web analytics

Working on my LXC Networking setup

Update (03/01/13): the diagram below is hopelessly wrong in regard to the networking for the ‘backend’ containers. I’m leaving the post as is as a reminder of how I worked through the setup. Will add a link here in future when I get the setup right.

I’m currently setting up a Hetzner dedicated server to replace an existing one. While doing this I’m changing the way I do things to make the setup easier to administer. I use a number of web applications at the moment; several instances of WordPress, Gitorious and ThinkUp. Getting all of them to play nicely together can be a pain. In particular, adding another RoR application to the setup is horrid. So I’ve been looking at how bits of the software infrastructure can be separated. While doing this I’ve taken an interest in LXC – Linux Containers akin to chroot or FreeBSD jails or several other server partitioning technologies. There’s various other interesting points on this that aren’t really relevant here and now. Folks at Ubuntu seem to have taken an interest in LXC and have done a massive amount of work to make it easy to use. In particular, Stéphane Graber has written some great content.

So, I’m working on my setup which is going to make use of separate web application containers i.e. multiple Ubuntu containers running Apache and PHP or Ruby talking to a database container. The following diagram represents what I think the setup should look like: LXC Setup

Currently, lxcbr0 exists (it’s in the default conf file for a container) and I have UFW forwarding port 80 connections on eth0 to nginx. Nginx will serve as a reverse proxy communicating with the appropriate Apache servers for the particular site requested. So I expect it to have two network interfaces; one to lxcbr0 (this exists) and one to communicate with the backend Apache servers (this doesn’t exist yet). The backend servers consist of a DB server and multiple Apache servers which I see as being part of a VLAN, communicating with each other and the internet (for the purposes of updates and external services like mail). This is the bit which confuses me currently and which I’m trying to figure out before adding any more configuration or packages. Although I’ve used the term VLAN I’m looking at both VLAN and MACVLAN (and possibly other networking options). I’ll write another post when I get the final setup but if anyone wants to throw in their tuppence worth it’s all welcome :)


Posted by James Gallagher

39 year old nerdy sort who now lives in Rathfarnham, Dublin, Ireland.

  • Hello James,
    As a virtualization n00b my first take was to learn LXC as I’m trying to learn good practices in order to secure the services provided by a server: email, web, IRC bouncer, torrent clients, so on.
    In my learning journey I came across several guys that told me that LXC isn’t really ready for prime time yet and that I should look for alternatives like OpenVZ or KVM.
    Now, as the laptop I will use as a test-bed is very limited (a Celeron 1,66mhz, 1GB RAM) KVM is out of question being OpenVZ a reasonable choice as it is more of an enhanced chroot/jail instead a full Hypervisor.
    BUT (heck, always there’s a but, grrr) it seems OpenVZ requires an special kernel to support it. I know of course that LXC is still under heavy development and it’s pretty much a work in progress but I would like to know your opinion about it since you seem to be working with it on real-life scenarios: could LXC fully replace OpenVZ (being the both a much similar software packages)? Did you test LXC with OpenVPN and VLANs?
    Thanks in advance!

Parse error: syntax error, unexpected 'http' (T_STRING), expecting ',' or ')' in /usr/local/www/vhosts/jamesgallagher.ie/html/www/wordpress/wp-content/themes/pohutukawa/footer.php on line 39