| 1 |
On Tue, Jan 29, 2013 at 10:32 AM, Stefan G. Weichinger <lists@×××××.at> wrote: |
| 2 |
> Am 28.01.2013 22:49, schrieb Stefan G. Weichinger: |
| 3 |
> |
| 4 |
>>>> ps: my bigger hurdle will be the bridging-setup for running |
| 5 |
>>>> KVM-virtualization. This was one of the reasons to go back to openrc |
| 6 |
>>>> back then. |
| 7 |
>>> |
| 8 |
>>> I have no experience with that, but if it works in OpenRC it should |
| 9 |
>>> work in systemd. Probably better, even. |
| 10 |
>> |
| 11 |
>> I don't think it won't work, I just wonder how to do it in the right and |
| 12 |
>> most efficient way. I will think about that later/tomorrow maybe, |
| 13 |
>> already late here ... |
| 14 |
> |
| 15 |
> I have a *draft* here for bridge.service ... I used the init.d-script |
| 16 |
> from here as a template: |
| 17 |
> |
| 18 |
> http://en.gentoo-wiki.com/wiki/KVM#Script_to_ease_the_configuration |
| 19 |
> |
| 20 |
> (I used a variation of that as /etc/init.d/kvm for long now) |
| 21 |
> |
| 22 |
> My service-file reads variables from a separated configfile: |
| 23 |
> |
| 24 |
> # cat /etc/conf.d/network_systemd |
| 25 |
> interface=eth0 |
| 26 |
> address=172.32.99.12 |
| 27 |
> netmask=255.255.255.0 |
| 28 |
> broadcast=172.32.99.255 |
| 29 |
> gateway=172.32.99.250 |
| 30 |
> bridge_name=br0 |
| 31 |
> tap_name=qtap0 |
| 32 |
> user=sgw |
| 33 |
> |
| 34 |
> |
| 35 |
> and it currently looks like this: |
| 36 |
> |
| 37 |
> # cat /etc/systemd/system/bridge.service |
| 38 |
> [Unit] |
| 39 |
> Description=network bridge for KVM |
| 40 |
> After=network.target |
| 41 |
> |
| 42 |
> [Service] |
| 43 |
> Type=oneshot |
| 44 |
> RemainAfterExit=yes |
| 45 |
> |
| 46 |
> EnvironmentFile=/etc/conf.d/network_systemd |
| 47 |
> |
| 48 |
> ExecStart=/sbin/brctl addbr ${bridge_name} |
| 49 |
> ExecStart=/usr/bin/tunctl -b -u ${user} -t ${tap_name} |
| 50 |
> ExecStart=/bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up |
| 51 |
> ExecStart=/bin/ifconfig ${interface} up |
| 52 |
> ExecStart=/bin/ifconfig ${tap_name} up 0.0.0.0 promisc |
| 53 |
> ExecStart=/sbin/brctl addif ${bridge_name} ${tap_name} ${interface} |
| 54 |
> ExecStart=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1 |
| 55 |
> ExecStart=iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE |
| 56 |
> ExecStart=/bin/ip route add default via ${gateway} |
| 57 |
> |
| 58 |
> ExecStop=/bin/ip route del default via ${gateway} |
| 59 |
> ExecStop=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0 |
| 60 |
> ExecStop=/bin/ifconfig ${tap_name} down |
| 61 |
> ExecStop=/sbin/brctl delif ${bridge_name} ${tap_name} |
| 62 |
> ExecStop=/usr/bin/tunctl -d ${tap_name} |
| 63 |
> ExecStop=/bin/ifconfig ${bridge_name} down |
| 64 |
> ExecStop=/bin/ifconfig ${interface} down |
| 65 |
> ExecStop=/sbin/brctl delbr ${bridge_name} |
| 66 |
> ExecStop=iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE |
| 67 |
> |
| 68 |
> [Install] |
| 69 |
> WantedBy=multi-user.target |
| 70 |
> |
| 71 |
> ---------- |
| 72 |
> |
| 73 |
> I disabled network.service and enabled bridge.service, works fine so |
| 74 |
> far, I already tested connectivity from KVM-VMs. |
| 75 |
> |
| 76 |
> I am sure that this quite fresh and bloody, suggestions welcome as |
| 77 |
> always ... |
| 78 |
|
| 79 |
If it works, it works. It just looks... wrong :D |
| 80 |
|
| 81 |
If you really need so much commands from your unit, you can use a script: |
| 82 |
|
| 83 |
------------------------------------------------------------------------ |
| 84 |
$ cat /usr/local/bin/kvm-brigdge |
| 85 |
#!/bin/sh |
| 86 |
|
| 87 |
source /etc/conf.d/network_systemd |
| 88 |
|
| 89 |
case "${1}" in |
| 90 |
start) |
| 91 |
/sbin/brctl addbr ${bridge_name} |
| 92 |
/usr/bin/tunctl -b -u ${user} -t ${tap_name} |
| 93 |
/bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up |
| 94 |
/bin/ifconfig ${interface} up |
| 95 |
/bin/ifconfig ${tap_name} up 0.0.0.0 promisc |
| 96 |
/sbin/brctl addif ${bridge_name} ${tap_name} ${interface} |
| 97 |
/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1 |
| 98 |
iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE |
| 99 |
/bin/ip route add default via ${gateway} |
| 100 |
;; |
| 101 |
stop) |
| 102 |
/bin/ip route del default via ${gateway} |
| 103 |
/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0 |
| 104 |
/bin/ifconfig ${tap_name} down |
| 105 |
/sbin/brctl delif ${bridge_name} ${tap_name} |
| 106 |
/usr/bin/tunctl -d ${tap_name} |
| 107 |
/bin/ifconfig ${bridge_name} down |
| 108 |
/bin/ifconfig ${interface} down |
| 109 |
/sbin/brctl delbr ${bridge_name} |
| 110 |
iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE |
| 111 |
;; |
| 112 |
esac |
| 113 |
|
| 114 |
------------------------------------------------------------------------ |
| 115 |
$ cat /etc/systemd/system/kvm-bridge.service |
| 116 |
[Unit] |
| 117 |
Description=network bridge for KVM |
| 118 |
After=network.target |
| 119 |
|
| 120 |
[Service] |
| 121 |
Type=oneshot |
| 122 |
RemainAfterExit=yes |
| 123 |
|
| 124 |
ExecStart=/usr/local/bin/kvm-brigdge start |
| 125 |
ExecStop=/usr/local/bin/kvm-brigdge stop |
| 126 |
|
| 127 |
[Install] |
| 128 |
WantedBy=multi-user.target |
| 129 |
|
| 130 |
As I have been saying all this years: that systemd can work without |
| 131 |
using scripts, doesn't mean that it isn't able to use them. I use a |
| 132 |
couple of them myself; I think this is a perfect example of one. Your |
| 133 |
unit file then it's small and simple, as all of them should be. |
| 134 |
|
| 135 |
Remember that /usr/local/bin/kvm-brigdge needs to be executable. |
| 136 |
|
| 137 |
Regards. |
| 138 |
-- |
| 139 |
Canek Peláez Valdés |
| 140 |
Posgrado en Ciencia e Ingeniería de la Computación |
| 141 |
Universidad Nacional Autónoma de México |
Archives