[lxc-devel] [lxd/master] lxd/networks: Allows limited ipv4 config with fan
stgraber on Github
lxc-bot at linuxcontainers.org
Sat Sep 14 21:37:55 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190914/75e8dfe1/attachment.bin>
-------------- next part --------------
From 56dfd0cd04039ed4d629bf52aaa478a07cdecf97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sat, 14 Sep 2019 23:36:22 +0200
Subject: [PATCH] lxd/networks: Allows limited ipv4 config with fan
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #6152
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/networks.go | 22 ++++++++++++++++++----
lxd/networks_config.go | 2 +-
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/lxd/networks.go b/lxd/networks.go
index cad3d9d1c5..1e7607231d 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -1656,12 +1656,17 @@ func (n *network) Start() error {
}
// Update the dnsmasq config
+ expiry := "1h"
+ if n.config["ipv4.dhcp.expiry"] != "" {
+ expiry = n.config["ipv4.dhcp.expiry"]
+ }
+
dnsmasqCmd = append(dnsmasqCmd, []string{
fmt.Sprintf("--listen-address=%s", addr[0]),
"--dhcp-no-override", "--dhcp-authoritative",
fmt.Sprintf("--dhcp-leasefile=%s", shared.VarPath("networks", n.name, "dnsmasq.leases")),
fmt.Sprintf("--dhcp-hostsfile=%s", shared.VarPath("networks", n.name, "dnsmasq.hosts")),
- "--dhcp-range", fmt.Sprintf("%s,%s", networkGetIP(hostSubnet, 2).String(), networkGetIP(hostSubnet, -2).String())}...)
+ "--dhcp-range", fmt.Sprintf("%s,%s,%s", networkGetIP(hostSubnet, 2).String(), networkGetIP(hostSubnet, -2).String(), expiry)}...)
// Setup the tunnel
if n.config["fan.type"] == "ipip" {
@@ -1707,9 +1712,18 @@ func (n *network) Start() error {
}
// Configure NAT
- err = iptables.NetworkPrepend("ipv4", n.name, "nat", "POSTROUTING", "-s", overlaySubnet.String(), "!", "-d", overlaySubnet.String(), "-j", "MASQUERADE")
- if err != nil {
- return err
+ if n.config["ipv4.nat"] == "" || shared.IsTrue(n.config["ipv4.nat"]) {
+ if n.config["ipv4.nat.order"] == "after" {
+ err = iptables.NetworkAppend("ipv4", n.name, "nat", "POSTROUTING", "-s", overlaySubnet.String(), "!", "-d", overlaySubnet.String(), "-j", "MASQUERADE")
+ if err != nil {
+ return err
+ }
+ } else {
+ err = iptables.NetworkPrepend("ipv4", n.name, "nat", "POSTROUTING", "-s", overlaySubnet.String(), "!", "-d", overlaySubnet.String(), "-j", "MASQUERADE")
+ if err != nil {
+ return err
+ }
+ }
}
// Setup clustered DNS
diff --git a/lxd/networks_config.go b/lxd/networks_config.go
index 0babb960e9..a4c95dc135 100644
--- a/lxd/networks_config.go
+++ b/lxd/networks_config.go
@@ -145,7 +145,7 @@ func networkValidateConfig(name string, config map[string]string) error {
}
// Bridge mode checks
- if bridgeMode == "fan" && strings.HasPrefix(key, "ipv4.") && v != "" {
+ if bridgeMode == "fan" && strings.HasPrefix(key, "ipv4.") && !shared.StringInSlice(key, []string{"ipv4.dhcp.expiry", "ipv4.firewall", "ipv4.nat", "ipv4.nat.order"}) && v != "" {
return fmt.Errorf("IPv4 configuration may not be set when in 'fan' mode")
}
More information about the lxc-devel
mailing list