[pkg-lxc-devel] Bug#835529: lxc: default debootstrap minimal install hangs waiting for dhcp

Sun Oct 30 15:53:55 UTC 2016

Hi,

On Fri, Aug 26, 2016 at 06:30:39PM +0200, Dryden Personalis wrote:

> Just a small issue but relevant because it determines the usability and user-friendliness of the package or Debian at least.
> 
> By default an LXC container will be started with the network settings in /var/lib/lxc/<host>/config. These settings are injected into the container when it starts.

Debian ships with "lxc.network.type = empty" in /etc/lxc/default.conf
Thus containers (by default) do not have any network configured.

> A default minimal Debian installation however will have DHCP configured.
> 
> Now LXC doesn't provide a mimimal dhcp in itself which would be nice, but....

It does starting with 2.0, just set USE_LXC_BRIDGE="true" in either
/etc/default/lxc or /etc/default/lxc-net and attach your container to the
created lxcbr0.

> DHCP is not actually required to get the thing online. If you configure it to static, or even set it to manual, it will still work. You will have network, you just won't be able to reconfigure it or to bring it online again after you really kill it.

Right, you can either set lxc.network.ipv[46] or configure the network from
inside the container if you do not drop the correspondig caps.

> So I would simply humbly suggest one of two things:
> 
> 1) perform the sed action above in the /usr/share/lxc/templates/lxc-debian file.

No, as this will just oppose the other half of the users ;)

> 2) allow lxc to be shipped with the most minimal of DHCP servers that is not even a standalone thing but that will at least respond to a request for the network that has already been configured in its host configuration file of /var/lib/lxc/<host>/config.

As mentioned, lxc-net will do this for you since 2.0.

> But in both cases the container would start working as soon as the user makes that configuration.

But also a container completelly without network (as created by default by lxc-create)
will work.

> Moreoever initially, because systemd does not give a timeout be default (but the init script or dhcp server does) you think that the system is going to hang (like so many times before). SystemD tells you there is no timeout. Heh, but there is, you just don't see it. So before even searching the web what was going on, I had already tried at least 3 different network configs (in the host config of /var/lib/lxc/<host>/config) before realizing the system wasn't bugged (all that much) and I just had to wait a minute even though it told me it would hang.

You can attach to a starting container just fine.
Just tried on Jessie.
Container with the following network config
 lxc.network.type = veth
 lxc.network.link = test0
There is no DHCPD on test0, so dhcpclient will take some time to fail to bring up eth0
But I can attach to the container just fine with lxc-attach.

So yeah, if you configure just half of the network, it will not work,
but that is kinda expected :)

Given that we
1) ship a config that works just fine by default (but does not have networking at all)
2) provide an easy way to enable DHCP on a bridge
do you think this report can be closed, or do you see any more room for improvement here?