On Mon, 2014-08-11 at 18:57 +0000, Serge Hallyn wrote: > Quoting Michael H. Warfield ([email protected]): > > On Mon, 2014-08-11 at 18:30 +0000, Serge Hallyn wrote: > > > Quoting Michael H. Warfield ([email protected]): > > > > On Mon, 2014-08-11 at 15:37 +0000, Serge Hallyn wrote: > > > > > Quoting Michael H. Warfield ([email protected]): > > > > > > On Thu, 2014-07-31 at 08:53 +0200, Martin Pitt wrote: > > > > > > > Factor this out of the lxc-net.conf upstart job, so that it can > > > > > > > be used by > > > > > > > init.d scripts and systemd units, too. > > > > > > > > > > > > Crap. Never fails. I was in Europe when this came out. > > > > > > > > > > > > Looking at lxc.net, I would say it's going to break some existing > > > > > > setups > > > > > > (notably mine) where lxcbr0 is already setup. Yes, we can set > > > > > > LXC_BRIDGE to no but we should also include some autodetect logic > > > > > > such > > > > > > that, if lxcbr0 already exists, this doesn't commit random acts of > > > > > > terrorism. > > > > > > > > > That logic should already be there. If /sys/class/net/lxcbr0 already > > > > > exists, then start will do nothing; if /run/lxc/network_up does not > > > > > exist then stop will do nothing. > > > > > > > > Yeah, I traced through that logic and finally realized that. I'm a > > > > little nudgey about even calling "stop" from "start" in the case where > > > > the bridge already exists or when USE_LXC_BRIDGE is not true and then > > > > relying on "stop" to rely on the non-existence of network_up to exit > > > > without doing anything to the bridge. If that's the case, why even call > > > > "stop" in the "start" function at all? That had me confused. > > > > > > Yeah, that's an upstart-ism which doesn't belong in the script (and > > > must continue to be done in upstart) > > > > > > > I don't see the need for this logic at all in "start": > > > > > > > > -- > > > > if [ -d /sys/class/net/${LXC_BRIDGE} ]; then > > > > if [ ! -f ${varrun}/network_up ]; then > > > > # bridge exists, but we didn't start it > > > > stop; > > > > fi > > > > exit 0; > > > > fi > > > > -- > > > > > > > > If this bridge exists and we didn't start it, why even attempt to stop > > > > > We don't - the stop is to tell upstart not to continue running the > > > job. It doesn't belong in this script. > > > > Interesting. Many thanks for clarifying that. If there are no > > objections, then, I'll clean that up with the patch I'm working on now.
> That'd be great, thanks. Indeed I think we want the actual script to > do the minimal start/stop, and as you suggested perhaps make the > iptables rules more configurable (though that may be biting off more > than we can chew for now). Yeah, I'll defer any iptables stuff for later. Like I mentioned in my earlier message, that will take looking at how that interacts with firewalld. I've also got to get back on that CentOS template and get teh systemd stuff added to it. That'll be in a couple of days. > BTW - will you be at the lxc sprint in chicago next week? That might be > a good place to discuss making the network stuff more configurable. I'm afraid not. I'm still catching up from spending two weeks in Europe and June has me committed to a few things. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
