1. Home
  2. Wanos Admin Guide
  3. Installation
  4. LXD Containers

LXD Containers

Steps to setup Wanos on LXD container

 

Index

Prerequisite
Disclaimer
Topology
Host Configuration
Wanos Profile Template
Access Wanos Container

 

Prerequisite

The reader should have an understanding of how LXDs are configured and managed.

 

Disclaimer

LXD container versions are running in live production systems. Before deploying the container version in production, please test the solution thoroughly to ensure Wanos is compatible with any other services running on the host.

 

The instructions are based on LXD version 2.0.10. Please adjust the networking configuration on newer versions of LXD. The configuration was tested on an Ubuntu 16.04, which uses ifdown (/etc/network/interfaces), use netplan if using a more recent Ubuntu release.

 

Topology

The configuration below is a basic topology of physical NIC eth0 that is connected to the LAN. br_lan is a linux bridge with eth0 configured as a bridge port. br_lan is the bridge that the Wanos container connects to. It is assumed that NAT is not used on the LXD bridge.

 

Host Configuration

To run Wanos in tunnel mode, we need a dummy interface on the host. Load the dummy module on the host:

 

sudo modprobe dummy

 

To automatically load the dummy module on startup add dummy to /etc/modules. Ensure ethtool is installed on the host, if not install ethtool.

 

bcronje@wanos-lxd:~$ ethtool --version
ethtool version 4.5

 

Confirm ethtool has a script under /etc/network/if-up.d/ (this should be there if ethtool is installed):

 

bcronje@wanos-lxd:~$ ll /etc/network/if-up.d/ethtool
-rwxr-xr-x 1 root root 1685 Mar 14 2016 /etc/network/if-up.d/ethtool*

 

Disable network offloading on the bridge and veth virtual interfaces used by lxd for Wanos in order for Wanos to work. Update /etc/network/interfaces to contain the following:

 

Note: Replace br_lan name and IP addresses to match your preferences. Leave any additional configuration you have in place for your bridge. The only important lines are the “offload-xxx” lines under the bridge configuration.

 

auto eth0
iface eth0 inet manual
auto br_lan
iface br_lan inet static
     address x.x.x.x
     netmask x.x.x.x
     network x.x.x.x
     broadcast x.x.x.x
     gateway x.x.x.x
     dns-nameservers x.x.x.x
     bridge_ports eth0
     offload-rx off
     offload-tx off
     offload-sg off
     offload-tso off
     offload-gso off
     offload-gro off
     offload-lro off
     offload-rxvlan off
     offload-txvlan off
     offload-rxhash on

auto vethwanoswan
iface vethwanoswan inet manual
     offload-rx off
     offload-tx off
     offload-sg off
     offload-tso off
     offload-gso off
     offload-gro off
     offload-lro off
     offload-rxvlan off
     offload-txvlan off
     offload-rxhash on

 

The above vethwanoswan is defined in wanos_profile to use a static name for the veth and container NIC mappings, see steps below.

 

  • Copy the attached file wanos_profile.yaml and update the parent: br_lan to point to your bridge name. Note: See Wanos Profile Template for a sample configuration.
  • Create the wanos_profile LXD profile and update with wanos_profile.yaml:

 

lxc profile create wanos_profile
cat wanos_profile.yaml | lxc profile edit wanos_profile

 

  • Import the Wanos LXD image and create the Wanos container assigning it the wanos_profile profile:

 

lxc image import ./wanos-3.2.3-ub-lxd.tar.gz --alias wanos-3.2.3-ub-lxd
lxc init wanos-3.2.3-ub-lxd wanos -p wanos_profile

 

The LXD configuration is complete. Configure Wanos and set it into Tunnel Mode. Depending on bandwidth requirements, this might not be needed, configure CPU cores to each Wanos containers via the LXD config settings limits.cpu.

 

Contact Wanos support if you have any questions or need any clarifications.. When things are not working, most of the time, it has something to do with the offloading features not being disabled, so it is crucial that both the host bridge and veth (vethwanoswan) have the necessary offload settings set as per above. Verify if offloading features are disabled with the ethtool -k br_lan and ethtool -k vethwanoswan commands.

 

Wanos Profile Template – wanos_profile.yaml

A sample yaml configuration.

config: {}
description: Wanos LXD profile
devices:
     eth0:
           name: eth0
           nictype: bridged
           parent: br_lan
           type: nic
           host_name: vethwanoswan
     dummy0:
           name: dummy0
           nictype: physical
           parent: dummy0
           type: nic
name: wanos_profile

 

Access Wanos Container

To access the Wanos container from the LXD host, use the following command:

lxc exec wanos bash

Note: The command listed will log the user as the configured root user. Change to tc user by using the command: su tc.




Was this article helpful to you? Yes No

How can we help?