This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
docs:lxc [2014-07-06 09:55] glen [Prerequisites] |
docs:lxc [2015-10-05 11:15] glen |
||
---|---|---|---|
Line 27: | Line 27: | ||
* http://www.paul.sladen.org/vserver/archives/201402/0015.html | * http://www.paul.sladen.org/vserver/archives/201402/0015.html | ||
</note> | </note> | ||
+ | |||
===== Guest creation ===== | ===== Guest creation ===== | ||
Line 70: | Line 71: | ||
===== Common problems / Useful tricks ===== | ===== Common problems / Useful tricks ===== | ||
+ | |||
+ | ==== lxc-start has no output ==== | ||
+ | |||
+ | In case ''lxc-start -n test'' produces no output, ensure /dev/console is present in guest filesystem. | ||
==== lxc-stop is not graceful ==== | ==== lxc-stop is not graceful ==== | ||
Line 131: | Line 136: | ||
==== general ==== | ==== general ==== | ||
- | static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest, set RC_PROMPT=no to avoid hanging startaup scripts, in general it's good idea to turn off there most of things | + | static networking, set ''VSERVER=yes'' and ''VSERVER_ISOLATION_NET=yes'' in guest ''/etc/sysconfig/system'' to disable all network configuration by guest, set RC_PROMPT=no to avoid hanging startup scripts, in general it's good idea to turn off there most of things |
==== network using macvlan in bridge mode ==== | ==== network using macvlan in bridge mode ==== | ||
Line 138: | Line 143: | ||
- you can't filter guest straffic from host's firewall | - you can't filter guest straffic from host's firewall | ||
- host can use seme default interface with and without guests running. | - host can use seme default interface with and without guests running. | ||
- | - you HAVE to set mac. If not - on every container start you'll have different one (your router will not pass the traffic). | + | - one have better to set static MAC address. If not - on every container start you'll have different MAC generated and your router may have problems with passing traffic. |
- | - iptables is initialized from lxc.hook.pre-mount hook (ran in the container's namespace and having macvlan interface visible) | + | - iptables is initialized from lxc.hook.pre-mount hook (ran in the container's namespace and having guest macvlan interface visible) |
first boot with ''hwaddr'' line disabled, look what the random address was assigned, set it in config. | first boot with ''hwaddr'' line disabled, look what the random address was assigned, set it in config. |