-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpipework
executable file
·180 lines (166 loc) · 4.31 KB
/
pipework
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/bin/bash
set -e
case "$1" in
--wait)
while ! grep -q ^1$ /sys/class/net/eth1/carrier 2>/dev/null
do sleep 1
done
exit 0
;;
esac
IFNAME=$1
GUESTNAME=$2
IPADDR=$3
MACADDR=$4
[ "$IPADDR" ] || {
echo "Syntax:"
echo "pipework <hostinterface> <guest> <ipaddr>/<subnet>[@default_gateway] [macaddr]"
echo "pipework <hostinterface> <guest> dhcp [macaddr]"
echo "pipework --wait"
exit 1
}
# First step: determine type of first argument (bridge, physical interface...)
if [ -d /sys/class/net/$IFNAME ]
then
if [ -d /sys/class/net/$IFNAME/bridge ]
then
IFTYPE=bridge
BRTYPE=linux
elif $(which ovs-vsctl >/dev/null) && $(ovs-vsctl list-br|grep -q ^$IFNAME$)
then
IFTYPE=bridge
BRTYPE=openvswitch
else IFTYPE=phys
fi
else
case "$IFNAME" in
br*)
IFTYPE=bridge
;;
*)
echo "I do not know how to setup interface $IFNAME."
exit 1
;;
esac
fi
# Second step: find the guest (for now, we only support LXC containers)
while read dev mnt fstype options dump fsck
do
[ "$fstype" != "cgroup" ] && continue
echo $options | grep -qw devices || continue
CGROUPMNT=$mnt
done < /proc/mounts
[ "$CGROUPMNT" ] || {
echo "Could not locate cgroup mount point."
exit 1
}
# Try to find a cgroup matching exactly the provided name.
N=$(find "$CGROUPMNT" -name "$GUESTNAME" | wc -l)
case "$N" in
0)
# If we didn't find anything, try to lookup the container with Docker.
if which docker >/dev/null
then
DOCKERID=$(docker inspect -format='{{.ID}}' $GUESTNAME)
[ "$DOCKERID" = "<no value>" ] && {
echo "Container $GUESTNAME not found, and unknown to Docker."
exit 1
}
NN=$(find "$CGROUPMNT" -name "$DOCKERID" | wc -l)
case "$NN" in
0)
echo "Container $GUESTNAME doesn't seem to be running."
exit 1
;;
1)
GUESTNAME=$DOCKERID
;;
*)
echo "Multiple cgroup entries for container $GUESTNAME."
exit 1
;;
esac
else
echo "Container $GUESTNAME not found, and Docker not installed."
exit 1
fi
;;
1)
true
;;
*)
echo "Found more than one container matching $GUESTNAME."
exit 1
;;
esac
if [ "$IPADDR" = "dhcp" ]
then
# We use udhcpc to obtain the DHCP lease, make sure it's installed.
which udhcpc >/dev/null || {
echo "You asked for DHCP; please install udhcpc first."
exit 1
}
else
# Check if a subnet mask was provided.
echo $IPADDR | grep -q / || {
echo "The IP address should include a netmask."
echo "Maybe you meant $IPADDR/24 ?"
exit 1
}
# Check if a gateway address was provided.
if echo $IPADDR | grep -q @
then
GATEWAY=$(echo $IPADDR | cut -d@ -f2)
IPADDR=$(echo $IPADDR | cut -d@ -f1)
else
GATEWAY=
fi
fi
NSPID=$(head -n 1 $(find "$CGROUPMNT" -name "$GUESTNAME" | head -n 1)/tasks)
[ "$NSPID" ] || {
echo "Could not find a process inside container $GUESTNAME."
exit 1
}
mkdir -p /var/run/netns
rm -f /var/run/netns/$NSPID
ln -s /proc/$NSPID/ns/net /var/run/netns/$NSPID
# Check if we need to create a bridge.
[ $IFTYPE = bridge ] && [ ! -d /sys/class/net/$IFNAME ] && {
ip link add $IFNAME type bridge
ip link set $IFNAME up
}
# If it's a bridge, we need to create a veth pair
[ $IFTYPE = bridge ] && {
LOCAL_IFNAME=vethl$NSPID
GUEST_IFNAME=vethg$NSPID
ip link add name $LOCAL_IFNAME type veth peer name $GUEST_IFNAME
case "$BRTYPE" in
linux)
(ip link set $LOCAL_IFNAME master $IFNAME > /dev/null 2>&1) || (brctl addif $IFNAME $LOCAL_IFNAME)
;;
openvswitch)
ovs-vsctl add-port $IFNAME $LOCAL_IFNAME
;;
esac
ip link set $LOCAL_IFNAME up
}
# If it's a physical interface, create a macvlan subinterface
[ $IFTYPE = phys ] && {
GUEST_IFNAME=macvlan$NSPID
ip link add link $IFNAME dev $GUEST_IFNAME type macvlan mode bridge
ip link set $IFNAME up
}
ip link set $GUEST_IFNAME netns $NSPID
ip netns exec $NSPID ip link set $GUEST_IFNAME name eth1
[ "$MACADDR" ] && ip netns exec $NSPID ip link set eth1 address $MACADDR
if [ "$IPADDR" = "dhcp" ]
then
ip netns exec $NSPID udhcpc -qi eth1
else
ip netns exec $NSPID ip addr add $IPADDR dev eth1
ip netns exec $NSPID ip link set eth1 up
[ "$GATEWAY" ] && {
ip netns exec $NSPID ip route replace default via $GATEWAY
}
fi
exit 0