[systemd-devel] network interface down in container
I already used for a while a container (Arch on Arch). I had two distinct IP and a working setup thanks to good help from Tom Gundersen I am trying to replicate my network settings on a new setup (Fedora on Arch). For now, I am just trying with DHCP. Here the setup on host: 1- created a virtual bridge $ cat /etc/systemd/network/Bridge.netdev [NetDev] Name=br0 Kind=bridge 2 - bind my eth to the bridge $ cat /etc/systemd/network/eth.network [Match] Name=en* [Network] Bridge=br0 3- created bridge network unit $ cat /etc/systemd/network/bridge.network [Match] Name=br0 [Network] DHCP=IPV4 Nothing else. when container is up: $ ip a 2: enp7s0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff inet6 fe80::16da:e9ff:feb5:7a88/64 scope link valid_lft forever preferred_lft forever 4: br0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UP group default link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff inet 192.168.1.87/24 brd 192.168.1.255 scope global br0 valid_lft forever preferred_lft forever inet6 fe80::b40c:ff:fe22:f14a/64 scope link valid_lft forever preferred_lft forever 9: vb-poppy: NO-CARRIER,BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000 link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff $ ip route default via 192.168.1.254 dev br0 proto static 192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.87 % brctl show bridge name bridge id STP enabledinterfaces br08000.b60c0022f14a no enp7s0 vb-poppy --- I used to boot the container this way : # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container Is this correct? * Now on the container side: Nothing configured. NetworkManager enabled, systemd-networkd enabled and started. --- $ ip a 2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff - host0 is down $ journalctl -x .. -- Unit NetworkManager.service has begun starting up. Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR: ebtables not usable, disabling ethernet bridge firewall. Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 FATAL ERROR: No IPv4 and IPv6 firewall. Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR: Raising SystemExit in run_server Apr 27 13:18:01 poppy NetworkManager[67]: info NetworkManager (version 1.0.0-8.fc22) is starting... Apr 27 13:18:01 poppy NetworkManager[67]: info Read config: /etc/NetworkManager/NetworkManager.conf Apr 27 13:18:01 poppy NetworkManager[67]: info WEXT support is enabled Apr 27 13:18:01 poppy NetworkManager[67]: warn Could not get hostname: failed to read /etc/sysconfig/network Apr 27 13:18:01 poppy NetworkManager[67]: info Acquired D-Bus service com.redhat.ifcfgrh1 .. Obviously my old fashioned way to give two IP adress does not work, and I can't find any other idea/way to do the setup. Is this firewall story in journalctl the culprit? I do not want any basic firewall as hardening will be done with Apparmor (already built in the kernel) and grsec in a second step. Hint: I run a custom kernel. Maybe did I miss some network settings ? Thank you for hints -- google.com/+arnaudgabourygabx ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] network interface down in container
On Thu, Apr 30, 2015 at 11:44 AM, Lennart Poettering lenn...@poettering.net wrote: On Thu, 30.04.15 10:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: I used to boot the container this way : # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container Is this correct? Looks fine. * Now on the container side: Nothing configured. NetworkManager enabled, systemd-networkd enabled and started. NM doesn't really support being run in a container. I want to disable it to avoid any potential conflict. systemctl mask NetworkManager systemctl mask NetworkManager-dispatcher But when rebooting, it is enabled again. I guess I must write a custom service file to mask it ? --- $ ip a 2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff - host0 is down Please check what networkctl status -a in the container shows. It should tell you whether networkd is configured to do anything. E2978F 1: lo Link File: n/a Network File: n/a Type: loopback State: carrier (unmanaged) MTU: 65536 Address: 127.0.0.1 ::1 E2978F 2: host0 Link File: n/a Network File: n/a Type: ether State: off (unmanaged) HW Address: 0e:7f:c3:fb:25:b1 MTU: 1500 Not really sain Also, what does journalctl -u systemd-networkd -n 200 show in the container? Apr 30 12:10:55 poppy systemd[1]: Starting Network Service... Apr 30 12:10:56 poppy systemd-networkd[249]: Enumeration completed Apr 30 12:10:56 poppy systemd[1]: Started Network Service. sounds OK. As said, the only error when booting container is: Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR: ebtables not usable, disabling ethernet bridge firewall. Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 FATAL ERROR: No IPv4 and IPv6 firewall. Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR: Raising SystemExit in run_server Apr 27 13:18:01 poppy NetworkManager[67]: info NetworkManager (version 1.0.0-8.fc22) is starting... Apr 27 13:18:01 poppy NetworkManager[67]: info Read config: /etc/NetworkManager/NetworkManager.conf Apr 27 13:18:01 poppy NetworkManager[67]: info WEXT support is enabled Apr 27 13:18:01 poppy NetworkManager[67]: warn Could not get hostname: failed to read /etc/sysconfig/network Apr 27 13:18:01 poppy NetworkManager[67]: info Acquired D-Bus service com.redhat.ifcfgrh1 Apr 27 13:18:01 poppy NetworkManager[67]: info Loaded plugin ifcfg-rh: (c) 2007 - 2013 Red Hat, Inc. To report bugs please use the NetworkManager mailing list. Apr 27 13:18:01 poppy NetworkManager[67]: info Loaded plugin keyfile: (c) 2007 - 2013 Red Hat, Inc. To report bugs please use the NetworkManager mailing list. Apr 27 13:18:01 poppy NetworkManager[67]: info parsing /etc/sysconfig/network-scripts/ifcfg-lo ... Apr 27 13:18:01 poppy NetworkManager[67]: info monitoring kernel firmware directory '/lib/firmware'. Apr 27 13:18:01 poppy NetworkManager[67]: info WiFi enabled by radio killswitch; enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info WWAN enabled by radio killswitch; enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info WiMAX enabled by radio killswitch; enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info Networking is enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): link connected Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): carrier is ON Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): new Bridge device (driver: 'bridge' ifindex: 3) Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): exported as /org/freedesktop/NetworkManager/Devices/0 Not sure if it has any impact Lennart -- Lennart Poettering, Red Hat -- google.com/+arnaudgabourygabx ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] network interface down in container
On Thu, 30.04.15 10:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: I used to boot the container this way : # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container Is this correct? Looks fine. * Now on the container side: Nothing configured. NetworkManager enabled, systemd-networkd enabled and started. NM doesn't really support being run in a container. --- $ ip a 2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff - host0 is down Please check what networkctl status -a in the container shows. It should tell you whether networkd is configured to do anything. Also, what does journalctl -u systemd-networkd -n 200 show in the container? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] network interface down in container
On Thu, Apr 30, 2015 at 12:18 PM, arnaud gaboury arnaud.gabo...@gmail.com wrote: On Thu, Apr 30, 2015 at 11:44 AM, Lennart Poettering lenn...@poettering.net wrote: On Thu, 30.04.15 10:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: I used to boot the container this way : # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container Is this correct? Looks fine. * Now on the container side: Nothing configured. NetworkManager enabled, systemd-networkd enabled and started. NM doesn't really support being run in a container. I want to disable it to avoid any potential conflict. systemctl mask NetworkManager systemctl mask NetworkManager-dispatcher But when rebooting, it is enabled again. I guess I must write a custom service file to mask it ? --- $ ip a 2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff - host0 is down Please check what networkctl status -a in the container shows. It should tell you whether networkd is configured to do anything. E2978F 1: lo Link File: n/a Network File: n/a Type: loopback State: carrier (unmanaged) MTU: 65536 Address: 127.0.0.1 ::1 E2978F 2: host0 Link File: n/a Network File: n/a Type: ether State: off (unmanaged) HW Address: 0e:7f:c3:fb:25:b1 MTU: 1500 Not really sain Also, what does journalctl -u systemd-networkd -n 200 show in the container? Apr 30 12:10:55 poppy systemd[1]: Starting Network Service... Apr 30 12:10:56 poppy systemd-networkd[249]: Enumeration completed Apr 30 12:10:56 poppy systemd[1]: Started Network Service. sounds OK. As said, the only error when booting container is: Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR: ebtables not usable, disabling ethernet bridge firewall. Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 FATAL ERROR: No IPv4 and IPv6 firewall. Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR: Raising SystemExit in run_server Apr 27 13:18:01 poppy NetworkManager[67]: info NetworkManager (version 1.0.0-8.fc22) is starting... Apr 27 13:18:01 poppy NetworkManager[67]: info Read config: /etc/NetworkManager/NetworkManager.conf Apr 27 13:18:01 poppy NetworkManager[67]: info WEXT support is enabled Apr 27 13:18:01 poppy NetworkManager[67]: warn Could not get hostname: failed to read /etc/sysconfig/network Apr 27 13:18:01 poppy NetworkManager[67]: info Acquired D-Bus service com.redhat.ifcfgrh1 Apr 27 13:18:01 poppy NetworkManager[67]: info Loaded plugin ifcfg-rh: (c) 2007 - 2013 Red Hat, Inc. To report bugs please use the NetworkManager mailing list. Apr 27 13:18:01 poppy NetworkManager[67]: info Loaded plugin keyfile: (c) 2007 - 2013 Red Hat, Inc. To report bugs please use the NetworkManager mailing list. Apr 27 13:18:01 poppy NetworkManager[67]: info parsing /etc/sysconfig/network-scripts/ifcfg-lo ... Apr 27 13:18:01 poppy NetworkManager[67]: info monitoring kernel firmware directory '/lib/firmware'. Apr 27 13:18:01 poppy NetworkManager[67]: info WiFi enabled by radio killswitch; enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info WWAN enabled by radio killswitch; enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info WiMAX enabled by radio killswitch; enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info Networking is enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): link connected Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): carrier is ON Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): new Bridge device (driver: 'bridge' ifindex: 3) Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): exported as /org/freedesktop/NetworkManager/Devices/0 Not sure if it has any impact Do not know if it is a clean approach, but issue is solved with a static IP (that is what I want). On host: $ cat /etc/systemd/networkd/bridge.network [Match] Name=br0 [Network] DNS=192.168.1.254 [Address] Address=192.168.1.87/24 [Route] Gateway=192.168.1.254 # ln -sf /dev/null /etc/systemd/network/80-container-host0.network - On container $ cat /etc/systemd/networkd/poppy.network [Match] Name=host0 [Network] DNS=192.168.1.254 Address=192.168.1.94/24 Gateway=192.168.1.254 -bash-4.3# # ln -sf /dev/null /etc/systemd/network/80-container-host0.network # systemd-nspawn --network-bridge=br0 -bD /var/lib/machines/poppy host: $ ip a 7: vb-poppy: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff inet6 fe80::c9a:d7ff:fe18:a359/64 scope link
Re: [systemd-devel] network interface down in container
On Thu, Apr 30, 2015 at 12:48 PM, arnaud gaboury arnaud.gabo...@gmail.com wrote: On Thu, Apr 30, 2015 at 12:18 PM, arnaud gaboury arnaud.gabo...@gmail.com wrote: On Thu, Apr 30, 2015 at 11:44 AM, Lennart Poettering lenn...@poettering.net wrote: On Thu, 30.04.15 10:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: I used to boot the container this way : # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container Is this correct? Looks fine. * Now on the container side: Nothing configured. NetworkManager enabled, systemd-networkd enabled and started. NM doesn't really support being run in a container. I want to disable it to avoid any potential conflict. systemctl mask NetworkManager systemctl mask NetworkManager-dispatcher But when rebooting, it is enabled again. I guess I must write a custom service file to mask it ? --- $ ip a 2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff - host0 is down Please check what networkctl status -a in the container shows. It should tell you whether networkd is configured to do anything. E2978F 1: lo Link File: n/a Network File: n/a Type: loopback State: carrier (unmanaged) MTU: 65536 Address: 127.0.0.1 ::1 E2978F 2: host0 Link File: n/a Network File: n/a Type: ether State: off (unmanaged) HW Address: 0e:7f:c3:fb:25:b1 MTU: 1500 Not really sain Also, what does journalctl -u systemd-networkd -n 200 show in the container? Apr 30 12:10:55 poppy systemd[1]: Starting Network Service... Apr 30 12:10:56 poppy systemd-networkd[249]: Enumeration completed Apr 30 12:10:56 poppy systemd[1]: Started Network Service. sounds OK. As said, the only error when booting container is: Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR: ebtables not usable, disabling ethernet bridge firewall. Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 FATAL ERROR: No IPv4 and IPv6 firewall. Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR: Raising SystemExit in run_server Apr 27 13:18:01 poppy NetworkManager[67]: info NetworkManager (version 1.0.0-8.fc22) is starting... Apr 27 13:18:01 poppy NetworkManager[67]: info Read config: /etc/NetworkManager/NetworkManager.conf Apr 27 13:18:01 poppy NetworkManager[67]: info WEXT support is enabled Apr 27 13:18:01 poppy NetworkManager[67]: warn Could not get hostname: failed to read /etc/sysconfig/network Apr 27 13:18:01 poppy NetworkManager[67]: info Acquired D-Bus service com.redhat.ifcfgrh1 Apr 27 13:18:01 poppy NetworkManager[67]: info Loaded plugin ifcfg-rh: (c) 2007 - 2013 Red Hat, Inc. To report bugs please use the NetworkManager mailing list. Apr 27 13:18:01 poppy NetworkManager[67]: info Loaded plugin keyfile: (c) 2007 - 2013 Red Hat, Inc. To report bugs please use the NetworkManager mailing list. Apr 27 13:18:01 poppy NetworkManager[67]: info parsing /etc/sysconfig/network-scripts/ifcfg-lo ... Apr 27 13:18:01 poppy NetworkManager[67]: info monitoring kernel firmware directory '/lib/firmware'. Apr 27 13:18:01 poppy NetworkManager[67]: info WiFi enabled by radio killswitch; enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info WWAN enabled by radio killswitch; enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info WiMAX enabled by radio killswitch; enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info Networking is enabled by state file Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): link connected Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): carrier is ON Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): new Bridge device (driver: 'bridge' ifindex: 3) Apr 27 13:18:01 poppy NetworkManager[67]: info (br0): exported as /org/freedesktop/NetworkManager/Devices/0 Not sure if it has any impact Do not know if it is a clean approach, but issue is solved with a static IP (that is what I want). On host: $ cat /etc/systemd/networkd/bridge.network [Match] Name=br0 [Network] DNS=192.168.1.254 [Address] Address=192.168.1.87/24 [Route] Gateway=192.168.1.254 # ln -sf /dev/null /etc/systemd/network/80-container-host0.network Useless. Not needed at all - On container $ cat /etc/systemd/networkd/poppy.network [Match] Name=host0 [Network] DNS=192.168.1.254 Address=192.168.1.94/24 Gateway=192.168.1.254 -bash-4.3# # ln -sf /dev/null /etc/systemd/network/80-container-host0.network # systemd-nspawn --network-bridge=br0 -bD /var/lib/machines/poppy host: $ ip a 7: vb-poppy: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast master br0
Re: [systemd-devel] network interface down in container
On Thu, 30.04.15 12:48, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: E2978F 2: host0 Link File: n/a Network File: n/a Type: ether State: off (unmanaged) HW Address: 0e:7f:c3:fb:25:b1 MTU: 1500 So, as it appears networkd does consider itself responsible for the interface and doesn't apply any .network file to it. $ cat /etc/systemd/networkd/bridge.network Well, the directory is /etc/systemd/network/, not /etc/systemd/networkd/. $ cat /etc/systemd/networkd/poppy.network Same here. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] network interface down in container
On Thu, 30.04.15 12:18, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: On Thu, Apr 30, 2015 at 11:44 AM, Lennart Poettering lenn...@poettering.net wrote: On Thu, 30.04.15 10:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: I used to boot the container this way : # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container Is this correct? Looks fine. * Now on the container side: Nothing configured. NetworkManager enabled, systemd-networkd enabled and started. NM doesn't really support being run in a container. I want to disable it to avoid any potential conflict. systemctl mask NetworkManager systemctl mask NetworkManager-dispatcher But when rebooting, it is enabled again. I guess I must write a custom service file to mask it ? I figure it gets activated via the dbus-org.freedesktop.NetworkManager.service name, consider masking that too. Or better, just remove the RPM inside the container. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] network interface down in container
On Thu, Apr 30, 2015, 2:22 PM Lennart Poettering lenn...@poettering.net wrote: On Thu, 30.04.15 12:48, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: E2978F 2: host0 Link File: n/a Network File: n/a Type: ether State: off (unmanaged) HW Address: 0e:7f:c3:fb:25:b1 MTU: 1500 So, as it appears networkd does consider itself responsible for the interface and doesn't apply any .network file to it. $ cat /etc/systemd/networkd/bridge.network Well, the directory is /etc/systemd/network/, not /etc/systemd/networkd/. $ cat /etc/systemd/networkd/poppy.network Same here. Sorry for typo. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] network interface down in container
On Thu, 2015-04-30 at 11:44 +0200, Lennart Poettering wrote: On Thu, 30.04.15 10:01, arnaud gaboury (arnaud.gabo...@gmail.com) wrote: I used to boot the container this way : # systemd-nspawn --network-bridge=br0 -bD /path_to/my_container Is this correct? Looks fine. * Now on the container side: Nothing configured. NetworkManager enabled, systemd-networkd enabled and started. NM doesn't really support being run in a container. FYI not really true, NM git master (upcoming 1.2) does support being run without udev in a container... Dan --- $ ip a 2: host0: BROADCAST,MULTICAST mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff - host0 is down Please check what networkctl status -a in the container shows. It should tell you whether networkd is configured to do anything. Also, what does journalctl -u systemd-networkd -n 200 show in the container? Lennart ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
