Ubuntu
lxc package

pre-installed lxc in cloud-image means loss of access to 10.0.X.0/24

Bug #1510108 reported by Scott Moser
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Won't Fix
Medium
Stéphane Graber

Bug Description

Bug 1509414 describes fallout of inclusion of lxc in cloud images. The initial inclusion caused 2 issues:
 a.) containers created by 'lxc -t ubuntu-cloud' and 'lxd import-images ubuntu wily' had completely broken networking
 b.) all cloud images would have lost access to 10.0.3.0/24 networks.

The fix that went in fixes 'a' above. By default, containers created for lxd and lxc will now work as expected.

This bug is opened to address the much less severe 'b'.

Now, on first boot lxc-net selects a network in the 10.0.X.0/24 to give to the lxcbr0 bridge. It selects the network by simply looking for the first available N where there . That code can be seen prior to fix in debian/lxc.preinst [1] and after fix in config/init/common/lxc-net.in [2]. Generally speaking it looks for local ip addresses on the targeted network. That code is fairly simplistic. There are definitely cases where it can pick a network that would be used by this system. The result is that traffic destined for that network will be sent to the lxcbr0 rather than out of the system to wherever it should go.

The suggested fix would be to make that code run on 'lxc' or 'lxd' usage rather than on instance boot. By doing so, we reduce the set of users possibly affected from all cloud-image users to all users of lxc or lxd.

Note, all users of lxd and lxc have been affected by this bug since at least 14.04.

--
[1] https://github.com/lxc/lxc-pkg-ubuntu/blob/dpm-wily/debian/lxc.preinst#L55
[2] https://github.com/lxc/lxc-pkg-ubuntu/blob/dpm-wily/config/init/common/lxc-net.in

Related bugs:
  * bug 1509414: pre-installed lxc in cloud image produces broken lxc (and later lxd) containers

Revision history for this message
Scott Moser (smoser) wrote :

For reference, bug 1509414 refers to this issue as 'stage 2'.
Serge Hallyn suggested a fix for it in comment 24 (https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1509414/comments/24). There is other discussion there also as to the viability of that fix.

Scott Moser (smoser)
Changed in lxc (Ubuntu Wily):
status: New → Confirmed
Changed in lxc (Ubuntu Xenial):
status: New → Confirmed
Changed in lxc (Ubuntu Wily):
importance: Undecided → Medium
Changed in lxc (Ubuntu Xenial):
importance: Undecided → Medium
Stéphane Graber (stgraber)
Changed in lxc (Ubuntu Wily):
status: Confirmed → Triaged
Changed in lxc (Ubuntu Xenial):
status: Confirmed → Triaged
Jon Grimm (jgrimm)
Changed in lxc (Ubuntu Wily):
assignee: nobody → Stéphane Graber (stgraber)
Changed in lxc (Ubuntu Xenial):
assignee: nobody → Stéphane Graber (stgraber)
Stéphane Graber (stgraber)
no longer affects: lxc (Ubuntu Wily)
no longer affects: lxc (Ubuntu Xenial)
Revision history for this message
Stéphane Graber (stgraber) wrote :

Closing as these days we only have LXD preinstalled on those images and LXD does a lot more validation and only creates the networks on first use.

Changed in lxc (Ubuntu):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.