[lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6

Thu Dec 4 21:10:30 UTC 2014

On Thu, Dec 4, 2014 at 3:28 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
> On Thu, Dec 04, 2014 at 03:13:44PM -0500, S.Çağlar Onur wrote:
>> On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
>> > On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote:
>> >> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
>> >> ---
>> >>  config/init/common/lxc-net.in | 26 ++++++++++++++++++++++----
>> >>  1 file changed, 22 insertions(+), 4 deletions(-)
>> >>
>> >> diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
>> >> index 5567fee..5ca2eb2 100644
>> >> --- a/config/init/common/lxc-net.in
>> >> +++ b/config/init/common/lxc-net.in
>> >> @@ -8,6 +8,7 @@ varrun="@RUNTIME_PATH@/lxc"
>> >>  #   or in @LXC_DISTRO_SYSCONF@/lxc-net
>> >>
>> >>  USE_LXC_BRIDGE="true"
>> >> +USE_OPENVSWITCH="false"
>> >>  LXC_BRIDGE="lxcbr0"
>> >>  LXC_ADDR="10.0.3.1"
>> >>  LXC_NETMASK="255.255.255.0"
>> >> @@ -79,7 +80,11 @@ start() {
>> >>          iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
>> >>          iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
>> >>          ifdown ${LXC_BRIDGE}
>> >> -        brctl delbr ${LXC_BRIDGE} || true
>> >> +        if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then
>> >> +            ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
>> >> +        else
>> >> +            brctl delbr ${LXC_BRIDGE} || true
>> >> +        fi
>> >>      }
>> >>
>> >>      if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
>> >> @@ -87,7 +92,11 @@ start() {
>> >>      fi
>> >>
>> >>      # set up the lxc network
>> >> -    brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
>> >> +    if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then
>> >> +        ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo "Missing openvbridge support in kernel"; stop; exit 0; }
>> >> +    else
>> >> +        brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
>> >> +    fi
>> >>      echo 1 > /proc/sys/net/ipv4/ip_forward
>> >>
>> >>      # if we are run from systemd on a system with selinux enabled,
>> >> @@ -115,7 +124,12 @@ start() {
>> >>      if [ -n "$LXC_DOMAIN" ]; then
>> >>          LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
>> >>      fi
>> >> -    dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
>> >> +
>> >> +    DNSMASQ_USER="lxc-dnsmasq"
>> >> +    if ! getent passwd ${DNSMASQ_USER} >/dev/null; then
>> >> +        DNSMASQ_USER="dnsmasq"
>> >
>> > Shouldn't the fallback be nobody rather than dnsmasq?
>>
>> I guess we could. I used dnsmasq cause
>> https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :)
>
> I guess we could have a for loop trying lxc-dnsmasq, dnsmasq and then
> falling back to nobody. That way we can add other distros' account for
> dnsmasq if needed.

Sure. I also realized that lxc-net needs to depend on
openvswitch-switch if USE_OPENVSWITCH is true so I'll send v2 with
those changes.

>>
>> >> +    fi
>> >> +    dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
>> >>      touch "${varrun}"/network_up
>> >>      touch "${lockdir}"/lxc-net
>> >>  }
>> >> @@ -141,7 +155,11 @@ stop() {
>> >>          iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
>> >>          pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
>> >>          rm -f "${varrun}"/dnsmasq.pid
>> >> -        brctl delbr ${LXC_BRIDGE}
>> >> +        if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then
>> >> +            ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true
>> >> +        else
>> >> +            brctl delbr ${LXC_BRIDGE}
>> >> +        fi
>> >>      fi
>> >>      rm -f "${varrun}"/network_up
>> >>      rm -f "${lockdir}"/lxc-net
>> >> --
>> >> 1.9.1
>> >>
>> >> _______________________________________________
>> >> lxc-devel mailing list
>> >> lxc-devel at lists.linuxcontainers.org
>> >> http://lists.linuxcontainers.org/listinfo/lxc-devel
>> >
>> > --
>> > Stéphane Graber
>> > Ubuntu developer
>> > http://www.ubuntu.com
>> >
>> > _______________________________________________
>> > lxc-devel mailing list
>> > lxc-devel at lists.linuxcontainers.org
>> > http://lists.linuxcontainers.org/listinfo/lxc-devel
>> >
>>
>>
>>
>> --
>> S.Çağlar Onur <caglar at 10ur.org>
>> _______________________________________________
>> lxc-devel mailing list
>> lxc-devel at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-devel
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
>

-- 
S.Çağlar Onur <caglar at 10ur.org>