Steps to setup Wanos on LXD container
Index
Prerequisite
Disclaimer
Topology
Host Configuration
Wanos Profile Template
Access Wanos Container
Prerequisite
The reader should have an understanding of how LXDs are configured and managed.
Disclaimer
LXD container versions are running in live production systems. Before deploying the container version in production, please test the solution thoroughly to ensure Wanos is compatible with any other services running on the host.
The instructions are based on LXD version 2.0.10. Please adjust the networking configuration on newer versions of LXD. The configuration was tested on an Ubuntu 16.04, which uses ifdown (/etc/network/interfaces), use netplan if using a more recent Ubuntu release.
Topology
The configuration below is a basic topology of physical NIC eth0 that is connected to the LAN. br_lan is a linux bridge with eth0 configured as a bridge port. br_lan is the bridge that the Wanos container connects to. It is assumed that NAT is not used on the LXD bridge.
Host Configuration
To run Wanos in tunnel mode, we need a dummy interface on the host. Load the dummy module on the host:
sudo modprobe dummy
To automatically load the dummy module on startup add dummy to /etc/modules
. Ensure ethtool is installed on the host, if not install ethtool.
bcronje@wanos-lxd:~$ ethtool --version ethtool version 4.5
Confirm ethtool has a script under /etc/network/if-up.d/
(this should be there if ethtool is installed):
bcronje@wanos-lxd:~$ ll /etc/network/if-up.d/ethtool -rwxr-xr-x 1 root root 1685 Mar 14 2016 /etc/network/if-up.d/ethtool*
Disable network offloading on the bridge and veth virtual interfaces used by lxd for Wanos in order for Wanos to work. Update /etc/network/interfaces
to contain the following:
Note: Replace br_lan name and IP addresses to match your preferences. Leave any additional configuration you have in place for your bridge. The only important lines are the “offload-xxx” lines under the bridge configuration.
auto eth0 iface eth0 inet manual auto br_lan iface br_lan inet static address x.x.x.x netmask x.x.x.x network x.x.x.x broadcast x.x.x.x gateway x.x.x.x dns-nameservers x.x.x.x bridge_ports eth0 offload-rx off offload-tx off offload-sg off offload-tso off offload-gso off offload-gro off offload-lro off offload-rxvlan off offload-txvlan off offload-rxhash on auto vethwanoswan iface vethwanoswan inet manual offload-rx off offload-tx off offload-sg off offload-tso off offload-gso off offload-gro off offload-lro off offload-rxvlan off offload-txvlan off offload-rxhash on
The above vethwanoswan
is defined in wanos_profile to use a static name for the veth and container NIC mappings, see steps below.
- Copy the attached file
wanos_profile.yaml
and update the parent: br_lan to point to your bridge name. Note: See Wanos Profile Template for a sample configuration. - Create the
wanos_profile
LXD profile and update withwanos_profile.yaml
:
lxc profile create wanos_profile cat wanos_profile.yaml | lxc profile edit wanos_profile
- Import the Wanos LXD image and create the Wanos container assigning it the
wanos_profile
profile:
lxc image import ./wanos-3.2.3-ub-lxd.tar.gz --alias wanos-3.2.3-ub-lxd lxc init wanos-3.2.3-ub-lxd wanos -p wanos_profile
The LXD configuration is complete. Configure Wanos and set it into Tunnel Mode. Depending on bandwidth requirements, this might not be needed, configure CPU cores to each Wanos containers via the LXD config settings limits.cpu
.
Contact Wanos support if you have any questions or need any clarifications.. When things are not working, most of the time, it has something to do with the offloading features not being disabled, so it is crucial that both the host bridge and veth (vethwanoswan) have the necessary offload settings set as per above. Verify if offloading features are disabled with the ethtool -k br_lan
and ethtool -k vethwanoswan
commands.
Wanos Profile Template – wanos_profile.yaml
A sample yaml configuration.
config: {} description: Wanos LXD profile devices: eth0: name: eth0 nictype: bridged parent: br_lan type: nic host_name: vethwanoswan dummy0: name: dummy0 nictype: physical parent: dummy0 type: nic name: wanos_profile
Access Wanos Container
To access the Wanos container from the LXD host, use the following command:
lxc exec wanos bash
Note: The command listed will log the user as the configured root user. Change to tc user by using the command: su tc
.