Merge pull request #40 from jurajlutter/keepnet

Allow to not manipulate bridge interfaces
bartekrutkowski · Sep 17, 2022 · 7b66170 · 7b66170
2 parents ce46ce5 + 11c26db
commit 7b66170
Show file tree

Hide file tree

Showing 8 changed files with 68 additions and 8 deletions.
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
@@ -54,3 +54,7 @@ FAQ
 
 **Is ZFS jailing supported?**
     Yes, please refer to man page.
+
+**How can I prevent from bridge interfaces manipulation on start/stop?**
+    See man page (``iocell set createbridge=off UUID | TAG`` and/or
+    ``iocell set keepbridge=on UUID | TAG``)
diff --git a/doc/source/networking.rst b/doc/source/networking.rst
@@ -189,3 +189,13 @@ To start a jail with no IPv4/6 address whatsoever set these properties:
 ``iocell set ip4_addr=none ip6_addr=none UUID|TAG``
 
 ``iocell set defaultrouter=none defaultrouter6=none UUID|TAG``
+
+To not create bridge interfaces on jail start set this property:
+
+``iocell set createbridge=off UUID|TAG``
+
+To keep bridge interfaces on jail shutdown set this property:
+
+``iocell set keepbridge=on UUID|TAG``
+
+*NOTE: You can set these to or on off according to the use case*
diff --git a/iocell.8 b/iocell.8
@@ -747,6 +747,28 @@ ip4=new | disable | inherit
     Default: new
     Source: jail(8)
 
+.fam T
+.fi
+createbridge=on | off
+.PP
+.nf
+.fam C
+    Controls whether default bridge0 and bridge1 will be created
+    on jails's start.
+
+    Default: on
+
+.fam T
+.fi
+keepbridge=on | off
+.PP
+.nf
+.fam C
+    Controls whether bridges bridge0 and bridge1 will be destroyed
+    on jail's shutdown.
+
+    Default: off
+
 .fam T
 .fi
 defaultrouter=none | ipaddress

diff --git a/lib/ioc-configure b/lib/ioc-configure
@@ -225,6 +225,8 @@ __reset_jail_props () {
     host_hostname="$(__get_jail_prop host_hostname ${uuid} ${_dataset})"
     mount_procfs="$(__get_jail_prop mount_procfs ${uuid} ${_dataset})"
     mount_linprocfs="$(__get_jail_prop mount_linprocfs ${uuid} ${_dataset})"
+    createbridge="$(__get_jail_prop createbridge ${uuid} ${_dataset})"
+    keepbridge="$(__get_jail_prop keepbridge ${uuid} ${_dataset})"
 
     __configure_jail ${uuid} ${_dataset}
 }

diff --git a/lib/ioc-globals b/lib/ioc-globals
@@ -38,6 +38,8 @@ vnet0_mac="none"
 vnet1_mac="none"
 vnet2_mac="none"
 vnet3_mac="none"
+createbridge="on"
+keepbridge="off"
 
 # Standard jail properties
 devfs_ruleset="4"
@@ -208,7 +210,9 @@ CONF_NET="interfaces
           vnet0_mac
           vnet1_mac
           vnet2_mac
-          vnet3_mac"
+          vnet3_mac
+          createbridge
+          keepbridge"
 
 # Native jail properties
 CONF_JAIL="devfs_ruleset

diff --git a/lib/ioc-help b/lib/ioc-help
@@ -534,6 +534,20 @@ PROPERTIES
     Default: new
     Source: jail(8)
 
+  createbridge=on | off
+
+    Controls whether default bridge0 and bridge1 will be created
+    on jails's start.
+
+    Default: on
+
+  keepbridge=on | off
+
+    Controls whether bridges bridge0 and bridge1 will be destroyed
+    on jail's shutdown.
+
+    Default: off
+
   defaultrouter=none | ipaddress
 
     Setting this property to anything other than none will try to configure a

diff --git a/lib/ioc-info b/lib/ioc-info
@@ -2,9 +2,10 @@
 
 # Print supported releases----------------------------------
 __print_release () {
-    supported="13.0-CURRENT
-               12.0-RELEASE
-               11.2-RELEASE"
+    supported="14.0-CURRENT
+               13.1-RELEASE
+               13.0-RELEASE
+               12.3-RELEASE"
 
     echo "Supported releases are: "
     for rel in $(echo $supported) ; do

diff --git a/lib/ioc-network b/lib/ioc-network
@@ -75,6 +75,9 @@ __networking () {
     #local ip4_list="$(echo $ip4 | sed 's/,/ /g')"
     local ip6_list="$(echo $ip6 | sed 's/,/ /g')"
 
+    local createbridge="$(__get_jail_prop createbridge ${_uuid})"
+    local keepbridge="$(__get_jail_prop keepbridge ${_uuid})"
+
     # Get the default and current interfaces specified
     local default_iface="$(__get_default_iface)"
     local cur_ip4_iface=$(echo "$ip4_addr" | cut -d '|' -f 1)
@@ -94,14 +97,14 @@ __networking () {
             for _b in ${_bridge_ifaces} ; do
                 if [ "${_b}" != "bridge0" ] ; then
                     _bridge_exists="$(echo ${_bridge_ifaces} | grep bridge0)"
-                    if [ -z "${_bridge_exists}" ] ; then
+                    if [ -z "${_bridge_exists}" -a "${createbridge}" == "on" ] ; then
                         ifconfig bridge0 create addm "${default_iface}"
                     else
                         continue
                     fi
                 elif [ "${_b}" != "bridge1" ] ; then
                     _bridge_exists="$(echo ${_bridge_ifaces} | grep bridge1)"
-                    if [ -z "${_bridge_exists}" ] ; then
+                    if [ -z "${_bridge_exists}" -a "${createbridge}" == "on" ] ; then
                         ifconfig bridge1 create
                     else
                         continue
@@ -209,9 +212,9 @@ __networking () {
 
         _bridge_inuse="$(netstat -iWn | grep '^vnet' | \
                        awk '{ print $1 }')"
-        # If no vnet interfaces are using the bridges, let's clean up after
+        # If no vnet interfaces are using the bridges, let us clean up after
         # ourselves
-        if [ -z "${_bridge_inuse}" ] ; then
+        if [ -z "${_bridge_inuse}" -a "${keepbridge}" == "off" ] ; then
             ifconfig bridge0 destroy > /dev/null 2>&1
             ifconfig bridge1 destroy > /dev/null 2>&1
         fi