[lxc-devel] [lxd/master] lxd/networks: Allows limited ipv4 config with fan

stgraber on Github lxc-bot at linuxcontainers.org
Sat Sep 14 21:37:55 UTC 2019


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190914/75e8dfe1/attachment.bin>
-------------- next part --------------
From 56dfd0cd04039ed4d629bf52aaa478a07cdecf97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Sat, 14 Sep 2019 23:36:22 +0200
Subject: [PATCH] lxd/networks: Allows limited ipv4 config with fan
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #6152

Signed-off-by: St├ęphane Graber <stgraber at ubuntu.com>
---
 lxd/networks.go        | 22 ++++++++++++++++++----
 lxd/networks_config.go |  2 +-
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/lxd/networks.go b/lxd/networks.go
index cad3d9d1c5..1e7607231d 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -1656,12 +1656,17 @@ func (n *network) Start() error {
 		}
 
 		// Update the dnsmasq config
+		expiry := "1h"
+		if n.config["ipv4.dhcp.expiry"] != "" {
+			expiry = n.config["ipv4.dhcp.expiry"]
+		}
+
 		dnsmasqCmd = append(dnsmasqCmd, []string{
 			fmt.Sprintf("--listen-address=%s", addr[0]),
 			"--dhcp-no-override", "--dhcp-authoritative",
 			fmt.Sprintf("--dhcp-leasefile=%s", shared.VarPath("networks", n.name, "dnsmasq.leases")),
 			fmt.Sprintf("--dhcp-hostsfile=%s", shared.VarPath("networks", n.name, "dnsmasq.hosts")),
-			"--dhcp-range", fmt.Sprintf("%s,%s", networkGetIP(hostSubnet, 2).String(), networkGetIP(hostSubnet, -2).String())}...)
+			"--dhcp-range", fmt.Sprintf("%s,%s,%s", networkGetIP(hostSubnet, 2).String(), networkGetIP(hostSubnet, -2).String(), expiry)}...)
 
 		// Setup the tunnel
 		if n.config["fan.type"] == "ipip" {
@@ -1707,9 +1712,18 @@ func (n *network) Start() error {
 		}
 
 		// Configure NAT
-		err = iptables.NetworkPrepend("ipv4", n.name, "nat", "POSTROUTING", "-s", overlaySubnet.String(), "!", "-d", overlaySubnet.String(), "-j", "MASQUERADE")
-		if err != nil {
-			return err
+		if n.config["ipv4.nat"] == "" || shared.IsTrue(n.config["ipv4.nat"]) {
+			if n.config["ipv4.nat.order"] == "after" {
+				err = iptables.NetworkAppend("ipv4", n.name, "nat", "POSTROUTING", "-s", overlaySubnet.String(), "!", "-d", overlaySubnet.String(), "-j", "MASQUERADE")
+				if err != nil {
+					return err
+				}
+			} else {
+				err = iptables.NetworkPrepend("ipv4", n.name, "nat", "POSTROUTING", "-s", overlaySubnet.String(), "!", "-d", overlaySubnet.String(), "-j", "MASQUERADE")
+				if err != nil {
+					return err
+				}
+			}
 		}
 
 		// Setup clustered DNS
diff --git a/lxd/networks_config.go b/lxd/networks_config.go
index 0babb960e9..a4c95dc135 100644
--- a/lxd/networks_config.go
+++ b/lxd/networks_config.go
@@ -145,7 +145,7 @@ func networkValidateConfig(name string, config map[string]string) error {
 		}
 
 		// Bridge mode checks
-		if bridgeMode == "fan" && strings.HasPrefix(key, "ipv4.") && v != "" {
+		if bridgeMode == "fan" && strings.HasPrefix(key, "ipv4.") && !shared.StringInSlice(key, []string{"ipv4.dhcp.expiry", "ipv4.firewall", "ipv4.nat", "ipv4.nat.order"}) && v != "" {
 			return fmt.Errorf("IPv4 configuration may not be set when in 'fan' mode")
 		}
 


More information about the lxc-devel mailing list