From 1dd4bfdd1f7c380d2995a0136d24be91dabd52cd Mon Sep 17 00:00:00 2001 From: Lukasz Gabrych Date: Wed, 16 Sep 2015 22:39:34 +0200 Subject: [PATCH] Version: 1.1.3, merged macvlan with lxc-net scripts --- lxc-net.patch | 39 +++++++++++++++++ lxc.spec | 33 ++++++++------- lxc_macvlan | 66 +++++++++++++++++++++++++++++ lxc_macvlan.init | 98 ------------------------------------------- lxc_macvlan.sysconfig | 3 ++ 5 files changed, 127 insertions(+), 112 deletions(-) create mode 100644 lxc-net.patch create mode 100755 lxc_macvlan delete mode 100755 lxc_macvlan.init diff --git a/lxc-net.patch b/lxc-net.patch new file mode 100644 index 0000000..a328d72 --- /dev/null +++ b/lxc-net.patch @@ -0,0 +1,39 @@ +# diff -durN -x '*~' -x '*.orig' lxc-1.1.3.orig/config/init/common/lxc-net.in lxc-1.1.3/config/init/common/lxc-net.in > ~/rpm/packages/lxc/lxc-net.patch +--- lxc-1.1.3.orig/config/init/common/lxc-net.in 2015-08-15 00:32:10.000000000 +0200 ++++ lxc-1.1.3/config/init/common/lxc-net.in 2015-09-14 13:43:35.950386724 +0200 +@@ -24,6 +24,17 @@ + + [ ! -f $distrosysconfdir/lxc ] || . $distrosysconfdir/lxc + ++# Additional network based on macvlan ++# It can be overridden in @LXC_DISTRO_SYSCONF@/lxc_macvlan ++# by default is not used ++ ++macvlan="@LIBEXECDIR@/lxc/lxc_macvlan" ++USE_LXC_MACVLAN="false" ++ ++[ ! -f $distrosysconfdir/lxc_macvlan ] || . $distrosysconfdir/lxc_macvlan ++[ ! -f $macvlan ] || . $macvlan ++ ++ + use_iptables_lock="-w" + iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock="" + +@@ -48,7 +59,9 @@ + ip link set dev $1 up + } + ++ + start() { ++ [ "x$USE_LXC_MACVLAN" = "xtrue" ] && { macvlan_start; exit $?; } + [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; } + + [ ! -f "${varrun}/network_up" ] || { echo "lxc-net is already running"; exit 1; } +@@ -131,6 +144,7 @@ + } + + stop() { ++ [ "x$USE_LXC_MACVLAN" = "xtrue" ] && { macvlan_stop; exit $?; } + [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { exit 0; } + + [ -f "${varrun}/network_up" ] || [ "$1" = "force" ] || { echo "lxc-net isn't running"; exit 1; } diff --git a/lxc.spec b/lxc.spec index 14ad3e4..5fc1853 100644 --- a/lxc.spec +++ b/lxc.spec @@ -1,5 +1,4 @@ # TODO -# - what to do lxc_macvlan.init, when upstream provided lxc-net.init? # - package apparmor stuff # Conditional build: @@ -13,17 +12,19 @@ Summary: Linux Containers userspace tools Summary(pl.UTF-8): Narzędzia do kontenerów linuksowych (LXC) Name: lxc -Version: 1.1.2 -Release: 2 +Version: 1.1.3 +Release: 1 License: LGPL v2.1+ Group: Applications/System Source0: https://linuxcontainers.org/downloads/lxc/%{name}-%{version}.tar.gz -# Source0-md5: 3ebadacf5fe8bfe689fd7a09812b682c +# Source0-md5: 197abb5a28ab0b689c737eb1951023fb Source1: %{name}-pld.in.sh -Source2: %{name}_macvlan.init -Source3: %{name}_macvlan.sysconfig +# lxc-net based on bridge, macvlan is an alternative/supported lxc network +Source2: %{name}_macvlan.sysconfig +Source3: %{name}_macvlan Patch0: %{name}-pld.patch Patch1: x32.patch +Patch2: %{name}-net.patch URL: https://www.linuxcontainers.org/ BuildRequires: autoconf >= 2.50 BuildRequires: automake @@ -41,10 +42,14 @@ BuildRequires: libxslt-progs %{?with_lua:BuildRequires: lua51-devel >= 5.1} BuildRequires: pkgconfig %{?with_python:BuildRequires: python3-devel >= 1:3.2} +%{?with_python:BuildRequires: python3-modules} BuildRequires: rpm-pythonprov BuildRequires: rpmbuild(macros) >= 1.671 BuildRequires: sed >= 4.0 Requires: rc-scripts >= 0.4.6 +Requires: dnsmasq # used in lxc-net script +Requires: gawk # lxc_macvlan script +Requires: iptables # used in lxc-net script to set bridge nat Requires: which Requires: iproute2 Requires: systemd-units >= 38 @@ -72,7 +77,7 @@ applications like bash or sshd. %description -l pl.UTF-8 Narzędzia do tworzenia i zarządzania kontenerami. System ten obejmuje -w pełni funkcjonalne kontenery z ilozacją/wirtualizacją pidów, ipc, +w pełni funkcjonalne kontenery z izolacją/wirtualizacją pidów, ipc, utsname, punktów montowania, /proc, /sys, sieci oraz uwzględniające grupy kontrolne. Jest bardzo lekki, elastyczny i udostępnia narzędzia do czynności związanych z kontenerami, takich jak monitorowanie z @@ -136,6 +141,7 @@ bashowe uzupełnianie nazw dla LXC. %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 cp -p %{SOURCE1} templates/lxc-pld.in @@ -185,8 +191,9 @@ install -d $RPM_BUILD_ROOT{%{configpath},%{configpath}snap,/var/{cache,log}/lxc} # yum plugin, no idea where to package this %{__rm} $RPM_BUILD_ROOT%{_datadir}/%{name}/lxc-patch.py -install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/rc.d/init.d/lxc_macvlan -install -p %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/lxc_macvlan +install -p %{SOURCE2} $RPM_BUILD_ROOT/etc/sysconfig/lxc_macvlan +install -p %{SOURCE3} $RPM_BUILD_ROOT%{_libdir}/%{name}/lxc_macvlan + %if %{with python} %py3_comp $RPM_BUILD_ROOT%{py3_sitedir}/lxc @@ -203,7 +210,6 @@ rm -rf $RPM_BUILD_ROOT /sbin/ldconfig /sbin/chkconfig --add lxc /sbin/chkconfig --add lxc-net -/sbin/chkconfig --add lxc_macvlan %systemd_post lxc.service lxc-net.service %preun @@ -212,8 +218,6 @@ if [ "$1" = "0" ]; then /sbin/chkconfig --del lxc %service lxc-net stop /sbin/chkconfig --del lxc-net - %service lxc_macvlan stop - /sbin/chkconfig --del lxc_macvlan fi %systemd_preun lxc.service lxc-net.service @@ -250,7 +254,6 @@ fi %attr(755,root,root) %ghost %{_libdir}/liblxc.so.1 %attr(754,root,root) /etc/rc.d/init.d/lxc %attr(754,root,root) /etc/rc.d/init.d/lxc-net -%attr(754,root,root) /etc/rc.d/init.d/lxc_macvlan %{systemdunitdir}/lxc.service %{systemdunitdir}/lxc-net.service @@ -263,13 +266,15 @@ fi %attr(755,root,root) %{_libdir}/%{name}/lxc-monitord %attr(755,root,root) %{_libdir}/%{name}/lxc-net %attr(755,root,root) %{_libdir}/%{name}/lxc-user-nic +%attr(755,root,root) %{_libdir}/%{name}/lxc_macvlan %dir %{_sysconfdir}/lxc %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/lxc_macvlan %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/lxc %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/lxc/default.conf %dir %{_datadir}/%{name} %{_datadir}/%{name}/lxc.functions -%attr(755,root,root) %{_datadir}/%{name}/lxc-restore-net +# below has been removed in lxc-1.1.3 +#%attr(755,root,root) %{_datadir}/%{name}/lxc-restore-net %dir %{_datadir}/%{name}/config %{_datadir}/%{name}/config/archlinux.*.conf %{_datadir}/%{name}/config/centos.*.conf diff --git a/lxc_macvlan b/lxc_macvlan new file mode 100755 index 0000000..4f9a22d --- /dev/null +++ b/lxc_macvlan @@ -0,0 +1,66 @@ +#!/bin/bash + +# additional macvlan interface for lxc + +# TODO: add additional iptables rules / ipv6 / ip_forward + + +macvlan_test_config(){ + + # check if all required configurations have been set + # Source any configurable options + test ! -r /etc/sysconfig/lxc_macvlan || + . /etc/sysconfig/lxc_macvlan + + # Tests for data provided in /etc/sysconfig/lxc_macvlan + if [ -z "$MACVLAN_DEV" ]; then + echo "MACVLAN_DEV not set is /etc/sysconfig/lxc_macvlan" + exit 6 + fi + + if [ -z "$MACVLAN_NAME" ]; then + echo "MACVLAN_NAME not set is /etc/sysconfig/lxc_macvlan" + exit 6 + fi + + if [ -z "$MACVLAN_ADDRESS" ]; then + echo "MACVLAN_ADDRESS not set is /etc/sysconfig/lxc_macvlan" + exit 6 + fi +} + +macvlan_gen_default_hwaddr(){ + # If not defined MACVLAN_HWADDRESS, calculate it from MACVLAN_ADDRESS + echo $MACVLAN_ADDRESS | awk -F "/" '{print $1}' | awk -F "." '{ printf "00:16:3e:%x:%x:%x\n", $2, $3, $4 }' +} + +macvlan_start() { + echo "LXC macvlan interface start" + echo 1 > /proc/sys/net/ipv4/ip_forward + macvlan_test_config + + set -e + if [ -z "$MACVLAN_HWADDRESS" ]; then + MACVLAN_HWADDRESS=`macvlan_gen_default_hwaddr` + fi + ip link add link $MACVLAN_DEV name $MACVLAN_NAME address $MACVLAN_HWADDRESS type macvlan mode bridge + ip link set $MACVLAN_NAME up + ip address add $MACVLAN_ADDRESS brd + dev $MACVLAN_NAME +} + +macvlan_stop() { + echo "LXC macvlan interface stop" + macvlan_test_config + + set -e + ip link set $MACVLAN_NAME down + ip link del $MACVLAN_NAME +} + +macvlan_status() { + echo "LXC macvlan interface status" + macvlan_test_config + + set -e + ip addr show $MACVLAN_NAME +} \ No newline at end of file diff --git a/lxc_macvlan.init b/lxc_macvlan.init deleted file mode 100755 index c146945..0000000 --- a/lxc_macvlan.init +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -# -# lxc_macvlan Start/Stop LXC MACVLAN interface -# -# chkconfig: 345 11 89 -# description: Starts/Stops LXC MACVLAN interface. -# -### BEGIN INIT INFO -# Provides: lxc_macvlan -# Default-Start: 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start/Stop LXC MACVLAN interface -# Description: Start/Stop LXC MACVLAN interface -### END INIT INFO - -# Source function library -. /etc/rc.d/init.d/functions - -# Source any configurable options -test ! -r /etc/sysconfig/lxc_macvlan || - . /etc/sysconfig/lxc_macvlan - -# Tests for data provided in /etc/sysconfig/lxc_macvlan -if [ -z "$MACVLAN_DEV" ]; then - echo "MACVLAN_DEV not set is /etc/sysconfig/lxc_macvlan" - exit 6 -fi - -if [ -z "$MACVLAN_NAME" ]; then - echo "MACVLAN_NAME not set is /etc/sysconfig/lxc_macvlan" - exit 6 -fi - -if [ -z "$MACVLAN_ADDRESS" ]; then - echo "MACVLAN_ADDRESS not set is /etc/sysconfig/lxc_macvlan" - exit 6 -fi - -# If not defined MACVLAN_HWADDRESS, calculate it from MACVLAN_ADDRESS -if [ -z "$MACVLAN_HWADDRESS" ]; then - MACVLAN_HWADDRESS=`echo $MACVLAN_ADDRESS | awk -F "/" '{print $1}' | awk -F "." '{ printf "00:16:3e:%x:%x:%x\n", $2, $3, $4 }'` - # TODO: Print on start() only - # echo "MACVLAN_HWADDRESS not set, using calculated from MACVLAN_ADDRESS=${MACVLAN_ADDRESS} value: ${MACVLAN_HWADDRESS}"; -fi - - -start() { - msg_starting "LXC macvlan interface" - # set -x - ip link add link $MACVLAN_DEV name $MACVLAN_NAME address $MACVLAN_HWADDRESS type macvlan mode bridge - ip link set $MACVLAN_NAME up - ip address add $MACVLAN_ADDRESS brd + dev $MACVLAN_NAME - # TODO: check if works: - # cat /sys/class/net/macv0/address - # 00:13:00:00:20:14 - RETVAL=$? - [ $RETVAL -eq 0 ] && ok || fail -} - -stop() { - msg_stopping "LXC macvlan interface" - # set -x - ip link set $MACVLAN_NAME down - ip link del $MACVLAN_NAME - RETVAL=$? - [ $RETVAL -eq 0 ] && ok || fail -} - -status() { - ip addr show $MACVLAN_NAME -} - - -RETVAL=0 - -# See how we were called. -case "$1" in - start) - start - ;; - - stop) - stop - ;; - restart|reload|force-reload) - stop - start - ;; - status) - status - ;; - *) - - msg_usage "$0 {start|stop|restart|reload|force-reload|status}" - exit 3 -esac - -exit $RETVAL diff --git a/lxc_macvlan.sysconfig b/lxc_macvlan.sysconfig index fe7201f..603489a 100644 --- a/lxc_macvlan.sysconfig +++ b/lxc_macvlan.sysconfig @@ -1,5 +1,8 @@ # LXC MACVLAN device config +# Change below to "true" if you want to use macvlan instead of default bridge network +USE_LXC_MACVLAN="false" + # Logical interface name MACVLAN_NAME=macv0 -- 2.44.0