The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/6203
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Closes #6152
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
From 56dfd0cd04039ed4d629bf52aaa478a07cdecf97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Sat, 14 Sep 2019 23:36:22 +0200
Subject: [PATCH] lxd/networks: Allows limited ipv4 config with fan
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #6152
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
lxd/networks.go | 22 ++++++++++++++++++----
lxd/networks_config.go | 2 +-
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/lxd/networks.go b/lxd/networks.go
index cad3d9d1c5..1e7607231d 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -1656,12 +1656,17 @@ func (n *network) Start() error {
}
// Update the dnsmasq config
+ expiry := "1h"
+ if n.config["ipv4.dhcp.expiry"] != "" {
+ expiry = n.config["ipv4.dhcp.expiry"]
+ }
+
dnsmasqCmd = append(dnsmasqCmd, []string{
fmt.Sprintf("--listen-address=%s", addr[0]),
"--dhcp-no-override", "--dhcp-authoritative",
fmt.Sprintf("--dhcp-leasefile=%s",
shared.VarPath("networks", n.name, "dnsmasq.leases")),
fmt.Sprintf("--dhcp-hostsfile=%s",
shared.VarPath("networks", n.name, "dnsmasq.hosts")),
- "--dhcp-range", fmt.Sprintf("%s,%s",
networkGetIP(hostSubnet, 2).String(), networkGetIP(hostSubnet,
-2).String())}...)
+ "--dhcp-range", fmt.Sprintf("%s,%s,%s",
networkGetIP(hostSubnet, 2).String(), networkGetIP(hostSubnet, -2).String(),
expiry)}...)
// Setup the tunnel
if n.config["fan.type"] == "ipip" {
@@ -1707,9 +1712,18 @@ func (n *network) Start() error {
}
// Configure NAT
- err = iptables.NetworkPrepend("ipv4", n.name, "nat",
"POSTROUTING", "-s", overlaySubnet.String(), "!", "-d", overlaySubnet.String(),
"-j", "MASQUERADE")
- if err != nil {
- return err
+ if n.config["ipv4.nat"] == "" ||
shared.IsTrue(n.config["ipv4.nat"]) {
+ if n.config["ipv4.nat.order"] == "after" {
+ err = iptables.NetworkAppend("ipv4", n.name,
"nat", "POSTROUTING", "-s", overlaySubnet.String(), "!", "-d",
overlaySubnet.String(), "-j", "MASQUERADE")
+ if err != nil {
+ return err
+ }
+ } else {
+ err = iptables.NetworkPrepend("ipv4", n.name,
"nat", "POSTROUTING", "-s", overlaySubnet.String(), "!", "-d",
overlaySubnet.String(), "-j", "MASQUERADE")
+ if err != nil {
+ return err
+ }
+ }
}
// Setup clustered DNS
diff --git a/lxd/networks_config.go b/lxd/networks_config.go
index 0babb960e9..a4c95dc135 100644
--- a/lxd/networks_config.go
+++ b/lxd/networks_config.go
@@ -145,7 +145,7 @@ func networkValidateConfig(name string, config
map[string]string) error {
}
// Bridge mode checks
- if bridgeMode == "fan" && strings.HasPrefix(key, "ipv4.") && v
!= "" {
+ if bridgeMode == "fan" && strings.HasPrefix(key, "ipv4.") &&
!shared.StringInSlice(key, []string{"ipv4.dhcp.expiry", "ipv4.firewall",
"ipv4.nat", "ipv4.nat.order"}) && v != "" {
return fmt.Errorf("IPv4 configuration may not be set
when in 'fan' mode")
}
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
