summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Haller <thaller@redhat.com>2022-04-27 07:53:17 +0200
committerThomas Haller <thaller@redhat.com>2022-04-28 19:33:14 +0200
commite766ca4e7cd6a6f82108f18214111cf77faf5f17 (patch)
treec4ebe8448536ff98f2b4486f7e49e6abdafbc061
parentbf058554bd5f540a7a8e5159614d39b2055df731 (diff)
downloadNetworkManager-e766ca4e7cd6a6f82108f18214111cf77faf5f17.tar.gz
contrib: improve nm-in-container.d scripts
Get `ip netns exec` to work. Now we can start stuff in their own namespace, which is much cleaner.
Diffstat
-rwxr-xr-xcontrib/scripts/nm-in-container.d/data-nm-env-prepare.sh97
-rwxr-xr-xcontrib/scripts/nm-in-container.sh49
2 files changed, 121 insertions, 25 deletions
diff --git a/contrib/scripts/nm-in-container.d/data-nm-env-prepare.sh b/contrib/scripts/nm-in-container.d/data-nm-env-prepare.sh
index 61cee0371c..49c91d3ff8 100755
--- a/contrib/scripts/nm-in-container.d/data-nm-env-prepare.sh
+++ b/contrib/scripts/nm-in-container.d/data-nm-env-prepare.sh
@@ -11,6 +11,9 @@ do_cleanup() {
local IDX="$1"
local NAME_PREFIX="${2:-net}"
local PEER_PREFIX="${3:-d_}"
+ local NETNS_PREFIX="${4:-tt}"
+
+ logger --id "nm-env-prepare-$IDX" "cleanup start # $@"
pkill -F "/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" dnsmasq &>/dev/null || :
rm -rf "/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid"
@@ -24,40 +27,60 @@ do_cleanup() {
rm -rf "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf"
- ip link del "$PEER_PREFIX$IDX" &>/dev/null || :
+ ip -netns "$NETNS_PREFIX$IDX" link del "$PEER_PREFIX$IDX" &>/dev/null || :
+
+ ip netns del "$NETNS_PREFIX$IDX" &>/dev/null || :
+
+ logger --id "nm-env-prepare-$IDX" "cleanup complete # $@"
}
do_setup() {
local IDX="$1"
local NAME_PREFIX="${2:-net}"
local PEER_PREFIX="${3:-d_}"
+ local NETNS_PREFIX="${4:-tt}"
- do_cleanup "$IDX"
+ logger --id "nm-env-prepare-$IDX" "setup start # $@"
- ip link add "$NAME_PREFIX$IDX" type veth peer "$PEER_PREFIX$IDX"
- ip link set "$PEER_PREFIX$IDX" up
+ ip netns add "$NETNS_PREFIX$IDX"
+ ip -netns "$NETNS_PREFIX$IDX" link set lo up
- ip addr add "192.168.$((120 + IDX)).1/23" dev "$PEER_PREFIX$IDX"
- ip addr add "192:168:$((120 + IDX))::1/64" dev "$PEER_PREFIX$IDX"
+ ip -netns "$NETNS_PREFIX$IDX" link add "$NAME_PREFIX$IDX" type veth peer "$PEER_PREFIX$IDX"
+ ip -netns "$NETNS_PREFIX$IDX" link set "$PEER_PREFIX$IDX" up
+
+ ip -netns "$NETNS_PREFIX$IDX" addr add "192.168.$((120 + IDX)).1/23" dev "$PEER_PREFIX$IDX"
+ ip -netns "$NETNS_PREFIX$IDX" addr add "192:168:$((120 + IDX))::1/64" dev "$PEER_PREFIX$IDX"
# PPPoE inside the rootless container is not actually working, because
# /dev/ppp is not accessible. Still start it, so that we at least can
# test how far it goes...
echo "192.168.$((120 + $IDX)).180-200" > "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX"
- pppoe-server -X "/tmp/nm-pppoe-$PEER_PREFIX$IDX.pid" -S isp -C isp -L "192.168.$((120 + IDX)).1" -p "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX" -I "$PEER_PREFIX$IDX" &
-
- dnsmasq \
- --conf-file=/dev/null \
- --pid-file="/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" \
- --no-hosts \
- --keep-in-foreground \
- --bind-interfaces \
- --except-interface=lo \
- --clear-on-reload \
- --listen-address="192.168.$((120 + $IDX)).1" \
- --dhcp-range="192.168.$((120 + $IDX)).100,192.168.$((120 + $IDX)).150" \
- --no-ping \
- &
+ ip netns exec "$NETNS_PREFIX$IDX" \
+ pppoe-server \
+ -X "/tmp/nm-pppoe-$PEER_PREFIX$IDX.pid" \
+ -S isp \
+ -C isp \
+ -L "192.168.$((120 + IDX)).1" \
+ -p "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX" \
+ -I "$PEER_PREFIX$IDX" \
+ &
+
+ ip netns exec "$NETNS_PREFIX$IDX" \
+ dnsmasq \
+ --conf-file=/dev/null \
+ --pid-file="/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" \
+ --no-hosts \
+ --keep-in-foreground \
+ --bind-interfaces \
+ --log-debug \
+ --log-queries \
+ --log-dhcp \
+ --except-interface=lo \
+ --clear-on-reload \
+ --listen-address="192.168.$((120 + $IDX)).1" \
+ --dhcp-range="192.168.$((120 + $IDX)).100,192.168.$((120 + $IDX)).150" \
+ --no-ping \
+ &
cat <<EOF > "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf"
interface $PEER_PREFIX$IDX
@@ -70,10 +93,17 @@ interface $PEER_PREFIX$IDX
};
EOF
- radvd \
- --config "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf" \
- --pidfile "/tmp/nm-radvd-$PEER_PREFIX$IDX.pid" \
- &
+ ip netns exec "$NETNS_PREFIX$IDX" \
+ radvd \
+ --config "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf" \
+ --pidfile "/tmp/nm-radvd-$PEER_PREFIX$IDX.pid" \
+ --logmethod syslog \
+ -d 5 \
+ &
+
+ ip -netns ""$NETNS_PREFIX$IDX"" link set "$NAME_PREFIX$IDX" netns $$
+
+ logger --id "nm-env-prepare-$IDX" "setup complete: netns=$NETNS_PREFIX$IDX, iface=$NAME_PREFIX$IDX, peer=$PEER_PREFIX$IDX # $@"
}
do_redo() {
@@ -81,8 +111,27 @@ do_redo() {
do_setup "$@"
}
+do_one_time_setup() {
+ if [ ! -d /tmp/sys2 ]; then
+ # `ip -netns t exec ...` will try to mount sysfs. But kernel rejects that in
+ # the container, unless a writable sysfs is already mounted. Due to --priviledged,
+ # we have /sys mounted rw, however, ip will first unmount /sys before trying to
+ # remount it. We thus need it mounted as rw one additional time.
+ #
+ # Let's do this setup step once, and never clean it up.
+ # https://github.com/containers/podman/issues/11887#issuecomment-938706628
+ mkdir /tmp/sys2
+ mount -t sysfs --make-private /tmp/sys2
+ fi
+}
+
###############################################################################
+# We do this one-time-setup always when the script runs, and never clean it
+# up.
+do_one_time_setup
+
+
IDX=1
NAME_PREFIX=net
PEER_PREFIX=
diff --git a/contrib/scripts/nm-in-container.sh b/contrib/scripts/nm-in-container.sh
index c997e36c6b..02a16e9da3 100755
--- a/contrib/scripts/nm-in-container.sh
+++ b/contrib/scripts/nm-in-container.sh
@@ -109,7 +109,54 @@ find NetworkManager bind mounted at $BASEDIR_NM
run \`nm-env-prepare.sh setup --idx 1\` to setup test interfaces
Configure NetworkManager with
- \$ ./configure --enable-maintainer-mode --enable-more-warnings=error --with-more-asserts="\${NM_BUILD_MORE_ASSERTS:-1000}" --with-nm-cloud-setup=yes --prefix=/opt/test --localstatedir=/var --sysconfdir=/etc --enable-gtk-doc --enable-introspection --with-ofono=yes --with-dhclient=yes --with-dhcpcanon=yes --with-dhcpcd=yes --enable-more-logging --enable-compile-warnings=yes --enable-address-sanitizer=no --enable-undefined-sanitizer=no --with-valgrind=yes --enable-concheck --enable-wimax --enable-ifcfg-rh=yes --enable-config-plugin-ibft=yes --enable-ifcfg-suse --enable-ifupdown=yes --enable-ifnet --enable-vala=yes --enable-polkit=yes --with-libnm-glib=yes --with-nmcli=yes --with-nmtui=yes --with-modem-manager-1 --with-suspend-resume=systemd --enable-teamdctl=yes --enable-ovs=yes --enable-tests="\${NM_BUILD_TESTS:-yes}" --with-netconfig=/bin/nowhere/netconfig --with-resolvconf=/bin/nowhere/resolvconf --with-crypto=nss --with-session-tracking=systemd --with-consolekit=yes --with-systemd-logind=yes --with-iwd=yes --enable-json-validation=yes --with-consolekit=yes --with-config-dns-rc-manager-default=auto --with-config-dhcp-default=internal "\${NM_CONFIGURE_OTPS[@]}"
+ \$ ./configure \
+ --enable-address-sanitizer=no \
+ --enable-compile-warnings=yes \
+ --enable-concheck \
+ --enable-config-plugin-ibft=yes \
+ --enable-gtk-doc \
+ --enable-ifcfg-rh=yes \
+ --enable-ifcfg-suse \
+ --enable-ifnet \
+ --enable-ifupdown=yes \
+ --enable-introspection \
+ --enable-json-validation=yes \
+ --enable-maintainer-mode \
+ --enable-more-logging \
+ --enable-more-warnings=error \
+ --enable-ovs=yes \
+ --enable-polkit=yes \
+ --enable-teamdctl=yes \
+ --enable-undefined-sanitizer=no \
+ --enable-vala=yes \
+ --enable-wimax \
+ --localstatedir=/var \
+ --prefix=/opt/test \
+ --sysconfdir=/etc \
+ --with-config-dhcp-default=internal \
+ --with-config-dns-rc-manager-default=auto \
+ --with-consolekit=yes \
+ --with-consolekit=yes \
+ --with-crypto=nss \
+ --with-dhclient=yes \
+ --with-dhcpcanon=yes \
+ --with-dhcpcd=yes \
+ --with-iwd=yes \
+ --with-libnm-glib=yes \
+ --with-modem-manager-1 \
+ --with-netconfig=/bin/nowhere/netconfig \
+ --with-nm-cloud-setup=yes \
+ --with-nmcli=yes \
+ --with-nmtui=yes \
+ --with-ofono=yes \
+ --with-resolvconf=/bin/nowhere/resolvconf \
+ --with-session-tracking=systemd \
+ --with-suspend-resume=systemd \
+ --with-systemd-logind=yes \
+ --with-valgrind=yes \
+ --enable-tests="\${NM_BUILD_TESTS:-yes}" \
+ --with-more-asserts="\${NM_BUILD_MORE_ASSERTS:-1000}" \
+ "\${NM_CONFIGURE_OTPS[@]}"
Test with:
\$ systemctl stop NetworkManager; /opt/test/sbin/NetworkManager --debug 2>&1 | tee -a /tmp/nm-log.txt
EOF
View Lorry Controller Status