From d6fea0bc206f5785fb457d15c2ebee9212d07993 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 30 Jun 2021 08:54:24 +0200 Subject: Reverting openvswitch, not really ready yet. Signed-off-by: Daniel Baumann --- libexec/container/start | 68 ++++++++++--------- libexec/container/stop | 6 -- share/doc/HOST-SETUP.txt | 168 ++++++++++++++++++++++++++--------------------- 3 files changed, 130 insertions(+), 112 deletions(-) diff --git a/libexec/container/start b/libexec/container/start index 6b35ea8..08c3611 100755 --- a/libexec/container/start +++ b/libexec/container/start @@ -367,6 +367,42 @@ then ;; esac + NETWORK_BRIDGES="$(awk -Fcnt.network-bridge= '/^cnt.network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)" + + case "${NETWORK_BRIDGES}" in + "") + ;; + + *) + for BRIDGE_DEFINITION in ${NETWORK_BRIDGES} + do + INTERFACE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $1 }')" + BRIDGE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $2 }')" + + if [ "$(echo ${INTERFACE} | wc -c)" -gt 15 ] + then + echo "'${INTERFACE}': name exceeds maximum of 15 characters, network might be not working." + fi + + if [ -n "${BRIDGE}" ] && [ -n "${INTERFACE}" ] + then + +cat > "/etc/network/interfaces.d/${INTERFACE}" << EOF +allow-hotplug ${INTERFACE} +iface ${INTERFACE} inet manual + pre-up ip link set ${INTERFACE} up + post-up ip link set ${INTERFACE} master ${BRIDGE} + pre-down ip link set ${INTERFACE} nomaster + post-down ip link set ${INTERFACE} down +EOF + + else + echo "Warning bridge definition '${BRIDGE_DEFINITION}' not recognized (expected :): Ignoring" + fi + done + ;; + esac + PRIVATE_USERS="$(awk -Fprivate-users= '/^private-users=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo no)" case "${PRIVATE_USERS}" in @@ -500,35 +536,3 @@ case "${START}" in esac ;; esac - -# waiting for systemd-nspawn to create the veth interfaces -sleep 1 -NETWORK_BRIDGES="$(awk -Fcnt.network-bridge= '/^cnt.network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)" - -case "${NETWORK_BRIDGES}" in - "") - ;; - - *) - for BRIDGE_DEFINITION in ${NETWORK_BRIDGES} - do - INTERFACE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $1 }')" - BRIDGE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $2 }')" - - if [ "$(echo ${INTERFACE} | wc -c)" -gt 15 ] - then - echo "'${INTERFACE}': name exceeds maximum of 15 characters, network might be not working." - fi - - if [ -n "${BRIDGE}" ] && [ -n "${INTERFACE}" ] - then - - ip link set "${INTERFACE}" up - ovs-vsctl --may-exist add-port "${BRIDGE}" "${INTERFACE}" - - else - echo "Warning bridge definition '${BRIDGE_DEFINITION}' not recognized (expected :): Ignoring" - fi - done - ;; -esac diff --git a/libexec/container/stop b/libexec/container/stop index 52b40d1..58fc0e9 100755 --- a/libexec/container/stop +++ b/libexec/container/stop @@ -261,12 +261,6 @@ case "${VERBOSE}" in ;; esac -VETHS="$(awk -Fnetwork-veth-extra= '/^network-veth-extra=/ { print $2 }' ${CONFIG}/${NAME}.conf | awk -F: '{ print $1 }')" -for VETH in ${VETHS} -do - ovs-vsctl --if-exist del-port "${VETH}" -done - machinectl ${MODE} ${NAME} case "${FORCE}" in diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt index 8603a06..6b368f0 100644 --- a/share/doc/HOST-SETUP.txt +++ b/share/doc/HOST-SETUP.txt @@ -5,7 +5,7 @@ compute-tools: Host Setup 1. Debian Packages ------------------- -apt install openvswitch-switch +apt install bridge-utils ifenslave vlan 2. Boot Parameters @@ -53,108 +53,128 @@ sysctl -p 3.2.1 Bridge: 1 Interface, standalone, DHCP ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -cat > /etc/systemd/network/eno1.network << EOF -[Match] -Name=eno1 +cat > /etc/network/interfaces << EOF +# /etc/network/interfaces -[Network] -BindCarrier=bridge0 -LinkLocalAddressing=no -EOF +source /etc/network/interfaces.d/* -cat > /etc/systemd/network/bridge0.network << EOF -[Match] -Name=bridge0 +auto lo +iface lo inet loopback -[Network] -DHCP=ipv4 -EOF +iface eno1 inet manual -ovs-vsctl add-br bridge0 -ovs-vsctl add-port bridge0 eno1 +auto bridge0 +iface bridge0 inet dhcp + bridge_ports eno1 + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 +EOF 3.2.2 Bridge: 1 Interface, standalone, static ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -cat > /etc/systemd/network/eno1.network << EOF -[Match] -Name=eno1 +cat > /etc/network/interfaces << EOF +# /etc/network/interfaces -[Network] -BindCarrier=bridge0 -LinkLocalAddressing=no -EOF +source /etc/network/interfaces.d/* + +auto lo +iface lo inet loopback -cat > /etc/systemd/network/bridge0.network << EOF -[Match] -Name=bridge0 +iface eno1 inet manual -[Network] -DHCP=no -Address=10.0.0.2/24 -Gateway=10.0.0.1 +auto bridge0 +iface bridge0 inet static + address 10.0.0.2 + gateway 10.0.0.1 + netmask 24 + + pre-up ip link set eno1 down + pre-up ip link set eno1 up + + bridge_ports eno1 + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 EOF -ovs-vsctl add-br bridge0 -ovs-vsctl add-port bridge0 eno1 +3.2.3 Bridge: 2 logical Interfaces, subnet, static +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -3.2.3 Bridge: 3 physical Interfaces, vlan, bonding, static -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +cat > /etc/network/interfaces << EOF +# /etc/network/interfaces -cat > /etc/systemd/network/eno1.network << EOF -[Match] -Name=eno1 +source /etc/network/interfaces.d/* -[Network] -DHCP=ipv4 -EOF +auto lo +iface lo inet loopback -cat > /etc/systemd/network/eno2.network << EOF -[Match] -Name=eno2 +allow-hotplug eno1 +iface eno1 inet dhcp -[Network] -BindCarrier=bridge0 -LinkLocalAddressing=no -EOF +auto bridge0 +iface bridge0 inet static + address 10.0.0.1 + netmask 24 -cat > /etc/systemd/network/eno3.network << EOF -[Match] -Name=eno3 + pre-up ip link add name bridge0 type bridge + post-down ip link delete bridge0 type bridge -[Network] -BindCarrier=bridge0 -LinkLocalAddressing=no + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 EOF -cat > /etc/systemd/network/bridge0.network << EOF -[Match] -Name=bridge0 -[Network] -LinkLocalAddressing=no -EOF +3.2.4 Bridge: 3 physical Interfaces, vlan, bonding, static +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -cat > /etc/systemd/network/bridge-100.network << EOF -[Match] -Name=bridge-100 +cat > /etc/network/interfaces << EOF +# /etc/network/interfaces -[Network] -Address=10.100.0.2/24 +source /etc/network/interfaces.d/* + +auto lo +iface lo inet loopback + +allow-hotplug eno1 +iface eno1 inet dhcp + +iface eno2 inet manual + +iface eno3 inet manual + +auto bond0 +iface bond0 inet manual + up ip link set bond0 up + down ip link set bond0 down + + slaves eno2 eno3 + + bond-mode 4 + bond-miimon 100 + bond-downdelay 200 + bond-updelay 200 + bond-lacp-rate 1 + bond-xmit-hash-policy layer2+3 + +iface bond0.100 inet manual + vlan-raw-device bond0 + +auto bridge-100 +iface bridge-100 inet static + address 10.100.0.2 + netmask 24 + + bridge_ports bond0.100 + bridge_fd 0 + bridge_maxwait 0 + bridge_stp 0 EOF -ovs-vsctl add-br bridge0 -ovs-vsctl add-bond bridge0 bond0 eno2 eno3 \ - bond_mode=balance-tcp \ - lacp=active \ - other_config:lacp-time=fast \ - other_config:bond-detect-mode=miimon \ - other_config:bond-miimon-interval=100 \ - other_config:bond_updelay=200 - trunks=100 \ -ovs-vsctl add-br bridge-100 bridge0 100 4. Enabling user namespace for unprivileged containers ------------------------------------------------------ -- cgit v1.2.3