[Users] Virtuozzo 7 - bridged veth interfaces for container
Axton
axton.grams at gmail.com
Sat Feb 13 12:53:18 PST 2016
I found the container action scripts capability, but this is not sufficient
for my needs:
https://docs.openvz.org/virtuozzo_7_command_line_reference.webhelp/_container_action_scripts.html
The start script runs in the context of the container; I need the
equivalent trigger to run a script on the host. The mount script is
executed on the host, but the veth interface has not been created on the
host when this script runs.
On Sat, Feb 13, 2016 at 10:49 AM, Axton <axton.grams at gmail.com> wrote:
> Digging through my notes, I accomplished this using a script
> /usr/sbin/vznetaddr which parses the ctid.conf file and adds the CT veth
> interfaces to a bridge.
>
>
> and a config file:
>
> $ cat /etc/vz/vznet.conf
> EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"
>
> If no native capabilities exist to make the bridge configuration changes
> in Virtuozzo 7, what I need is a way to call a script when the container is
> started, after the interface has been created on the host. Is there a way
> to hook into the container startup in this way?
>
> At the end of the day, what I am looking to do is automatlly attach at
> container to one or more vlans using veth interfaces. I accomplished this
> in the past using bridge utils. It is important that I can specify which
> bridge each veth interface is added to. Let me know if there is a better
> way to do this.
>
> Thanks,
> Axton Grams
>
> On Fri, Feb 12, 2016 at 9:22 PM, Axton <axton.grams at gmail.com> wrote:
>
>> My host's network uses teaming, bridge, and vlan interfaces.
>>
>> There are 4 physical interfaces: enp0s20f0-enp0s20f3
>> The 4 physical interfaces are grouped using lacp via teaming.
>>
>> [root at cluster-02 ~]# teamdctl team0 config dump actual
>> {
>> "device": "team0",
>> "link_watch": {
>> "name": "ethtool"
>> },
>> "ports": {
>> "enp0s20f0": {},
>> "enp0s20f1": {},
>> "enp0s20f2": {},
>> "enp0s20f3": {}
>> },
>> "runner": {
>> "active": true,
>> "fast_rate": true,
>> "name": "lacp",
>> "tx_balancer": {
>> "name": "basic"
>> },
>> "tx_hash": [
>> "eth",
>> "ipv4",
>> "ipv6"
>> ]
>> }
>> }
>>
>> The switch is configured to send 802.1q (vlan) encapsulated packets for a
>> series of vlans. For each vlan, a vlan interface is configured on the
>> linux host and a bridge is configured on top of the vlan iface. Take vlan
>> 80 as an example:
>>
>> [root at cluster-02 ~]# cat /etc/sysconfig/network-scripts/ifcfg-team0.80
>> DEVICE=team0.80
>> VLAN=yes
>> BOOTPROTO=none
>> NM_CONTROLLED=no
>> BRIDGE=vmbr80
>> IPV6INIT=no
>> MTU=9000
>>
>> [root at cluster-02 ~]# cat /etc/sysconfig/network-scripts/ifcfg-vmbr80
>> VLAN=yes
>> TYPE=Bridge
>> DEVICE=vmbr80
>> PHYSDEV=team0
>> VLAN_ID=80
>> REORDER_HDR=0
>> IPV4_FAILURE_FATAL=no
>> IPV6INIT=no
>> IPV6_AUTOCONF=no
>> IPV6_DEFROUTE=no
>> IPV6_FAILURE_FATAL=no
>> NAME=vlan-vlan80
>> ONBOOT=yes
>> MTU=9000
>> BOOTPROTO=none
>> STP=off
>> DELAY=0
>> IPV4_DEFROUTE=no
>>
>>
>> In a nutshell: physical ifaces (4) -> team0 -> team0.<vlanid> (10) ->
>> vmbr<vlanid> (bridge). The bridges are all in place and everything works
>> as expected with the interface/network configuration on the host:
>>
>> [root at cluster-02 ~]# brctl show
>> bridge name bridge id STP enabled interfaces
>> host-routed 8000.000000000000 no
>> virbr1 8000.525400885137 no virbr1-nic
>> vmbr10 8000.0cc47a6b9554 no team0.10
>> vmbr20 8000.0cc47a6b9554 no team0.20
>> vmbr30 8000.0cc47a6b9554 no team0.30
>> vmbr40 8000.0cc47a6b9554 no team0.40
>> vmbr5 8000.0cc47a6b9554 no team0.5
>> vmbr70 8000.0cc47a6b9554 no team0.70
>> vmbr80 8000.0cc47a6b9554 no team0.80
>> vmbr90 8000.0cc47a6b9554 no team0.90
>> vmbr91 8000.0cc47a6b9554 no team0.91
>> vmbr92 8000.0cc47a6b9554 no team0.92
>>
>> In openvz on RHEL 6, I added an interface to a container using vzctl like
>> this:
>> vzctl set 30000 --netif_add eth4,,veth30000.40,,vmbr40 --save
>>
>> I am trying to add a veth interface to a container and specify the bridge
>> interface on Virtuozzo 7.
>> - vzctl behaves differently, it expects macs.
>> - prlctl does not have sufficient options; I can add an interface but not
>> specify the bridge device
>> - prlsrvctl looks like it only supports physical interfaces (see
>> following commands)
>> [root at cluster-02 ~]# ip link show vmbr80
>> 21: vmbr80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue
>> state UP mode DEFAULT
>> link/ether 0c:c4:7a:6b:95:54 brd ff:ff:ff:ff:ff:ff
>> [root at cluster-02 ~]# ip a show vmbr80
>> 21: vmbr80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue
>> state UP
>> link/ether 0c:c4:7a:6b:95:54 brd ff:ff:ff:ff:ff:ff
>> [root at cluster-02 ~]# prlsrvctl net add vlan80 -i vmbr90 -t bridged --ip
>> 10.1.0.0/22
>> Failed to find network adapter vmbr90 on the server.
>>
>> - vznetcfg does not seem to exist in a state that matches the virtuozzo 7
>> documentation (only see /usr/libexec/libvzctl/scripts/vznetcfg on my
>> machine)
>>
>> I thought maybe I should add a virtual network and bridge it, but I can't
>> seem to find a way to do this.
>> I thought maybe I would use vzctl like I did on rhel 6, but that requires
>> me to provide mac addresses (rhel 6 would autogen macs)
>>
>> At a bit of a loss. Any help is appreciated.
>>
>> Thanks,
>> Axton Grams
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvz.org/pipermail/users/attachments/20160213/904935dc/attachment.html>
More information about the Users
mailing list