Discussion:
nspawn: how to rename network interfaces?
Add Reply
Matthias Pfau
2018-04-03 18:31:00 UTC
Reply
Permalink
Raw Message
Hi there,
I just tried to rename ipvlan and macvlan devices in a container with systemd.link. This does not seem to work with debian stretch (host and container).

Is it possible to rename ipvlan and macvlan devices in a container? If not: Is there another way to define custom interface names?

Thanks!

Cheers,Matthias Pfau
Mantas Mikulėnas
2018-04-03 19:56:16 UTC
Reply
Permalink
Raw Message
Post by Matthias Pfau
Hi there,
I just tried to rename ipvlan and macvlan devices in a container with
systemd.link. This does not seem to work with debian stretch (host and
container).
Is it possible to rename ipvlan and macvlan devices in a container? If
not: Is there another way to define custom interface names?
Containers usually don't have udev (which processes .link files). Manual
renaming should work.

But why not just specify the desired names when *creating* those interfaces?
Post by Matthias Pfau
--
Mantas Mikulėnas <***@gmail.com>
Sent from my phone
Mantas Mikulėnas
2018-04-04 09:05:55 UTC
Reply
Permalink
Raw Message
Post by Matthias Pfau
Post by Mantas Mikulėnas
Post by Matthias Pfau
Hi there,
I just tried to rename ipvlan and macvlan devices in a container with
systemd.link. This does not seem to work with debian stretch (host and
container).
Post by Mantas Mikulėnas
Post by Matthias Pfau
Is it possible to rename ipvlan and macvlan devices in a container? If
not: Is there another way to define custom interface names?
Post by Mantas Mikulėnas
Containers usually don't have udev (which processes .link files). Manual
renaming should work.
Manual renaming via the ip command works indeed.
However, the udev package is installed in the container and udevadm is
usable. Is there anything else that is needed to enable systemd's .link
files?
Hmm, I'm probably mistaken.
Post by Matthias Pfau
I currently try to build a test environment and we use .link files to
rename interfaces on our production systems. It would be nice if we could
keep this consistent within the test environment.
Post by Mantas Mikulėnas
But why not just specify the desired names when *creating* those
interfaces?
The names of ipvlan and macvlan interfaces are prefixed by nspawn ("iv-"
and "mv-"). Besides that, we need multiple ipvlan interfaces on the host
for multiple containers. They should share the same name (e.g. dmz) in all
containers as our iptables rules are based on these interface names...
Is there a way to override the name used by systemd-nspawn for ipvlan and
macvlan devices?
--Matthias Pfau
--
Mantas Mikulėnas <***@gmail.com>
Sent from my phone
Lennart Poettering
2018-04-04 14:48:01 UTC
Reply
Permalink
Raw Message
Post by Mantas Mikulėnas
Post by Matthias Pfau
Post by Mantas Mikulėnas
Post by Matthias Pfau
Hi there,
I just tried to rename ipvlan and macvlan devices in a container with
systemd.link. This does not seem to work with debian stretch (host and
container).
Post by Mantas Mikulėnas
Post by Matthias Pfau
Is it possible to rename ipvlan and macvlan devices in a container? If
not: Is there another way to define custom interface names?
Post by Mantas Mikulėnas
Containers usually don't have udev (which processes .link files). Manual
renaming should work.
Manual renaming via the ip command works indeed.
However, the udev package is installed in the container and udevadm is
usable. Is there anything else that is needed to enable systemd's .link
files?
Hmm, I'm probably mistaken.
No, you are right. udev is not supported in containers, as /sys is not
virtualized on Linux, and running udev inside contains and on the host
would mean the instances would fight for ownership of the devices.

So yes, Mantas was right: .link files only work on the host, not in
any container. Make sure to just name the interfaces properly when
passing them to the container in the first place.

Lennart
--
Lennart Poettering, Red Hat
Matthias Pfau
2018-04-05 11:14:32 UTC
Reply
Permalink
Raw Message
Post by Lennart Poettering
Post by Mantas Mikulėnas
Post by Matthias Pfau
Post by Mantas Mikulėnas
Post by Matthias Pfau
Hi there,
I just tried to rename ipvlan and macvlan devices in a container with
systemd.link. This does not seem to work with debian stretch (host and
container).
Post by Mantas Mikulėnas
Post by Matthias Pfau
Is it possible to rename ipvlan and macvlan devices in a container? If
not: Is there another way to define custom interface names?
Post by Mantas Mikulėnas
Containers usually don't have udev (which processes .link files). Manual
renaming should work.
Manual renaming via the ip command works indeed.
However, the udev package is installed in the container and udevadm is
usable. Is there anything else that is needed to enable systemd's .link
files?
Hmm, I'm probably mistaken.
No, you are right. udev is not supported in containers, as /sys is not
virtualized on Linux, and running udev inside contains and on the host
would mean the instances would fight for ownership of the devices.
So yes, Mantas was right: .link files only work on the host, not in
any container. Make sure to just name the interfaces properly when
passing them to the container in the first place.
Lennart
Thanks for confirming!

How can I define ipvlan interface names for the container? E.g. I need multiple ipvlan interfaces on the host that are mapped to the interface name "dmz" in multiple containers.

As far as I understood the man page, defining names for interfaces in the container is only possible with --network-veth-extra. Is that correct?

--
Matthias Pfau
Matthias Pfau
2018-04-10 16:06:36 UTC
Reply
Permalink
Raw Message
Post by Matthias Pfau
How can I define ipvlan interface names for the container? E.g. I need multiple ipvlan interfaces on the host that are mapped to the interface name "dmz" in multiple containers.
Attaching and naming macvlan/ipvlan interfaces to a container is currently not possible. However, I was able to add multiple devices to my containers and rename them directly in /etc/network/interfaces, e.g.

auto int
iface int inet static
    address 192.168.1.165
    netmask 255.255.255.0
    pre-up if [ -e /sys/class/net/host0 ] ; then ip link set host0 name int ;fi


Cheers,
Matthias

Loading...