openstack
/
openstack-ansible-nspawn_hosts
Code Issues Proposed changes

Add route when required on the local table 

With the use of nspawn containers and macvlans, without an intermediary
bridge, there's no way to send traffic from the host back to the
container without configuring VEPA and having 802.1qg enabled
switches. To enhance the usability of nspawn a local route is added to
macvlan devices when an interface address is detected. This allows
the host to route back to the containers without issues and will not
interfere with the main host route. To ensure there's absolutely no
conflict with host routes a metric has added to all routes added to the
local table.

Change-Id: Id4326c9783f46884d3f39692e691775ba1118b38
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-08-02 17:34:20 -05:00
parent e9bb87e7a6
commit 4f6ed536ed
No known key found for this signature in database
GPG Key ID: 9443251A787B9FB3
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tasks/nspawn_networking.yml
View File

@ -91,11 +91,20 @@
{%- set _ = start_commands.append('-/sbin/ip link set dev veth-' + interface + '2 mtu ' + (interface_data['mtu'] | default(1500)) | string) %}
{%- set _ = start_commands.append('-/sbin/ip link set dev veth-' + interface + '1 master ' + value.bridge) %}
{%- set _ = start_commands.append('-/sbin/ip link add ' + mv_interface + ' link veth-' + interface + '2 type macvlan mode ' + value.macvlan_mode | default(nspawn_macvlan_mode)) %}
{%- set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
{%- else %}
{%- set _ = start_commands.append('-/sbin/ip link add ' + mv_interface + ' link ' + value.bridge + ' type macvlan mode ' + value.macvlan_mode | default(nspawn_macvlan_mode)) %}
{%- set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
{% if hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] is defined %}
{% set net_cidr = hostvars[inventory_hostname]['container_cidr'] %}
{%- set _ = start_commands.append('-/sbin/ip route add ' + net_cidr + ' dev ' + mv_interface + ' metric 100 proto kernel scope link table local') %}
{% elif (value.address is defined) and (value.netmask is defined) %}
{% set prefix = (value.address ~ '/' ~ value.netmask) | ipaddr('prefix') %}
{% set _network = (value.address ~ '/' ~ prefix) | ipaddr('network') %}
{% set _net_addr_network = (_network ~ '/' ~ prefix) %}
{%- set _ = start_commands.append('-/sbin/ip route add ' + _net_addr_network + ' dev ' + mv_interface + ' metric 100 proto kernel scope link table local') %}
{%- endif %}
{%- endif %}
{%- set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
{%- set _ = seen_start_interfaces.append(value.bridge) %}
{%- endif %}
{%- endfor %}
{{ start_commands }}