LINUX.ORG.RU
решено ФорумAdmin

Не могу настроить lxc контейнер yf гигтег 20.04, не работает dns

 , , , ,


0

1

Раньше пользовался lxc контейнером и проблем не бывало. Сейчас в контейнере lxc не работает dns Установил контейнер так:

sudo lxc-create -t download -n my-lxc -- -d ubuntu -r focal -a amd64

установил apparmor. Запустил контейнер lxc-info -n ubuntu-lxc, статус running

config:

lxc.include = /usr/share/lxc/config/common.conf
lxc.arch = linux64

# Container specific configuration
lxc.rootfs.path = dir:/var/lib/lxc/ubuntu-lxc/rootfs
lxc.uts.name = ubuntu-lxc
net.ipv4.conf.[link].forwarding=1
# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:0f:14:e7

Добавил прероутинг:

*nat
:PREROUTING ACCEPT [5470:797203]
:OUTPUT ACCEPT [6156:931073]
-A POSTROUTING -s 10.0.3.0/24 -o enp0s31f6 -j MASQUERADE
COMMIT
*filter
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

-A INPUT -i enp0s31f6 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -o enp0s31f6 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#закрыть
-A INPUT -p tcp -m tcp --dport 33337 -m state --state NEW -j ACCEPT

#нельзя
-A INPUT -s 97.131.142.27/32 -p tcp -m tcp --dport 33337 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -s 97.131.142.27/32 -m state --state NEW -j ACCEPT
#нельзя
-A INPUT -p tcp -m tcp --dport 111 -j DROP
-A INPUT -p udp -m udp --dport 111 -j DROP
#похоже не нужно
-A OUTPUT -p tcp -m tcp --dport 111 -j DROP
-A OUTPUT -p udp -m udp --dport 111 -j DROP
#пиры

#на DROP
:INPUT DROP
:FORWARD ACCEPT

#ACCEPT
:OUTPUT ACCEPT
COMMIT

В nano /etc/sysctl.conf включил net.ipv4.ip_forward=1, net.ipv6.conf.all.forwarding=1 Зашел в контейнер cd /var/lib/lxc/ubuntu-lxc, chroot rootfs/ Задал пароль для рут. И пингую.

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=6.39 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=6.38 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=6.35 ms
 ping ya.ru
ping: ya.ru: Temporary failure in name resolution

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 90:1b:0e:fe:2f:e9 brd ff:ff:ff:ff:ff:ff
    inet 95.216.241.100/32 scope global enp0s31f6
       valid_lft forever preferred_lft forever
    inet6 2a01:4f9:2b:2388::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::921b:eff:fefe:2fe9/64 scope link
       valid_lft forever preferred_lft forever
3: lxcbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.1/24 brd 10.0.3.255 scope global lxcbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::216:3eff:fe00:0/64 scope link
       valid_lft forever preferred_lft forever
26: vethk1Dp9r@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master lxcbr0 state UP group default qlen 1000
    link/ether fe:d6:d5:77:8c:33 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::fcd6:d5ff:fe77:8c33/64 scope link
       valid_lft forever preferred_lft forever

vi /etc/netplan/10-lxc.yaml

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: true
      dhcp-identifier: mac

Если ставлю вручную так:

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: false
      addresses:
      - 10.0.3.134/24
      gateway4: 10.0.3.1
      nameservers:
        addresses:
          - 8.8.8.8

netplan try выводит:

Failed to connect to bus: No such file or directory

An error occurred: Command '['systemctl', 'daemon-reload']' returned non-zero exit status 1.

Reverting.
Failed to connect to bus: No such file or directory
Failed to connect to bus: No such file or directory
Traceback (most recent call last):
  File "/usr/share/netplan/netplan/cli/commands/try_command.py", line 99, in command_try
    NetplanApply().command_apply(run_generate=True, sync=True, exit_on_error=False, state_dir=self.state)
  File "/usr/share/netplan/netplan/cli/commands/apply.py", line 165, in command_apply
    utils.systemctl_daemon_reload()
  File "/usr/share/netplan/netplan/cli/utils.py", line 120, in systemctl_daemon_reload
    subprocess.check_call(['systemctl', 'daemon-reload'])
  File "/usr/lib/python3.8/subprocess.py", line 364, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['systemctl', 'daemon-reload']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/sbin/netplan", line 23, in <module>
    netplan.main()
  File "/usr/share/netplan/netplan/cli/core.py", line 50, in main
    self.run_command()
  File "/usr/share/netplan/netplan/cli/utils.py", line 247, in run_command
    self.func()
  File "/usr/share/netplan/netplan/cli/commands/try_command.py", line 81, in run
    self.run_command()
  File "/usr/share/netplan/netplan/cli/utils.py", line 247, in run_command
    self.func()
  File "/usr/share/netplan/netplan/cli/commands/try_command.py", line 113, in command_try
    self.revert()
  File "/usr/share/netplan/netplan/cli/commands/try_command.py", line 143, in revert
    NetplanApply().command_apply(run_generate=False, sync=True, exit_on_error=False, state_dir=tempdir)
  File "/usr/share/netplan/netplan/cli/commands/apply.py", line 173, in command_apply
    utils.systemctl('stop', wpa_services, sync=sync)
  File "/usr/share/netplan/netplan/cli/utils.py", line 89, in systemctl
    subprocess.check_call(command)
  File "/usr/lib/python3.8/subprocess.py", line 364, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['systemctl', 'stop', 'netplan-wpa-*.service']' returned non-zero exit status 1.

Если прописать днс в vi /etc/systemd/resolved.conf, то systemctl status systemd-resolved выводит:

Failed to connect to bus: No such file or directory

Подскажите пожалуйста как настроить днс сервер. apt install ничего не работает.

apt install net-tools

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  net-tools
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 196 kB of archives.
After this operation, 864 kB of additional disk space will be used.
Err:1 http://archive.ubuntu.com/ubuntu focal/main amd64 net-tools amd64 1.60+git20180626.aebd88e-1ubuntu1
  Temporary failure resolving 'archive.ubuntu.com'
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/n/net-tools/net-tools_1.60+git20180626.aebd88e-1ubuntu1_amd64.deb  Temporary failure resolving 'archive.ubuntu.com'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?