[lxc-devel] [PATCH] Integrated lxc-net service for rpm based platforms.
Michael H. Warfield
mhw at WittsEnd.com
Wed Aug 13 16:13:39 UTC 2014
Integrated lxc-net service for rpm based platforms.
This fixes build and run problems on rpm based platforms (CentOS,
Fedora, Oracle*) running with the systemd init following the
refactoring of the Ubuntu lxc networking logic into a systemd service.
Added lxc-net.in based on src/lxc/lxc.net and lxc.in for sysvinit
and systemd init systems in parallel with lxc.in.
Added autoconfigure variable for distro specific sysconf and
implimented in both lxc.in and lxc-net.in.
Updated lxc-net.service.in for new path to lxc-net script in
LIBEXECDIR instead of DATADIR.
Updated src/lxc/lxc.net to check both /etc/default/lxc and
/etc/sysconfig/lxc. This file should now be deprecated but
is left for reference until all conversions are complete.
Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
---
config/init/systemd/Makefile.am | 20 ++---
config/init/systemd/lxc-net.service.in | 4 +-
config/init/sysvinit/Makefile.am | 4 +-
config/init/sysvinit/lxc-net.in | 134 +++++++++++++++++++++++++++++++++
config/init/sysvinit/lxc.in | 6 +-
configure.ac | 5 ++
lxc.spec.in | 2 +
src/lxc/lxc.net | 13 ++--
8 files changed, 167 insertions(+), 21 deletions(-)
create mode 100644 config/init/sysvinit/lxc-net.in
diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am
index 5959cd8..767556b 100644
--- a/config/init/systemd/Makefile.am
+++ b/config/init/systemd/Makefile.am
@@ -6,17 +6,17 @@ EXTRA_DIST = \
$(NULL)
if INIT_SCRIPT_SYSTEMD
-lxc-autostart-helper: ../sysvinit/lxc.in $(top_builddir)/config.status
- $(AM_V_GEN)sed \
- -e 's|[@]SYSCONFDIR[@]|$(sysconfdir)|g' \
- -e 's|[@]LOCALSTATEDIR[@]|$(localstatedir)|g' \
- -e 's|[@]BINDIR[@]|$(bindir)|g' \
- < $< > $@-t && \
- chmod a+x $@-t && \
- mv $@-t $@
+lxc-autostart-helper: ../sysvinit/lxc $(top_builddir)/config.status
+# This was already autoconfed over in the sysvinit dir
+ cp ../sysvinit/lxc $@
+
+lxc-net: ../sysvinit/lxc-net $(top_builddir)/config.status
+# This was already autoconfed over in the sysvinit dir
+ cp ../sysvinit/lxc-net $@
+
BUILT_SOURCES = lxc-autostart-helper lxc.service lxc-net.service
-install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load lxc-autostart-helper
+install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load lxc-autostart-helper lxc-net
$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
$(INSTALL_DATA) lxc.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
@@ -25,7 +25,7 @@ uninstall-systemd:
rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc-net.service
rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
-pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load lxc-autostart-helper
+pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load lxc-autostart-helper lxc-net
install-data-local: install-systemd
uninstall-local: uninstall-systemd
diff --git a/config/init/systemd/lxc-net.service.in b/config/init/systemd/lxc-net.service.in
index 37d1d69..c054702 100644
--- a/config/init/systemd/lxc-net.service.in
+++ b/config/init/systemd/lxc-net.service.in
@@ -6,5 +6,5 @@ Before=lxc.service
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=@DATADIR@/lxc/lxc.net start
-ExecStop=@DATADIR@/lxc/lxc.net stop
+ExecStart=@LIBEXECDIR@/lxc/lxc-net start
+ExecStop=@LIBEXECDIR@/lxc/lxc-net stop
diff --git a/config/init/sysvinit/Makefile.am b/config/init/sysvinit/Makefile.am
index 66c190d..d8722ab 100644
--- a/config/init/sysvinit/Makefile.am
+++ b/config/init/sysvinit/Makefile.am
@@ -1,12 +1,14 @@
-EXTRA_DIST = lxc
+EXTRA_DIST = lxc lxc-net
if INIT_SCRIPT_SYSV
install-sysvinit: lxc
$(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
$(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
+ $(INSTALL_SCRIPT) lxc-net $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc-net
uninstall-sysvinit:
rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
+ rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc-net
rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
install-data-local: install-sysvinit
diff --git a/config/init/sysvinit/lxc-net.in b/config/init/sysvinit/lxc-net.in
new file mode 100644
index 0000000..e31fbac
--- /dev/null
+++ b/config/init/sysvinit/lxc-net.in
@@ -0,0 +1,134 @@
+#!/bin/sh -
+#
+# lxc-net Start/Stop LXC Networking
+#
+# chkconfig: 345 99 01
+# description: Starts/Stops LXC Network Bridge
+#
+### BEGIN INIT INFO
+# Provides: lxc-net
+# Default-Start: 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Bring up/down LXC Network Bridge
+# Description: Bring up/down LXC Network Bridge
+### END INIT INFO
+
+# Programmers Note: The chkconfig information above is largely
+# for completeness and taken from the "lxc" script.
+# If someone really REALLY wants to run this under sysvinit
+# and chkconfig, the values above may need to be tweaked.
+
+sysconfdir="@SYSCONFDIR@"
+distrosysconfdir="@LXC_DISTRO_SYSCONF@"
+bindir="@BINDIR@"
+localstatedir="@LOCALSTATEDIR@"
+varrun="@RUNTIME_PATH@/lxc"
+
+# These can be overridden in @LXC_DISTRO_SYSCONF@/lxc
+# or in @LXC_DISTRO_SYSCONF@/lxc-net
+
+USE_LXC_BRIDGE="true"
+LXC_BRIDGE="lxcbr0"
+LXC_ADDR="10.0.3.1"
+LXC_NETMASK="255.255.255.0"
+LXC_NETWORK="10.0.3.0/24"
+LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
+LXC_DHCP_MAX="253"
+LXC_DHCP_CONFILE=""
+LXC_DOMAIN=""
+
+[ -f $distrosysconfdir/lxc ] && . $distrosysconfdir/lxc
+
+start() {
+ [ ! -f "$localstatedir"/lock/subsys/lxc-net ] || { exit 0; }
+
+ [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0 }
+
+ use_iptables_lock="-w"
+ iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
+ cleanup() {
+ # dnsmasq failed to start, clean up the bridge
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
+ iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+ ifconfig ${LXC_BRIDGE} down || true
+ brctl delbr ${LXC_BRIDGE} || true
+ }
+
+ if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
+ exit 0;
+ fi
+
+ # set up the lxc network
+ brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
+ echo 1 > /proc/sys/net/ipv4/ip_forward
+ mkdir -p "${varrun}"
+ ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
+ iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
+ iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+
+ LXC_DOMAIN_ARG=""
+ if [ -n "$LXC_DOMAIN" ]; then
+ LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
+ fi
+ dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
+ touch "${varrun}"/network_up
+ touch "$localstatedir"/lock/subsys/lxc-net
+}
+
+stop() {
+ [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0 }
+
+ [ -f "${varrun}/network_up" ] || { exit 0 }
+ # if $LXC_BRIDGE has attached interfaces, don't shut it down
+ ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
+
+ if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
+ use_iptables_lock="-w"
+ iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
+ ifconfig ${LXC_BRIDGE} down
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
+ iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
+ iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
+ iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
+ pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
+ rm -f "${varrun}"/dnsmasq.pid
+ brctl delbr ${LXC_BRIDGE}
+ fi
+ rm -f "${varrun}"/network_up
+ rm -f "$localstatedir"/lock/subsys/lxc-net
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart|reload|force-reload)
+ $0 stop
+ $0 start
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload|force-reload}"
+ exit 2
+esac
+exit $?
+
diff --git a/config/init/sysvinit/lxc.in b/config/init/sysvinit/lxc.in
index 7cad8c8..6aa4661 100644
--- a/config/init/sysvinit/lxc.in
+++ b/config/init/sysvinit/lxc.in
@@ -14,10 +14,11 @@
### END INIT INFO
sysconfdir="@SYSCONFDIR@"
+distrosysconfdir="@LXC_DISTRO_SYSCONF@"
bindir="@BINDIR@"
localstatedir="@LOCALSTATEDIR@"
-# These can be overridden in @SYSCONFDIR@/sysconfig/lxc
+# These can be overridden in @LXC_DISTRO_SYSCONF@/lxc
# BOOTGROUPS - What groups should start on bootup?
# Comma separated list of groups.
@@ -53,8 +54,7 @@ if ! type action >/dev/null 2>&1; then
fi
# Source any configurable options
-test ! -r "$sysconfdir"/sysconfig/lxc ||
- . "$sysconfdir"/sysconfig/lxc
+[ -f "$distrosysconfdir"/lxc ] && . "$distrosysconfdir"/lxc
# Check for needed utility program
[ -x "$bindir"/lxc-autostart ] || exit 1
diff --git a/configure.ac b/configure.ac
index 720fac4..64118a2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -61,12 +61,15 @@ fi
case $with_distro in
ubuntu)
distroconf=default.conf.ubuntu
+ distrosysconf="$sysconfdir/default"
;;
redhat|centos|fedora|oracle|oracleserver)
distroconf=default.conf.libvirt
+ distrosysconf="$sysconfdir/sysconfig"
;;
*)
distroconf=default.conf.unknown
+ distrosysconf="$sysconfdir/default"
;;
esac
AC_MSG_RESULT([$with_distro])
@@ -524,6 +527,7 @@ AS_AC_EXPAND(DATADIR, "$datadir")
AS_AC_EXPAND(LOCALSTATEDIR, "$localstatedir")
AS_AC_EXPAND(DOCDIR, "$docdir")
AS_AC_EXPAND(LXC_DISTRO_CONF, "$distroconf")
+AS_AC_EXPAND(LXC_DISTRO_SYSCONF, "$distrosysconf")
AS_AC_EXPAND(LXC_GENERATE_DATE, "$(date)")
AS_AC_EXPAND(LXCPATH, "$with_config_path")
AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf")
@@ -612,6 +616,7 @@ AC_CONFIG_FILES([
config/init/Makefile
config/init/sysvinit/Makefile
config/init/sysvinit/lxc
+ config/init/sysvinit/lxc-net
config/init/systemd/Makefile
config/init/systemd/lxc.service
config/init/systemd/lxc-net.service
diff --git a/lxc.spec.in b/lxc.spec.in
index 57912a1..cb649a9 100644
--- a/lxc.spec.in
+++ b/lxc.spec.in
@@ -136,6 +136,7 @@ rm -rf %{buildroot}
%config(noreplace) %{_sysconfdir}/lxc/*
%if %{with_systemd}
+%{_unitdir}/lxc-net.service
%{_unitdir}/lxc.service
%else
%{_sysconfdir}/rc.d/init.d/lxc
@@ -154,6 +155,7 @@ rm -rf %{buildroot}
%attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic
%if %{with_systemd}
%attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup
+%attr(555,root,root) %{_libexecdir}/%{name}/lxc-net
%attr(555,root,root) %{_libexecdir}/%{name}/lxc-autostart-helper
%endif
diff --git a/src/lxc/lxc.net b/src/lxc/lxc.net
index 5ea4f1d..8fa9da5 100755
--- a/src/lxc/lxc.net
+++ b/src/lxc/lxc.net
@@ -13,9 +13,12 @@ varrun="/run/lxc"
LXC_DOMAIN=""
start() {
+ # For Debian, Ubuntu, and derivatives
[ -f /etc/default/lxc ] && . /etc/default/lxc
+ # For RedHat, CentOS, SL, Oracle, Fedora, and derivaties
+ [ -f /etc/sysconfig/lxc ] && . /etc/sysconfig/lxc
- [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
+ [ "x$USE_LXC_BRIDGE" = "xtrue" ] || exit 0
use_iptables_lock="-w"
iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
@@ -34,10 +37,6 @@ start() {
}
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
- if [ ! -f ${varrun}/network_up ]; then
- # bridge exists, but we didn't start it
- stop;
- fi
exit 0;
fi
@@ -64,7 +63,11 @@ start() {
}
stop() {
+ # For Debian, Ubuntu, and derivatives
[ -f /etc/default/lxc ] && . /etc/default/lxc
+ # For RedHat, CentOS, SL, Oracle, Fedora, and derivaties
+ [ -f /etc/sysconfig/lxc ] && . /etc/sysconfig/lxc
+
[ -f "${varrun}/network_up" ] || exit 0;
# if $LXC_BRIDGE has attached interfaces, don't shut it down
ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
--
1.9.3
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140813/23d9c6e5/attachment.sig>
More information about the lxc-devel
mailing list