[lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
Signed-off-by: S.Çağlar Onur cag...@10ur.org
---
config/init/common/lxc-net.in | 26 ++
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
index 5567fee..5ca2eb2 100644
--- a/config/init/common/lxc-net.in
+++ b/config/init/common/lxc-net.in
@@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc
# or in @LXC_DISTRO_SYSCONF@/lxc-net
USE_LXC_BRIDGE=true
+USE_OPENVSWITCH=false
LXC_BRIDGE=lxcbr0
LXC_ADDR=10.0.3.1
LXC_NETMASK=255.255.255.0
@@ -79,7 +80,11 @@ start() {
iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} !
-d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE}
-p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
ifdown ${LXC_BRIDGE}
-brctl delbr ${LXC_BRIDGE} || true
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE} || true
+fi
}
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
@@ -87,7 +92,11 @@ start() {
fi
# set up the lxc network
-brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel;
stop; exit 0; }
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing
openvbridge support in kernel; stop; exit 0; }
+else
+brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in
kernel; stop; exit 0; }
+fi
echo 1 /proc/sys/net/ipv4/ip_forward
# if we are run from systemd on a system with selinux enabled,
@@ -115,7 +124,12 @@ start() {
if [ -n $LXC_DOMAIN ]; then
LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/
fi
-dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces
--pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE}
--listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE}
--dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo
--interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
+
+DNSMASQ_USER=lxc-dnsmasq
+if ! getent passwd ${DNSMASQ_USER} /dev/null; then
+DNSMASQ_USER=dnsmasq
+fi
+dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
touch ${varrun}/network_up
touch ${lockdir}/lxc-net
}
@@ -141,7 +155,11 @@ stop() {
iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE}
-p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid || true
rm -f ${varrun}/dnsmasq.pid
-brctl delbr ${LXC_BRIDGE}
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE}
+fi
fi
rm -f ${varrun}/network_up
rm -f ${lockdir}/lxc-net
--
1.9.1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote:
Signed-off-by: S.Çağlar Onur cag...@10ur.org
---
config/init/common/lxc-net.in | 26 ++
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
index 5567fee..5ca2eb2 100644
--- a/config/init/common/lxc-net.in
+++ b/config/init/common/lxc-net.in
@@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc
# or in @LXC_DISTRO_SYSCONF@/lxc-net
USE_LXC_BRIDGE=true
+USE_OPENVSWITCH=false
LXC_BRIDGE=lxcbr0
LXC_ADDR=10.0.3.1
LXC_NETMASK=255.255.255.0
@@ -79,7 +80,11 @@ start() {
iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK}
! -d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
ifdown ${LXC_BRIDGE}
-brctl delbr ${LXC_BRIDGE} || true
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE} || true
+fi
}
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
@@ -87,7 +92,11 @@ start() {
fi
# set up the lxc network
-brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel;
stop; exit 0; }
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing
openvbridge support in kernel; stop; exit 0; }
+else
+brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in
kernel; stop; exit 0; }
+fi
echo 1 /proc/sys/net/ipv4/ip_forward
# if we are run from systemd on a system with selinux enabled,
@@ -115,7 +124,12 @@ start() {
if [ -n $LXC_DOMAIN ]; then
LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/
fi
-dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces
--pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE}
--listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE}
--dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo
--interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
+
+DNSMASQ_USER=lxc-dnsmasq
+if ! getent passwd ${DNSMASQ_USER} /dev/null; then
+DNSMASQ_USER=dnsmasq
Shouldn't the fallback be nobody rather than dnsmasq?
+fi
+dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
touch ${varrun}/network_up
touch ${lockdir}/lxc-net
}
@@ -141,7 +155,11 @@ stop() {
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid || true
rm -f ${varrun}/dnsmasq.pid
-brctl delbr ${LXC_BRIDGE}
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE}
+fi
fi
rm -f ${varrun}/network_up
rm -f ${lockdir}/lxc-net
--
1.9.1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber stgra...@ubuntu.com wrote:
On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote:
Signed-off-by: S.Çağlar Onur cag...@10ur.org
---
config/init/common/lxc-net.in | 26 ++
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
index 5567fee..5ca2eb2 100644
--- a/config/init/common/lxc-net.in
+++ b/config/init/common/lxc-net.in
@@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc
# or in @LXC_DISTRO_SYSCONF@/lxc-net
USE_LXC_BRIDGE=true
+USE_OPENVSWITCH=false
LXC_BRIDGE=lxcbr0
LXC_ADDR=10.0.3.1
LXC_NETMASK=255.255.255.0
@@ -79,7 +80,11 @@ start() {
iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK}
! -d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
ifdown ${LXC_BRIDGE}
-brctl delbr ${LXC_BRIDGE} || true
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE} || true
+fi
}
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
@@ -87,7 +92,11 @@ start() {
fi
# set up the lxc network
-brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel;
stop; exit 0; }
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing
openvbridge support in kernel; stop; exit 0; }
+else
+brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in
kernel; stop; exit 0; }
+fi
echo 1 /proc/sys/net/ipv4/ip_forward
# if we are run from systemd on a system with selinux enabled,
@@ -115,7 +124,12 @@ start() {
if [ -n $LXC_DOMAIN ]; then
LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/
fi
-dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces
--pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE}
--listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE}
--dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo
--interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
+
+DNSMASQ_USER=lxc-dnsmasq
+if ! getent passwd ${DNSMASQ_USER} /dev/null; then
+DNSMASQ_USER=dnsmasq
Shouldn't the fallback be nobody rather than dnsmasq?
I guess we could. I used dnsmasq cause
https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :)
+fi
+dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
touch ${varrun}/network_up
touch ${lockdir}/lxc-net
}
@@ -141,7 +155,11 @@ stop() {
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid ||
true
rm -f ${varrun}/dnsmasq.pid
-brctl delbr ${LXC_BRIDGE}
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE}
+fi
fi
rm -f ${varrun}/network_up
rm -f ${lockdir}/lxc-net
--
1.9.1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
S.Çağlar Onur cag...@10ur.org
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, Dec 04, 2014 at 03:13:44PM -0500, S.Çağlar Onur wrote:
On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber stgra...@ubuntu.com wrote:
On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote:
Signed-off-by: S.Çağlar Onur cag...@10ur.org
---
config/init/common/lxc-net.in | 26 ++
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
index 5567fee..5ca2eb2 100644
--- a/config/init/common/lxc-net.in
+++ b/config/init/common/lxc-net.in
@@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc
# or in @LXC_DISTRO_SYSCONF@/lxc-net
USE_LXC_BRIDGE=true
+USE_OPENVSWITCH=false
LXC_BRIDGE=lxcbr0
LXC_ADDR=10.0.3.1
LXC_NETMASK=255.255.255.0
@@ -79,7 +80,11 @@ start() {
iptables $use_iptables_lock -t nat -D POSTROUTING -s
${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
ifdown ${LXC_BRIDGE}
-brctl delbr ${LXC_BRIDGE} || true
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE} || true
+fi
}
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
@@ -87,7 +92,11 @@ start() {
fi
# set up the lxc network
-brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in
kernel; stop; exit 0; }
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing
openvbridge support in kernel; stop; exit 0; }
+else
+brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in
kernel; stop; exit 0; }
+fi
echo 1 /proc/sys/net/ipv4/ip_forward
# if we are run from systemd on a system with selinux enabled,
@@ -115,7 +124,12 @@ start() {
if [ -n $LXC_DOMAIN ]; then
LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/
fi
-dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
+
+DNSMASQ_USER=lxc-dnsmasq
+if ! getent passwd ${DNSMASQ_USER} /dev/null; then
+DNSMASQ_USER=dnsmasq
Shouldn't the fallback be nobody rather than dnsmasq?
I guess we could. I used dnsmasq cause
https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :)
I guess we could have a for loop trying lxc-dnsmasq, dnsmasq and then
falling back to nobody. That way we can add other distros' account for
dnsmasq if needed.
+fi
+dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
touch ${varrun}/network_up
touch ${lockdir}/lxc-net
}
@@ -141,7 +155,11 @@ stop() {
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid ||
true
rm -f ${varrun}/dnsmasq.pid
-brctl delbr ${LXC_BRIDGE}
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE}
+fi
fi
rm -f ${varrun}/network_up
rm -f ${lockdir}/lxc-net
--
1.9.1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
S.Çağlar Onur cag...@10ur.org
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, 2014-12-04 at 15:13 -0500, S.Çağlar Onur wrote:
On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber stgra...@ubuntu.com wrote:
On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote:
Signed-off-by: S.Çağlar Onur cag...@10ur.org
---
config/init/common/lxc-net.in | 26 ++
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
index 5567fee..5ca2eb2 100644
--- a/config/init/common/lxc-net.in
+++ b/config/init/common/lxc-net.in
@@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc
# or in @LXC_DISTRO_SYSCONF@/lxc-net
USE_LXC_BRIDGE=true
+USE_OPENVSWITCH=false
LXC_BRIDGE=lxcbr0
LXC_ADDR=10.0.3.1
LXC_NETMASK=255.255.255.0
@@ -79,7 +80,11 @@ start() {
iptables $use_iptables_lock -t nat -D POSTROUTING -s
${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
ifdown ${LXC_BRIDGE}
-brctl delbr ${LXC_BRIDGE} || true
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE} || true
+fi
}
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
@@ -87,7 +92,11 @@ start() {
fi
# set up the lxc network
-brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in
kernel; stop; exit 0; }
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing
openvbridge support in kernel; stop; exit 0; }
+else
+brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in
kernel; stop; exit 0; }
+fi
echo 1 /proc/sys/net/ipv4/ip_forward
# if we are run from systemd on a system with selinux enabled,
@@ -115,7 +124,12 @@ start() {
if [ -n $LXC_DOMAIN ]; then
LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/
fi
-dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
+
+DNSMASQ_USER=lxc-dnsmasq
+if ! getent passwd ${DNSMASQ_USER} /dev/null; then
+DNSMASQ_USER=dnsmasq
Shouldn't the fallback be nobody rather than dnsmasq?
I guess we could. I used dnsmasq cause
https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :)
Maybe fall back to check for dnsmasq and fall back to it if it exists
and then fall back to nobody if it doesn't? I ran into this with the
rpm spec file.
+fi
+dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
touch ${varrun}/network_up
touch ${lockdir}/lxc-net
}
@@ -141,7 +155,11 @@ stop() {
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid ||
true
rm -f ${varrun}/dnsmasq.pid
-brctl delbr ${LXC_BRIDGE}
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE}
+fi
fi
rm -f ${varrun}/network_up
rm -f ${lockdir}/lxc-net
--
1.9.1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, Dec 4, 2014 at 3:28 PM, Stéphane Graber stgra...@ubuntu.com wrote:
On Thu, Dec 04, 2014 at 03:13:44PM -0500, S.Çağlar Onur wrote:
On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber stgra...@ubuntu.com wrote:
On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote:
Signed-off-by: S.Çağlar Onur cag...@10ur.org
---
config/init/common/lxc-net.in | 26 ++
1 file changed, 22 insertions(+), 4 deletions(-)
diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
index 5567fee..5ca2eb2 100644
--- a/config/init/common/lxc-net.in
+++ b/config/init/common/lxc-net.in
@@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc
# or in @LXC_DISTRO_SYSCONF@/lxc-net
USE_LXC_BRIDGE=true
+USE_OPENVSWITCH=false
LXC_BRIDGE=lxcbr0
LXC_ADDR=10.0.3.1
LXC_NETMASK=255.255.255.0
@@ -79,7 +80,11 @@ start() {
iptables $use_iptables_lock -t nat -D POSTROUTING -s
${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
ifdown ${LXC_BRIDGE}
-brctl delbr ${LXC_BRIDGE} || true
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE} || true
+fi
}
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
@@ -87,7 +92,11 @@ start() {
fi
# set up the lxc network
-brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in
kernel; stop; exit 0; }
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing
openvbridge support in kernel; stop; exit 0; }
+else
+brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in
kernel; stop; exit 0; }
+fi
echo 1 /proc/sys/net/ipv4/ip_forward
# if we are run from systemd on a system with selinux enabled,
@@ -115,7 +124,12 @@ start() {
if [ -n $LXC_DOMAIN ]; then
LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/
fi
-dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
+
+DNSMASQ_USER=lxc-dnsmasq
+if ! getent passwd ${DNSMASQ_USER} /dev/null; then
+DNSMASQ_USER=dnsmasq
Shouldn't the fallback be nobody rather than dnsmasq?
I guess we could. I used dnsmasq cause
https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :)
I guess we could have a for loop trying lxc-dnsmasq, dnsmasq and then
falling back to nobody. That way we can add other distros' account for
dnsmasq if needed.
Sure. I also realized that lxc-net needs to depend on
openvswitch-switch if USE_OPENVSWITCH is true so I'll send v2 with
those changes.
+fi
+dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
touch ${varrun}/network_up
touch ${lockdir}/lxc-net
}
@@ -141,7 +155,11 @@ stop() {
iptables $use_iptables_lock -t mangle -D POSTROUTING -o
${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid ||
true
rm -f ${varrun}/dnsmasq.pid
-brctl delbr ${LXC_BRIDGE}
+if [ x$USE_OPENVSWITCH = xtrue ]; then
+ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
+else
+brctl delbr ${LXC_BRIDGE}
+fi
fi
rm -f ${varrun}/network_up
rm -f ${lockdir}/lxc-net
--
1.9.1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
S.Çağlar Onur cag...@10ur.org
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
