centos/8-Stream container on lxd tryit is not assigned IP

[kimfaint]

On the lxd tryit server I ran the following:

root@tryit-precise:~# lxc launch images:centos/8-Stream centos8stream
Creating centos8stream
Starting centos8stream
root@tryit-precise:~# lxc list centos8stream
+---------------+---------+------+------+-----------+-----------+
|     NAME      |  STATE  | IPV4 | IPV6 |   TYPE    | SNAPSHOTS |
+---------------+---------+------+------+-----------+-----------+
| centos8stream | RUNNING |      |      | CONTAINER | 0         |
+---------------+---------+------+------+-----------+-----------+
root@tryit-precise:~# lxc image ls
+-------+--------------+--------+----------------------------------------+--------------+-----------+----------+------------------------------+
| ALIAS | FINGERPRINT  | PUBLIC |              DESCRIPTION               | ARCHITECTURE |   TYPE    |   SIZE   |         UPLOAD DATE          |
+-------+--------------+--------+----------------------------------------+--------------+-----------+----------+------------------------------+
|       | 6940ae22b743 | no     | Centos 8-Stream amd64 (20201222_07:08) | x86_64       | CONTAINER | 126.81MB | Dec 23, 2020 at 2:41am (UTC) |
+-------+--------------+--------+----------------------------------------+--------------+-----------+----------+------------------------------+
root@tryit-precise:~# lxc exec centos8stream bash
[root@centos8stream ~]# cat /etc/udev/rules.d/86-nm-unmanaged.rules                                                                                   
ENV{ID_NET_DRIVER}=="veth", ENV{NM_UNMANAGED}="0"

Seems the fix #216 was not effective.

Discussed here, @tomponline suggests it's due to the tryit service using macvlan nictype.

[tomponline]

Confirmed macvlan inside centos 8 stream has this issue, also discussed on https://discuss.linuxcontainers.org/t/oracle-and-centos-8-images-networkmanager-not-able-to-manage-macvlan-device/9821

[tomponline]

So the macvlan issue seems to be because the generated NM connection "System eth0" has a type of Ethernet and NM expects the device type to match, but as its macvlan it doesn't, so the device becomes "unavailable" as no connections can use it.

There's a "generic" connection type, but so far I've not been able to coax NM into using the "unavailable" macvlan device.

[tomponline]

This thread seems relevant also:
https://www.mail-archive.com/networkmanager-list@gnome.org/msg28268.html

[tomponline]

@stgraber @monstermunchkin I've not found a way to get macvlan devices working inside a container for Centos 8.

My understanding of this issue is that NetworkManager is (correctly) detecting the interface type as macvlan, and then refusing to apply any other connection config except that of macvlan, however that requires at a minimum the macvlan parent device to be specified (which is not available to the container).

I've tried using the "generic" connection type, however this only seems to work with devices that are detected as "generic", of which macvlan isn't one of them.

I've had success using the old style network config system (which is still available in centos 8, albeit deprecated), e.g.

https://www.thegeekdiary.com/how-to-disable-networkmanager-in-centos-rhel-8/

Its far from ideal, but would there be scope to update our images to use the old style config?

This is also likely to solve the other outstanding issue with CentOS 8 veth connections not working on Ubuntu Bionic hosts too (which is apparently a separate issue that NetworkManager is not using the udev workaround to classify the interface as managed).

[stgraber]

Just rechecked on tryit now after our recent image fixes and it's now working properly.