Не могу настроить lxc контейнер yf гигтег 20.04, не работает dns
Форум — Admin
Раньше пользовался lxc контейнером и проблем не бывало. Сейчас в контейнере lxc не работает dns Установил контейнер так:
sudo lxc-create -t download -n my-lxc -- -d ubuntu -r focal -a amd64
установил apparmor. Запустил контейнер lxc-info -n ubuntu-lxc, статус running
config:
lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64
# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/ubuntu-lxc/rootfs
lxc.uts.name = ubuntu-lxc
net.ipv4.conf.[link].forwarding=1
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:0f:14:e7
Добавил прероутинг:
*nat
:PREROUTING ACCEPT [5470:797203]
:OUTPUT ACCEPT [6156:931073]
-A POSTROUTING -s 10.0.3.0/24 -o enp0s31f6 -j MASQUERADE
COMMIT
*filter
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -i enp0s31f6 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -o enp0s31f6 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#закрыть
-A INPUT -p tcp -m tcp --dport 33337 -m state --state NEW -j ACCEPT
#нельзя
-A INPUT -s 97.131.142.27/32 -p tcp -m tcp --dport 33337 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -s 97.131.142.27/32 -m state --state NEW -j ACCEPT
#нельзя
-A INPUT -p tcp -m tcp --dport 111 -j DROP
-A INPUT -p udp -m udp --dport 111 -j DROP
#похоже не нужно
-A OUTPUT -p tcp -m tcp --dport 111 -j DROP
-A OUTPUT -p udp -m udp --dport 111 -j DROP
#пиры
#на DROP
:INPUT DROP
:FORWARD ACCEPT
#ACCEPT
:OUTPUT ACCEPT
COMMIT
В nano /etc/sysctl.conf включил net.ipv4.ip_forward=1, net.ipv6.conf.all.forwarding=1 Зашел в контейнер cd /var/lib/lxc/ubuntu-lxc, chroot rootfs/ Задал пароль для рут. И пингую.
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=6.39 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=6.38 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=6.35 ms
ping ya.ru
ping: ya.ru: Temporary failure in name resolution
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 90:1b:0e:fe:2f:e9 brd ff:ff:ff:ff:ff:ff
inet 95.216.241.100/32 scope global enp0s31f6
valid_lft forever preferred_lft forever
inet6 2a01:4f9:2b:2388::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::921b:eff:fefe:2fe9/64 scope link
valid_lft forever preferred_lft forever
3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe00:0/64 scope link
valid_lft forever preferred_lft forever
26: vethk1Dp9r@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxcbr0 state UP group default qlen 1000
link/ether fe:d6:d5:77:8c:33 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::fcd6:d5ff:fe77:8c33/64 scope link
valid_lft forever preferred_lft forever
vi /etc/netplan/10-lxc.yaml
network:
version: 2
ethernets:
eth0:
dhcp4: true
dhcp-identifier: mac
Если ставлю вручную так:
network:
version: 2
ethernets:
eth0:
dhcp4: false
addresses:
- 10.0.3.134/24
gateway4: 10.0.3.1
nameservers:
addresses:
- 8.8.8.8
netplan try выводит:
Failed to connect to bus: No such file or directory
An error occurred: Command '['systemctl', 'daemon-reload']' returned non-zero exit status 1.
Reverting.
Failed to connect to bus: No such file or directory
Failed to connect to bus: No such file or directory
Traceback (most recent call last):
File "/usr/share/netplan/netplan/cli/commands/try_command.py", line 99, in command_try
NetplanApply().command_apply(run_generate=True, sync=True, exit_on_error=False, state_dir=self.state)
File "/usr/share/netplan/netplan/cli/commands/apply.py", line 165, in command_apply
utils.systemctl_daemon_reload()
File "/usr/share/netplan/netplan/cli/utils.py", line 120, in systemctl_daemon_reload
subprocess.check_call(['systemctl', 'daemon-reload'])
File "/usr/lib/python3.8/subprocess.py", line 364, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['systemctl', 'daemon-reload']' returned non-zero exit status 1.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/sbin/netplan", line 23, in <module>
netplan.main()
File "/usr/share/netplan/netplan/cli/core.py", line 50, in main
self.run_command()
File "/usr/share/netplan/netplan/cli/utils.py", line 247, in run_command
self.func()
File "/usr/share/netplan/netplan/cli/commands/try_command.py", line 81, in run
self.run_command()
File "/usr/share/netplan/netplan/cli/utils.py", line 247, in run_command
self.func()
File "/usr/share/netplan/netplan/cli/commands/try_command.py", line 113, in command_try
self.revert()
File "/usr/share/netplan/netplan/cli/commands/try_command.py", line 143, in revert
NetplanApply().command_apply(run_generate=False, sync=True, exit_on_error=False, state_dir=tempdir)
File "/usr/share/netplan/netplan/cli/commands/apply.py", line 173, in command_apply
utils.systemctl('stop', wpa_services, sync=sync)
File "/usr/share/netplan/netplan/cli/utils.py", line 89, in systemctl
subprocess.check_call(command)
File "/usr/lib/python3.8/subprocess.py", line 364, in check_call
raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['systemctl', 'stop', 'netplan-wpa-*.service']' returned non-zero exit status 1.
Если прописать днс в vi /etc/systemd/resolved.conf, то systemctl status systemd-resolved выводит:
Failed to connect to bus: No such file or directory
Подскажите пожалуйста как настроить днс сервер. apt install ничего не работает.
apt install net-tools
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
net-tools
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 196 kB of archives.
After this operation, 864 kB of additional disk space will be used.
Err:1 http://archive.ubuntu.com/ubuntu focal/main amd64 net-tools amd64 1.60+git20180626.aebd88e-1ubuntu1
Temporary failure resolving 'archive.ubuntu.com'
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/n/net-tools/net-tools_1.60+git20180626.aebd88e-1ubuntu1_amd64.deb Temporary failure resolving 'archive.ubuntu.com'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
