search

Atalanta / cucumber-chef

Framework for test-driven infrastructure development
http://cucumber-chef.org
Apache License 2.0
265 stars 55 forks source link

No internet access from lxc, ping fails #130

Closed perplexes closed 10 years ago

perplexes commented 10 years ago

After a lot of hacking around, here is how I got internet access from within my lxc containers.

From the test-lab:

sudo su
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

I didn't know if this was just common knowledge that I was missing.

I added it to the Vagrantfile, perhaps you want to add it to the template?

    # Enable internet access for the lxc containers
    test_lab.vm.provision :shell,
      :inline => "sudo iptables -t nat -L | grep MASQUERADE || sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward"
pikesley commented 10 years ago

Hi,

I ran across this a while ago and posted my solution here (which, in hindsight, was probably the wrong place). I've just tried your suggested fix and it didn't work for me; however this monstrosity (basically my hack from above packed into a single line) does the job:

test_lab.vm.provision :shell,
    :inline => "head -$((`wc -l /etc/rc.local | cut -d ' ' -f 1` - 1)) /etc/rc.local > /tmp/rc.local && for line in '/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' '/sbin/iptables -A FORWARD -i eth0 -o br1 -m state --state RELATED,ESTABLISHED -j ACCEPT' '/sbin/iptables -A FORWARD -i eth1 -o br1 -j ACCEPT' ; do echo ${line} >> /tmp/rc.local ; done && echo 'exit 0' >> /tmp/rc.local && sudo cp /tmp/rc.local /etc/ && sudo /etc/rc.local 2> /dev/null && echo '1' | sudo tee /proc/sys/net/ipv4/ip_forward && echo net.ipv4.ip_forward=1 | sudo tee -a /etc/sysctl.conf > /dev/null"

Is it possible to Cargo-cult yourself? Whatever, there's a lot of bamboo around here now...

Sam

perplexes commented 10 years ago

Ah, I didn't test mine. My iptables/ipv4_forward doesn't persist. Closing in deference to your issue.

pikesley commented 10 years ago

Slightly better solution: put all of this cruft into a script, then include it in the Vagrantfile with 

    test_lab.vm.provision :shell,
                          :path => "vagrant/packetpasser.sh"

I note that there's an LXC recipe in the cucumber_chef _chefrepo which is supposed to enable this but I also note that it doesn't seem to work. Whatever.