Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Michael Mol <mikemol@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] *draft* for setting up network bridge with systemd (for qemu/kvm)
Date: Tue, 29 Jan 2013 19:05:40
Message-Id: CA+czFiB58Vn1w5S-JExgR5ODBMKvXDVaNw9miLepQ0iERgVRdg@mail.gmail.com
In Reply to: Re: [gentoo-user] *draft* for setting up network bridge with systemd (for qemu/kvm) by "Canek Peláez Valdés"
1 On Tue, Jan 29, 2013 at 1:57 PM, Canek Peláez Valdés <caneko@×××××.com> wrote:
2 > On Tue, Jan 29, 2013 at 10:32 AM, Stefan G. Weichinger <lists@×××××.at> wrote:
3 >> Am 28.01.2013 22:49, schrieb Stefan G. Weichinger:
4 >>
5 >>>>> ps: my bigger hurdle will be the bridging-setup for running
6 >>>>> KVM-virtualization. This was one of the reasons to go back to openrc
7 >>>>> back then.
8 >>>>
9 >>>> I have no experience with that, but if it works in OpenRC it should
10 >>>> work in systemd. Probably better, even.
11 >>>
12 >>> I don't think it won't work, I just wonder how to do it in the right and
13 >>> most efficient way. I will think about that later/tomorrow maybe,
14 >>> already late here ...
15 >>
16 >> I have a *draft* here for bridge.service ... I used the init.d-script
17 >> from here as a template:
18 >>
19 >> http://en.gentoo-wiki.com/wiki/KVM#Script_to_ease_the_configuration
20 >>
21 >> (I used a variation of that as /etc/init.d/kvm for long now)
22 >>
23 >> My service-file reads variables from a separated configfile:
24 >>
25 >> # cat /etc/conf.d/network_systemd
26 >> interface=eth0
27 >> address=172.32.99.12
28 >> netmask=255.255.255.0
29 >> broadcast=172.32.99.255
30 >> gateway=172.32.99.250
31 >> bridge_name=br0
32 >> tap_name=qtap0
33 >> user=sgw
34 >>
35 >>
36 >> and it currently looks like this:
37 >>
38 >> # cat /etc/systemd/system/bridge.service
39 >> [Unit]
40 >> Description=network bridge for KVM
41 >> After=network.target
42 >>
43 >> [Service]
44 >> Type=oneshot
45 >> RemainAfterExit=yes
46 >>
47 >> EnvironmentFile=/etc/conf.d/network_systemd
48 >>
49 >> ExecStart=/sbin/brctl addbr ${bridge_name}
50 >> ExecStart=/usr/bin/tunctl -b -u ${user} -t ${tap_name}
51 >> ExecStart=/bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up
52 >> ExecStart=/bin/ifconfig ${interface} up
53 >> ExecStart=/bin/ifconfig ${tap_name} up 0.0.0.0 promisc
54 >> ExecStart=/sbin/brctl addif ${bridge_name} ${tap_name} ${interface}
55 >> ExecStart=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1
56 >> ExecStart=iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE
57 >> ExecStart=/bin/ip route add default via ${gateway}
58 >>
59 >> ExecStop=/bin/ip route del default via ${gateway}
60 >> ExecStop=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0
61 >> ExecStop=/bin/ifconfig ${tap_name} down
62 >> ExecStop=/sbin/brctl delif ${bridge_name} ${tap_name}
63 >> ExecStop=/usr/bin/tunctl -d ${tap_name}
64 >> ExecStop=/bin/ifconfig ${bridge_name} down
65 >> ExecStop=/bin/ifconfig ${interface} down
66 >> ExecStop=/sbin/brctl delbr ${bridge_name}
67 >> ExecStop=iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE
68 >>
69 >> [Install]
70 >> WantedBy=multi-user.target
71 >>
72 >> ----------
73 >>
74 >> I disabled network.service and enabled bridge.service, works fine so
75 >> far, I already tested connectivity from KVM-VMs.
76 >>
77 >> I am sure that this quite fresh and bloody, suggestions welcome as
78 >> always ...
79 >
80 > If it works, it works. It just looks... wrong :D
81 >
82 > If you really need so much commands from your unit, you can use a script:
83 >
84 > ------------------------------------------------------------------------
85 > $ cat /usr/local/bin/kvm-brigdge
86 > #!/bin/sh
87 >
88 > source /etc/conf.d/network_systemd
89 >
90 > case "${1}" in
91 > start)
92 > /sbin/brctl addbr ${bridge_name}
93 > /usr/bin/tunctl -b -u ${user} -t ${tap_name}
94 > /bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up
95 > /bin/ifconfig ${interface} up
96 > /bin/ifconfig ${tap_name} up 0.0.0.0 promisc
97 > /sbin/brctl addif ${bridge_name} ${tap_name} ${interface}
98 > /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1
99 > iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE
100 > /bin/ip route add default via ${gateway}
101 > ;;
102 > stop)
103 > /bin/ip route del default via ${gateway}
104 > /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0
105 > /bin/ifconfig ${tap_name} down
106 > /sbin/brctl delif ${bridge_name} ${tap_name}
107 > /usr/bin/tunctl -d ${tap_name}
108 > /bin/ifconfig ${bridge_name} down
109 > /bin/ifconfig ${interface} down
110 > /sbin/brctl delbr ${bridge_name}
111 > iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE
112 > ;;
113 > esac
114 >
115 > ------------------------------------------------------------------------
116 > $ cat /etc/systemd/system/kvm-bridge.service
117 > [Unit]
118 > Description=network bridge for KVM
119 > After=network.target
120 >
121 > [Service]
122 > Type=oneshot
123 > RemainAfterExit=yes
124 >
125 > ExecStart=/usr/local/bin/kvm-brigdge start
126 > ExecStop=/usr/local/bin/kvm-brigdge stop
127 >
128 > [Install]
129 > WantedBy=multi-user.target
130 >
131 > As I have been saying all this years: that systemd can work without
132 > using scripts, doesn't mean that it isn't able to use them. I use a
133 > couple of them myself; I think this is a perfect example of one. Your
134 > unit file then it's small and simple, as all of them should be.
135 >
136 > Remember that /usr/local/bin/kvm-brigdge needs to be executable.
137
138 I'll note that in your version, you're ignoring the exit statuses of
139 each of those commands. From a correctness standpoint, I prefer
140 Stefan's version.
141
142 --
143 :wq

Replies

Subject Author
Re: [gentoo-user] *draft* for setting up network bridge with systemd (for qemu/kvm) "Stefan G. Weichinger" <lists@×××××.at>
Re: [gentoo-user] *draft* for setting up network bridge with systemd (for qemu/kvm) "Canek Peláez Valdés" <caneko@×××××.com>
Report Message
Find on MARC Find on Google Groups