NethServer · stephdl · Jun 13, 2020 · Jun 2, 2020 · Jun 2, 2020 · Jun 2, 2020
diff --git a/createlinks b/createlinks
@@ -36,6 +36,7 @@ event_actions('nethserver-docker-update', qw(
     nethserver-docker-create-network 20
     nethserver-docker-create-portainer 20
     nethserver-docker-create-aeria 20
+    nethserver-docker-macvlan-creation 20
 ));
 event_services('nethserver-docker-update', qw(
     docker restart
@@ -49,3 +50,10 @@ event_actions('nethserver-docker-plugin-update', qw(
     initialize-default-databases   00
     nethserver-docker-upgrade-plugin 20
 ));
+
+#
+# restart docker to create at the end the macvlan0
+#
+event_actions('interface-update', qw(
+    nethserver-docker-interface-update-restart-docker   99
+));
diff --git a/root/etc/e-smith/db/configuration/defaults/docker/macVlanGateway b/root/etc/e-smith/db/configuration/defaults/docker/macVlanGateway
diff --git a/root/etc/e-smith/db/configuration/defaults/docker/macVlanLocalNetwork b/root/etc/e-smith/db/configuration/defaults/docker/macVlanLocalNetwork
diff --git a/root/etc/e-smith/db/configuration/defaults/docker/macVlanNetwork b/root/etc/e-smith/db/configuration/defaults/docker/macVlanNetwork
diff --git a/root/etc/e-smith/db/configuration/defaults/docker/macVlanNic b/root/etc/e-smith/db/configuration/defaults/docker/macVlanNic
diff --git a/root/etc/e-smith/events/actions/nethserver-docker-interface-update-restart-docker b/root/etc/e-smith/events/actions/nethserver-docker-interface-update-restart-docker
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+#
+# Restart docker after the event interface-update
+#
+
+/usr/bin/systemctl restart docker
diff --git a/root/etc/e-smith/events/actions/nethserver-docker-macvlan-creation b/root/etc/e-smith/events/actions/nethserver-docker-macvlan-creation
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+macVlanNic=$(/usr/sbin/e-smith/db configuration getprop docker macVlanNic)
+macVlanGateway=$(/usr/sbin/e-smith/db configuration getprop docker macVlanGateway)
+macVlanLocalNetwork=$(/usr/sbin/e-smith/db configuration getprop docker macVlanLocalNetwork)
+
+# Check if macvlan network does not exist, and attempt to create it as necessariy
+#
+
+status=$(/sbin/e-smith/config getprop docker status)
+
+if [[ ${status} != enabled ]]; then
+    exit 0
+fi
+
+if ! systemctl is-active -q docker; then
+    echo "[WARNING] Attempt to start docker"
+    systemctl start docker
+fi
+
+
+HasNetwork=$(docker network ls -f name=macvlan -q)
+if [[ $? != 0 ]]; then
+    exit 1
+fi
+
+if [[ -n ${HasNetwork} ]]; then
+    exit 0
+fi
+
+if [[ -z $macVlanGateway ]]; then
+    exit 0
+fi
+
+if [[ -z $macVlanLocalNetwork ]]; then
+    exit 0
+fi
+
+if [[ -z $macVlanNic ]]; then
+    exit 0
+fi
+
+# We want a bridge to create macvlan on it, we verify before
+nicExist=$(/usr/sbin/e-smith/db networks get $macVlanNic)
+if [[ -z $nicExist ]];then
+    exit 0
+fi
+
+isBridge=$(/usr/sbin/e-smith/db networks gettype $macVlanNic)
+if [[ $isBridge != 'bridge' ]];then
+    echo "The nic is not a bridge, macvlan cannot be created"
+    exit 0
+fi
+
+/usr/bin/docker network create --driver=macvlan --gateway=${macVlanGateway} --subnet=${macVlanLocalNetwork} -o parent=${macVlanNic} macvlan
diff --git a/root/etc/e-smith/templates/etc/shorewall/interfaces/50mac b/root/etc/e-smith/templates/etc/shorewall/interfaces/50mac
@@ -0,0 +1,5 @@
+
+#
+# macvl macvlan network
+#
+macvl      macvlan+     optional
diff --git a/root/etc/e-smith/templates/etc/shorewall/policy/40mac b/root/etc/e-smith/templates/etc/shorewall/policy/40mac
@@ -0,0 +1,7 @@
+
+#
+# accept macvl macvlan network from localhost
+#
+
+$FW macvl ACCEPT
+macvl $FW ACCEPT
diff --git a/root/etc/e-smith/templates/etc/shorewall/zones/50mac b/root/etc/e-smith/templates/etc/shorewall/zones/50mac
@@ -0,0 +1,6 @@
+
+#
+# macvl macvlan
+#
+
+macvl  ipv4
diff --git a/root/etc/rsyslog.d/docker-macvlan.conf b/root/etc/rsyslog.d/docker-macvlan.conf
@@ -0,0 +1,6 @@
+#
+# message log remove martian messages
+#
+
+if $programname == "kernel" and ($msg contains "IPv4: martian source" or $msg contains "ll header") then stop
+
diff --git a/root/etc/systemd/system/docker.service.d/nethserver.conf b/root/etc/systemd/system/docker.service.d/nethserver.conf
@@ -1,7 +1,9 @@
 [Unit]
 After=
 After=network-online.target shorewall.service
+PartOf=network.service
 
 [Service]
 ExecStart=
-ExecStart=/usr/bin/dockerd --config-file=/etc/docker/docker.conf
+ExecStart=/usr/bin/dockerd --config-file=/etc/docker/docker.conf
+ExecStartPost=/usr/libexec/dockerCreateMacVlan0
diff --git a/root/usr/libexec/dockerCreateMacVlan0 b/root/usr/libexec/dockerCreateMacVlan0
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+macVlanNetwork=$(/usr/sbin/e-smith/db configuration getprop docker macVlanNetwork)
+macVlanNic=$(/usr/sbin/e-smith/db configuration getprop docker macVlanNic)
+
+if [[ -z $macVlanNetwork ]]; then
+    exit 0
+fi
+
+if [[ -z $macVlanNic ]]; then
+    exit 0
+fi
+
+nicExist=$(/usr/sbin/e-smith/db networks get $macVlanNic)
+if [[ -z $nicExist ]];then
+    exit 0
+fi
+
+isBridge=$(/usr/sbin/e-smith/db networks gettype $macVlanNic)
+if [[ $isBridge != 'bridge' ]];then
+    echo "The nic is not a bridge, macvlan cannot be created"
+    exit 0
+fi
+
+#
+# First delete macvlan0 
+#
+/usr/sbin/ip link delete macvlan0 &> /dev/null
+
+#
+# Create macvlan0
+#
+/usr/sbin/ip link add macvlan0 link $macVlanNic type macvlan mode bridge
+/usr/sbin/ip addr add $macVlanNetwork dev macvlan0
+/usr/sbin/ip link set macvlan0 up
+
+#
+# restart the docker container on macvlan. Needed after network.service restart or interface-update event
+#
+isMacvlanRunning=$(/usr/bin/docker ps -a -q -f network=macvlan)
+if [[ $isMacvlanRunning ]]; then
+    /usr/bin/docker restart $(/usr/bin/docker ps -a -q -f network=macvlan)
+fi