Throughout this chapter you will need to run commands as your unprivileged user ("lxdadmin" if you've been following from the beginning in this book).
You get a default profile when you install LXD, and this profile cannot be removed or modified. That said, you can use the default profile to create new profiles to use with your containers.
If you examine your container listing, you will notice that the IP address in each case is from the bridged interface. In a production environment, you may want to use something else. This might be a DHCP assigned address from your LAN interface or even a statically assigned address from your WAN.
If you configure your LXD server with two interfaces and assign each an IP on your WAN and LAN, it is possible to assign your container's IP addresses based on the interface the container needs to be facing.
As of version 9.0 of Rocky Linux (and really any bug for bug copy of Red Hat Enterprise Linux) the method for assigning IP addresses statically or dynamically with the profiles does not work.
There are ways to get around this, but it is annoying. This appears to have something to do with changes made to Network Manager that affect macvlan. macvlan allows you to create many interfaces with different Layer 2 addresses.
For now, just be aware that this has drawbacks when choosing container images based on RHEL.
If you were on a multi-interface machine and wanted more than one macvlan template based on the network you wanted to reach, you might use "lanmacvlan" or "wanmacvlan" or any other name that you wanted to use to identify the profile. Using "macvlan" in our profile create statement is totally up to you.
You want to change the macvlan interface, but before you do, you need to know what the parent interface is for our LXD server. This will be the interface that has a LAN (in this case) assigned IP. To find what interface that is, use:
ipaddr
Look for the interface with the LAN IP assignment in the 192.168.1.0/24 network:
In RHEL distributions and clones, Network Manager has been in a constant state of change. Because of this, the way the macvlan profile works does not work (at least in comparison to other distributions), and requires a little additional work to assign IP addresses from DHCP or statically.
Remember that none of this has anything to do with Rocky Linux particularly, but with the upstream package implementation.
If you want to run Rocky Linux containers and use macvlan to assign an IP address from your LAN or WAN networks, the process is different based on the container version of the operating system (8.x or 9.x).
As you can see, our Rocky Linux 8.x container received the IP address from the LAN interface, whereas the Rocky Linux 9.x container did not.
To further demonstrate the problem here, you need to run dhclient on the Rocky Linux 9.0 container. This will show us that the macvlan profile, is in fact applied:
lxcexecrockylinux-test-9dhclient
Another container listing now shows the following:
That should have happened with a stop and start of the container, but it does not. Assuming that you want to use a DHCP assigned IP address every time, you can fix this with a simple crontab entry. To do this, we need to gain shell access to the container by entering:
lxcexecrockylinux-test-9bash
Next, lets determine the path to dhclient. To do this, because this container is from a minimal image, you will need to first install which:
dnfinstallwhich
then run:
whichdhclient
which will return:
/usr/sbin/dhclient
Next, change root's crontab:
crontab-e
Add this line:
@reboot/usr/sbin/dhclient
The crontab command entered uses vi . To save your changes and exit use Shift+:+w+q.
Exit the container and restart rockylinux-test-9:
lxcrestartrockylinux-test-9
Another listing will reveal that the container has the DHCP address assigned:
To statically assign an IP address, things get even more convoluted. Since network-scripts is now deprecated in Rocky Linux 9.x, the only way to do this is through static assignment, and because of the way the containers use the network, you are not going to be able to set the route with a normal ip route statement. The problem turns out to be that the interface assigned when applying the macvlan profile (eth0 in this case), is not manageable with Network Manager. The fix is to rename the network interface on the container after restart and assign the static IP. You can do this with a script and run (again) within root's crontab. Do this with the ip command.
To do this, you need to gain shell access to the container again:
lxcexecrockylinux-test-9bash
Next, you are going to create a bash script in /usr/local/sbin called "static":
Configuring the Static IP is just a little different, but not at all hard. You need to change the .yaml file associated with the container's connection (10-lxc.yaml). For this static IP, you will use 192.168.1.201:
In the examples used in this chapter, a hard container to configure was intentionally chosen, and two less difficult ones. There are many more versions of Linux available in the image listing. If you have a favorite, try installing it, assigning the macvlan template, and setting IPs.