Date: Thu, 1 Sep 2011 00:15:42 -0700 From: Devin Teske <devin.teske@fisglobal.com> To: FreeBSD RC <freebsd-rc@freebsd.org> Cc: Julian Elischer <julian@freebsd.org> Subject: Re: [PATCH] Add /etc/rc.d/vimage startup script for creating vnet jails Message-ID: <61AAA988-00F5-44CA-B446-4894A16E682D@fisglobal.com> In-Reply-To: <CAC979C8-3129-4E62-9D76-D1D0CCE001F0@fisglobal.com> References: <CAC979C8-3129-4E62-9D76-D1D0CCE001F0@fisglobal.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 27, 2011, at 10:47 AM, Devin Teske wrote: > Hi All, >=20 > I'd like to submit a patch for review (attached) that adds a new /etc/rc.= d script named "vimage". >=20 > <vimage_rc.20110827104104.patch>=20 Updated. See attached file <vimage_rc.20110831135736.patch> or see the web at http://druidbsd.sf.net/download/vimage_rc.20110831135736.= patch Highlights: - optional automatic network interface bridging using netgraph(4) - automatic MAC address management of ng_eiface(4) devices - easily create multiple virtual NICs bridged to one or more physical NICs - can point vimages at same directory and configure all virtual NICs for va= rious vimages in single rc.conf(5) - potentially scale up to maximum number of virtual NICs, 65,535 - new "_bridges" option helps simplify more complicated setups in combinati= on with existing "_vnets" option in rc.conf (hint: lagg + carp) - does not require bridge(4) or epair(4) -- but works fine with if that's w= hat you want >=20 > Essentially, a hand-tweaked version of /etc/rc.d/jail with added/removed = features. >=20 > Here's how we're using it in /etc/rc.conf to successfully start up vimage= jails at boot time: >=20 New excerpt below, highlighting the new feature (netgraph(4) bridging): =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D BEGIN rc.conf(5) EXCERPT =3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D vimage_enable=3D"YES" vimage_list=3D"v1 v2 v3" vimage_services=3D"sshd" # set all vimages to run sshd # Vimage with one network interface bridged to bge0 vimage_v1_rootdir=3D"/" vimage_v1_hostname=3D"vimage1" vimage_v1_bridges=3D"bge0" # Vimage with two network interfaces, both bridged to bge0 vimage_v2_rootdir=3D"/" vimage_v2_hostname=3D"vimage2" vimage_v2_bridges=3D"bge0 bge0" # Vimage with four network interfaces, bridged to various interfaces vimage_v3_rootdir=3D"/" vimage_v3_hostname=3D"vimage3" vimage_v3_bridges=3D"bge0 bge0 fxp0 em0 em1" # IP addresses for vimage1 ifconfig_ng0_v1=3D"inet 192.168.1.100/24" # IP addresses for vimage2 ifconfig_ng0_v2=3D"inet 192.168.1.101/24" ifconfig_ng1_v2=3D"inet 192.168.1.102/24" # IP addresses for vimage3 ifconfig_ng0_v3=3D"inet 192.168.1.103/24" ifconfig_ng1_v3=3D"inet 192.168.1.104/24" ifconfig_ng2_v3=3D"inet 10.0.0.13/24" ifconfig_ng3_v3=3D"inet 10.10.220.101/24" ifconfig_ng4_v3=3D"inet 10.10.220.102/24" =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D END rc.conf(5) EXCERPT =3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D Normally, you would put the IP address settings into an rc.conf(5) file tha= t is local to the vimage's root directory, but as seen above we pointed eac= h root directory to "/" so we can configure the network interface in the sa= me rc.conf(5). The names of the network interfaces that are created for each vimage are in= the form of: ng##_vimagename ASIDE: The reason for this may not be immediately obvious, but once you sta= rt expanding your virtual network or using ngctl(8) to dump your configurat= ion, you'll be happy that for the naming scheme chosen. However, there's a system limitation of 15 characters in length for network= interfaces displayed by ifconfig(8) (NOTE: ngctl(8) is happy to set the na= me to something longer than 15 characters but ifconfig(8) will refuse to di= splay that name, falling back to the real/default name). Therefore, it's im= portant to not make your vimage names too long (or if you do, make sure at = least the first 11 characters are unique as the script will truncate the na= me of the interface to fit within 15 characters). --=20 Cheers, Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you. _____________
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61AAA988-00F5-44CA-B446-4894A16E682D>