← Back to branch summary

~upstart-devel/upstart/upstart-jobs

« back to all changes in this revision

Viewing changes to utopic/etc/init/lxc-net.conf

  • Committer: Dimitri John Ledkov
  • Date: 2014-11-19 12:58:41 UTC
  • Revision ID: dimitri.j.ledkov@intel.com-20141119125841-98dr37roy8dvcv3b
auto update

Show diffs side-by-side

added added

removed removed

Lines of Context:
utopic/etc/init/lxc-net.conf
1
 
description "lxc network"
2
 
author "Serge Hallyn <serge.hallyn@canonical.com>"
3
 
 
4
 
start on starting lxc
5
 
stop on stopped lxc
6
 
 
7
 
env USE_LXC_BRIDGE="true"
8
 
env LXC_BRIDGE="lxcbr0"
9
 
env LXC_ADDR="10.0.3.1"
10
 
env LXC_NETMASK="255.255.255.0"
11
 
env LXC_NETWORK="10.0.3.0/24"
12
 
env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
13
 
env LXC_DHCP_MAX="253"
14
 
env LXC_DHCP_CONFILE=""
15
 
env varrun="/run/lxc"
16
 
env LXC_DOMAIN=""
17
 
 
18
 
pre-start script
19
 
        [ -f /etc/default/lxc ] && . /etc/default/lxc
20
 
 
21
 
        [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
22
 
 
23
 
        use_iptables_lock="-w"
24
 
        iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
25
 
        cleanup() {
26
 
                # dnsmasq failed to start, clean up the bridge
27
 
                iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
28
 
                iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
29
 
                iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
30
 
                iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
31
 
                iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
32
 
                iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
33
 
                iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
34
 
                iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
35
 
                ifconfig ${LXC_BRIDGE} down || true
36
 
                brctl delbr ${LXC_BRIDGE} || true
37
 
        }
38
 
 
39
 
        if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
40
 
                if [ ! -f ${varrun}/network_up ]; then
41
 
                        # bridge exists, but we didn't start it
42
 
                        stop;
43
 
                fi
44
 
                exit 0;
45
 
        fi
46
 
 
47
 
        # set up the lxc network
48
 
        brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
49
 
        echo 1 > /proc/sys/net/ipv4/ip_forward
50
 
        mkdir -p ${varrun}
51
 
        ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
52
 
        iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
53
 
        iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
54
 
        iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
55
 
        iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
56
 
        iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
57
 
        iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
58
 
        iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
59
 
        iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
60
 
 
61
 
        LXC_DOMAIN_ARG=""
62
 
        if [ -n "$LXC_DOMAIN" ]; then
63
 
                LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
64
 
        fi
65
 
        dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
66
 
        touch ${varrun}/network_up
67
 
end script
68
 
 
69
 
post-stop script
70
 
        [ -f /etc/default/lxc ] && . /etc/default/lxc
71
 
        [ -f "${varrun}/network_up" ] || exit 0;
72
 
        # if $LXC_BRIDGE has attached interfaces, don't shut it down
73
 
        ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
74
 
 
75
 
        if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
76
 
                use_iptables_lock="-w"
77
 
                iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
78
 
                ifconfig ${LXC_BRIDGE} down
79
 
                iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
80
 
                iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
81
 
                iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
82
 
                iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
83
 
                iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
84
 
                iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
85
 
                iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
86
 
                iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
87
 
                pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
88
 
                rm -f ${varrun}/dnsmasq.pid
89
 
                brctl delbr ${LXC_BRIDGE}
90
 
        fi
91
 
        rm -f ${varrun}/network_up
92
 
end script