"A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)
I make a mistake.I should remove "-f $HOME/.config/lxc/default.conf" from the command
~/pri/pf/lxc_test $ lxc-start -n guest1 -F -P $(pwd)/container
Failed to look up module alias 'autofs4': Function not implemented
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
[!!!!!!] Failed to mount API filesystems.
Exiting PID 1...
The container guest1(ubuntu) fail to start up ,but Devuan container works fine !
The network seems not ready yet !
Going to find out how to make it work.
~/pri/pf/lxc_test $ lxc-start -n Devuan -P $(pwd)/container
~/pri/pf/lxc_test $ lxc-attach -n Devuan -P $(pwd)/container
root@Devuan:/# uname -a
Linux Devuan 6.1.7-0-lts #1-Alpine SMP PREEMPT_DYNAMIC Thu, 19 Jan 2023 08:05:57 +0000 x86_64 GNU/Linux
root@Devuan:/# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:5e:fe:c4 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::216:3eff:fe5e:fec4/64 scope link
valid_lft forever preferred_lft forever
@yoursunny said: @Not_Oles said:
ip addr add 192.168.188.1/24 dev lxcbr0
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188
The 192.168.5.188 is a sample value in my test box.
It's meant to be a public IPv4 address routed to the host machine, that is used for outgoing NAT traffic.
IPv6 assignment is wrong too.
Currently eth1 has 2602:fba1:999::2/48 and lxcbr0 has 2602:fba1:999::/48, so that the kernel thinks both interfaces are on the same subnet and would not forward traffic between them.
You should reduce the subnet size on each, so that they don't overlap.
For example, change eth1 to 2602:fba1:999::2/64 and change lxcbr0 to 2602:fba1:999:1c00::/56.
Hi @yoursunny! Thanks for your comments and corrections! Please let me try again on the configuration. I haven't touched the server yet. If you say the newly revised configuration looks right, then I will reboot the server and run the revised lxc-up.sh. Other guys also welcome to comment.
Let's start revising with the current eth1 and lxcbr0 IPv4 address assignments in mind:
fmt:~# ip -4 addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 23.134.88.226/28 scope global eth1
valid_lft forever preferred_lft forever
inet 192.168.5.188/24 scope global deprecated eth1
valid_lft forever preferred_lft forever
fmt:~# ip -4 addr show dev lxcbr0
6: lxcbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
inet 192.168.188.1/24 scope global lxcbr0
valid_lft forever preferred_lft forever
fmt:~#
And also starting with the current lxc-up.sh:
fmt:~# cat lxc-up.sh
ip link add lxcbr0 type bridge
ip addr add 192.168.188.1/24 dev lxcbr0
ip addr add 2602:fba1:999::/48 dev lxcbr0
sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188
fmt:~#
IPv4 Changes
Change 192.168.5.188 to "a public IPv4 address routed to the host machine"
fmt:~# cat lxc-up.sh
ip link add lxcbr0 type bridge
~~ip addr add 192.168.188.1/24 dev lxcbr0~~ # Will be removed in reboot prior to rerunning lxc-up.sh or could be removed manually with `ip addr del`
ip addr add 23.134.88.227/28 dev lxcbr0 # Add a public IPv4 address routed (?) to host machine
ip addr add 2602:fba1:999::/48 dev lxcbr0
sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
~~ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0~~
ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
~~iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188~~
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
fmt:~#
IPv6 Changes
Current IPv6 address assignments:
fmt:~# ip -6 addr show eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2602:fba1:999::2/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::21e:67ff:fed4:dbbc/64 scope link
valid_lft forever preferred_lft forever
fmt:~# ip -6 addr show dev lxcbr0
6: lxcbr0: <BROADCAST,MULTICAST> mtu 1500 state DOWN qlen 1000
inet6 2602:fba1:999::/48 scope global tentative
valid_lft forever preferred_lft forever
fmt:~#
Change eth1 to 2602:fba1:999::2/64 and change lxcbr0 to 2602:fba1:999:1c00::/56.
fmt:~# cat lxc-up.sh
ip link add lxcbr0 type bridge
~~ip addr add 192.168.188.1/24 dev lxcbr0~~ # Will be removed in reboot prior to rerunning lxc-up.sh or could be removed manually with `ip addr del`
ip addr add 23.134.88.227/28 dev lxcbr0 # Add a public IPv4 address routed (?) to host machine
~~ip addr add 2602:fba1:999::/48 dev lxcbr0~~
ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0 # Are this and the following 2 ip addr commands in the right order?
ip addr add 2602:fba1:999::2/64 dev eth1
ip addr del 2602:fba1:999::2/48 dev eth1 # Needs manual removal unless /etc/network/interfaces is changed.
sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
~~ip addr add 192.168.5.188/24 dev eth1 preferred_lft 0~~
ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
~~iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 192.168.5.188~~
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
fmt:~#
Proposed change
So lxc-up.sh would become:
fmt:~# cat lxc-up.sh
ip link add lxcbr0 type bridge
ip addr add 23.134.88.227/28 dev lxcbr0
ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0
ip addr add 2602:fba1:999::2/64 dev eth1
ip addr del 2602:fba1:999::2/48 dev eth1
sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
fmt:~#
You may need ip link set lxcbr0 up, just after this line.
ip addr add 2602:fba1:999::2/64 dev eth1
ip addr del 2602:fba1:999::2/48 dev eth1
These two lines must be swapped.
Otherwise you get RTNETLINK answers: File exists because the same address 2602:fba1:999::2 already exists on the netif even if the prefix length differs.
You may need ip link set lxcbr0 up, just after this line.
ip addr add 2602:fba1:999::2/64 dev eth1
ip addr del 2602:fba1:999::2/48 dev eth1
These two lines must be swapped.
Otherwise you get RTNETLINK answers: File exists because the same address 2602:fba1:999::2 already exists on the netif even if the prefix length differs.
Thanks @yoursunny! I put the new lxc-up.sh on the server. Right now @subenhon is running lots of stuff, so I wanna let him know the reboot is coming. Except that I'm going to sleep soon, so, if @subenhon isn't around, maybe the reboot and test will wait until the morning.
chronos@penguin:~$ ssh f
Welcome to Alpine!
fmt:~# date -u
Wed Jan 25 05:02:06 UTC 2023
fmt:~# reboot
fmt:~# Connection to fmt.metalvps.com closed by remote host.
Connection to fmt.metalvps.com closed.
chronos@penguin:~
@yoursunny After running all the commands except ip link set lxcbr0 up the ip link show command says lxcbr0 is DOWN. After running the ip link set lxcbr0 up lxcbr0 is UNKNOWN. Also 227 address on eth1 is "deprecated." Thanks!
Wed Jan 25 05:06:35 UTC 2023
fmt:~# # Test of revised lxc-up.sh
fmt:~# # After reboot, before running any commands from lxc-up.sh
fmt:~# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:1e:67:d4:db:bb brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:1e:67:d4:db:bd brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:1e:67:d4:db:be brd ff:ff:ff:ff:ff:ff
fmt:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:1e:67:d4:db:bb brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
inet 23.134.88.226/28 scope global eth1
valid_lft forever preferred_lft forever
inet6 2602:fba1:999::2/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::21e:67ff:fed4:dbbc/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:1e:67:d4:db:bd brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:1e:67:d4:db:be brd ff:ff:ff:ff:ff:ff
fmt:~# ip route show
default via 23.134.88.225 dev eth1 metric 1 onlink
23.134.88.224/28 dev eth1 scope link src 23.134.88.226
fmt:~# ip -6 route show
2602:fba1:999::/48 dev eth1 metric 256
fe80::/64 dev eth1 metric 256
default via 2602:fba1:999::1 dev eth1 metric 1 onlink
multicast ff00::/8 dev eth1 metric 256
fmt:~# cat -n lxc-up.sh
1 ip link add lxcbr0 type bridge
2 # ip link set lxcbr0 up # Perhaps not needed
3 ip addr add 23.134.88.227/28 dev lxcbr0
4 ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0
5 ip addr del 2602:fba1:999::2/48 dev eth1
6 ip addr add 2602:fba1:999::2/64 dev eth1
7 sysctl net.ipv4.ip_forward=1
8 sysctl net.ipv6.conf.all.forwarding=1
9 ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
10 iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
fmt:~# ip link add lxcbr0 type bridge
fmt:~# ip addr add 23.134.88.227/28 dev lxcbr0
fmt:~# ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0
fmt:~# ip addr del 2602:fba1:999::2/48 dev eth1
fmt:~# ip addr add 2602:fba1:999::2/64 dev eth1
fmt:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
fmt:~# sysctl net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
fmt:~# ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
fmt:~# iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
fmt:~# # After
fmt:~# ip link show
[ . . . ]
6: lxcbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether e2:0b:8d:5a:0c:d6 brd ff:ff:ff:ff:ff:ff
fmt:~# # Need to set lxcbr0 up
fmt:~# ip link set lxcbr0 up
fmt:~# ip link show
[ . . . ]
6: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether e2:0b:8d:5a:0c:d6 brd ff:ff:ff:ff:ff:ff
fmt:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
[ . . . ]
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:1e:67:d4:db:bc brd ff:ff:ff:ff:ff:ff
inet 23.134.88.226/28 scope global eth1
valid_lft forever preferred_lft forever
inet 23.134.88.227/28 scope global secondary deprecated eth1
valid_lft forever preferred_lft forever
inet6 2602:fba1:999::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::21e:67ff:fed4:dbbc/64 scope link
valid_lft forever preferred_lft forever
[ . . . ]
6: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether e2:0b:8d:5a:0c:d6 brd ff:ff:ff:ff:ff:ff
inet 23.134.88.227/28 scope global lxcbr0
valid_lft forever preferred_lft forever
inet6 2602:fba1:999:1c00::/56 scope global
valid_lft forever preferred_lft forever
inet6 fe80::e00b:8dff:fe5a:cd6/64 scope link
valid_lft forever preferred_lft forever
fmt:~# ip route show
default via 23.134.88.225 dev eth1 metric 1 onlink
23.134.88.224/28 dev eth1 scope link src 23.134.88.226
23.134.88.224/28 dev lxcbr0 scope link src 23.134.88.227
fmt:~# ip -6 route show
2602:fba1:999::/64 dev eth1 metric 256
2602:fba1:999:1c00::/56 dev lxcbr0 metric 256
fe80::/64 dev eth1 metric 256
fe80::/64 dev lxcbr0 metric 256
default via 2602:fba1:999::1 dev eth1 metric 1 onlink
anycast 2602:fba1:999:: dev eth1 metric 0
anycast fe80:: dev eth1 metric 0
anycast fe80:: dev lxcbr0 metric 0
multicast ff00::/8 dev eth1 metric 256
multicast ff00::/8 dev lxcbr0 metric 256
fmt:~#
ip addr add 23.134.88.227/28 dev lxcbr0
ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
You accidentally assigned the same IPv4 address on both netifs.
lxcbr0 is meant to have an RFC1918 address such as 192.168.188.1.
IPv6 assignments and routing are correct now.
However, the server doesn't seem to have routed IPv6, but it is on-link IPv6.
Hence, you would need to have ndpresponder listen on eth1 and respond to the IPv6 subnet of lxcbr0.
@yoursunny said: You accidentally assigned the same IPv4 address on both netifs.
lxcbr0 is meant to have an RFC1918 address such as 192.168.188.1.
fmt:~# cat lxc-up.sh
ip link add lxcbr0 type bridge
# ip link set lxcbr0 up
ip addr add 23.134.88.227/28 dev lxcbr0
ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0
ip addr del 2602:fba1:999::2/48 dev eth1
ip addr add 2602:fba1:999::2/64 dev eth1
sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
fmt:~# cp -p lxc-up.sh lxc-up.sh~
fmt:~# sed -i 's/23.134.88.227\/28 dev lxcbr0/192.168.188.1\/24 dev lxcbr0/' lxc-up.sh
fmt:~# sed -i 's/\# //' lxc-up.sh
fmt:~# cat lxc-up.sh
ip link add lxcbr0 type bridge
ip link set lxcbr0 up
ip addr add 192.168.188.1/24 dev lxcbr0
ip addr add 2602:fba1:999:1c00::/56 dev lxcbr0
ip addr del 2602:fba1:999::2/48 dev eth1
ip addr add 2602:fba1:999::2/64 dev eth1
sysctl net.ipv4.ip_forward=1
sysctl net.ipv6.conf.all.forwarding=1
ip addr add 23.134.88.227/28 dev eth1 preferred_lft 0
iptables -t nat -A POSTROUTING --src 192.168.188.0/24 -o eth1 -j SNAT --to 23.134.88.227
fmt:~#
I am going to reboot the server and run ipv6-up.sh just to see if anything interesting seems to happen.
@yoursunny said: IPv6 assignments and routing are correct now.
However, the server doesn't seem to have routed IPv6, but it is on-link IPv6.
Hence, you would need to have ndpresponder listen on eth1 and respond to the IPv6 subnet of lxcbr0.
From inside the server how does one easily determine whether the IPv4 and IPv6 allocations are on-link or routed?
For ndpresponder, I remember installing on fmt Alpine some glibc compatability layer. Perhaps we might grab the ndpresponder binary that was compiled on the i9 Proxmox server and use it on Alpine via the glibc compatability layer. Alternatively, we perhaps could, on fmt Alpine, install go and again compile ndpresponder from sources against musl libc. Which route is grassy and in want of wear?
As always, thanks very much @yoursunny and other guys on the server.
NAT IPv4 is fully working.
IPv6 is not working due to missing NDP responder.
@Not_Oles said:
For ndpresponder, I remember installing on fmt Alpine some glibc compatability layer. Perhaps we might grab the ndpresponder binary that was compiled on the i9 Proxmox server and use it on Alpine via the glibc compatability layer. Alternatively, we perhaps could, on fmt Alpine, install go and again compile ndpresponder from sources against musl libc. Which route is grassy and in want of wear?
You should recompile ndpresponder binary in a container that runs the same OS as the host, or on the host itself. fmt already has gcc and go compilers, but it lacks linux-headers package that supplies the kernel headers used by GoPacket library.
fmt:~# uname -r
6.1.7-0-lts
fmt:~# who
root pts/0 00:00 Jan 27 00:30:58 187.189.238.1 # Nobody here but me!
fmt:~# date -u
Fri Jan 27 00:42:04 UTC 2023
fmt:~# reboot
fmt:~# Connection to fmt.metalvps.com closed by remote host.
Connection to fmt.metalvps.com closed.
chronos@penguin:~$
New fmt accounts are on pause because of router and network configuration issues. However, considering that you are one of the most important people in the ♒︎ Free VPS Movement ♒︎ how can I say no?
It should work on both IPv4 and IPv6 with your ssh key. Password login has been disabled, but your account password is in a file in your home directory. You might need the password if/when we give you sudo. Please feel free to change your password.
Please let us know what you plan to do with your shell account. Please let us know whether you get in.
New fmt accounts are on pause because of router and network configuration issues. However, considering that you are one of the most important people in the ♒︎ Free VPS Movement ♒︎ how can I say no?
It should work on both IPv4 and IPv6 with your ssh key. Password login has been disabled, but your account password is in a file in your home directory. You might need the password if/when we give you sudo. Please feel free to change your password.
Please let us know what you plan to do with your shell account. Please let us know whether you get in.
Again, welcome aboard!
Tom
I'll get back home and I'll definitely try it out! Thanks!
Maybe we should extend our project to LES too if administrators approve our offer?
We'll discuss this later tonight/ early morning for you.
I forgot to run lxc-up.sh when I last rebooted. So, I ran it. I also added it to /etc/local.d.
fmt:/etc/local.d# cat README
This directory should contain programs or scripts which are to be run
when the local service is started or stopped.
If a file in this directory is executable and it has a .start extension,
it will be run when the local service is started. If a file is
executable and it has a .stop extension, it will be run when the local
service is stopped.
All files are processed in lexical order.
Keep in mind that files in this directory are processed sequentially,
and the local service is not considered started or stopped until
everything is processed, so if you have a process which takes a long
time to run, it can delay your boot or shutdown processing.
fmt:/etc/local.d# cp -p /root/lxc-up.sh lxc.start
fmt:/etc/local.d# ls -l
total 8
-rw-r--r-- 1 root root 652 Jan 7 07:34 README
-rwx------ 1 root root 436 Jan 25 20:55 lxc.start
fmt:/etc/local.d#
If it's a good idea, I probably could add a line something like
@yoursunny@Not_Oles
NAT IPv4 and IPv6 is working .
Now, I tring to run docker in LXC alpine container,but some error occurs.
Is it able to run docker in the unprivileged LXC container?
alpine:~# docker run --rm hello-world
time="2023-02-03T01:46:28.788841772Z" level=info msg="starting signal loop" namespace=moby path=/run/docker/containerd/daemon/io.containerd.runtime.v2.task/moby/b14c8946789ce7eef82508628d5af341b8e5176e3cfe44904053a8639f20c988 pid=615
INFO[2023-02-03T01:46:28.800773054Z] shim disconnected id=b14c8946789ce7eef82508628d5af341b8e5176e3cfe44904053a8639f20c988
ERRO[2023-02-03T01:46:28.800847291Z] copy shim log error="read /proc/self/fd/14: file already closed"
ERRO[2023-02-03T01:46:28.801334879Z] stream copy error: reading from a closed fifo
ERRO[2023-02-03T01:46:28.801334871Z] stream copy error: reading from a closed fifo
ERRO[2023-02-03T01:46:28.892741764Z] b14c8946789ce7eef82508628d5af341b8e5176e3cfe44904053a8639f20c988 cleanup: failed to delete container from containerd: no such container
ERRO[2023-02-03T01:46:28.898990888Z] Handler for POST /v1.41/containers/b14c8946789ce7eef82508628d5af341b8e5176e3cfe44904053a8639f20c988/start returned error: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:385: applying cgroup configuration for process caused: no cgroup mount found in mountinfo: unknown
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:385: applying cgroup configuration for process caused: no cgroup mount found in mountinfo: unknown.
Thanks for your report! Congrats on getting your container working! I don't know about the Docker error you mentioned, but I think @yoursunny uses Docker inside containers, so I bet he can tell us about the error.
When you have time, could you please post the commands you used to configure, create, and start your Alpine LXC container?
@Not_Oles ,Here is how I create the Lxc container.
~ $ cat $HOME/.config/lxc/default.conf
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 1022000000 65536
lxc.idmap = g 0 1022000000 65536
~ $ lxc-create -n alpine -f $HOME/.config/lxc/default.conf -t download -- --dist alpine --release 3.17 --arch amd64
Using image from local cache
Unpacking the rootfs
---
You just created an Alpinelinux 3.17 x86_64 (20230123_20:03) container.
~ $# change container root password and network setting frome dhcp to manual
~ $ lxc-attach -n alpine
/ # passwd
Changing password for root
New password:
Retype password:
passwd: password for root changed by root
/ # exit
~ $ # container ip config
~ $ echo -e "lxc.net.0.ipv4.address = 192.168.188.58/24\nlxc.net.0.ipv4.gateway = auto" >> $HOME/.local/share/lxc/alpine/config
~ $ echo -e "lxc.net.0.ipv6.address = 2602:fba1:999:1c00:58::/64\nlxc.net.0.ipv6.gateway = auto" >> $HOME/.local/share/lxc/alpine/config
~ $ #restart container
~ $ lxc-stop -n alpine
~ $ lxc-start -n alpine
~ $ lxc-console -n alpine
Connected to tty 1
Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
Welcome to Alpine Linux 3.17
Kernel 6.1.8-0-lts on an x86_64 (/dev/tty1)
alpine login: root
Password:
Welcome to Alpine!
The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <https://wiki.alpinelinux.org/>.
You can setup the system with the command: setup-alpine
You may change this message by editing /etc/motd.
alpine:~# #add nameserver
alpine:~# echo -e "nameserver 1.1.1.1\nnameserver 2001:470:20::2\n" >> /etc/resolv.conf
alpine:~# ping -4 google.com
PING google.com (142.251.46.238): 56 data bytes
64 bytes from 142.251.46.238: seq=0 ttl=119 time=1.691 ms
64 bytes from 142.251.46.238: seq=1 ttl=119 time=1.604 ms
--- google.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 1.604/1.647/1.691 ms
alpine:~# ping -6 google.com
PING google.com (2607:f8b0:4005:80b::200e): 56 data bytes
64 bytes from 2607:f8b0:4005:80b::200e: seq=0 ttl=117 time=50.880 ms
64 bytes from 2607:f8b0:4005:80b::200e: seq=1 ttl=117 time=1.773 ms
Hi guys! Sorry, but I just received an email from Hetrix saying that fmt ping monitor is down on IPv4 and on IPv6. Reported to @Cloudie. Will update when I know more. Thanks very much! Tom
Comments
From simple free Alpine shell accounts to the mind-boggling complexities of networking with LXC containers
"A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)
I make a mistake.I should remove "-f $HOME/.config/lxc/default.conf" from the command
The container guest1(ubuntu) fail to start up ,but Devuan container works fine !
The network seems not ready yet !
Going to find out how to make it work.
Hi @yoursunny! Thanks for your comments and corrections! Please let me try again on the configuration. I haven't touched the server yet. If you say the newly revised configuration looks right, then I will reboot the server and run the revised lxc-up.sh. Other guys also welcome to comment.
Let's start revising with the current eth1 and lxcbr0 IPv4 address assignments in mind:
And also starting with the current lxc-up.sh:
IPv4 Changes
Change 192.168.5.188 to "a public IPv4 address routed to the host machine"
IPv6 Changes
Current IPv6 address assignments:
Change eth1 to 2602:fba1:999::2/64 and change lxcbr0 to 2602:fba1:999:1c00::/56.
Proposed change
So lxc-up.sh would become:
MetalVPS
That's right!
Yaaay! That's the true Low End Spirit!
MetalVPS
You may need
ip link set lxcbr0 up
, just after this line.These two lines must be swapped.
Otherwise you get
RTNETLINK answers: File exists
because the same address2602:fba1:999::2
already exists on the netif even if the prefix length differs.Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
Thanks @yoursunny! I put the new lxc-up.sh on the server. Right now @subenhon is running lots of stuff, so I wanna let him know the reboot is coming. Except that I'm going to sleep soon, so, if @subenhon isn't around, maybe the reboot and test will wait until the morning.
MetalVPS
@Not_Oles
Thanks,I had saved my work,It is ok to reboot now
Wow! LES is faster than the wall(1) command, from util-linux, which isn't installed on fmt.
Thanks @subenhon! I'm off to reboot!
MetalVPS
MetalVPS
@yoursunny After running all the commands except
ip link set lxcbr0 up
theip link show
command says lxcbr0 is DOWN. After running theip link set lxcbr0 up
lxcbr0 is UNKNOWN. Also 227 address on eth1 is "deprecated." Thanks!MetalVPS
You accidentally assigned the same IPv4 address on both netifs.
lxcbr0 is meant to have an RFC1918 address such as 192.168.188.1.
IPv6 assignments and routing are correct now.
However, the server doesn't seem to have routed IPv6, but it is on-link IPv6.
Hence, you would need to have ndpresponder listen on eth1 and respond to the IPv6 subnet of lxcbr0.
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
I am going to reboot the server and run ipv6-up.sh just to see if anything interesting seems to happen.
From inside the server how does one easily determine whether the IPv4 and IPv6 allocations are on-link or routed?
For ndpresponder, I remember installing on fmt Alpine some glibc compatability layer. Perhaps we might grab the ndpresponder binary that was compiled on the i9 Proxmox server and use it on Alpine via the glibc compatability layer. Alternatively, we perhaps could, on fmt Alpine, install go and again compile ndpresponder from sources against musl libc. Which route is grassy and in want of wear?
As always, thanks very much @yoursunny and other guys on the server.
MetalVPS
MetalVPS
NAT IPv4 is fully working.
IPv6 is not working due to missing NDP responder.
You should recompile
ndpresponder
binary in a container that runs the same OS as the host, or on the host itself.fmt already has gcc and go compilers, but it lacks
linux-headers
package that supplies the kernel headers used by GoPacket library.Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
More soon. Thanks again @yoursunny!
MetalVPS
MetalVPS
MetalVPS
Compile and install ndpresponder
Might there be some
go
path or environment variable settings which were not made automagically whengo
was installed byapk
?It's unclear to me whether the current location of the ndpresponder binary is okay.
Also ndpresponder probably needs to be configured.
Friendly greetings!
MetalVPS
Location doesn't matter, if you manually invokes it in a SCREEN session.
Everything is on the command line.
-i eth1 -n 2602:fba1:999:1c00::/56
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
Can I get a shell account?
I assume you already have my key, and it looks I was missing all these while I was in LET
Hi @FatGrizzly!
Lovely to see you here!
New fmt accounts are on pause because of router and network configuration issues. However, considering that you are one of the most important people in the ♒︎ Free VPS Movement ♒︎ how can I say no?
Please try something like
ssh [email protected] -p 42365
It should work on both IPv4 and IPv6 with your ssh key. Password login has been disabled, but your account password is in a file in your home directory. You might need the password if/when we give you
sudo
. Please feel free to change your password.Please let us know what you plan to do with your shell account. Please let us know whether you get in.
Again, welcome aboard!
Tom
MetalVPS
I'll get back home and I'll definitely try it out! Thanks!
Maybe we should extend our project to LES too if administrators approve our offer?
We'll discuss this later tonight/ early morning for you.
MetalVPS
lxcbr0 bridge disappeared…
Webhosting24 aff best VPS; ServerFactory aff best VDS; Cloudie best ASN; Huel aff best brotein.
I forgot to run lxc-up.sh when I last rebooted. So, I ran it. I also added it to
/etc/local.d
.If it's a good idea, I probably could add a line something like
nohup /root/go/bin/ndpresponder -i eth1 -n 2602:fba1:xxxx:xxxx::/56 &
to
lxc.start
.MetalVPS
@yoursunny @Not_Oles
NAT IPv4 and IPv6 is working .
Now, I tring to run docker in LXC alpine container,but some error occurs.
Is it able to run docker in the unprivileged LXC container?
@subenhon
Thanks for your report! Congrats on getting your container working! I don't know about the Docker error you mentioned, but I think @yoursunny uses Docker inside containers, so I bet he can tell us about the error.
When you have time, could you please post the commands you used to configure, create, and start your Alpine LXC container?
Thanks again!
MetalVPS
@Not_Oles ,Here is how I create the Lxc container.
@subenhon Very nice! Thanks so much!
@terrorgen Did you try it too?
MetalVPS
Hi guys! Sorry, but I just received an email from Hetrix saying that fmt ping monitor is down on IPv4 and on IPv6. Reported to @Cloudie. Will update when I know more. Thanks very much! Tom
MetalVPS