刚刚从 Debian 10 升级到 11,我的非特权容器不再通过配置文件分配 IP。
/var/lib/lxc/DNS/配置
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template:
# Template script checksum (SHA-1): 273c51343604eb85f7e294c8da0a5eb769d648f3
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf
lxc.arch = linux64
# Container specific configuration
lxc.apparmor.profile = unconfined
lxc.idmap = u 0 1258512 65536
lxc.idmap = g 0 1258512 65536
lxc.rootfs.path = dir:/var/lib/lxc/DNS/rootfs
lxc.uts.name = DNS
lxc.start.auto = 1
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br.lxc
lxc.net.0.flags = up
lxc.net.0.ipv4.address = 192.168.5.2/24
lxc.net.0.ipv4.gateway = 192.168.5.1
lxc.net.0.hwaddr = DC:A6:32:xx:xx:xx
lxc-info 不显示 IP。似乎它只是忽略了配置文件。
Name: DNS
State: RUNNING
PID: 32190
Link: vethXPVwwA
TX bytes: 2.39 KiB
RX bytes: 778 bytes
Total bytes: 3.15 KiB
升级后还会弹出这些随机的其他界面(来自 lxc 内部):
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
link/gre 0.0.0.0 brd 0.0.0.0
3: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
4: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
5: eth0@if46: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether dc:a6:32:xx:xx:xx brd ff:ff:ff:ff:ff:ff link-netnsid 0
我会手动分配接口,但是此容器中没有 systemd-networking 或 /etc/network/interfaces。
# ls -l /etc/network/interfaces
ls: cannot access '/etc/network/interfaces': No such file or directory
容器本身运行良好,所有服务都已启动,但网络缺少 IP。手动将 IP 分配给 LXC 内的 veth 不会传播到主机(主机上的 veth 不显示 IP)。
在我将路由和 IP 手动添加到 LXC 后,我也在 dmesg 中收到了相当多的消息:
[13417.386863] WARNING (unknown src intf):IN=br.lxc OUT= MAC=ff:ff:ff:ff:ff:ff:dc:a6:32:xx:xx:xx:xx:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=314 TOS=0x00 PREC=0xC0 TTL=64 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=294
它不是一个未知的接口,主机确切地知道它在哪里并且有一个路由:
50: br.lxc: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 5e:82:0a:99:4b:fc brd ff:ff:ff:ff:ff:ff
192.168.5.0/24 dev br.lxc proto kernel scope link src 192.168.5.1
我这里漏掉了什么?为什么 veth 缺少其 IP?我真的需要一些帮助。