[lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6

Thu Dec 4 20:36:01 UTC 2014

On Thu, 2014-12-04 at 15:13 -0500, S.Çağlar Onur wrote:
> On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
> > On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote:
> >> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
> >> ---
> >>  config/init/common/lxc-net.in | 26 ++++++++++++++++++++++----
> >>  1 file changed, 22 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
> >> index 5567fee..5ca2eb2 100644
> >> --- a/config/init/common/lxc-net.in
> >> +++ b/config/init/common/lxc-net.in
> >> @@ -8,6 +8,7 @@ varrun="@RUNTIME_PATH@/lxc"
> >>  #   or in @LXC_DISTRO_SYSCONF@/lxc-net
> >>
> >>  USE_LXC_BRIDGE="true"
> >> +USE_OPENVSWITCH="false"
> >>  LXC_BRIDGE="lxcbr0"
> >>  LXC_ADDR="10.0.3.1"
> >>  LXC_NETMASK="255.255.255.0"
> >> @@ -79,7 +80,11 @@ start() {
> >>          iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> >>          iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> >>          ifdown ${LXC_BRIDGE}
> >> -        brctl delbr ${LXC_BRIDGE} || true
> >> +        if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then
> >> +            ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
> >> +        else
> >> +            brctl delbr ${LXC_BRIDGE} || true
> >> +        fi
> >>      }
> >>
> >>      if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> >> @@ -87,7 +92,11 @@ start() {
> >>      fi
> >>
> >>      # set up the lxc network
> >> -    brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
> >> +    if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then
> >> +        ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo "Missing openvbridge support in kernel"; stop; exit 0; }
> >> +    else
> >> +        brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
> >> +    fi
> >>      echo 1 > /proc/sys/net/ipv4/ip_forward
> >>
> >>      # if we are run from systemd on a system with selinux enabled,
> >> @@ -115,7 +124,12 @@ start() {
> >>      if [ -n "$LXC_DOMAIN" ]; then
> >>          LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
> >>      fi
> >> -    dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
> >> +
> >> +    DNSMASQ_USER="lxc-dnsmasq"
> >> +    if ! getent passwd ${DNSMASQ_USER} >/dev/null; then
> >> +        DNSMASQ_USER="dnsmasq"
> >
> > Shouldn't the fallback be nobody rather than dnsmasq?
> 
> I guess we could. I used dnsmasq cause
> https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :)

Maybe fall back to check for dnsmasq and fall back to it if it exists
and then fall back to nobody if it doesn't?  I ran into this with the
rpm spec file.

> >> +    fi
> >> +    dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
> >>      touch "${varrun}"/network_up
> >>      touch "${lockdir}"/lxc-net
> >>  }
> >> @@ -141,7 +155,11 @@ stop() {
> >>          iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> >>          pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
> >>          rm -f "${varrun}"/dnsmasq.pid
> >> -        brctl delbr ${LXC_BRIDGE}
> >> +        if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then
> >> +            ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
> >> +        else
> >> +            brctl delbr ${LXC_BRIDGE}
> >> +        fi
> >>      fi
> >>      rm -f "${varrun}"/network_up
> >>      rm -f "${lockdir}"/lxc-net
> >> --
> >> 1.9.1
> >>
> >> _______________________________________________
> >> lxc-devel mailing list
> >> lxc-devel at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-devel
> >
> > --
> > Stéphane Graber
> > Ubuntu developer
> > http://www.ubuntu.com
> >
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> >
> 
> 
> 

-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20141204/83f640cf/attachment.sig>