Update network configuration of veth interfaces
This commit is contained in:
parent
88e0832b4c
commit
b335a94ec0
@ -15,9 +15,12 @@ ExecStartPre=/bin/rm -f %t/pod-cloud.pid %t/pod-cloud.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-cloud.pid --pod-id-file %t/pod-cloud.pod-id --name=cloud --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-cloud.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" cloud) > {{ services_containers_directory }}/pod-cloud/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-cloud up)" ] ; do echo "veth-cloud is not ready yet" && sleep 1 ; done'
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-cloud
|
||||
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-cloud
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-cloud.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-cloud.pod-id
|
||||
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/pod-cloud/pidfile
|
||||
PIDFile=%t/pod-cloud.pid
|
||||
Type=forking
|
||||
|
||||
|
@ -15,9 +15,12 @@ ExecStartPre=/bin/rm -f %t/pod-database.pid %t/pod-database.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-database.pid --pod-id-file %t/pod-database.pod-id --name=database --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-database.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" database) > {{ services_containers_directory }}/pod-database/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-database up)" ] ; do echo "veth-database is not ready yet" && sleep 1 ; done'
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-database
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-database
|
||||
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-database
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-database.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-database.pod-id
|
||||
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/pod-database/pidfile
|
||||
PIDFile=%t/pod-database.pid
|
||||
Type=forking
|
||||
|
||||
|
@ -15,9 +15,12 @@ ExecStartPre=/bin/rm -f %t/pod-git.pid %t/pod-git.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-git.pid --pod-id-file %t/pod-git.pod-id --name=git --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-git.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" git) > {{ services_containers_directory }}/pod-git/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-git up)" ] ; do echo "veth-git is not ready yet" && sleep 1 ; done'
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-git
|
||||
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-git
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-git.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-git.pod-id
|
||||
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/pod-git/pidfile
|
||||
PIDFile=%t/pod-git.pid
|
||||
Type=forking
|
||||
|
||||
|
@ -15,9 +15,12 @@ ExecStartPre=/bin/rm -f %t/pod-music.pid %t/pod-music.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-music.pid --pod-id-file %t/pod-music.pod-id --name=music --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-music.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" music) > {{ services_containers_directory }}/pod-music/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-music up)" ] ; do echo "veth-music is not ready yet" && sleep 1 ; done'
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-music
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-music
|
||||
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-music
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-music.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-music.pod-id
|
||||
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/pod-music/pidfile
|
||||
PIDFile=%t/pod-music.pid
|
||||
Type=forking
|
||||
|
||||
|
@ -15,9 +15,12 @@ ExecStartPre=/bin/rm -f %t/pod-notes.pid %t/pod-notes.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-notes.pid --pod-id-file %t/pod-notes.pod-id --name=notes --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-notes.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" notes) > {{ services_containers_directory }}/pod-notes/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-notes up)" ] ; do echo "veth-notes is not ready yet" && sleep 1 ; done'
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-notes
|
||||
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-notes
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-notes.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-notes.pod-id
|
||||
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/pod-notes/pidfile
|
||||
PIDFile=%t/pod-notes.pid
|
||||
Type=forking
|
||||
|
||||
|
@ -15,9 +15,12 @@ ExecStartPre=/bin/rm -f %t/pod-{{ services_service_name }}.pid %t/pod-{{ service
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-{{ services_service_name }}.pid --pod-id-file %t/pod-{{ services_service_name }}.pod-id --name={{ services_service_name }} --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" {{ services_service_name }}) > {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-{{ services_service_name }} up)" ] ; do echo "veth-{{ services_service_name }} is not ready yet" && sleep 1 ; done'
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-{{ services_service_name }}
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-{{ services_service_name }}
|
||||
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-{{ services_service_name }}
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-{{ services_service_name }}.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-{{ services_service_name }}.pod-id
|
||||
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/pod-{{ services_service_name }}/pidfile
|
||||
PIDFile=%t/pod-{{ services_service_name }}.pid
|
||||
Type=forking
|
||||
|
||||
|
@ -15,9 +15,12 @@ ExecStartPre=/bin/rm -f %t/pod-www.pid %t/pod-www.pod-id
|
||||
ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-www.pid --pod-id-file %t/pod-www.pod-id --name=rproxy --network=none --replace
|
||||
ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-www.pod-id
|
||||
ExecStartPost=/usr/bin/sh -c 'podman inspect --format "{% raw %}{{ .State.Pid }}{% endraw %}" $(podman inspect --format "{% raw %}{{ .InfraContainerID }}{% endraw %}" rproxy) > {{ services_containers_directory }}/pod-www/pidfile'
|
||||
ExecStartPost=/usr/bin/sh -c 'while [ -z "$(ip link show dev veth-www up)" ] ; do echo "veth-www is not ready yet" && sleep 1 ; done'
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-www
|
||||
ExecStartPost=/usr/bin/sudo /usr/sbin/ifup veth-www
|
||||
ExecStop=/usr/bin/sudo /usr/sbin/ifdown --ignore-errors veth-www
|
||||
ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-www.pod-id -t 10
|
||||
ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-www.pod-id
|
||||
ExecStopPost=/bin/rm -f {{ services_containers_directory }}/pod-www/pidfile
|
||||
PIDFile=%t/pod-www.pid
|
||||
Type=forking
|
||||
|
||||
|
@ -1,9 +0,0 @@
|
||||
[Unit]
|
||||
Description=Connect %i to root bridge
|
||||
After=network.target
|
||||
OnFailure=status-mail@%n.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=-/usr/sbin/ifdown --ignore-errors veth-%i
|
||||
ExecStart=/usr/sbin/ifup veth-%i
|
@ -1,21 +0,0 @@
|
||||
---
|
||||
- name: "veth : configure connect-pod-service"
|
||||
ansible.builtin.copy:
|
||||
src: "./veth/connect-pod-service@.service"
|
||||
dest: "/etc/systemd/system/connect-pod-service@.service"
|
||||
mode: 0644
|
||||
register: services_setup_system_connect_pod_service_service_file
|
||||
|
||||
- name: "veth : configure connect-pod-service path trigger"
|
||||
ansible.builtin.template:
|
||||
src: "./veth/connect-pod-service@.path"
|
||||
dest: "/etc/systemd/system/connect-pod-service@.path"
|
||||
mode: 0644
|
||||
register: services_setup_system_connect_pod_service_path_file
|
||||
|
||||
- name: "veth : systemd daemon reload"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
when:
|
||||
services_setup_system_connect_pod_service_service_file.changed or
|
||||
services_setup_system_connect_pod_service_path_file.changed
|
@ -7,10 +7,6 @@
|
||||
ansible.builtin.import_tasks: "include/nameserver.yml"
|
||||
tags: "services:setup:system:nameserver"
|
||||
|
||||
- name: "play:services : role:setup:system : tasks:veth"
|
||||
ansible.builtin.import_tasks: "include/veth.yml"
|
||||
tags: "services:setup:system:veth"
|
||||
|
||||
- name: "play:services : role:setup:system : tasks:auto_update"
|
||||
ansible.builtin.import_tasks: "include/auto_update.yml"
|
||||
tags: "services:setup:system:auto_update"
|
||||
|
@ -1,5 +0,0 @@
|
||||
[Path]
|
||||
PathChanged={{ services_containers_directory }}/pod-%i/pidfile
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target network.target
|
@ -1,27 +1,83 @@
|
||||
---
|
||||
- block:
|
||||
- name: "{{ services_service_name }} : veth : create interface directory hierarchy"
|
||||
ansible.builtin.file:
|
||||
path: "{{ system_etc_root_directory }}/network/interfaces/{{ item }}"
|
||||
state: "directory"
|
||||
mode: 0755
|
||||
loop:
|
||||
- "{{ services_service_iface_name }}"
|
||||
- "{{ services_service_iface_name }}/ifup.d"
|
||||
- "{{ services_service_iface_name }}/ifdown.d"
|
||||
|
||||
- name: "{{ services_service_name }} : veth : interface up scripts"
|
||||
ansible.builtin.template:
|
||||
src: "./veth/ifupdown.d/{{ item }}"
|
||||
dest: "\
|
||||
{{ system_etc_root_directory }}/network/interfaces/\
|
||||
{{ services_service_iface_name }}/ifup.d/{{ item }}"
|
||||
mode: 0755
|
||||
loop:
|
||||
- "00-interface"
|
||||
- "01-veth0"
|
||||
register: services_setup_user_veth_interface_up
|
||||
|
||||
- name: "{{ services_service_name }} : veth : configure interface"
|
||||
ansible.builtin.template:
|
||||
src: "./veth/interface"
|
||||
dest: "/etc/network/interfaces.d/{{ services_service_iface_name }}"
|
||||
mode: 0644
|
||||
validate: >
|
||||
bash -c
|
||||
'export NEWIF=%s;
|
||||
if ! diff ${NEWIF} /etc/network/interfaces.d/{{ services_service_iface_name }} &&
|
||||
ip link show dev {{ services_service_iface_name }} ;
|
||||
register: services_setup_user_veth_interface_file
|
||||
|
||||
- name: "{{ services_service_name }} : veth : restart interface"
|
||||
ansible.builtin.shell: |
|
||||
if ip link show dev {{ services_service_iface_name }}
|
||||
then
|
||||
ifdown {{ services_service_iface_name }} &&
|
||||
ifup -i ${NEWIF} {{ services_service_iface_name }} ;
|
||||
fi'
|
||||
ifdown {{ services_service_iface_name }} && ifup {{ services_service_iface_name }}
|
||||
fi
|
||||
when:
|
||||
services_setup_user_veth_interface_up.changed or
|
||||
services_setup_user_veth_interface_file.changed
|
||||
|
||||
- name: "{{ services_service_name }} : veth : interface down scripts"
|
||||
ansible.builtin.template:
|
||||
src: "./veth/ifupdown.d/{{ item }}"
|
||||
dest: "\
|
||||
{{ system_etc_root_directory }}/network/interfaces/\
|
||||
{{ services_service_iface_name }}/ifdown.d/{{ item }}"
|
||||
mode: 0755
|
||||
loop:
|
||||
- "00-interface"
|
||||
- "01-veth0"
|
||||
register: services_setup_user_veth_interface_up
|
||||
|
||||
- name: "{{ services_service_name }} : veth : interface bridge up scripts"
|
||||
ansible.builtin.template:
|
||||
src: "./veth/bridge-ifupdown.d/90-veth"
|
||||
dest: "\
|
||||
{{ system_etc_root_directory }}/network/interfaces/\
|
||||
{{ services_service_bridge_name }}/{{ item }}/90-{{ services_service_iface_name }}"
|
||||
mode: 0755
|
||||
loop:
|
||||
- "ifup.d"
|
||||
- "ifdown.d"
|
||||
|
||||
- name: "{{ services_service_name }} : veth : add ifupdown commands to sudoers"
|
||||
community.general.sudoers:
|
||||
name: "{{ services_service_iface_name }}"
|
||||
state: "present"
|
||||
user: "{{ services_service_user_name }}"
|
||||
commands:
|
||||
- "/usr/sbin/ifup {{ services_service_iface_name }}"
|
||||
- "/usr/sbin/ifdown --ignore-errors {{ services_service_iface_name }}"
|
||||
nopassword: true
|
||||
|
||||
vars:
|
||||
services_service_iface_name: "veth-{{ services_service_name }}"
|
||||
services_service_bridge_name: "br0"
|
||||
services_service_iface_inet_address: "\
|
||||
{{ services_host_services[services_service_name].inet_address }}"
|
||||
services_service_iface_inet_prefixlen: 24
|
||||
services_service_iface_inet6_address: "\
|
||||
{{ services_host_services[services_service_name].inet6_address }}"
|
||||
|
||||
- name: "{{ services_service_name }} : veth : enable the path trigger"
|
||||
ansible.builtin.systemd:
|
||||
name: "connect-pod-service@{{ services_service_name }}.path"
|
||||
enabled: true
|
||||
state: "started"
|
||||
services_service_iface_inet6_prefixlen: 64
|
||||
|
33
playbooks/roles/services/setup/user/templates/veth/bridge-ifupdown.d/90-veth
Executable file
33
playbooks/roles/services/setup/user/templates/veth/bridge-ifupdown.d/90-veth
Executable file
@ -0,0 +1,33 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if [ ${MODE} == "start" ]
|
||||
then
|
||||
set -ue
|
||||
elif [ ${MODE} == "stop" ]
|
||||
then
|
||||
set -u
|
||||
else
|
||||
echo "$(basename ${0}): mode must be one of either 'start' or 'stop'" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case ${PHASE} in
|
||||
"pre-up")
|
||||
if /usr/sbin/ip link show dev {{ services_service_iface_name }} > /dev/null 2>&1
|
||||
then
|
||||
/usr/sbin/ip link set dev {{ services_service_iface_name }} master ${IFACE}
|
||||
/usr/sbin/ip link set dev {{ services_service_iface_name }} up
|
||||
fi
|
||||
;;
|
||||
"post-up")
|
||||
;;
|
||||
"pre-down")
|
||||
;;
|
||||
"post-down")
|
||||
if /usr/sbin/ip link show dev {{ services_service_iface_name }} > /dev/null 2>&1
|
||||
then
|
||||
/usr/sbin/ip link set dev {{ services_service_iface_name }} down
|
||||
/usr/sbin/ip link set dev {{ services_service_iface_name }} nomaster
|
||||
fi
|
||||
;;
|
||||
esac
|
35
playbooks/roles/services/setup/user/templates/veth/ifupdown.d/00-interface
Executable file
35
playbooks/roles/services/setup/user/templates/veth/ifupdown.d/00-interface
Executable file
@ -0,0 +1,35 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if [ ${MODE} == "start" ]
|
||||
then
|
||||
set -ue
|
||||
elif [ ${MODE} == "stop" ]
|
||||
then
|
||||
set -u
|
||||
else
|
||||
echo "$(basename ${0}): mode must be one of either 'start' or 'stop'" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case ${PHASE} in
|
||||
"pre-up")
|
||||
/usr/bin/mkdir -p /run/netns
|
||||
/usr/bin/ln -sfTv /proc/$(cat {{ services_service_user_containers }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }}
|
||||
|
||||
/usr/sbin/ip link add name ${IFACE} type veth peer name veth0 netns {{ services_service_user_name }}
|
||||
;;
|
||||
"post-up")
|
||||
if ! /usr/sbin/ip link set dev ${IFACE} master {{ services_service_bridge_name }}
|
||||
then
|
||||
/usr/sbin/ip link set dev ${IFACE} down
|
||||
fi
|
||||
;;
|
||||
"pre-down")
|
||||
/usr/sbin/ip link set dev ${IFACE} nomaster
|
||||
;;
|
||||
"post-down")
|
||||
/usr/sbin/ip link delete dev ${IFACE}
|
||||
|
||||
/usr/bin/rm /run/netns/{{ services_service_user_name }}
|
||||
;;
|
||||
esac
|
37
playbooks/roles/services/setup/user/templates/veth/ifupdown.d/01-veth0
Executable file
37
playbooks/roles/services/setup/user/templates/veth/ifupdown.d/01-veth0
Executable file
@ -0,0 +1,37 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if [ ${MODE} == "start" ]
|
||||
then
|
||||
set -ue
|
||||
elif [ ${MODE} == "stop" ]
|
||||
then
|
||||
set -u
|
||||
else
|
||||
echo "$(basename ${0}): mode must be one of either 'start' or 'stop'" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
case ${PHASE} in
|
||||
"pre-up")
|
||||
/usr/sbin/ip netns exec {{ services_service_user_name }} /usr/sbin/sysctl -q -w net.ipv6.conf.veth0.autoconf=0
|
||||
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} -4 address add {{ services_service_iface_inet_address }}/{{ services_service_iface_inet_prefixlen }} dev veth0
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} -6 address add {{ services_service_iface_inet6_address }}/{{ services_service_iface_inet6_prefixlen }} dev veth0 nodad
|
||||
;;
|
||||
"post-up")
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} link set dev veth0 up
|
||||
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} -4 route add default via {{ services_bridge_inet_gateway }} dev veth0
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} -6 route add default via {{ services_bridge_inet6_gateway }} dev veth0
|
||||
;;
|
||||
"pre-down")
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} -6 route del default via {{ services_bridge_inet6_gateway }} dev veth0
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} -4 route del default via {{ services_bridge_inet_gateway }} dev veth0
|
||||
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} link set dev veth0 down
|
||||
;;
|
||||
"post-down")
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} -6 address flush dev veth0
|
||||
/usr/sbin/ip -n {{ services_service_user_name }} -4 address flush dev veth0
|
||||
;;
|
||||
esac
|
@ -1,29 +1 @@
|
||||
iface {{ services_service_iface_name }} inet6 manual
|
||||
pre-up mkdir -p /run/netns
|
||||
pre-up ln -sfTv /proc/$(cat {{ services_service_user_containers }}/pidfile)/ns/net /run/netns/{{ services_service_user_name }}
|
||||
|
||||
pre-up ip link add name $IFACE type veth peer name veth0 netns {{ services_service_user_name }}
|
||||
pre-up ip link set $IFACE master br0
|
||||
|
||||
pre-up ip -n {{ services_service_user_name }} link set veth0 up
|
||||
|
||||
pre-up ip -n {{ services_service_user_name }} address add {{ services_service_iface_inet_address }}/24 dev veth0
|
||||
pre-up ip -n {{ services_service_user_name }} route add default via {{ services_bridge_inet_gateway }} dev veth0
|
||||
|
||||
pre-up ip -6 -n {{ services_service_user_name }} address add {{ services_service_iface_inet6_address }}/64 dev veth0 nodad
|
||||
pre-up ip -6 -n {{ services_service_user_name }} route add default via {{ services_bridge_inet6_gateway }} dev veth0
|
||||
|
||||
post-down rm {{ services_service_user_containers }}/veth0
|
||||
|
||||
post-down ip -6 -n {{ services_service_user_name }} route del default via {{ services_bridge_inet6_gateway }} dev veth0
|
||||
post-down ip -6 -n {{ services_service_user_name }} address del {{ services_service_iface_inet6_address }}/64 dev veth0
|
||||
|
||||
post-down ip -n {{ services_service_user_name }} route del default via {{ services_bridge_inet_gateway }} dev veth0
|
||||
post-down ip -n {{ services_service_user_name }} address del {{ services_service_iface_inet_address }}/24 dev veth0
|
||||
|
||||
post-down ip -n {{ services_service_user_name }} link set veth0 down
|
||||
|
||||
post-down ip link set $IFACE nomaster
|
||||
post-down ip link del dev $IFACE
|
||||
|
||||
post-down rm /run/netns/{{ services_service_user_name }}
|
||||
|
2
roles
2
roles
@ -1 +1 @@
|
||||
Subproject commit 8eb4bc0f443206ddc421112ead2cbdf83c9a5448
|
||||
Subproject commit b47f48e7f37b968de6862b42dfab51df1f504b56
|
Loading…
Reference in New Issue
Block a user