[lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
Signed-off-by: S.Çağlar Onur cag...@10ur.org --- config/init/common/lxc-net.in | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index 5567fee..5ca2eb2 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc # or in @LXC_DISTRO_SYSCONF@/lxc-net USE_LXC_BRIDGE=true +USE_OPENVSWITCH=false LXC_BRIDGE=lxcbr0 LXC_ADDR=10.0.3.1 LXC_NETMASK=255.255.255.0 @@ -79,7 +80,11 @@ start() { iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill ifdown ${LXC_BRIDGE} -brctl delbr ${LXC_BRIDGE} || true +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} || true +fi } if [ -d /sys/class/net/${LXC_BRIDGE} ]; then @@ -87,7 +92,11 @@ start() { fi # set up the lxc network -brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing openvbridge support in kernel; stop; exit 0; } +else +brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +fi echo 1 /proc/sys/net/ipv4/ip_forward # if we are run from systemd on a system with selinux enabled, @@ -115,7 +124,12 @@ start() { if [ -n $LXC_DOMAIN ]; then LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/ fi -dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup + +DNSMASQ_USER=lxc-dnsmasq +if ! getent passwd ${DNSMASQ_USER} /dev/null; then +DNSMASQ_USER=dnsmasq +fi +dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup touch ${varrun}/network_up touch ${lockdir}/lxc-net } @@ -141,7 +155,11 @@ stop() { iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid || true rm -f ${varrun}/dnsmasq.pid -brctl delbr ${LXC_BRIDGE} +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} +fi fi rm -f ${varrun}/network_up rm -f ${lockdir}/lxc-net -- 1.9.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: Signed-off-by: S.Çağlar Onur cag...@10ur.org --- config/init/common/lxc-net.in | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index 5567fee..5ca2eb2 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc # or in @LXC_DISTRO_SYSCONF@/lxc-net USE_LXC_BRIDGE=true +USE_OPENVSWITCH=false LXC_BRIDGE=lxcbr0 LXC_ADDR=10.0.3.1 LXC_NETMASK=255.255.255.0 @@ -79,7 +80,11 @@ start() { iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill ifdown ${LXC_BRIDGE} -brctl delbr ${LXC_BRIDGE} || true +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} || true +fi } if [ -d /sys/class/net/${LXC_BRIDGE} ]; then @@ -87,7 +92,11 @@ start() { fi # set up the lxc network -brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing openvbridge support in kernel; stop; exit 0; } +else +brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +fi echo 1 /proc/sys/net/ipv4/ip_forward # if we are run from systemd on a system with selinux enabled, @@ -115,7 +124,12 @@ start() { if [ -n $LXC_DOMAIN ]; then LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/ fi -dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup + +DNSMASQ_USER=lxc-dnsmasq +if ! getent passwd ${DNSMASQ_USER} /dev/null; then +DNSMASQ_USER=dnsmasq Shouldn't the fallback be nobody rather than dnsmasq? +fi +dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup touch ${varrun}/network_up touch ${lockdir}/lxc-net } @@ -141,7 +155,11 @@ stop() { iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid || true rm -f ${varrun}/dnsmasq.pid -brctl delbr ${LXC_BRIDGE} +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} +fi fi rm -f ${varrun}/network_up rm -f ${lockdir}/lxc-net -- 1.9.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber stgra...@ubuntu.com wrote: On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: Signed-off-by: S.Çağlar Onur cag...@10ur.org --- config/init/common/lxc-net.in | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index 5567fee..5ca2eb2 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc # or in @LXC_DISTRO_SYSCONF@/lxc-net USE_LXC_BRIDGE=true +USE_OPENVSWITCH=false LXC_BRIDGE=lxcbr0 LXC_ADDR=10.0.3.1 LXC_NETMASK=255.255.255.0 @@ -79,7 +80,11 @@ start() { iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill ifdown ${LXC_BRIDGE} -brctl delbr ${LXC_BRIDGE} || true +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} || true +fi } if [ -d /sys/class/net/${LXC_BRIDGE} ]; then @@ -87,7 +92,11 @@ start() { fi # set up the lxc network -brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing openvbridge support in kernel; stop; exit 0; } +else +brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +fi echo 1 /proc/sys/net/ipv4/ip_forward # if we are run from systemd on a system with selinux enabled, @@ -115,7 +124,12 @@ start() { if [ -n $LXC_DOMAIN ]; then LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/ fi -dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup + +DNSMASQ_USER=lxc-dnsmasq +if ! getent passwd ${DNSMASQ_USER} /dev/null; then +DNSMASQ_USER=dnsmasq Shouldn't the fallback be nobody rather than dnsmasq? I guess we could. I used dnsmasq cause https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :) +fi +dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup touch ${varrun}/network_up touch ${lockdir}/lxc-net } @@ -141,7 +155,11 @@ stop() { iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid || true rm -f ${varrun}/dnsmasq.pid -brctl delbr ${LXC_BRIDGE} +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} +fi fi rm -f ${varrun}/network_up rm -f ${lockdir}/lxc-net -- 1.9.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- S.Çağlar Onur cag...@10ur.org ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, Dec 04, 2014 at 03:13:44PM -0500, S.Çağlar Onur wrote: On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber stgra...@ubuntu.com wrote: On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: Signed-off-by: S.Çağlar Onur cag...@10ur.org --- config/init/common/lxc-net.in | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index 5567fee..5ca2eb2 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc # or in @LXC_DISTRO_SYSCONF@/lxc-net USE_LXC_BRIDGE=true +USE_OPENVSWITCH=false LXC_BRIDGE=lxcbr0 LXC_ADDR=10.0.3.1 LXC_NETMASK=255.255.255.0 @@ -79,7 +80,11 @@ start() { iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill ifdown ${LXC_BRIDGE} -brctl delbr ${LXC_BRIDGE} || true +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} || true +fi } if [ -d /sys/class/net/${LXC_BRIDGE} ]; then @@ -87,7 +92,11 @@ start() { fi # set up the lxc network -brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing openvbridge support in kernel; stop; exit 0; } +else +brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +fi echo 1 /proc/sys/net/ipv4/ip_forward # if we are run from systemd on a system with selinux enabled, @@ -115,7 +124,12 @@ start() { if [ -n $LXC_DOMAIN ]; then LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/ fi -dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup + +DNSMASQ_USER=lxc-dnsmasq +if ! getent passwd ${DNSMASQ_USER} /dev/null; then +DNSMASQ_USER=dnsmasq Shouldn't the fallback be nobody rather than dnsmasq? I guess we could. I used dnsmasq cause https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :) I guess we could have a for loop trying lxc-dnsmasq, dnsmasq and then falling back to nobody. That way we can add other distros' account for dnsmasq if needed. +fi +dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup touch ${varrun}/network_up touch ${lockdir}/lxc-net } @@ -141,7 +155,11 @@ stop() { iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid || true rm -f ${varrun}/dnsmasq.pid -brctl delbr ${LXC_BRIDGE} +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} +fi fi rm -f ${varrun}/network_up rm -f ${lockdir}/lxc-net -- 1.9.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- S.Çağlar Onur cag...@10ur.org ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, 2014-12-04 at 15:13 -0500, S.Çağlar Onur wrote: On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber stgra...@ubuntu.com wrote: On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: Signed-off-by: S.Çağlar Onur cag...@10ur.org --- config/init/common/lxc-net.in | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index 5567fee..5ca2eb2 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc # or in @LXC_DISTRO_SYSCONF@/lxc-net USE_LXC_BRIDGE=true +USE_OPENVSWITCH=false LXC_BRIDGE=lxcbr0 LXC_ADDR=10.0.3.1 LXC_NETMASK=255.255.255.0 @@ -79,7 +80,11 @@ start() { iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill ifdown ${LXC_BRIDGE} -brctl delbr ${LXC_BRIDGE} || true +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} || true +fi } if [ -d /sys/class/net/${LXC_BRIDGE} ]; then @@ -87,7 +92,11 @@ start() { fi # set up the lxc network -brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing openvbridge support in kernel; stop; exit 0; } +else +brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +fi echo 1 /proc/sys/net/ipv4/ip_forward # if we are run from systemd on a system with selinux enabled, @@ -115,7 +124,12 @@ start() { if [ -n $LXC_DOMAIN ]; then LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/ fi -dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup + +DNSMASQ_USER=lxc-dnsmasq +if ! getent passwd ${DNSMASQ_USER} /dev/null; then +DNSMASQ_USER=dnsmasq Shouldn't the fallback be nobody rather than dnsmasq? I guess we could. I used dnsmasq cause https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :) Maybe fall back to check for dnsmasq and fall back to it if it exists and then fall back to nobody if it doesn't? I ran into this with the rpm spec file. +fi +dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup touch ${varrun}/network_up touch ${lockdir}/lxc-net } @@ -141,7 +155,11 @@ stop() { iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid || true rm -f ${varrun}/dnsmasq.pid -brctl delbr ${LXC_BRIDGE} +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} +fi fi rm -f ${varrun}/network_up rm -f ${lockdir}/lxc-net -- 1.9.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org
Re: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
On Thu, Dec 4, 2014 at 3:28 PM, Stéphane Graber stgra...@ubuntu.com wrote: On Thu, Dec 04, 2014 at 03:13:44PM -0500, S.Çağlar Onur wrote: On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber stgra...@ubuntu.com wrote: On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: Signed-off-by: S.Çağlar Onur cag...@10ur.org --- config/init/common/lxc-net.in | 26 ++ 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index 5567fee..5ca2eb2 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -8,6 +8,7 @@ varrun=@RUNTIME_PATH@/lxc # or in @LXC_DISTRO_SYSCONF@/lxc-net USE_LXC_BRIDGE=true +USE_OPENVSWITCH=false LXC_BRIDGE=lxcbr0 LXC_ADDR=10.0.3.1 LXC_NETMASK=255.255.255.0 @@ -79,7 +80,11 @@ start() { iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill ifdown ${LXC_BRIDGE} -brctl delbr ${LXC_BRIDGE} || true +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} || true +fi } if [ -d /sys/class/net/${LXC_BRIDGE} ]; then @@ -87,7 +92,11 @@ start() { fi # set up the lxc network -brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo Missing openvbridge support in kernel; stop; exit 0; } +else +brctl addbr ${LXC_BRIDGE} || { echo Missing bridge support in kernel; stop; exit 0; } +fi echo 1 /proc/sys/net/ipv4/ip_forward # if we are run from systemd on a system with selinux enabled, @@ -115,7 +124,12 @@ start() { if [ -n $LXC_DOMAIN ]; then LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/ fi -dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup + +DNSMASQ_USER=lxc-dnsmasq +if ! getent passwd ${DNSMASQ_USER} /dev/null; then +DNSMASQ_USER=dnsmasq Shouldn't the fallback be nobody rather than dnsmasq? I guess we could. I used dnsmasq cause https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :) I guess we could have a for loop trying lxc-dnsmasq, dnsmasq and then falling back to nobody. That way we can add other distros' account for dnsmasq if needed. Sure. I also realized that lxc-net needs to depend on openvswitch-switch if USE_OPENVSWITCH is true so I'll send v2 with those changes. +fi +dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup touch ${varrun}/network_up touch ${lockdir}/lxc-net } @@ -141,7 +155,11 @@ stop() { iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill pid=`cat ${varrun}/dnsmasq.pid 2/dev/null` kill -9 $pid || true rm -f ${varrun}/dnsmasq.pid -brctl delbr ${LXC_BRIDGE} +if [ x$USE_OPENVSWITCH = xtrue ]; then +ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true +else +brctl delbr ${LXC_BRIDGE} +fi fi rm -f ${varrun}/network_up rm -f ${lockdir}/lxc-net -- 1.9.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- S.Çağlar Onur cag...@10ur.org ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com