LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud
User Name
Password
Linux - Virtualization and Cloud This forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.

Notices


Reply
  Search this Thread
Old 07-27-2015, 12:28 PM   #1
PeterSteele
Member
 
Registered: Jun 2012
Posts: 264

Rep: Reputation: Disabled
Creating a CentoS 7 LXC container in an EC2 instance


We've run into a situation that we've been unable to resolve. We have an AWS EC2 instance running a CentOS 7.1 AMI and under this instance we've created several LXC containers, also running CentOS 7.1. We're using virt-install to install the containers.

The containers run fine, and we can ssh into the containers from their host (the EC2 instance) and vice versa. The big problem we're hitting is we cannot access our default gateway from the containers. In fact, the external network is completely blocked within a container.

If we duplicate the setup locally by creating a CentOS 7.1 VM (using Virtual Machine Manager for example) and then creating containers under this VM, we have no issue in accessing the gateway from the containers. There a bit of difference here of course in that an EC2 instance is based on Xen whereas we're using a KVM based VM to duplicate the setup locally, but we assume this shouldn't be an issue. In both cases the VM (instance) can access the gateway of the external LAN. In the EC2 case, the containers under the VM cannot access the same gateway whereas in the KVM case the containers *can* access the external gateway.

We believe that the problem is somehow related to our AWS environment, perhaps a simple configuration issue, but we've exhausted our attempts to resolve this problem. So the question is, should this work? If a container is created under a CentOS 7 EC2 instance, should we be able to access the external gateway from the container?
 
Old 08-09-2015, 07:23 AM   #2
Skaperen
Senior Member
 
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,678
Blog Entries: 31

Rep: Reputation: 176Reputation: 176
what does tcpdump (in the hosting instance and in each container) show? are all the right packets going through both ways? what is missing? can you show the config of the hosting instance and one container?
 
Old 08-12-2015, 08:25 AM   #3
PeterSteele
Member
 
Registered: Jun 2012
Posts: 264

Original Poster
Rep: Reputation: Disabled
My apologies for not following up on this yet, I've just been incredibly busy. Here's some of what you asked for. The network configuration for the containers all look like this:

/etc/sysconfig/network-scripts:
DEVICE=eth0
NM_CONTROLLED=no
ONBOOT=yes
BOOTPROTO=none
IPADDR=10.0.1.x
NETMASK=255.255.255.0
GATEWAY=10.0.1.1

The container host (an AWS instance) uses a bridged interface:
/etc/sysconfig/network-scripts/ifcfg-br0:
DEVICE=br0
NAME=br0
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Bridge
USERCTL=no
NM_CONTROLLED=no
DEFROUTE="yes"
PEERDNS="yes"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"

/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE="eth0"
NAME="eth0"
TYPE="Ethernet"
ONBOOT="yes"
BRIDGE="br0"

This is all pretty standard stuff. The routing table on the host looks like this:
Code:
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         ip-10-0-1-1.us- 0.0.0.0         UG    0      0        0 br0
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
whereas on one of the containers we see this:
Code:
# route 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.0.1.1        0.0.0.0         UG    0      0        0 eth0
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
link-local      0.0.0.0         255.255.0.0     U     1032   0        0 eth0
The gateway cannot be pinged from the containers, and that's the crux of the problem. I've been installing host/container configurations like this on local hardware without problems so the issue is somehow related to AWS, just not sure how.

I'll try to get some tcpdump data in a day or two.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXC Container: sound Not working charlie101 Linux - Virtualization and Cloud 11 04-14-2020 01:15 AM
How to use Local ISO for LXC Container? sunveer Linux - Software 0 10-04-2013 04:44 AM
How to end a Linux Container (LXC) from within? Skaperen Linux - Virtualization and Cloud 0 06-14-2011 09:37 AM
Device won't mount during boot - CentOS 5.4 on Amazon EC2 instance s_elkind Linux - Server 1 02-17-2011 08:22 PM
Quota exceeded on CentOS 5.2 when creating OpenVZ container eager Linux - Software 1 03-25-2009 01:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud

All times are GMT -5. The time now is 08:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration