Hi,
I try to move my docker services into VLAN as DMZ. For this I did setup a VLAN network. Since on the same host libvirt is running, I’m using a network bridge, all configured as:
br0.netdev
[NetDev]
Name=br0
Kind=bridge
br0.network
[Match]
Name=br0
[Network]
Address=192.168.1.11/24
Gateway=192.168.1.1
DNS=192.168.1.1
10-uplink.network
[Match]
Name=enp3s0
[Network]
Bridge=br0
VLAN=dmz
and
dmz.netdev
[NetDev]
Name=dmz
Kind=vlan
[VLAN]
Id=90
dmz.network
[Match]
Name=dmz
[Network]
Bridge=br0
Address=192.168.90.11/24
Gateway=192.168.90.1
Finally I created the docker network in 802.1q trunk bridge mode:
$ docker network create -d macvlan \
--subnet=192.168.90.0/24 --gateway=192.168.90.1 \
--aux-address="dmz-docker-host=192.168.90.11" \
-o parent=dmz \
dmz_net
$ docker network inspect dmz_net
[
{
"Name": "dmz_net",
"Id": "0bb6b1d5787ed2d8f85f5f93d79786c61ad3ffc189d58697f3aff96e54ffd24c",
"Created": "2020-05-18T20:29:49.11435881+02:00",
"Scope": "local",
"Driver": "macvlan",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.90.0/24",
"Gateway": "192.168.90.1",
"AuxiliaryAddresses": {
"dmz-docker-host": "192.168.90.11"
}
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"parent": "dmz"
},
"Labels": {}
}
]
Now, creating a container attached to this network with given IP:
$ docker run \
--name='dmz-host' \
--hostname='dmz-host' \
--net=dmz_net \
--ip=192.168.90.101 \
--rm -ti \
alpine:latest ash
failed with:
docker: Error response from daemon: failed to create the macvlan port: device or resource busy.
So, what went wrong here. Is it the right approach? How to fix?
Also of interest is, I’m using clear linux with
$ docker info
Client:
Debug Mode: false
Server:
Containers: 1
Running: 1
Paused: 0
Stopped: 0
Images: 83
Server Version: 19.03.8
Storage Driver: overlay2
Backing Filesystem: <unknown>
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: systemd
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version:
runc version:
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
init version:
Security Options:
seccomp
Profile: default
Kernel Version: 5.6.13-952.native
Operating System: Clear Linux OS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.12GiB
Name: clr1
ID: HNJ5:IFAK:XMTT:2IIM:LVFV:63ZR:QNFO:SFDS:BF4T:7EUQ:O4TC:PV7S
Docker Root Dir: /var/lib/docker
Debug Mode: false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Thanks