Unable to run a private network with Unprivileged containers

[Baxytra]

Hello,

we're trying to setup a private network that using unprivileged containers. The Vagrantfile is as follow :

# -*- mode: ruby -*-
# vi: set ft=ruby :

require 'yaml'
settings = YAML.load_file 'config.yml'

Vagrant.configure("2") do |config|
  config.vm.provider :lxc do |lxc|
        lxc.privileged = false
  end
  config.vm.box = "{ an existing box }"
  config.hostmanager.enabled = true
  config.hostmanager.manage_host = true
  config.hostmanager.manage_guest = true
  config.hostmanager.aliases = settings['vhosts']
  config.vm.provision :hostmanager
  config.vm.network "private_network", ip: settings['container_ip'], lxc__bridge_name: 'lxcbr1'
  config.vm.synced_folder settings['workspace'], "/vagrant", type: "sshfs",
                ssh_opts_append: "-o Compression=yes -o CompressionLevel=5",
                sshfs_opts_append: "-o direct_io -o sync_read -o sshfs_sync -o cache=no -o compression=no -o uid=1000 -o gid=100"
  config.vm.provider :lxc do |lxc|
    lxc.customize 'cgroup.memory.limit_in_bytes', '2048M'
  end
  config.vm.provision "shell", inline: <<-SHELL
    apt-get update
    apt-get install -y apache2
 SHELL
end

and the config.yml file is :

workspace: ./
vhosts:
  - container.local
container_ip: 172.16.2.1

The generated config file under ~/.local/share/lxc/{container_name}/config contains :

*SNIP*
# Network configuration

##############################################
# Container specific configuration (automatically set)
#lxc.aa_profile = lxc-default
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = ~/.local/share/lxc/test6_default_1596017521854_84661/rootfs
lxc.rootfs.backend = dir
lxc.utsname = test6_default_1596017521854_84661

##############################################
# Network configuration (automatically set)
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:FF:c1:4b:73:64
*SNIP*

So when we run vagrant up, the container start but we have the following error :

╰─[zsh] vagrant up                                                                                                                                                                                             127 ↵
Bringing machine 'default' up with 'lxc' provider...
==> default: Checking if box '{ an existing box }' is up to date...
==> default: Starting container...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 10.0.3.187:22
    default: SSH username: vagrant
    default: SSH auth method: private key
verify_host_key: false is deprecated, use :never
==> default: Machine booted and ready!
==> default: Setting up private networks...
There was an error executing ["/usr/bin/env", "~/.vagrant.d/gems/2.3.3/gems/vagrant-lxc-1.4.3/scripts/pipework", "lxcbr1", "test6_default_1596017521854_84661", "172.16.2.1/24"]

For more information on the failure, enable detailed logging by setting
the environment variable VAGRANT_LOG to DEBUG.

With debug, the following error occured :

stderr : RTNETLINK answers: Operation not permitted

Even if the user is allowed to add veth on lxcbr1 in the lxc configuration :

user@vagrant-host ~ # cat /etc/lxc/lxc-usernet 
{ user } veth lxcbr1 10
{ user } veth lxcbr0 10

It seems to be related to the fact that pipework script has to be run with a sudo, wich is not available when containers are run as a non-root user.

[fgrehm]

Hey, sorry for the silence here but this project is looking for maintainers 😅

As per #499, I've added the ignored label and will close this issue. Thanks for the interest in the project and LMK if you want to step up and take ownership of this project on that other issue 👋