LXD with OpenvSwitch network

# create bridge
ovs-vsctl add-br mybridge
# ifconfig mybridge up
ip link set mybridge up
ovs-vsctl show
 
# connect ovs bridge to external network
ovs-vsctl add-port mybridge eno1
ifconfig eno1 0
dhclient mybridge -v
ip a show mybridge
route -n
 
# create LXD container
lxc profile create disk-only
lxc storage create pool1 dir
lxc profile device add disk-only root disk path=/ pool=pool1
lxc profile show disk-only
lxc launch ubuntu:18.04 ovs1 -p disk-only
lxc config device add ovs1 eth0 nic nictype=bridged parent=mybridge host_name=vport11
lxc launch ubuntu:18.04 ovs2 -p disk-only
lxc config device add ovs2 eth0 nic nictype=bridged parent=mybridge host_name=vport12
lxc network list

LXD: Network

Configure default profile

lxc network create lxdbr0
lxc profile device add default eth0 nic nictype=bridged parent=lxdbr0

Configure static IP address

lxc stop c1
lxc network attach lxdbr0 c1 eth0 eth0
lxc config device set c1 eth0 ipv4.address 10.0.0.12
lxc start c1

ipv6

lxc network set lxdbr0 ipv6.dhcp.stateful true

ovs network

lxc profile create disk-only
lxc storage create pool1 dir
lxc profile device add disk-only root disk path=/ pool=pool1
lxc profile show disk-only
lxc launch ubuntu:18.04 ovs1 -p disk-only
lxc config device add ovs1 eth0 nic nictype=bridged parent=ovsbridge host_name=vport11
lxc network list
# test static ip
lxc launch redis r
lxc config device override r
lxc config device set r eth0 ipv4.address 10.100.0.100

Links
https://stgraber.org/2016/03/15/lxd-2-0-installing-and-configuring-lxd-212/
https://thomas-leister.de/en/container-overlay-network-openvswitch-linux/
https://stgraber.org/2016/10/27/network-management-with-lxd-2-3/

OpenStack: Neutron (network)

CLI
https://developer.openstack.org/firstapp-libcloud/networking.html

# search server by port ID
openstack port show -c device_id -f value ${PORT_ID}
openstack show show ${PORT_ID}
openstack router show ${PORT_ID}

Port
https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/port.html

# get port ID for OVS interface
openstack port list -c id -f value | grep $(awk '{print substr($OVS_INTERFACE,4,8)}')
 
# list all port by subnet
openstack port list --fixed-ip subnet=mgmt-dev-net --sort-column Name
 
# list all devices by network
openstack port list --network mgmt-dev -c device_id -f value
 
# allow incomming (ingress) SSH for specific IP / subnet
openstack security group rule create default \
    --protocol tcp \
    --dst-port 22 \
    --remote-ip 10.20.30.40/32
 
# create port without security
openstack port create openstack-net-port1 --network openstack-net --no-security-group --disable-port-security --no-fixed-ip
openstack port set --disable-port-security openstack-net-port1
 
# get all port by subnet
openstack port list -c ID -f value --fixed-ip subnet=dev-net1
 
# search ports (filter with json)
openstack port list -c ID -c "Fixed IP Addresses" -f json | jq -r '.[] | select(."Fixed IP Addresses"[].ip_address | startswith("10.11")).ID'

Creat and assign port

KVM: Create Windows 7 VM

Virtio driver
https://fedorapeople.org/groups/virt/virtio-win/deprecated-isos/stable/virtio-win-0.1-81.iso

Create VM

DISKIMG=win7.img
WIN7IMG=../iso/de_windows_7_professional_with_sp1_x64_dvd_u_676919.iso
VIRTIMG=../iso/virtio-win-0.1-81.iso
 
sudo qemu-system-x86_64 \
    --enable-kvm \
    -m 4096 \
    -smp cores=2 \
    -drive file=${DISKIMG},if=virtio \
    -net nic,model=virtio \
    -net user \
    -rtc base=localtime,clock=host \
    -usbdevice tablet \
    -soundhw ac97 \
    -cpu host \
    -vga std
 
    -vga qxl \
 
    -drive file=${VIRTIMG},index=3,media=cdrom \
    -cdrom ${WIN7IMG} \
 
    -vga vmware

Docker: HAProxy

Container
https://hub.docker.com/_/haproxy

Configuration
/tmp/haproxy/haproxy.cfg

global
  maxconn 4096
  #stats timeout 30s
  #debug
 
defaults
  log global
  mode http
  option httplog
  option dontlognull
  timeout connect 5000
  timeout client 50000
  timeout server 50000
  log 127.0.0.1 local0
  #option httpchk
 
frontend frontend1
  bind :80
  mode http
  use_backend backend1
 
backend backend1
  mode http
  balance roundrobin
  option httpchk GET / HTTP/1.1
  http-check expect status 400
  server www1 172.17.0.2:80 check
  server www2 172.17.0.4:80 check
  server www3 172.17.0.6:80 check
 
listen stats 
  bind :9000
  mode http
  stats enable
  stats hide-version
  stats realm Haproxy\ Statistics
  stats refresh 60s
  stats show-node
  stats auth haproxy:password
  stats uri /

Deploy

docker run -d --name haproxy -v /tmp/haproxy:/usr/local/etc/haproxy:ro -p 8080:80 -p 9000:9000 haproxy:latest
docker logs -f  haproxy

LXD: Create container with HTTP(s) proxy

CONTAINER=haproxy
 
# Create container
lxc launch ubuntu:18.04 ${CONTAINER}
sleep 10
 
# Deploy SSH key
lxc file push --uid 0 --gid 0 --mode 600 ~/.ssh/id_rsa.pub ${CONTAINER}/root/.ssh/authorized_keys
 
# Configure http(s) proxy inside of container (if set on host)
[ -z ${http_proxy} ] || echo "export http_proxy=$http_proxy" | lxc shell ${CONTAINER} -- tee -a /etc/environment
[ -z ${https_proxy} ] || echo "export https_proxy=$https_proxy" | lxc shell ${CONTAINER} -- tee -a /etc/environment
 
# Update APT repository
lxc exec ${CONTAINER} -- bash -c ". /etc/environment && apt update"
 
# Optional: install applications
lxc exec ${CONTAINER} -- bash -c ". /etc/environment && apt install -y haproxy"