blob: e746a682e32bdeef80f72b65f254d0b008c0b451 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
#!/usr/bin/env bash
set -ex
sudo ip netns add ns1
sudo ip link add veth1-ext type veth peer name veth1-int
sudo ip link set veth1-int netns ns1
sudo ip netns exec ns1 ip link set dev lo up
sudo ip netns exec ns1 ip addr add 192.168.1.2/24 dev veth1-int
sudo ip netns exec ns1 ip link set veth1-int up
sudo ip netns exec ns1 ip route add default via 192.168.1.1
sudo ip addr add 192.168.1.1/24 dev veth1-ext
sudo ip link set veth1-ext up
# Enable forwarding between the namespace and the default route
# interface and set up NAT. In case of multiple default routes,
# just pick the first one.
if [[ $(sysctl -n net.ipv4.ip_forward) -eq 0 ]]; then
sudo iptables -P FORWARD DROP
sudo sysctl -w net.ipv4.ip_forward=1
fi
IFACE="$(ip route list 0.0.0.0/0 | head -n 1 | cut -d ' ' -f 5)"
sudo iptables -A FORWARD -i veth1-ext -o "$IFACE" -j ACCEPT
sudo iptables -A FORWARD -i "$IFACE" -o veth1-ext -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s 192.168.1.2 -o "$IFACE" -j MASQUERADE
rbd create --size 300 img
DEV="$(sudo rbd map img)"
mkfs.ext4 "$DEV"
sudo mount "$DEV" /mnt
sudo umount /mnt
sudo rbd unmap "$DEV"
sudo ip netns exec ns1 bash <<'EOF'
set -ex
DEV="/dev/rbd/rbd/img"
[[ ! -e "$DEV" ]]
# In a network namespace, "rbd map" maps the device and hangs waiting
# for udev add uevents. udev runs as usual (in particular creating the
# symlink which is used here because the device node is never printed),
# but the uevents it sends out never come because they don't cross
# network namespace boundaries.
set +e
timeout 30s rbd map img
RET=$?
set -e
[[ $RET -eq 124 ]]
[[ -L "$DEV" ]]
mkfs.ext4 -F "$DEV"
mount "$DEV" /mnt
umount /mnt
# In a network namespace, "rbd unmap" unmaps the device and hangs
# waiting for udev remove uevents. udev runs as usual (removing the
# symlink), but the uevents it sends out never come because they don't
# cross network namespace boundaries.
set +e
timeout 30s rbd unmap "$DEV"
RET=$?
set -e
[[ $RET -eq 124 ]]
[[ ! -e "$DEV" ]]
# Skip waiting for udev uevents with "-o noudev".
DEV="$(rbd map -o noudev img)"
mkfs.ext4 -F "$DEV"
mount "$DEV" /mnt
umount /mnt
rbd unmap -o noudev "$DEV"
EOF
rbd rm img
sudo iptables -t nat -D POSTROUTING -s 192.168.1.2 -o "$IFACE" -j MASQUERADE
sudo iptables -D FORWARD -i "$IFACE" -o veth1-ext -j ACCEPT
sudo iptables -D FORWARD -i veth1-ext -o "$IFACE" -j ACCEPT
sudo ip netns delete ns1
echo OK
|