iankelling.org
/
git
/
newns
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
60ab11d
)
add option to pick static network
author
Ian Kelling
<ian@iankelling.org>
Sun, 22 Jan 2017 20:40:11 +0000
(12:40 -0800)
committer
Ian Kelling
<ian@iankelling.org>
Sun, 22 Jan 2017 20:41:55 +0000
(12:41 -0800)
newns
patch
|
blob
|
history
diff --git
a/newns
b/newns
index dbe6598c19f3642b29e698c9d75111fb7a369359..2896cf21d942162ccfe4d2472af2e962450ad937 100755
(executable)
--- a/
newns
+++ b/
newns
@@
-38,21
+38,20
@@
fi
usage() {
cat <<EOF
usage: ${0##*/} [OPTS] start|stop NS_NAME
usage() {
cat <<EOF
usage: ${0##*/} [OPTS] start|stop NS_NAME
-Setup & optionally create, a network namespace with nat and a mount namespace
+Nat a network namespace. create a mount ns. systemd friendly
-c, --create Create a named network namespace. When running from
the same network namespace as pid 1, this is set automatically.
This is the case when running outside a systemd created
private network.
-c, --create Create a named network namespace. When running from
the same network namespace as pid 1, this is set automatically.
This is the case when running outside a systemd created
private network.
+-n NETWORK x.x.x /24 private network to use. If not specified, uses
+ the first one starting at 10.173.1
-h, --help Show this help and exit.
From within a systemd network namespace, nat it to the outside. This
would be called from ExecStartPre, and or subsequent units called with
JoinsNamespaceOf= and PrivateNetwork=true.
-h, --help Show this help and exit.
From within a systemd network namespace, nat it to the outside. This
would be called from ExecStartPre, and or subsequent units called with
JoinsNamespaceOf= and PrivateNetwork=true.
-Uses /24 network, finding the first locally unused one starting at
-10.173.0.
-
Also create a named mount namespace under /root/mount_namespaces, so we
can alter some system config for this namespace. Subsequent systemd
command lines would be prefixed with:
Also create a named mount namespace under /root/mount_namespaces, so we
can alter some system config for this namespace. Subsequent systemd
command lines would be prefixed with:
@@
-76,7
+75,7
@@
Background:
This script does not make the namespace be named like ip does, because
the naming is not necessary, although it could have been done with some
more work. For debugging and joining the namespace with a bash shell, I
This script does not make the namespace be named like ip does, because
the naming is not necessary, although it could have been done with some
more work. For debugging and joining the namespace with a bash shell, I
-use nsenter -n -m -t $(pgrep PROCESS_IN_NAMESPACE) bash. Note: if I
+use nsenter -n -m -t
\
$(pgrep PROCESS_IN_NAMESPACE) bash. Note: if I
knew how to easily ask systemd what pid a unit has, i would do that.
"ip netns new ..." also does a mount namespace, then bind
knew how to easily ask systemd what pid a unit has, i would do that.
"ip netns new ..." also does a mount namespace, then bind
@@
-95,11
+94,12
@@
EOF
#### begin arg parsing ####
create=false
#### begin arg parsing ####
create=false
-temp=$(getopt -l help,create hc "$@") || usage 1
+temp=$(getopt -l help,create hc
n:
"$@") || usage 1
eval set -- "$temp"
while true; do
case $1 in
-c|--create) create=true; shift ;;
eval set -- "$temp"
while true; do
case $1 in
-c|--create) create=true; shift ;;
+ -n) network=$2; shift 2 ;;
-h|--help) usage ;;
--) shift; break ;;
*) echo "$0: Internal error!" ; exit 1 ;;
-h|--help) usage ;;
--) shift; break ;;
*) echo "$0: Internal error!" ; exit 1 ;;
@@
-162,10
+162,13
@@
nat() { dexec iptables -t nat $1 POSTROUTING -o $gateway_if -j MASQUERADE \
-m comment --comment "systemd network namespace nat"; }
find_network() {
-m comment --comment "systemd network namespace nat"; }
find_network() {
+ if [[ $network ]]; then
+ return
+ fi
found=false
existing=false
ips="$(ipd addr show | awk '$1 == "inet" {print $2}')"
found=false
existing=false
ips="$(ipd addr show | awk '$1 == "inet" {print $2}')"
- for ((i=
0
; i <= 254; i++)); do
+ for ((i=
1
; i <= 254; i++)); do
network=$ip_base.$i
if printf "%s\n" "$ips" | grep "^${network//./\\.}" >/dev/null; then
existing=true
network=$ip_base.$i
if printf "%s\n" "$ips" | grep "^${network//./\\.}" >/dev/null; then
existing=true