[lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6
Michael H. Warfield
mhw at WittsEnd.com
Thu Dec 4 20:36:01 UTC 2014
On Thu, 2014-12-04 at 15:13 -0500, S.Çağlar Onur wrote:
> On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
> > On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote:
> >> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
> >> ---
> >> config/init/common/lxc-net.in | 26 ++++++++++++++++++++++----
> >> 1 file changed, 22 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
> >> index 5567fee..5ca2eb2 100644
> >> --- a/config/init/common/lxc-net.in
> >> +++ b/config/init/common/lxc-net.in
> >> @@ -8,6 +8,7 @@ varrun="@RUNTIME_PATH@/lxc"
> >> # or in @LXC_DISTRO_SYSCONF@/lxc-net
> >>
> >> USE_LXC_BRIDGE="true"
> >> +USE_OPENVSWITCH="false"
> >> LXC_BRIDGE="lxcbr0"
> >> LXC_ADDR="10.0.3.1"
> >> LXC_NETMASK="255.255.255.0"
> >> @@ -79,7 +80,11 @@ start() {
> >> iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> >> ifdown ${LXC_BRIDGE}
> >> - brctl delbr ${LXC_BRIDGE} || true
> >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then
> >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
> >> + else
> >> + brctl delbr ${LXC_BRIDGE} || true
> >> + fi
> >> }
> >>
> >> if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> >> @@ -87,7 +92,11 @@ start() {
> >> fi
> >>
> >> # set up the lxc network
> >> - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
> >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then
> >> + ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo "Missing openvbridge support in kernel"; stop; exit 0; }
> >> + else
> >> + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
> >> + fi
> >> echo 1 > /proc/sys/net/ipv4/ip_forward
> >>
> >> # if we are run from systemd on a system with selinux enabled,
> >> @@ -115,7 +124,12 @@ start() {
> >> if [ -n "$LXC_DOMAIN" ]; then
> >> LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
> >> fi
> >> - dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
> >> +
> >> + DNSMASQ_USER="lxc-dnsmasq"
> >> + if ! getent passwd ${DNSMASQ_USER} >/dev/null; then
> >> + DNSMASQ_USER="dnsmasq"
> >
> > Shouldn't the fallback be nobody rather than dnsmasq?
>
> I guess we could. I used dnsmasq cause
> https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :)
Maybe fall back to check for dnsmasq and fall back to it if it exists
and then fall back to nobody if it doesn't? I ran into this with the
rpm spec file.
> >> + fi
> >> + dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
> >> touch "${varrun}"/network_up
> >> touch "${lockdir}"/lxc-net
> >> }
> >> @@ -141,7 +155,11 @@ stop() {
> >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> >> pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
> >> rm -f "${varrun}"/dnsmasq.pid
> >> - brctl delbr ${LXC_BRIDGE}
> >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then
> >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
> >> + else
> >> + brctl delbr ${LXC_BRIDGE}
> >> + fi
> >> fi
> >> rm -f "${varrun}"/network_up
> >> rm -f "${lockdir}"/lxc-net
> >> --
> >> 1.9.1
> >>
> >> _______________________________________________
> >> lxc-devel mailing list
> >> lxc-devel at lists.linuxcontainers.org
> >> http://lists.linuxcontainers.org/listinfo/lxc-devel
> >
> > --
> > Stéphane Graber
> > Ubuntu developer
> > http://www.ubuntu.com
> >
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> >
>
>
>
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20141204/83f640cf/attachment.sig>
More information about the lxc-devel
mailing list