Skip to content
This repository has been archived by the owner on Feb 13, 2023. It is now read-only.

Make Drupal VM work with vagrant-lxc #649

Closed
nortmas opened this issue May 19, 2016 · 24 comments
Closed

Make Drupal VM work with vagrant-lxc #649

nortmas opened this issue May 19, 2016 · 24 comments
Labels

Comments

@nortmas
Copy link

nortmas commented May 19, 2016

Hi! First of all, Nice Job! Very helpful Project!

I have two suggestions:

  1. Have you ever considered to add an ability for linux users to use https://github.com/fgrehm/vagrant-lxc , it works much faster then virtual box.
    I forced it to work, but I faced with number of challenges.

What I did:

a) Added lines to Vagrantfile.

 # LXC.
  config.vm.provider :lxc do |lxc|
    # Same effect as 'customize ["modifyvm", :id, "--memory", "1024"]' for VirtualBox
    # 1lxc.customize 'cgroup.memory.limit_in_bytes', '1024M'
  end

b) config.yml

vagrant_box: fgrehm/trusty64-lxc

c) provisioning/tasks/init-debian.yml removed lines.

- name: Disable the ufw firewall (since we use a simple iptables firewall).
  service: name=ufw state=stopped
  when: ansible_distribution == "Ubuntu"

It would be great if linux users have such ability from the box.

  1. Is it possible to add oh-my-zsh as an optional possibility? It's a popular and very helpful tool.

Thanks!

@oxyc
Copy link
Collaborator

oxyc commented May 19, 2016

In the docs we have a section on extending Drupal VM with custom providers, and an example using the vagrant-aws provider. You can use the same setup for lxc as well.

c) provisioning/tasks/init-debian.yml removed lines.

Hm why did you have to remove the firewall rules? Maybe that's something we can improve. Are there any error messages?

  1. Is it possible to add oh-my-zsh as an optional possibility? It's a popular and very helpful tool.

Yes you can use the post_provision_scripts variable in config.yml to run arbitrary shell scripts, eg for setting up zsh. You can read more about the scripts in the docs. There's also an example script for configuring solr, that you can use as a boilerplate for your own script.

Note: if you're reading the docs about pre- and post provision scripts. The section on ansible task files is for the upcoming Drupal VM 3.0.0, and they're not available in 2.5.1

@oxyc oxyc added the question label May 19, 2016
@geerlingguy
Copy link
Owner

Also, for oh-my-zsh, if it's just a package install that you need, you can add it to the list of extra_packages.

@nortmas
Copy link
Author

nortmas commented May 19, 2016

Thanks for the reply!

Hm why did you have to remove the firewall rules? Maybe that's something we can improve. Are there any error messages?

I had to remove it because it says that it can't find ufw service.

I wrote that I was able to force it to work, but actually it doesn't work.

  • vagrant up - was performed properly, without any errors.
  • vagrant ssh - works well.
  • hosts - are ok.
  • All services has been installed.

But eventually I can't load http://drupalvm.dev/. I see white screen and unceasing loading.

Do you have any thoughts why this is happening?

@geerlingguy
Copy link
Owner

@nortmas - Maybe a networking issue, or a different firewall is in place? Can you ping the IP set in config.yml and get a response from your host?

Also, inside the VM, can you curl drupalvm.dev and get a response? Finally, can you check sudo iptables -L and see if there are any firewall rules in there?

@joestewart
Copy link
Contributor

I've had a similar experience with needing to remove the ufw task when using fgrehm/trusty64-lxc.

IIRC I also have modified part of the network configuration or setup a bridge. Most of my use of vagrant-lxc has been ci type tests inside the vagrant.

@geerlingguy geerlingguy changed the title Wishes and suggestions Make Drupal VM work with vagrant-lxc May 19, 2016
@geerlingguy
Copy link
Owner

Interesting... sounds like I need to boot a couple flavors of Linux on my Lenovo and get to testing!

@nortmas
Copy link
Author

nortmas commented May 23, 2016

Sorry for the delay.

Can you ping the IP set in config.yml and get a response from your host?

No. It doesn't work.

Also, inside the VM, can you curl drupalvm.dev and get a response?

It doesn't work.

Finally, can you check sudo iptables -L and see if there are any firewall rules in there?

Here is what I see: http://screencloud.net/v/b8E5

Interesting... sounds like I need to boot a couple flavors of Linux on my Lenovo and get to testing!

Great Idea :) Have you been able to make it work?

@nortmas
Copy link
Author

nortmas commented Oct 31, 2016

@geerlingguy @joestewart @oxyc
Guys, any news about this issue?

@theodoreb
Copy link

Got it to work but the set up is different, using frensjan/centos-7-64-lxc, private networking, nfs share, with a corporate proxy is in the middle of all this. Used vagrant-proxyconf, vagrant-hostmanager, vagrant-hostsupdater, vagrant-auto_network.

Had to hack the Vagrantfile to add lxc__bridge_name on my config.vm.network lines and AutoNetwork.default_pool = '10.0.3.15/24' just before.

Other than that got an issue with the firewall role and centos7 (removed it altogether from provisioning.yml) but didn't look into it, don't know if it's the LXC, CentOS or something else the matter with it.

@geerlingguy
Copy link
Owner

@theodoreb - Awesome, glad you could get it working and thanks for posting the details! Did you try with the 3.5.0 version/master of Drupal VM, or 3.4.0? The firewall role just got updated with a systemd unit file that affects how the service is started/managed, and that might fix the issue (depending on what it was).

@theodoreb
Copy link

Pretty sure it's 3.5.0, will double check monday. Made it all work on friday so it's all pretty recent

@oxyc
Copy link
Collaborator

oxyc commented Dec 30, 2016

Install stuff:

# Install vagrant
wget https://releases.hashicorp.com/vagrant/1.9.0/vagrant_1.9.0_x86_64.deb
sudo dpkg -i vagrant_1.9.0_x86_64.deb

# Install ansible
sudo apt-get install software-properties-common
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible

# Install LXC stuff
sudo apt-get install lxc bridge-utils
vagrant plugin install vagrant-lxc

Create Vagrantfile.local with:

config.vm.networks[0][1][:lxc__bridge_name] = 'vlxcbr1'
config.vm.provider :lxc do |lxc|
  lxc.customize 'cgroup.memory.limit_in_bytes', "#{vconfig['vagrant_memory']}M"
end

Create config.yml with:

vagrant_box: fgrehm/trusty64-lxc
drupalvm_disable_ufw_firewall: false

Provision

vagrant up --provider=lxc

This fails because of:

vagrant@vagrant:~/drupal-vm$ vagrant destroy -f && vagrant up --provider=lxc
==> drupalvm: Forcing shutdown of container...
==> drupalvm: Destroying VM and associated drives...
==> drupalvm: Removing bridge 'vlxcbr1'...
Bringing machine 'drupalvm' up with 'lxc' provider...
==> drupalvm: Importing base box 'fgrehm/trusty64-lxc'...
==> drupalvm: Checking if box 'fgrehm/trusty64-lxc' is up to date...
==> drupalvm: Starting container...
==> drupalvm: Waiting for machine to boot. This may take a few minutes...
    drupalvm: SSH address: 10.0.3.162:22
    drupalvm: SSH username: vagrant
    drupalvm: SSH auth method: private key
==> drupalvm: Machine booted and ready!
==> drupalvm: Setting up private networks...
==> drupalvm: Setting hostname...
==> drupalvm: Installing NFS client...
==> drupalvm: Exporting NFS shared folders...
==> drupalvm: Preparing to edit /etc/exports. Administrator privileges will be required...
* nfs-server.service - NFS server and services
   Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled)
   Active: active (exited) since Fri 2016-12-30 19:21:15 UTC; 5min ago
  Process: 1022 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
  Process: 1018 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
 Main PID: 1022 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 512)
   Memory: 0B
      CPU: 0
   CGroup: /system.slice/nfs-server.service
exportfs: duplicated export entries:
exportfs: 	10.0.3.162:/home/vagrant/drupal-vm
exportfs: 	10.0.3.162:/home/vagrant/drupal-vm
==> drupalvm: Mounting NFS shared folders...
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!

mount -o vers=3,udp 10.0.3.1:/home/vagrant/drupal-vm /var/www/drupalvm
result=$?
if test $result -eq 0; then
if test -x /sbin/initctl && command -v /sbin/init && /sbin/init --version | grep upstart; then
/sbin/initctl emit --no-wait vagrant-mounted MOUNTPOINT=/var/www/drupalvm
fi
else
exit $result
fi


Stdout from the command:



Stderr from the command:

stdin: is not a tty
mount.nfs: access denied by server while mounting 10.0.3.1:/home/vagrant/drupal-vm

Anyone knows why this happens or how I can debug it further? Happens on Ubuntu 15.04 host, and Vagrant 1.8.6 as well as 1.9.0. Outdated LXC boxes maybe?

vagrant@vagrant:~/drupal-vm$ ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:ca:1e:4d
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:feca:1e4d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6720 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3654 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:8054759 (8.0 MB)  TX bytes:276629 (276.6 KB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:6b:e0:53
          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe6b:e053/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:48 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4358 (4.3 KB)  TX bytes:1930 (1.9 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:300 (300.0 B)  TX bytes:300 (300.0 B)

lxcbr0    Link encap:Ethernet  HWaddr 00:16:3e:00:00:00
          inet addr:10.0.3.1  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::216:3eff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4058 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6186 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:280794 (280.7 KB)  TX bytes:8059408 (8.0 MB)

veth1pl7451 Link encap:Ethernet  HWaddr c2:e1:a9:a6:94:c8
          inet6 addr: fe80::c0e1:a9ff:fea6:94c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:828 (828.0 B)  TX bytes:1206 (1.2 KB)

veth8FS072 Link encap:Ethernet  HWaddr fe:ca:94:9e:cc:37
          inet6 addr: fe80::fcca:94ff:fe9e:cc37/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1902 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2997 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:152637 (152.6 KB)  TX bytes:4016466 (4.0 MB)

vlxcbr1   Link encap:Ethernet  HWaddr c2:e1:a9:a6:94:c8
          inet addr:192.168.88.254  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::10b1:a9ff:feac:92f4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:688 (688.0 B)  TX bytes:648 (648.0 B)

This happens on both fgrehm/trusty64-lxc and mayflower/trusty64-puppet3.

If I switch to rsync instead of NFS I can continue my testing. Provision works!

We could improve the UX by defaulting drupalvm_disable_ufw_firewall to true on docker and lxc.

- name: Define drupalvm_disable_ufw_firewall.
  set_fact:
    drupalvm_disable_ufw_firewall: (ansible_virtualization_type != 'docker') and (ansible_virtualization_type != 'lxc')
  when: drupalvm_disable_ufw_firewall is undefined

We could also automatically configure the provisioner, but we might not want to commit to supporting LXC? In my opinion docs are enough no?

oxyc added a commit to oxyc/drupal-vm that referenced this issue Dec 30, 2016
@oxyc
Copy link
Collaborator

oxyc commented Dec 30, 2016

I just tested with frensjan/centos-7-64-lxc as @theodoreb used, and NFS worked. Let's see if it can provision.

The firewall role fails when the service module tries to start it:

Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: ip6tables v1.4.21: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Dec 30 20:56:42 drupalvm.dev firewall.bash[13686]: Perhaps ip6tables or your kernel needs to be upgraded.
Dec 30 20:56:42 drupalvm.dev systemd[1]: firewall.service: main process exited, code=exited, status=3/NOTIMPLEMENTED
Dec 30 20:56:42 drupalvm.dev systemd[1]: Failed to start Firewall.
-- Subject: Unit firewall.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit firewall.service has failed.

@oxyc
Copy link
Collaborator

oxyc commented Dec 30, 2016

So I think the main issue is finding bare-bones boxes that were built recently.

@oxyc
Copy link
Collaborator

oxyc commented Dec 30, 2016

https://vagrantcloud.com/developerinlondon/boxes/ubuntu_lxc_xenial_x64 fails on firewall service as well.

Dec 30 21:48:19 drupalvm systemd[1]: system.slice: Failed to create cgroup /lxc/drupal-vm_drupalvm_1483134447166_2879/system.slice: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: Failed to realize cgroups for queued unit proc-sys-net.mount, ignoring: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: system.slice: Failed to create cgroup /lxc/drupal-vm_drupalvm_1483134447166_2879/system.slice: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: Failed to realize cgroups for queued unit vagrant.mount, ignoring: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: system.slice: Failed to create cgroup /lxc/drupal-vm_drupalvm_1483134447166_2879/system.slice: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: Failed to realize cgroups for queued unit systemd-user-sessions.service, ignoring: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: system.slice: Failed to create cgroup /lxc/drupal-vm_drupalvm_1483134447166_2879/system.slice: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: Failed to realize cgroups for queued unit sys-fs-fuse-connections.mount, ignoring: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: system.slice: Failed to create cgroup /lxc/drupal-vm_drupalvm_1483134447166_2879/system.slice: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: Failed to realize cgroups for queued unit resolvconf.service, ignoring: No such file or directory
Dec 30 21:48:19 drupalvm systemd[1]: firewall.service: Main process exited, code=exited, status=3/NOTIMPLEMENTED
Dec 30 21:48:19 drupalvm systemd[1]: Failed to start Firewall.
-- Subject: Unit firewall.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit firewall.service has failed.
-- 
-- The result is failed.

@geerlingguy
Copy link
Owner

I would not be opposed to building/maintaining an LXC box alongside my other ones (at least for ubuntu 16.04 and centos 7)... but it's not a priority for me at this time :P

@oxyc
Copy link
Collaborator

oxyc commented Dec 30, 2016

A hack to get passed the firewall issue is to remove executable flag from the ip6tables bin (once geerlingguy/ansible-role-firewall#27 is merged).

pre_provision_scripts:
 - ../disable_ip6tables.sh
#!/bin/bash
ip6tables_bin="$(which ip6tables 2>/dev/null)"
if [ -x "$ip6tables_bin" ]; then
  chmod -x $ip6tables_bin
fi

Now on to the next issue....

The next issue is a bit worse. It's during the composer install step (happens both with composer project, and composer.json), and it basically crashes my entire laptop. It says something about read only file system, and with composer project, there seemed to have been a loop with Patching is disabled. Skipping. Once vagrant crashes (somehow it crashes in a way that tee does not redirect the output), nothing works and I have to reboot using the power button.

With composer.json it fails here:

TASK [Run composer install.] ***
fatal ..... [RuntimeException] Could not delete /var/www/drupalvm/drupal/vendor/doctrine collections.....

[WARNING] Could not create retry file `/home/oxy/drupal-vm/provisioning/playbook.retry`
[ERROR 5] Input/output error:
u'/home/oxy/drupal-vm/provisioning/playbook.retry'

If I try and <tab> complete in my shell it now says:

bash: cannot create temp file for here-document: Read-only file system

Rebooting and checking df -h tells me / still has 140G left, so it's not a /tmp space issue. It definitely feels like /tmp becomes read only though..

@oxyc
Copy link
Collaborator

oxyc commented Dec 31, 2016

I think I'm giving up on this for a while. The way I did get it working was to use fgrehm/trusty64-lxc with rsync.

Install dependencies

sudo apt-get install lxc bridge-utils
vagrant plugin install vagrant-lxc

Create Vagrantfile.local with:

config.vm.networks[0][1][:lxc__bridge_name] = 'vlxcbr1'
config.vm.provider :lxc do |lxc|
  lxc.customize 'cgroup.memory.limit_in_bytes', "#{vconfig['vagrant_memory']}M"
end

Create config.yml with:

vagrant_box: fgrehm/trusty64-lxc
drupalvm_disable_ufw_firewall: false

Provision

vagrant up --provider=lxc

@oxyc
Copy link
Collaborator

oxyc commented Dec 31, 2016

Running Centos7 in a VM within a VM (Ubuntu 14.04 lxc on Ubuntu 16.04 virtualbox) works. Before it was failing on a thinkpad with Ubuntu 15.04 (this could be a very messed up system to be honest).

@oxyc
Copy link
Collaborator

oxyc commented Dec 31, 2016

So the issue is that insmod doesn't work in lxc containers.

Running inside Virtualbox:

$ lsmod | grep filter
iptable_filter         16384  2
ip_tables              28672  3 iptable_filter,iptable_mangle,iptable_nat
x_tables               36864  7 xt_CHECKSUM,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_conntrack,iptable_filter,iptable_mangle

$ ip6tables -L
modprobe: ERROR: could not insert 'ip6_tables': Operation not permitted
ip6tables v1.6.0: can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

$ sudo !!
sudo ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

$ lsmod | grep filter
ip6table_filter        16384  0
ip6_tables             28672  1 ip6table_filter
iptable_filter         16384  2
ip_tables              28672  3 iptable_filter,iptable_mangle,iptable_nat
x_tables               36864  9 ip6table_filter,xt_CHECKSUM,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_conntrack,iptable_filter,iptable_mangle,ip6_tables

Unlike VirtualBox, running this within LXC wont load the ip6table_filter module.

BUT. Kernel modules are shared from the host. So now that it exists in VirtualBox, it automatically appears in the lxc container:

$ lsmod | grep filter
ip6table_filter        16384  0
ip6_tables             28672  1 ip6table_filter
iptable_filter         16384  2
ip_tables              28672  3 iptable_filter,iptable_mangle,iptable_nat
x_tables               36864  9 ip6table_filter,xt_CHECKSUM,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_conntrack,iptable_filter,iptable_mangle,ip6_tables

Now that ip6table_filter is loaded, the firewall task passes!

@oxyc
Copy link
Collaborator

oxyc commented Dec 31, 2016

Would be great if someone on a proper linux system could confirm if this works. @nortmas @theodoreb

Install dependencies

sudo apt-get install lxc bridge-utils
vagrant plugin install vagrant-lxc

Load the required kernel modules.

sudo modprobe iptable_filter
sudo modprobe ip6table_filter

Create Vagrantfile.local with:

config.vm.networks[0][1][:lxc__bridge_name] = 'vlxcbr1'
config.vm.provider :lxc do |lxc|
  lxc.customize 'cgroup.memory.limit_in_bytes', "#{vconfig['vagrant_memory']}M"
end

Create config.yml with:

# Centos7
vagrant_box: frensjan/centos-7-64-lxc
# Ubuntu 16.04
vagrant_box: nhinds/xenial64

drupalvm_disable_ufw_firewall: false

Provision

vagrant up --provider=lxc

oxyc added a commit to oxyc/drupal-vm that referenced this issue Dec 31, 2016
oxyc added a commit to oxyc/drupal-vm that referenced this issue Dec 31, 2016
oxyc added a commit to oxyc/drupal-vm that referenced this issue Dec 31, 2016
oxyc added a commit to oxyc/drupal-vm that referenced this issue Dec 31, 2016
oxyc added a commit to oxyc/drupal-vm that referenced this issue Dec 31, 2016
oxyc added a commit to oxyc/drupal-vm that referenced this issue Jan 2, 2017
@adrinux
Copy link

adrinux commented Jan 24, 2017

Might give this a shot on my linux install, have some other lxc containers running already. Though I have to say I look at threads like this and wonder if it wouldn't be better to drop vagrant and just use ansible's lxc support...wouldn't be drupalvm then of course...

vagrant-lxc has errors with sudo...the command 'vagrant lxc sudoers' has syntax errors. I gave up after that :/

oxyc added a commit to oxyc/drupal-vm that referenced this issue Jan 26, 2017
geerlingguy added a commit that referenced this issue Jan 26, 2017
Issue #649: Add docs on how to use vagrant-lxc
@oxyc
Copy link
Collaborator

oxyc commented Jan 26, 2017

@adrinux using lxc directly might be a better solution yes. You could use the production docs for guidance (or .travis.yml) and create some sort of wrapper around it all.

@geerlingguy should we keep this open or close it in favour of smaller more specific follow-ups? Afaik the Drupal VM side of it works... probably just box/platform/vagrant issues.

@geerlingguy
Copy link
Owner

@oxyc - Let's close and deal with any other issues in follow-ups.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

6 participants