nspawn: option to reuse an existing netns #7361
Comments
|
Makes sense. We want something similar for normal systemd units too, i figure. That said, "/var/run"??? Is it 2001 or something, eh? ;-) That dir is called "/run" these days... |
|
Actually yes we need this too in systemd, so I guess the code should be minimal and common, so maybe make it reusable ? in systemd it should work with "ip" tool. Thanks! |
dongsupark
pushed a commit
to dongsupark/systemd
that referenced
this issue
Nov 25, 2017
Add a new option to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --netns=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--netns=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361 ==== test: update nspawn smoke test for testing --netns option
dongsupark
pushed a commit
to dongsupark/systemd
that referenced
this issue
Nov 25, 2017
Add a new option to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --netns=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--netns=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
dongsupark
pushed a commit
to kinvolk/systemd
that referenced
this issue
Nov 25, 2017
Add a new option `--netns` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --netns=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--netns=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
dongsupark
pushed a commit
to dongsupark/systemd
that referenced
this issue
Nov 26, 2017
Add a new option `--network-namespace-path` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--network-namespace-path=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
iaguis
pushed a commit
to kinvolk/systemd
that referenced
this issue
Dec 12, 2017
Add a new option `--network-namespace-path` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--network-namespace-path=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
iaguis
pushed a commit
to kinvolk/systemd
that referenced
this issue
Dec 12, 2017
Add a new option `--network-namespace-path` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--network-namespace-path=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
iaguis
pushed a commit
to kinvolk/systemd
that referenced
this issue
Dec 12, 2017
Add a new option `--network-namespace-path` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--network-namespace-path=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
iaguis
pushed a commit
to kinvolk/systemd
that referenced
this issue
Dec 12, 2017
Add a new option `--network-namespace-path` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--network-namespace-path=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
iaguis
pushed a commit
to kinvolk/systemd
that referenced
this issue
Dec 12, 2017
Add a new option `--network-namespace-path` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--network-namespace-path=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
iaguis
pushed a commit
to kinvolk/systemd
that referenced
this issue
Dec 12, 2017
Add a new option `--network-namespace-path` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--network-namespace-path=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
iaguis
pushed a commit
to kinvolk/systemd
that referenced
this issue
Dec 13, 2017
Add a new option `--network-namespace-path` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--network-namespace-path=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
globin
pushed a commit
to mayflower/systemd
that referenced
this issue
Mar 31, 2018
Add a new option `--network-namespace-path` to systemd-nspawn to allow users to specify an arbitrary network namespace, e.g. `/run/netns/foo`. Then systemd-nspawn will open the netns file, pass the fd to outer_child, and enter the namespace represented by the fd before running inner_child. ``` $ sudo ip netns add foo $ mount | grep /run/netns/foo nsfs on /run/netns/foo type nsfs (rw) ... $ sudo systemd-nspawn -D /srv/fc27 --network-namespace-path=/run/netns/foo \ /bin/readlink -f /proc/self/ns/net /proc/1/ns/net:[4026532009] ``` Note that the option `--network-namespace-path=` cannot be used together with other network-related options such as `--private-network` so that the options do not conflict with each other. Fixes systemd#7361
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Submission type
systemd version the issue has been seen with
git master
Feature request
systemd-nspawn can either reuse the host netns or create a new netns with various configurations. But it does not have any option to reuse an existing netns configured externally.
My use case is for netns configured by CNI. CNI is used by several software:
Currently, rkt normally prepares the netns with CNI and then exec
systemd-nspawnwithout--private-networkso that it stays in the prepared netns. But that makes things more difficult for rkt because systemd-nspawn wrongly assumes it is in the host netns and takes wrong assumptions when setting up/etc/resolv.conf.If this feature
--netns=/var/run/netns/foois implemented, then code can be simplified in rkt. Also, I am about to write workarounds in kube-spawn for kinvolk/kube-spawn#212 and that would be easier if this option existed./cc @iaguis @dongsupark @robertgzr @lucab
The text was updated successfully, but these errors were encountered: