
lxc-attach idp01_v1 20201230151801.188 INFO lsm - lsm/lsm.c:lsm_init:40 - Initialized LSM security driver nop
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:do_resolve_add_rule:517 - Set seccomp rule to reject force umounts
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:do_resolve_add_rule:517 - Set seccomp rule to reject force umounts
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:do_resolve_add_rule:517 - Set seccomp rule to reject force umounts
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:do_resolve_add_rule:517 - Set seccomp rule to reject force umounts
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "[all]"
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "kexec_load errno 1"
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "open_by_handle_at errno 1"
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "init_module errno 1"
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "finit_module errno 1"
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:795 - Processing "delete_module errno 1"
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:990 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:999 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1009 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1019 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-attach idp01_v1 20201230151801.188 INFO seccomp - seccomp.c:parse_config_v2:1025 - Merging compat seccomp contexts into main context
lxc-attach idp01_v1 20201230151801.188 INFO attach - attach.c:fetch_seccomp:598 - Retrieved seccomp policy
lxc-attach idp01_v1 20201230151801.232 NOTICE utils - utils.c:lxc_setgroups:1413 - Dropped additional groups
So, even if log line
lxc-start idp01_v1 20201230144417.770 INFO network - network.c:instantiate_veth:333 - Attached "veth_idp01" to bridge "br1033_infra"
tells it has connected veth pair interface on host to bridge, it didn't.
Unless I'm adding it manually by issuing an
ip link set veth_idp01 master br1033_infra
, which turns
ip link
to show
32: veth_idp01@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1033_infra state UP mode DEFAULT group default qlen 1000
link/ether fe:b0:1b:50:fa:83 brd ff:ff:ff:ff:ff:ff link-netnsid 13
can't do any networking from within container
Note: I haven't used veth.pair naming before I ran into this isse, but it helps me to disinguish veth interfaces on host for manually adding them to their bridge
]]>