summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG.txt20
-rw-r--r--VERSION.txt2
-rwxr-xr-xlibexec/container/start68
-rwxr-xr-xlibexec/container/stop6
-rw-r--r--share/doc/HOST-SETUP.txt168
5 files changed, 133 insertions, 131 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 963f218..0951cb4 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,23 @@
+2021-06-29 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+
+ * Releasing version 20210628.
+
+ * Backward incompatible changes:
+ - The networking integration on the container host depended on
+ ifupdown. Now, to support KVM as an additional backend
+ alongside systemd-nspawn in compute-tools, we're switching
+ in this version exclusively to openvswitch.
+ - Moving from ifupdown to openvswitch to manage the bridges
+ requires manual re-configuration of the networking stack on
+ the host, otherwise no container will continue to have network
+ access.
+ - Configuration examples for systemd-networkd (recommended) on the
+ host to use openvswitch are documented in HOST-SETUP.txt.
+
+ [ Simon Spöhel ]
+ * Using openvswitch instead of linux bridges.
+ * Updating documentation for openvswitch.
+
2021-06-28 Daniel Baumann <daniel.baumann@open-infrastructure.net>
* Releasing version 20210628.
diff --git a/VERSION.txt b/VERSION.txt
index 47b060d..f814e09 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-20210628
+20210629
diff --git a/libexec/container/start b/libexec/container/start
index 08c3611..6b35ea8 100755
--- a/libexec/container/start
+++ b/libexec/container/start
@@ -367,42 +367,6 @@ then
;;
esac
- NETWORK_BRIDGES="$(awk -Fcnt.network-bridge= '/^cnt.network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
-
- case "${NETWORK_BRIDGES}" in
- "")
- ;;
-
- *)
- for BRIDGE_DEFINITION in ${NETWORK_BRIDGES}
- do
- INTERFACE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $1 }')"
- BRIDGE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $2 }')"
-
- if [ "$(echo ${INTERFACE} | wc -c)" -gt 15 ]
- then
- echo "'${INTERFACE}': name exceeds maximum of 15 characters, network might be not working."
- fi
-
- if [ -n "${BRIDGE}" ] && [ -n "${INTERFACE}" ]
- then
-
-cat > "/etc/network/interfaces.d/${INTERFACE}" << EOF
-allow-hotplug ${INTERFACE}
-iface ${INTERFACE} inet manual
- pre-up ip link set ${INTERFACE} up
- post-up ip link set ${INTERFACE} master ${BRIDGE}
- pre-down ip link set ${INTERFACE} nomaster
- post-down ip link set ${INTERFACE} down
-EOF
-
- else
- echo "Warning bridge definition '${BRIDGE_DEFINITION}' not recognized (expected <bridge>:<interface>): Ignoring"
- fi
- done
- ;;
- esac
-
PRIVATE_USERS="$(awk -Fprivate-users= '/^private-users=/ { print $2 }' ${CONFIG}/${NAME}.conf || echo no)"
case "${PRIVATE_USERS}" in
@@ -536,3 +500,35 @@ case "${START}" in
esac
;;
esac
+
+# waiting for systemd-nspawn to create the veth interfaces
+sleep 1
+NETWORK_BRIDGES="$(awk -Fcnt.network-bridge= '/^cnt.network-bridge=/ { print $2 }' ${CONFIG}/${NAME}.conf)"
+
+case "${NETWORK_BRIDGES}" in
+ "")
+ ;;
+
+ *)
+ for BRIDGE_DEFINITION in ${NETWORK_BRIDGES}
+ do
+ INTERFACE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $1 }')"
+ BRIDGE="$(echo ${BRIDGE_DEFINITION} | awk -F: '{ print $2 }')"
+
+ if [ "$(echo ${INTERFACE} | wc -c)" -gt 15 ]
+ then
+ echo "'${INTERFACE}': name exceeds maximum of 15 characters, network might be not working."
+ fi
+
+ if [ -n "${BRIDGE}" ] && [ -n "${INTERFACE}" ]
+ then
+
+ ip link set "${INTERFACE}" up
+ ovs-vsctl --may-exist add-port "${BRIDGE}" "${INTERFACE}"
+
+ else
+ echo "Warning bridge definition '${BRIDGE_DEFINITION}' not recognized (expected <bridge>:<interface>): Ignoring"
+ fi
+ done
+ ;;
+esac
diff --git a/libexec/container/stop b/libexec/container/stop
index 58fc0e9..52b40d1 100755
--- a/libexec/container/stop
+++ b/libexec/container/stop
@@ -261,6 +261,12 @@ case "${VERBOSE}" in
;;
esac
+VETHS="$(awk -Fnetwork-veth-extra= '/^network-veth-extra=/ { print $2 }' ${CONFIG}/${NAME}.conf | awk -F: '{ print $1 }')"
+for VETH in ${VETHS}
+do
+ ovs-vsctl --if-exist del-port "${VETH}"
+done
+
machinectl ${MODE} ${NAME}
case "${FORCE}" in
diff --git a/share/doc/HOST-SETUP.txt b/share/doc/HOST-SETUP.txt
index 6b368f0..8603a06 100644
--- a/share/doc/HOST-SETUP.txt
+++ b/share/doc/HOST-SETUP.txt
@@ -5,7 +5,7 @@ compute-tools: Host Setup
1. Debian Packages
-------------------
-apt install bridge-utils ifenslave vlan
+apt install openvswitch-switch
2. Boot Parameters
@@ -53,128 +53,108 @@ sysctl -p
3.2.1 Bridge: 1 Interface, standalone, DHCP
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-cat > /etc/network/interfaces << EOF
-# /etc/network/interfaces
+cat > /etc/systemd/network/eno1.network << EOF
+[Match]
+Name=eno1
-source /etc/network/interfaces.d/*
-
-auto lo
-iface lo inet loopback
+[Network]
+BindCarrier=bridge0
+LinkLocalAddressing=no
+EOF
-iface eno1 inet manual
+cat > /etc/systemd/network/bridge0.network << EOF
+[Match]
+Name=bridge0
-auto bridge0
-iface bridge0 inet dhcp
- bridge_ports eno1
- bridge_fd 0
- bridge_maxwait 0
- bridge_stp 0
+[Network]
+DHCP=ipv4
EOF
+ovs-vsctl add-br bridge0
+ovs-vsctl add-port bridge0 eno1
+
3.2.2 Bridge: 1 Interface, standalone, static
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-cat > /etc/network/interfaces << EOF
-# /etc/network/interfaces
-
-source /etc/network/interfaces.d/*
-
-auto lo
-iface lo inet loopback
-
-iface eno1 inet manual
+cat > /etc/systemd/network/eno1.network << EOF
+[Match]
+Name=eno1
-auto bridge0
-iface bridge0 inet static
- address 10.0.0.2
- gateway 10.0.0.1
- netmask 24
-
- pre-up ip link set eno1 down
- pre-up ip link set eno1 up
-
- bridge_ports eno1
- bridge_fd 0
- bridge_maxwait 0
- bridge_stp 0
+[Network]
+BindCarrier=bridge0
+LinkLocalAddressing=no
EOF
+cat > /etc/systemd/network/bridge0.network << EOF
+[Match]
+Name=bridge0
-3.2.3 Bridge: 2 logical Interfaces, subnet, static
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-cat > /etc/network/interfaces << EOF
-# /etc/network/interfaces
-
-source /etc/network/interfaces.d/*
-
-auto lo
-iface lo inet loopback
-
-allow-hotplug eno1
-iface eno1 inet dhcp
-
-auto bridge0
-iface bridge0 inet static
- address 10.0.0.1
- netmask 24
-
- pre-up ip link add name bridge0 type bridge
- post-down ip link delete bridge0 type bridge
-
- bridge_fd 0
- bridge_maxwait 0
- bridge_stp 0
+[Network]
+DHCP=no
+Address=10.0.0.2/24
+Gateway=10.0.0.1
EOF
+ovs-vsctl add-br bridge0
+ovs-vsctl add-port bridge0 eno1
-3.2.4 Bridge: 3 physical Interfaces, vlan, bonding, static
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-cat > /etc/network/interfaces << EOF
-# /etc/network/interfaces
-
-source /etc/network/interfaces.d/*
+3.2.3 Bridge: 3 physical Interfaces, vlan, bonding, static
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-auto lo
-iface lo inet loopback
+cat > /etc/systemd/network/eno1.network << EOF
+[Match]
+Name=eno1
-allow-hotplug eno1
-iface eno1 inet dhcp
+[Network]
+DHCP=ipv4
+EOF
-iface eno2 inet manual
+cat > /etc/systemd/network/eno2.network << EOF
+[Match]
+Name=eno2
-iface eno3 inet manual
+[Network]
+BindCarrier=bridge0
+LinkLocalAddressing=no
+EOF
-auto bond0
-iface bond0 inet manual
- up ip link set bond0 up
- down ip link set bond0 down
+cat > /etc/systemd/network/eno3.network << EOF
+[Match]
+Name=eno3
- slaves eno2 eno3
+[Network]
+BindCarrier=bridge0
+LinkLocalAddressing=no
+EOF
- bond-mode 4
- bond-miimon 100
- bond-downdelay 200
- bond-updelay 200
- bond-lacp-rate 1
- bond-xmit-hash-policy layer2+3
+cat > /etc/systemd/network/bridge0.network << EOF
+[Match]
+Name=bridge0
-iface bond0.100 inet manual
- vlan-raw-device bond0
+[Network]
+LinkLocalAddressing=no
+EOF
-auto bridge-100
-iface bridge-100 inet static
- address 10.100.0.2
- netmask 24
+cat > /etc/systemd/network/bridge-100.network << EOF
+[Match]
+Name=bridge-100
- bridge_ports bond0.100
- bridge_fd 0
- bridge_maxwait 0
- bridge_stp 0
+[Network]
+Address=10.100.0.2/24
EOF
+ovs-vsctl add-br bridge0
+ovs-vsctl add-bond bridge0 bond0 eno2 eno3 \
+ bond_mode=balance-tcp \
+ lacp=active \
+ other_config:lacp-time=fast \
+ other_config:bond-detect-mode=miimon \
+ other_config:bond-miimon-interval=100 \
+ other_config:bond_updelay=200
+ trunks=100 \
+ovs-vsctl add-br bridge-100 bridge0 100
4. Enabling user namespace for unprivileged containers
------------------------------------------------------