Hi,
I've done this patch for my own need. It allows to configure multiple network
interfaces within the containers.
You can integrate it if you wish.
Exemple of use:
cat >/etc/default/lxc-net <<@@@
USE_LXC_BRIDGE="true"
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_BRIDGE[1]="lxcbr1"
LXC_ADDR[1]="10.0.4.1"
LXC_NETMASK[1]="255.255.255.0"
LXC_NETWORK[1]="10.0.4.0/24"
LXC_DHCP_RANGE="10.0.3.200,10.0.3.254"
LXC_DHCP_RANGE[1]="10.0.4.200,10.0.4.254"
LXC_DHCP_MAX="253"
@@@
Regard.
--- /usr/lib/x86_64-linux-gnu/lxc/lxc-net 2017-03-07 10:18:14.000000000 -1000
+++ /usr/lib/x86_64-linux-gnu/lxc/lxc-net.new 2017-05-19 23:43:11.622452896 -1000
@@ -1,4 +1,4 @@
-#!/bin/sh -
+#!/bin/bash -
distrosysconfdir="/etc/default"
varrun="/run/lxc"
@@ -122,8 +122,8 @@
}
ifup() {
- MASK=`_netmask2cidr ${LXC_NETMASK}`
- CIDR_ADDR="${LXC_ADDR}/${MASK}"
+ MASK=`_netmask2cidr ${3}`
+ CIDR_ADDR="${2}/${MASK}"
ip addr add ${CIDR_ADDR} dev $1
ip link set dev $1 address $LXC_BRIDGE_MAC
ip link set dev $1 up
@@ -133,7 +133,7 @@
set +e
if [ "$FAILED" = "1" ]; then
echo "Failed to setup lxc-net." >&2
- stop force
+ stop_all force
fi
}
@@ -145,15 +145,23 @@
[ ! -f "${varrun}/network_up" ] || { echo "lxc-net is already running"; exit 1; }
- if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
- stop force || true
- fi
-
FAILED=1
trap cleanup EXIT HUP INT TERM
set -e
+ for i in ${!LXC_BRIDGE[@]} ; do (
+ LXC_BRIDGE=${LXC_BRIDGE[$i]}
+ LXC_ADDR=${LXC_ADDR[$i]}
+ LXC_NETWORK=${LXC_NETWORK[$i]}
+ LXC_NETMASK=${LXC_NETMASK[0$([ -z "${LXC_NETMASK[$i]}" ] || echo $i)]}
+ LXC_IPV6_ADDR=${LXC_IPV6_ADDR[$i]}
+ LXC_IPV6_MASK=${LXC_IPV6_MASK[$i]}
+ LXC_IPV6_NETWORK=${LXC_IPV6_NETWORK[$i]}
+ LXC_DHCP_RANGE=${LXC_DHCP_RANGE[$i]}
+ if [ -n "$LXC_BRIDGE" -a -n "$LXC_ADDR" -a -n "$LXC_NETWORK" ]; then
+ [ ! -d /sys/class/net/${LXC_BRIDGE} ] || stop force
+
# set up the lxc network
[ ! -d /sys/class/net/${LXC_BRIDGE} ] && ip link add dev ${LXC_BRIDGE} type bridge
echo 1 > /proc/sys/net/ipv4/ip_forward
@@ -208,13 +216,16 @@
fi
done
+ [ -z "$LXC_DHCP_RANGE" ] || \
dnsmasq $LXC_DHCP_CONFILE_ARG $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} \
- --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid \
+ --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid$i \
--listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} \
--dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override \
--except-interface=lo --interface=${LXC_BRIDGE} \
--dhcp-leasefile="${varlib}"/misc/dnsmasq.${LXC_BRIDGE}.leases \
--dhcp-authoritative $LXC_IPV6_ARG || cleanup
+ fi
+ );done
touch "${varrun}"/network_up
FAILED=0
@@ -240,11 +251,18 @@
ip6tables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE
fi
- pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid
- rm -f "${varrun}"/dnsmasq.pid
+ pid=`cat "${varrun}"/dnsmasq.pid$i 2>/dev/null` && kill -9 $pid
+ rm -f "${varrun}"/dnsmasq.pid$i
# if $LXC_BRIDGE has attached interfaces, don't destroy the bridge
ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 || ip link delete ${LXC_BRIDGE}
fi
+}; stop_all() {
+ for i in ${!LXC_BRIDGE[@]} ; do (
+ LXC_BRIDGE=${LXC_BRIDGE[$i]}
+ LXC_NETWORK=${LXC_NETWORK[$i]}
+ LXC_IPV6_NETWORK=${LXC_IPV6_NETWORK[$i]}
+ stop $*
+ );done
rm -f "${varrun}"/network_up
}
@@ -256,11 +274,11 @@
;;
stop)
- stop
+ stop_all
;;
restart|reload|force-reload)
- $0 stop
+ $0 stop_all
$0 start
;;
_______________________________________________
lxc-devel mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-devel
