配置 Linux 容器 (LXC) 接口和主机之间的桥接

tag-icon tag-icon linux networking lxc
配置 Linux 容器 (LXC) 接口和主机之间的桥接

我想在一个主机下运行 2 个 LXC 容器,并且希望每个容器在网络方面都有自己的 IP,假设主机有 10.10.1.10,容器有 10.10.1.11 和 10.10.1.12。

我的设置是否要求我在主机 /etc/network/interfaces 文件中配置 2 个桥接接口,如下所示:

auto br0
iface br0 inet static
   address 10.10.1.11 #ip of our host
   netmask 255.255.255.0 #subnet of our host
   network 10.10.1.0 #network of our host
   broadcast 10.10.1.255 #our broadcast address
   gateway 10.10.1.1 #default gw for our host to access the internet
   bridge_ports eth0
   bridge_fd 9
   bridge_hello 2
   bridge_maxage 12
   bridge_stp off

auto br1
iface br0 inet static
   address 10.10.1.12 #ip of our host
   netmask 255.255.255.0 #subnet of our host
   network 10.10.1.0 #network of our host
   broadcast 10.10.1.255 #our broadcast address
   gateway 10.0.1.1 #default gw for our host to access the internet
   bridge_ports eth0
   bridge_fd 9
   bridge_hello 2
   bridge_maxage 12
   bridge_stp off

或者是否有其他方法可以将主机配置得更像交换机,并允许各个容器配置自己的 IP(这样会更安全,所以我们在移动容器时不会总是更改接口文件)。

答案1

在主机上使用一个网桥。

LXC 配置文件规定了客户机/容器的 IP 地址。

# ifconfig 
br0       Link encap:Ethernet  HWaddr 22:C7:47:62:9C:02  
          inet addr:10.2.0.6  Bcast:10.2.127.255  Mask:255.255.128.0
          inet6 addr: fe80::e611:5bff:febe:b62a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1756184372 errors:0 dropped:0 overruns:0 frame:0
          TX packets:470262588 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:112684582109 (104.9 GiB)  TX bytes:657886062154 (612.7 GiB)

还有一个示例 LXC 配置文件...

# cat /etc/lxc/Analytics.conf 
lxc.utsname = Analytics
lxc.tty = 4
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.mtu = 1500
lxc.network.ipv4 = 10.2.0.80/17
lxc.network.hwaddr = 00:30:6E:08:EC:80
lxc.rootfs = /srv/lxc/Analytics
lxc.mount = /etc/lxc/Analytics.fstab
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
# /dev/pts/*
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

相关内容