| 1 |
On Tue, Jan 29, 2013 at 1:05 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 2 |
> On Tue, Jan 29, 2013 at 1:57 PM, Canek Peláez Valdés <caneko@×××××.com> wrote: |
| 3 |
>> On Tue, Jan 29, 2013 at 10:32 AM, Stefan G. Weichinger <lists@×××××.at> wrote: |
| 4 |
>>> Am 28.01.2013 22:49, schrieb Stefan G. Weichinger: |
| 5 |
>>> |
| 6 |
>>>>>> ps: my bigger hurdle will be the bridging-setup for running |
| 7 |
>>>>>> KVM-virtualization. This was one of the reasons to go back to openrc |
| 8 |
>>>>>> back then. |
| 9 |
>>>>> |
| 10 |
>>>>> I have no experience with that, but if it works in OpenRC it should |
| 11 |
>>>>> work in systemd. Probably better, even. |
| 12 |
>>>> |
| 13 |
>>>> I don't think it won't work, I just wonder how to do it in the right and |
| 14 |
>>>> most efficient way. I will think about that later/tomorrow maybe, |
| 15 |
>>>> already late here ... |
| 16 |
>>> |
| 17 |
>>> I have a *draft* here for bridge.service ... I used the init.d-script |
| 18 |
>>> from here as a template: |
| 19 |
>>> |
| 20 |
>>> http://en.gentoo-wiki.com/wiki/KVM#Script_to_ease_the_configuration |
| 21 |
>>> |
| 22 |
>>> (I used a variation of that as /etc/init.d/kvm for long now) |
| 23 |
>>> |
| 24 |
>>> My service-file reads variables from a separated configfile: |
| 25 |
>>> |
| 26 |
>>> # cat /etc/conf.d/network_systemd |
| 27 |
>>> interface=eth0 |
| 28 |
>>> address=172.32.99.12 |
| 29 |
>>> netmask=255.255.255.0 |
| 30 |
>>> broadcast=172.32.99.255 |
| 31 |
>>> gateway=172.32.99.250 |
| 32 |
>>> bridge_name=br0 |
| 33 |
>>> tap_name=qtap0 |
| 34 |
>>> user=sgw |
| 35 |
>>> |
| 36 |
>>> |
| 37 |
>>> and it currently looks like this: |
| 38 |
>>> |
| 39 |
>>> # cat /etc/systemd/system/bridge.service |
| 40 |
>>> [Unit] |
| 41 |
>>> Description=network bridge for KVM |
| 42 |
>>> After=network.target |
| 43 |
>>> |
| 44 |
>>> [Service] |
| 45 |
>>> Type=oneshot |
| 46 |
>>> RemainAfterExit=yes |
| 47 |
>>> |
| 48 |
>>> EnvironmentFile=/etc/conf.d/network_systemd |
| 49 |
>>> |
| 50 |
>>> ExecStart=/sbin/brctl addbr ${bridge_name} |
| 51 |
>>> ExecStart=/usr/bin/tunctl -b -u ${user} -t ${tap_name} |
| 52 |
>>> ExecStart=/bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up |
| 53 |
>>> ExecStart=/bin/ifconfig ${interface} up |
| 54 |
>>> ExecStart=/bin/ifconfig ${tap_name} up 0.0.0.0 promisc |
| 55 |
>>> ExecStart=/sbin/brctl addif ${bridge_name} ${tap_name} ${interface} |
| 56 |
>>> ExecStart=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1 |
| 57 |
>>> ExecStart=iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE |
| 58 |
>>> ExecStart=/bin/ip route add default via ${gateway} |
| 59 |
>>> |
| 60 |
>>> ExecStop=/bin/ip route del default via ${gateway} |
| 61 |
>>> ExecStop=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0 |
| 62 |
>>> ExecStop=/bin/ifconfig ${tap_name} down |
| 63 |
>>> ExecStop=/sbin/brctl delif ${bridge_name} ${tap_name} |
| 64 |
>>> ExecStop=/usr/bin/tunctl -d ${tap_name} |
| 65 |
>>> ExecStop=/bin/ifconfig ${bridge_name} down |
| 66 |
>>> ExecStop=/bin/ifconfig ${interface} down |
| 67 |
>>> ExecStop=/sbin/brctl delbr ${bridge_name} |
| 68 |
>>> ExecStop=iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE |
| 69 |
>>> |
| 70 |
>>> [Install] |
| 71 |
>>> WantedBy=multi-user.target |
| 72 |
>>> |
| 73 |
>>> ---------- |
| 74 |
>>> |
| 75 |
>>> I disabled network.service and enabled bridge.service, works fine so |
| 76 |
>>> far, I already tested connectivity from KVM-VMs. |
| 77 |
>>> |
| 78 |
>>> I am sure that this quite fresh and bloody, suggestions welcome as |
| 79 |
>>> always ... |
| 80 |
>> |
| 81 |
>> If it works, it works. It just looks... wrong :D |
| 82 |
>> |
| 83 |
>> If you really need so much commands from your unit, you can use a script: |
| 84 |
>> |
| 85 |
>> ------------------------------------------------------------------------ |
| 86 |
>> $ cat /usr/local/bin/kvm-brigdge |
| 87 |
>> #!/bin/sh |
| 88 |
>> |
| 89 |
>> source /etc/conf.d/network_systemd |
| 90 |
>> |
| 91 |
>> case "${1}" in |
| 92 |
>> start) |
| 93 |
>> /sbin/brctl addbr ${bridge_name} |
| 94 |
>> /usr/bin/tunctl -b -u ${user} -t ${tap_name} |
| 95 |
>> /bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up |
| 96 |
>> /bin/ifconfig ${interface} up |
| 97 |
>> /bin/ifconfig ${tap_name} up 0.0.0.0 promisc |
| 98 |
>> /sbin/brctl addif ${bridge_name} ${tap_name} ${interface} |
| 99 |
>> /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1 |
| 100 |
>> iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE |
| 101 |
>> /bin/ip route add default via ${gateway} |
| 102 |
>> ;; |
| 103 |
>> stop) |
| 104 |
>> /bin/ip route del default via ${gateway} |
| 105 |
>> /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0 |
| 106 |
>> /bin/ifconfig ${tap_name} down |
| 107 |
>> /sbin/brctl delif ${bridge_name} ${tap_name} |
| 108 |
>> /usr/bin/tunctl -d ${tap_name} |
| 109 |
>> /bin/ifconfig ${bridge_name} down |
| 110 |
>> /bin/ifconfig ${interface} down |
| 111 |
>> /sbin/brctl delbr ${bridge_name} |
| 112 |
>> iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE |
| 113 |
>> ;; |
| 114 |
>> esac |
| 115 |
>> |
| 116 |
>> ------------------------------------------------------------------------ |
| 117 |
>> $ cat /etc/systemd/system/kvm-bridge.service |
| 118 |
>> [Unit] |
| 119 |
>> Description=network bridge for KVM |
| 120 |
>> After=network.target |
| 121 |
>> |
| 122 |
>> [Service] |
| 123 |
>> Type=oneshot |
| 124 |
>> RemainAfterExit=yes |
| 125 |
>> |
| 126 |
>> ExecStart=/usr/local/bin/kvm-brigdge start |
| 127 |
>> ExecStop=/usr/local/bin/kvm-brigdge stop |
| 128 |
>> |
| 129 |
>> [Install] |
| 130 |
>> WantedBy=multi-user.target |
| 131 |
>> |
| 132 |
>> As I have been saying all this years: that systemd can work without |
| 133 |
>> using scripts, doesn't mean that it isn't able to use them. I use a |
| 134 |
>> couple of them myself; I think this is a perfect example of one. Your |
| 135 |
>> unit file then it's small and simple, as all of them should be. |
| 136 |
>> |
| 137 |
>> Remember that /usr/local/bin/kvm-brigdge needs to be executable. |
| 138 |
> |
| 139 |
> I'll note that in your version, you're ignoring the exit statuses of |
| 140 |
> each of those commands. From a correctness standpoint, I prefer |
| 141 |
> Stefan's version. |
| 142 |
|
| 143 |
I really believe the most important thing abount systemd unit files is |
| 144 |
that they are small and simple. You can also check the exit status |
| 145 |
from each command in the script, or even better, you can do a test |
| 146 |
after all the commands are done to check the status of the bridge and |
| 147 |
see if it was created correctly. |
| 148 |
|
| 149 |
None of this belongs in the unit service, IMO. Otherwise, you end |
| 150 |
creating ssh keys and user groups in unit files, and none of this |
| 151 |
belongs there. Clear separation between the services and the init |
| 152 |
system. |
| 153 |
|
| 154 |
But of course, as I said to Stefan, if it works it works. |
| 155 |
|
| 156 |
Regards. |
| 157 |
-- |
| 158 |
Canek Peláez Valdés |
| 159 |
Posgrado en Ciencia e Ingeniería de la Computación |
| 160 |
Universidad Nacional Autónoma de México |
Archives