Re: [gentoo-user] *draft* for setting up network bridge with systemd (for qemu/kvm)

Tue, 29 Jan 2013 10:57:33 -0800 

On Tue, Jan 29, 2013 at 10:32 AM, Stefan G. Weichinger <li...@xunil.at> wrote:
> Am 28.01.2013 22:49, schrieb Stefan G. Weichinger:
>
>>>> ps: my bigger hurdle will be the bridging-setup for running
>>>> KVM-virtualization. This was one of the reasons to go back to openrc
>>>> back then.
>>>
>>> I have no experience with that, but if it works in OpenRC it should
>>> work in systemd. Probably better, even.
>>
>> I don't think it won't work, I just wonder how to do it in the right and
>> most efficient way. I will think about that later/tomorrow maybe,
>> already late here ...
>
> I have a *draft* here for bridge.service ... I used the init.d-script
> from here as a template:
>
> http://en.gentoo-wiki.com/wiki/KVM#Script_to_ease_the_configuration
>
> (I used a variation of that as /etc/init.d/kvm for long now)
>
> My service-file reads variables from a separated configfile:
>
> # cat /etc/conf.d/network_systemd
> interface=eth0
> address=172.32.99.12
> netmask=255.255.255.0
> broadcast=172.32.99.255
> gateway=172.32.99.250
> bridge_name=br0
> tap_name=qtap0
> user=sgw
>
>
> and it currently looks like this:
>
> # cat /etc/systemd/system/bridge.service
> [Unit]
> Description=network bridge for KVM
> After=network.target
>
> [Service]
> Type=oneshot
> RemainAfterExit=yes
>
> EnvironmentFile=/etc/conf.d/network_systemd
>
> ExecStart=/sbin/brctl addbr ${bridge_name}
> ExecStart=/usr/bin/tunctl -b -u ${user} -t ${tap_name}
> ExecStart=/bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up
> ExecStart=/bin/ifconfig ${interface} up
> ExecStart=/bin/ifconfig ${tap_name} up 0.0.0.0 promisc
> ExecStart=/sbin/brctl addif ${bridge_name} ${tap_name} ${interface}
> ExecStart=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1
> ExecStart=iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE
> ExecStart=/bin/ip route add default via ${gateway}
>
> ExecStop=/bin/ip route del default via ${gateway}
> ExecStop=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0
> ExecStop=/bin/ifconfig ${tap_name} down
> ExecStop=/sbin/brctl delif ${bridge_name} ${tap_name}
> ExecStop=/usr/bin/tunctl -d ${tap_name}
> ExecStop=/bin/ifconfig ${bridge_name} down
> ExecStop=/bin/ifconfig ${interface} down
> ExecStop=/sbin/brctl delbr ${bridge_name}
> ExecStop=iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE
>
> [Install]
> WantedBy=multi-user.target
>
> ----------
>
> I disabled network.service and enabled bridge.service, works fine so
> far, I already tested connectivity from KVM-VMs.
>
> I am sure that this quite fresh and bloody, suggestions welcome as
> always ...

If it works, it works. It just looks... wrong :D

If you really need so much commands from your unit, you can use a script:

------------------------------------------------------------------------
$ cat /usr/local/bin/kvm-brigdge
#!/bin/sh

source /etc/conf.d/network_systemd

case "${1}" in
    start)
        /sbin/brctl addbr ${bridge_name}
        /usr/bin/tunctl -b -u ${user} -t ${tap_name}
        /bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up
        /bin/ifconfig ${interface} up
        /bin/ifconfig ${tap_name} up 0.0.0.0 promisc
        /sbin/brctl addif ${bridge_name} ${tap_name} ${interface}
        /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1
        iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE
        /bin/ip route add default via ${gateway}
        ;;
    stop)
        /bin/ip route del default via ${gateway}
        /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0
        /bin/ifconfig ${tap_name} down
        /sbin/brctl delif ${bridge_name} ${tap_name}
        /usr/bin/tunctl -d ${tap_name}
        /bin/ifconfig ${bridge_name} down
        /bin/ifconfig ${interface} down
        /sbin/brctl delbr ${bridge_name}
        iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE
        ;;
esac

------------------------------------------------------------------------
$ cat /etc/systemd/system/kvm-bridge.service
[Unit]
Description=network bridge for KVM
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes

ExecStart=/usr/local/bin/kvm-brigdge start
ExecStop=/usr/local/bin/kvm-brigdge stop

[Install]
WantedBy=multi-user.target

As I have been saying all this years: that systemd can work without
using scripts, doesn't mean that it isn't able to use them. I use a
couple of them myself; I think this is a perfect example of one. Your
unit file then it's small and simple, as all of them should be.

Remember that /usr/local/bin/kvm-brigdge needs to be executable.

Regards.
-- 
Canek Peláez Valdés
Posgrado en Ciencia e Ingeniería de la Computación
Universidad Nacional Autónoma de México

Reply via email to