LXD broken on vmware in 2.3rc2

What is the subnet cidr for the primary network?

I'm not entirely sure how we manage DHCP in containers. I'll defer to Witold.

It should be possible for you to configure the fan for the addressable containers within the controller, but since the primary network could be anything, this isn't done by default.

The primary network is

10.10.136.0 255.255.252.0

But to be clear, there is a bigger issue than the containers not being addressable; the containers can't even reach the controller so the NAT setup Juju used to do on non-maas clouds is broken too.

"With the current network setup, creating an LXD container on a VM makes the VM unreachable."

That sounds like:
  https://bugs.launchpad.net/bugs/1737640

Which was a bug in the ubuntu-fan package, which has been updated and I believe SRU to all relevant Ubuntu releases. So that portion might already be fixed.

For the rest, we'll try to reproduce locally.

I don't think it's that bug. We experienced that bug a while ago, but that is fixed now. The issue we have is still present today.

Could you try bootstrapping the controller with "--config container-networking-method=local" added to the command line and then checking if it works? There was a bug in autoconfiguring container networking on networkless environments, setting it manually should help.

https://github.com/juju/juju/pull/8278/

I can confirm that bootstrapping with "--config container-networking-method=local" works; both host and container has correct networking (but container network is host-local with nat).

As an experiment - could you check whether it works with --config container-networking-method=provider ? The container should get a DHCP-assigned IP from the physical network then, but that's (currently) not a supported feature on VMWare.

container-networking-method=provider results in an unreachable host and a container that is stuck on "starting".

Isn't container-networking-method=provider the default? That's what I expect at least.

The default is 'provider' for providers for which there is an explicit allocation of IP addresses for containers (MAAS), 'fan' for providers for which we can deduct the proper FAN settings (AWS, OpenStack, GCE), and 'local' for all other providers. Up until 2.2 the option was non-existent, but the behaviour was 'provider'-like for MAAS and 'local' for the rest.

BTW, IIRC there's a 'allow promiscuous' option for virtual switch in VMWare - do you have it set? If not - that's the probable reason why containers don't work in 'provider' mode.

Allow promiscuous gives a different result, but it doesn't seem to be working either; containers aren't accessble

Machine State DNS Inst id Series AZ Message
0 started 10.10.137.16 juju-9ebd18-0 xenial poweredOn
0/lxd/0 pending juju-9ebd18-0-lxd-0 xenial Container started

@wpk

I'd like to get your confirmation that what we're seeing are the expected result and whether I need to file new bugs for 3, 4 and 5.

1. upgrading a 2.3.1 model to 2.3.2 doesn't fix LXD, neither on old nor new machines.
2. creating a new 2.3.2 model fixes LXD: the container network is now host-only (local).

3. container-networking-method=fan and fan-config=10.10.0.0/16=192.168.0.0/8 results in the error "failed to start machine 0/lxd/0 (unable to setup network: host machine "0" has no available FAN devices in space(s) ""), retrying in 10s (8 more attempts)"

4. container-networking-method=provider and an external network without IP address breaks the networking of both the host and the container.
5. container-networking-method=provider and only internal network breaks the networking of the container.
  This is with "promiscuous mode", "MAC address changes" and "forged transmits" allowed. If I look at the `ifconfig` output, it seems as if there is more wrong; the `lxdbr0` interface still has `10.0.187.1` as ip; as if the container network mode is "local"..

br-ens192 Link encap:Ethernet HWaddr 00:50:56:a4:15:06
          inet addr:10.10.137.58 Bcast:10.10.139.255 Mask:255.255.252.0
          inet6 addr: fe80::250:56ff:fea4:1506/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:14927 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11837 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:166431103 (166.4 MB) TX bytes:859619 (859.6 KB)

ens192 Link encap:Ethernet HWaddr 00:50:56:a4:15:06
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:376714 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11868 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:299912573 (299.9 MB) TX bytes:868937 (868.9 KB)

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:160 errors:0 dropped:0 overruns:0 frame:0
          TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:11840 (11.8 KB) TX bytes:11840 (11.8 KB)

lxdbr0 Link encap:Ethernet HWaddr b6:86:6c:b0:b6:1b
          inet addr:10.0.187.1 Bcast:0.0.0.0 Mask:255.255.255.0
          inet6 addr: fe80::b486:6cff:feb0:b61b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B) TX bytes:570 (570.0 B)

vethB20SMK Link encap:Ethernet HWaddr fe:90:2f:2f:06:eb
          inet6 addr: fe80::fc90:2fff:fe2f:6eb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:341 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:9150 (9.1 KB) TX bytes:90298...

> 1. upgrading a 2.3.1 model to 2.3.2 doesn't fix LXD, neither on old nor new machines.
This is a bug, albeit low priority as the workaround is quite simple -
https://bugs.launchpad.net/juju/+bug/1744243

> 2. creating a new 2.3.2 model fixes LXD: the container network is now host-only (local).
OK

> 3. container-networking-method=fan and fan-config=10.10.0.0/16=192.168.0.0/8 results in the error "failed to start machine 0/lxd/0 (unable to setup network: host machine "0" has no available FAN devices in space(s) ""), retrying in 10s (8 more attempts)"
Could you try:
1. Setting juju log level to debug
2. Setting fan-config to 10.10.0.0/16=253.0.0.0/8 and container-networking-method to fan
3. Checking on host machine if a new fan-253 and ftun0 devices appeared
4. Adding a container on this machine

> 4. container-networking-method=provider and an external network without IP address breaks the networking of both the host and the container.
Do you have any way of checking what's happening on the machine? When creating the container it should create bridges for all the devices and connect the container to a proper one, something's definitely wrong here.

> 5. container-networking-method=provider and only internal network breaks the networking of the container.
> This is with "promiscuous mode", "MAC address changes" and "forged transmits" allowed. If I look at the `ifconfig` output, it seems as if there is more wrong; the `lxdbr0` interface still has `10.0.187.1` as ip; as if the container network mode is "local"..

lxdbr0 will always have the random 10/8 IP address, but in 'provider' method it's not used - the container should be bridged with the physical device - could you check the output of "brctl show" if the container veth device is bridged to the proper br-? If yes, what are the system logs inside the container saying?

Also, I'm wpk on freenode so feel free to ping me so that we maybe could debug those issues more 'realtime'.

Thanks for looking into it @wpk!

# 3 fan on vmware

fan-253 and ftun0 are present; ifconfig output http://paste.ubuntu.com/26417271/

LXD container is down: "unable to find host bridge for space(s) "" for container "2/lxd/0""

log output: https://paste.ubuntu.com/26417295/

# 4 provider with external network

juju-debug-log: http://paste.ubuntu.com/26417714/
brctl: http://paste.ubuntu.com/26417724
ifconfig: http://paste.ubuntu.com/26417728
journalctl: http://paste.ubuntu.com/26417729
route: http://paste.ubuntu.com/26417730

# 5 provider without external network

ifconfig output: http://paste.ubuntu.com/26417310/

It does seem as if the bridge is added correctly:

```
bridge name bridge id STP enabled interfaces
br-ens192 8000.005056a41506 no ens192
       vethB20SMK
lxdbr0 8000.000000000000 no
```

+---------------------+---------+------+------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+---------------------+---------+------+------+------------+-----------+
| juju-f87094-0-lxd-0 | RUNNING | | | PERSISTENT | 0 |
+---------------------+---------+------+------+------------+-----------+

full systemd log from that unit: http://paste.ubuntu.com/26417363/

I created three new issues for these three cases:

- #3 https://bugs.launchpad.net/juju/+bug/1751739
- #4 https://bugs.launchpad.net/juju/+bug/1751740
- #5 https://bugs.launchpad.net/juju/+bug/1751743