proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 08:12:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
87c7e080c8
mirror_lxc/config/init/upstart/lxc-net.conf
Stéphane Graber dc0682900a init: Add upstart jobs and some more changes (v3) 
This adds the 3 upstart jobs that we've had in Ubuntu for a while:
 - lxc.conf: Main upstart job, triggers lxc-net.conf based on config
 - lxc-instance.conf: Triggered by lxc.conf for each auto-started container
 - lxc-net.conf: Triggered by lxc.conf, sets up lxcbr0, NAT, mangling, ...

In addition, there are two extra config files in /etc/default:
 - lxc: Allows setting some values like http proxying, disabling autostart, ...
 - lxc-net: Network configuration for the lxcbr0 bridge

This change also disables the sysv script for all distros but Oracle as
the current script won't work on either Ubuntu nor Debian and I suspect
quite a few more distros, so it's not nearly as distro-agnostic as we
thought.

For Debian, only install the upstart jobs and systemd unit.
For Ubuntu, only install the upstart jobs.

This change also moves all the init related stuff to config/init/

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
2014-01-16 17:18:38 -05:00

87 lines
3.8 KiB
Plaintext
Raw Blame History

description "lxc network"
author "Serge Hallyn <serge.hallyn@canonical.com>"
start on starting lxc
stop on stopped lxc
env USE_LXC_BRIDGE="false"
env LXC_BRIDGE="lxcbr0"
env LXC_ADDR="10.0.3.1"
env LXC_NETMASK="255.255.255.0"
env LXC_NETWORK="10.0.3.0/24"
env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
env LXC_DHCP_MAX="253"
env LXC_DHCP_CONFILE=""
env varrun="/var/run/lxc"
env LXC_DOMAIN=""
pre-start script
[ -f /etc/default/lxc ] && . /etc/default/lxc
[ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
use_iptables_lock="-w"
iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
cleanup() {
# dnsmasq failed to start, clean up the bridge
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
ifconfig ${LXC_BRIDGE} down || true
brctl delbr ${LXC_BRIDGE} || true
}
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
if [ ! -f ${varrun}/network_up ]; then
# bridge exists, but we didn't start it
stop;
fi
exit 0;
fi
# set up the lxc network
brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
echo 1 > /proc/sys/net/ipv4/ip_forward
mkdir -p ${varrun}
ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
LXC_DOMAIN_ARG=""
if [ -n "$LXC_DOMAIN" ]; then
LXC_DOMAIN_ARG="-s $LXC_DOMAIN"
fi
dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
touch ${varrun}/network_up
end script
post-stop script
[ -f /etc/default/lxc ] && . /etc/default/lxc
[ -f "${varrun}/network_up" ] || exit 0;
# if $LXC_BRIDGE has attached interfaces, don't shut it down
ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
use_iptables_lock="-w"
iptables -w -L -n 2>&1 > /dev/null || use_iptables_lock=""
ifconfig ${LXC_BRIDGE} down
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
rm -f ${varrun}/dnsmasq.pid
brctl delbr ${LXC_BRIDGE}
fi
rm -f ${varrun}/network_up
end script
Reference in New Issue View Git Blame Copy Permalink