diff options
| author | Boris Kolpackov <boris@codesynthesis.com> | 2017-03-24 13:54:49 +0200 |
|---|---|---|
| committer | Boris Kolpackov <boris@codesynthesis.com> | 2017-03-24 13:54:49 +0200 |
| commit | ea81317d3757f625c6728ef8b1bd512aa3393332 (patch) | |
| tree | bdfd93cc16a41a2c7e3c37b72203392f936f3b8e | |
| parent | 519557ffe8d6c88d1cb6fdb9120b06185042cd99 (diff) | |
Implement second stage (systemd) network configuration
| -rwxr-xr-x | bootstrap | 16 | ||||
| -rw-r--r-- | doc/manual.cli | 19 | ||||
| -rwxr-xr-x | init | 69 |
3 files changed, 91 insertions, 13 deletions
@@ -30,7 +30,7 @@ btrfs=/btrfs release="unstable" mirror="https://deb.debian.org/debian/" passwd="123" #@@ TMP root passwd. -macaddr="DE:AD:BE:EF:B8:DA" # Mac address for testing. +macaddr="de:ad:be:ef:b8:da" # Mac address for testing. root="$btrfs/$id/buildos" @@ -141,9 +141,15 @@ if [ "$stage" -eq "1" ]; then # - systemd-container seems to be required by host systemd-nspawn. # pkgs="locales,systemd-container" - pkgs+=",net-tools,iproute2,iptables,isc-dhcp-client,ifupdown,ntp" - pkgs+=",iputils-ping,wget,curl" + pkgs+=",linux-image-amd64,irqbalance,pciutils" + + pkgs+=",hdparm,btrfs-progs" + + pkgs+=",net-tools,iproute2,iptables,isc-dhcp-client" + pkgs+=",ifupdown,bridge-utils,dnsmasq,ntp" + pkgs+=",iputils-ping,wget,curl" + pkgs+=",less" sudo debootstrap \ @@ -208,6 +214,10 @@ chattr +i /etc/localtime # chpasswd <<<'root:$passwd' +# Enable IPv4 forwarding (used for private bridge NAT). +# +sed -i 's/^# *\(net.ipv4.ip_forward\).*/\1=1/' /etc/sysctl.conf + # Setup locale. We only support en_US.UTF-8. # sed -i 's/^# *\(en_US.UTF-8\)/\1/' /etc/locale.gen diff --git a/doc/manual.cli b/doc/manual.cli index 22cbd13..e5d6cf3 100644 --- a/doc/manual.cli +++ b/doc/manual.cli @@ -105,13 +105,24 @@ sudo kvm \ \h2#config-net|Network| -Network is configured via DHCP. All Ethernet intrface that have carrier are -tried in (some) order and the first interface that is successfully configured -via DHCP is used. +Network is configured via DHCP. Initially, all Ethernet interfaces that have +carrier are tried in (some) order and the first interface that is successfully +configured via DHCP is used. Hostname is configured from the DHCP information. Failed that, a name is generated based on the MAC address, in the form \c{build-xxxxxxxxxx}. +@@ Maybe also kernel cmdline? -@@ Maybe also kernel cmdline. +Based on the discovery of the Ethernet interface, two bridge interfaces are +configured: \c{br0} is a public bridge that includes the Ethernet interface +and is configured via DHCP. \c{br1} is a private interface with NAT to \c{br0} +with \c{dnsmasq} configured as a DHCP on this interface. + +Normally, \c{br0} is used for \c{bslave} virtual machines/container (since +they may need to be accessed directly) and \c{br1} \- for \c{bbot} virtual +machines. You can view the bridge configuration on a booted \c{buildos} +instance by examining \c{/etc/network/interfaces}. + +@@ TODO: private network parameters. " @@ -137,24 +137,81 @@ if [ -z "$eth" ]; then fi mac="$(cat "/sys/class/net/$eth/address")" +mid="$(sed -e 's/://g' <<<"$mac")" # Machine id. info "configured $eth ($mac)" # Set the hostname. # hname="$(hostname)" - if [ "$hname" = "(none)" ]; then - hname="build-$(sed -e 's/://g' <<<"$mac")" + hname="build-$mid" hostname "$hname" fi - echo "$hname" >/etc/hostname info "hostname $hname" -# --machine-id +# Stop DHCP client without releasing the lease and deconfigure the interface. +# The plan is to generate a bridge-based /etc/network/interfaces configuration +# based on what we have discovered and then let the systemd networking bringup +# to configure everything (at which point we will hopefully reuse the lease). +# +dhclient -q -x + +# @@ Need to be make configurable. # -#exec /lib/systemd/systemd #</dev/console >/dev/console 2>&1 +priv_network="172.16.123.0" +priv_netmask="255.255.255.0" +priv_netbase="$(sed -e 's/^\(.*\)\.0$/\1/' <<<"$priv_network")" -exec /bin/bash +cat <<EOF >/etc/network/interfaces +auto lo +iface lo inet loopback + +# Public bridge. +# +auto br0 +iface br0 inet dhcp + bridge_ports $eth + bridge_stp off + bridge_maxwait 0 + bridge_fd 0 + bridge_mac $mac + +# Private bridge with NAT to br0. +# +auto br1 +iface br1 inet static + address ${priv_netbase}.1 + netmask $priv_netmask + bridge_ports none + bridge_stp off + bridge_maxwait 0 + bridge_fd 0 + post-up iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE + post-up iptables -A FORWARD -i br0 -o br1 -m state --state RELATED,ESTABLISHED -j ACCEPT + post-up iptables -A FORWARD -i br1 -o br0 -j ACCEPT +EOF + +cat <<EOF >/etc/dnsmasq.d/br1-dhcp +interface=br1 +bind-interfaces +dhcp-range=${priv_netbase}.10,${priv_netbase}.250,12h +EOF + +/bin/bash + +# Hand off to systemd. But first arrange to keep console output (which +# becomes tty1). +# +mkdir -p /etc/systemd/system/getty@tty1.service.d +cat <<EOF >/etc/systemd/system/getty@tty1.service.d/noclear.conf +[Service] +TTYVTDisallocate=no +EOF + +exec /lib/systemd/systemd \ + --show-status=1 \ + --machine-id="00000000000000000000$mid" \ + </dev/console >/dev/console 2>&1 |