colin/NetworkManager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

contrib: improve nm-in-container.d scripts

Browse Source 
Get `ip netns exec` to work. Now we can start stuff in their
own namespace, which is much cleaner.
This commit is contained in:
Thomas Haller
2022-04-27 07:53:17 +02:00
parent bf058554bd
commit e766ca4e7c
2 changed files with 120 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
contrib/scripts/nm-in-container.d/data-nm-env-prepare.sh
View File

@@ -11,6 +11,9 @@ do_cleanup() {
local IDX="$1" local IDX="$1"
local NAME_PREFIX="${2:-net}" local NAME_PREFIX="${2:-net}"
local PEER_PREFIX="${3:-d_}" local PEER_PREFIX="${3:-d_}"
local NETNS_PREFIX="${4:-tt}"
logger --id "nm-env-prepare-$IDX" "cleanup start # $@"
pkill -F "/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" dnsmasq &>/dev/null || : pkill -F "/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" dnsmasq &>/dev/null || :
rm -rf "/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" rm -rf "/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid"
@@ -24,34 +27,54 @@ do_cleanup() {
rm -rf "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf" rm -rf "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf"
ip link del "$PEER_PREFIX$IDX" &>/dev/null || : ip -netns "$NETNS_PREFIX$IDX" link del "$PEER_PREFIX$IDX" &>/dev/null || :
ip netns del "$NETNS_PREFIX$IDX" &>/dev/null || :
logger --id "nm-env-prepare-$IDX" "cleanup complete # $@"
} }
do_setup() { do_setup() {
local IDX="$1" local IDX="$1"
local NAME_PREFIX="${2:-net}" local NAME_PREFIX="${2:-net}"
local PEER_PREFIX="${3:-d_}" local PEER_PREFIX="${3:-d_}"
local NETNS_PREFIX="${4:-tt}"
do_cleanup "$IDX" logger --id "nm-env-prepare-$IDX" "setup start # $@"
ip link add "$NAME_PREFIX$IDX" type veth peer "$PEER_PREFIX$IDX" ip netns add "$NETNS_PREFIX$IDX"
ip link set "$PEER_PREFIX$IDX" up ip -netns "$NETNS_PREFIX$IDX" link set lo up
ip addr add "192.168.$((120 + IDX)).1/23" dev "$PEER_PREFIX$IDX" ip -netns "$NETNS_PREFIX$IDX" link add "$NAME_PREFIX$IDX" type veth peer "$PEER_PREFIX$IDX"
ip addr add "192:168:$((120 + IDX))::1/64" dev "$PEER_PREFIX$IDX" ip -netns "$NETNS_PREFIX$IDX" link set "$PEER_PREFIX$IDX" up
ip -netns "$NETNS_PREFIX$IDX" addr add "192.168.$((120 + IDX)).1/23" dev "$PEER_PREFIX$IDX"
ip -netns "$NETNS_PREFIX$IDX" addr add "192:168:$((120 + IDX))::1/64" dev "$PEER_PREFIX$IDX"
# PPPoE inside the rootless container is not actually working, because # PPPoE inside the rootless container is not actually working, because
# /dev/ppp is not accessible. Still start it, so that we at least can # /dev/ppp is not accessible. Still start it, so that we at least can
# test how far it goes... # test how far it goes...
echo "192.168.$((120 + $IDX)).180-200" > "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX" echo "192.168.$((120 + $IDX)).180-200" > "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX"
pppoe-server -X "/tmp/nm-pppoe-$PEER_PREFIX$IDX.pid" -S isp -C isp -L "192.168.$((120 + IDX)).1" -p "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX" -I "$PEER_PREFIX$IDX" & ip netns exec "$NETNS_PREFIX$IDX" \
pppoe-server \
-X "/tmp/nm-pppoe-$PEER_PREFIX$IDX.pid" \
-S isp \
-C isp \
-L "192.168.$((120 + IDX)).1" \
-p "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX" \
-I "$PEER_PREFIX$IDX" \
&
ip netns exec "$NETNS_PREFIX$IDX" \
dnsmasq \ dnsmasq \
--conf-file=/dev/null \ --conf-file=/dev/null \
--pid-file="/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" \ --pid-file="/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" \
--no-hosts \ --no-hosts \
--keep-in-foreground \ --keep-in-foreground \
--bind-interfaces \ --bind-interfaces \
--log-debug \
--log-queries \
--log-dhcp \
--except-interface=lo \ --except-interface=lo \
--clear-on-reload \ --clear-on-reload \
--listen-address="192.168.$((120 + $IDX)).1" \ --listen-address="192.168.$((120 + $IDX)).1" \
@@ -70,10 +93,17 @@ interface $PEER_PREFIX$IDX
}; };
EOF EOF
ip netns exec "$NETNS_PREFIX$IDX" \
radvd \ radvd \
--config "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf" \ --config "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf" \
--pidfile "/tmp/nm-radvd-$PEER_PREFIX$IDX.pid" \ --pidfile "/tmp/nm-radvd-$PEER_PREFIX$IDX.pid" \
--logmethod syslog \
-d 5 \
& &
ip -netns ""$NETNS_PREFIX$IDX"" link set "$NAME_PREFIX$IDX" netns $$
logger --id "nm-env-prepare-$IDX" "setup complete: netns=$NETNS_PREFIX$IDX, iface=$NAME_PREFIX$IDX, peer=$PEER_PREFIX$IDX # $@"
} }
do_redo() { do_redo() {
@@ -81,8 +111,27 @@ do_redo() {
do_setup "$@" do_setup "$@"
} }
do_one_time_setup() {
if [ ! -d /tmp/sys2 ]; then
# `ip -netns t exec ...` will try to mount sysfs. But kernel rejects that in
# the container, unless a writable sysfs is already mounted. Due to --priviledged,
# we have /sys mounted rw, however, ip will first unmount /sys before trying to
# remount it. We thus need it mounted as rw one additional time.
#
# Let's do this setup step once, and never clean it up.
# https://github.com/containers/podman/issues/11887#issuecomment-938706628
mkdir /tmp/sys2
mount -t sysfs --make-private /tmp/sys2
fi
}
############################################################################### ###############################################################################
# We do this one-time-setup always when the script runs, and never clean it
# up.
do_one_time_setup
IDX=1 IDX=1
NAME_PREFIX=net NAME_PREFIX=net
PEER_PREFIX= PEER_PREFIX=

49
contrib/scripts/nm-in-container.sh
View File

@@ -109,7 +109,54 @@ find NetworkManager bind mounted at $BASEDIR_NM
run \`nm-env-prepare.sh setup --idx 1\` to setup test interfaces run \`nm-env-prepare.sh setup --idx 1\` to setup test interfaces
Configure NetworkManager with Configure NetworkManager with
\$ ./configure --enable-maintainer-mode --enable-more-warnings=error --with-more-asserts="\${NM_BUILD_MORE_ASSERTS:-1000}" --with-nm-cloud-setup=yes --prefix=/opt/test --localstatedir=/var --sysconfdir=/etc --enable-gtk-doc --enable-introspection --with-ofono=yes --with-dhclient=yes --with-dhcpcanon=yes --with-dhcpcd=yes --enable-more-logging --enable-compile-warnings=yes --enable-address-sanitizer=no --enable-undefined-sanitizer=no --with-valgrind=yes --enable-concheck --enable-wimax --enable-ifcfg-rh=yes --enable-config-plugin-ibft=yes --enable-ifcfg-suse --enable-ifupdown=yes --enable-ifnet --enable-vala=yes --enable-polkit=yes --with-libnm-glib=yes --with-nmcli=yes --with-nmtui=yes --with-modem-manager-1 --with-suspend-resume=systemd --enable-teamdctl=yes --enable-ovs=yes --enable-tests="\${NM_BUILD_TESTS:-yes}" --with-netconfig=/bin/nowhere/netconfig --with-resolvconf=/bin/nowhere/resolvconf --with-crypto=nss --with-session-tracking=systemd --with-consolekit=yes --with-systemd-logind=yes --with-iwd=yes --enable-json-validation=yes --with-consolekit=yes --with-config-dns-rc-manager-default=auto --with-config-dhcp-default=internal "\${NM_CONFIGURE_OTPS[@]}" \$ ./configure \
--enable-address-sanitizer=no \
--enable-compile-warnings=yes \
--enable-concheck \
--enable-config-plugin-ibft=yes \
--enable-gtk-doc \
--enable-ifcfg-rh=yes \
--enable-ifcfg-suse \
--enable-ifnet \
--enable-ifupdown=yes \
--enable-introspection \
--enable-json-validation=yes \
--enable-maintainer-mode \
--enable-more-logging \
--enable-more-warnings=error \
--enable-ovs=yes \
--enable-polkit=yes \
--enable-teamdctl=yes \
--enable-undefined-sanitizer=no \
--enable-vala=yes \
--enable-wimax \
--localstatedir=/var \
--prefix=/opt/test \
--sysconfdir=/etc \
--with-config-dhcp-default=internal \
--with-config-dns-rc-manager-default=auto \
--with-consolekit=yes \
--with-consolekit=yes \
--with-crypto=nss \
--with-dhclient=yes \
--with-dhcpcanon=yes \
--with-dhcpcd=yes \
--with-iwd=yes \
--with-libnm-glib=yes \
--with-modem-manager-1 \
--with-netconfig=/bin/nowhere/netconfig \
--with-nm-cloud-setup=yes \
--with-nmcli=yes \
--with-nmtui=yes \
--with-ofono=yes \
--with-resolvconf=/bin/nowhere/resolvconf \
--with-session-tracking=systemd \
--with-suspend-resume=systemd \
--with-systemd-logind=yes \
--with-valgrind=yes \
--enable-tests="\${NM_BUILD_TESTS:-yes}" \
--with-more-asserts="\${NM_BUILD_MORE_ASSERTS:-1000}" \
"\${NM_CONFIGURE_OTPS[@]}"
Test with: Test with:
\$ systemctl stop NetworkManager; /opt/test/sbin/NetworkManager --debug 2>&1 | tee -a /tmp/nm-log.txt \$ systemctl stop NetworkManager; /opt/test/sbin/NetworkManager --debug 2>&1 | tee -a /tmp/nm-log.txt
EOF EOF