Bug 1263612

Summary: LXC starts before dhclient thus violating IP address assignment procedure
Product: [Fedora] Fedora Reporter: ra85551
Component: lxcAssignee: Thomas Moschny <thomas.moschny>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 22CC: karlthered, pokorra.mailinglists, sagarun, thomas.moschny
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: lxc-1.1.4-2.fc23 lxc-1.1.4-2.fc22 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-01 02:31:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch to lxc service definition
none
Patch to lxc-net service definition none

Description ra85551 2015-09-16 09:53:14 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0
Build Identifier: 

If 'veth' interface type is used in particular container config, LXC would add an additional virtual network interface during container's startup. The interface would be given with random name like 'vethXXXXXX' and random MAC address like 'fe:xx:xx:xx:xx:xx'. If one set lxc.start.auto option to 1, the container would be initialized during system startup. However, due to wrong startup order defined in unit definition files, this happens prior to IP address configuration, and DHCP client would send to the DCHP server the fake MAC address mentioned above instead of NIC's MAC address. This may lead DHCP server to lease a wrong IP address based on fake MAC.

Reproducible: Always

Steps to Reproduce:
1. Assume your PC is connected to the network with DHCP server and PC NIC's MAC address is AA:BB:CC:DD:EE:FF.
2. Tell DHCP server to lease certain IP address (192.168.1.100) to the MAC mentioned above (AA:BB:CC:DD:EE:FF).
3. Install LXC, then set up an container with 'veth' network interface and add 'lxc.start.auto=1' option to enable autostart.
4. Reboot
Actual Results:  
The PC would be given an arbitrary IP address, not that one you set up in DHCP server's configuration (192.168.1.100).

Expected Results:  
The PC would be given IP address 192.168.1.100 - this is what you set up in DHCP server's configuration.

The bug can be fixed just by altering the order of LXC services startup. They must start just after network-online.target has been reached, not the network.target.
Comment 1 ra85551 2015-09-16 09:55:17 UTC 
Created attachment 1073928 [details]
Patch to lxc service definition
Comment 2 ra85551 2015-09-16 09:55:55 UTC 
Created attachment 1073929 [details]
Patch to lxc-net service definition
Comment 3 Fedora Update System 2015-10-21 16:06:53 UTC 
lxc-1.1.4-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-211974138f
Comment 4 Fedora Update System 2015-10-21 16:06:54 UTC 
lxc-1.1.4-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-9f8f4b182a
Comment 5 Fedora Update System 2015-10-24 12:09:30 UTC 
lxc-1.1.4-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update lxc'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-9f8f4b182a
Comment 6 Fedora Update System 2015-10-26 18:30:05 UTC 
lxc-1.1.4-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update lxc'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-211974138f
Comment 7 Fedora Update System 2015-11-01 02:30:58 UTC 
lxc-1.1.4-2.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2015-11-12 00:21:09 UTC 
lxc-1.1.4-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.