我们正在尝试设置一个使用非特权容器的私有网络。Vagrant文件如下:
# -*- mode: ruby -*-
# vi: set ft=ruby :
require 'yaml'
settings = YAML.load_file 'config.yml'
Vagrant.configure("2") do |config|
config.vm.provider :lxc do |lxc|
lxc.privileged = false
end
config.vm.box = "{ an existing box }"
config.hostmanager.enabled = true
config.hostmanager.manage_host = true
config.hostmanager.manage_guest = true
config.hostmanager.aliases = settings['vhosts']
config.vm.provision :hostmanager
config.vm.network "private_network", ip: settings['container_ip'], lxc__bridge_name: 'lxcbr1'
config.vm.synced_folder settings['workspace'], "/vagrant", type: "sshfs",
ssh_opts_append: "-o Compression=yes -o CompressionLevel=5",
sshfs_opts_append: "-o direct_io -o sync_read -o sshfs_sync -o cache=no -o compression=no -o uid=1000 -o gid=100"
config.vm.provider :lxc do |lxc|
lxc.customize 'cgroup.memory.limit_in_bytes', '2048M'
end
config.vm.provision "shell", inline: <<-SHELL
apt-get update
apt-get install -y apache2
SHELL
end
和配置.yml文件是:
workspace: ./
vhosts:
- container.local
container_ip: 172.16.2.1
生成的配置文件位于~/.local/share/lxc/{container_name}/config包含:
*SNIP*
# Network configuration
##############################################
# Container specific configuration (automatically set)
#lxc.aa_profile = lxc-default
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = ~/.local/share/lxc/test6_default_1596017521854_84661/rootfs
lxc.rootfs.backend = dir
lxc.utsname = test6_default_1596017521854_84661
##############################################
# Network configuration (automatically set)
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:FF:c1:4b:73:64
*SNIP*
所以当我们运行流浪起来,容器启动,但出现以下错误:
╰─[zsh] vagrant up 127 ↵
Bringing machine 'default' up with 'lxc' provider...
==> default: Checking if box '{ an existing box }' is up to date...
==> default: Starting container...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 10.0.3.187:22
default: SSH username: vagrant
default: SSH auth method: private key
verify_host_key: false is deprecated, use :never
==> default: Machine booted and ready!
==> default: Setting up private networks...
There was an error executing ["/usr/bin/env", "~/.vagrant.d/gems/2.3.3/gems/vagrant-lxc-1.4.3/scripts/pipework", "lxcbr1", "test6_default_1596017521854_84661", "172.16.2.1/24"]
For more information on the failure, enable detailed logging by setting
the environment variable VAGRANT_LOG to DEBUG.
和调试,出现以下错误:
stderr : RTNETLINK answers: Operation not permitted
即使允许用户在 lxc 配置中的 lxcbr1 上添加 veth:
user@vagrant-host ~ # cat /etc/lxc/lxc-usernet
{ user } veth lxcbr1 10
{ user } veth lxcbr0 10
这似乎与管道脚本必须使用 sudo 运行的事实有关,而当以非 root 用户身份运行容器时则不可用。