[systemd-devel] network interface down in container

Thu Apr 30 01:01:27 PDT 2015

I already used for a while a container (Arch on Arch). I had two
distinct IP and a working setup thanks to good help from Tom Gundersen

I am trying to replicate my network settings on a new setup (Fedora on
Arch). For now, I am just trying with DHCP.

Here the setup on host:

----------------------------------------------------------------------------
1- created a virtual bridge

$ cat /etc/systemd/network/Bridge.netdev

[NetDev]
Name=br0
Kind=bridge

2 - bind my eth to the bridge

$ cat /etc/systemd/network/eth.network

[Match]
Name=en*

[Network]
Bridge=br0

3- created bridge network unit

$ cat /etc/systemd/network/bridge.network

[Match]
Name=br0

[Network]
DHCP=IPV4
--------------------------------------------------------------------------------

Nothing else.

when container is up:

$ ip a
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
master br0 state UP group default qlen 1000
    link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
       valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default
    link/ether b6:0c:00:22:f1:4a brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.87/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::b40c:ff:fe22:f14a/64 scope link
       valid_lft forever preferred_lft forever
9: vb-poppy: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether 0e:9a:d7:18:a3:59 brd ff:ff:ff:ff:ff:ff
$ ip route
default via 192.168.1.254 dev br0  proto static
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.87
 % brctl show
bridge name     bridge id                 STP enabled            interfaces
      br0        8000.b60c0022f14a         no                          enp7s0

             vb-poppy
---------------------------------------------------------------

I used to boot the container this way :
# systemd-nspawn --network-bridge=br0 -bD /path_to/my_container

Is this correct?

          *****************
Now on the container side:

Nothing configured. NetworkManager enabled, systemd-networkd enabled
and started.

-------------------------------
$ ip a
2: host0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
default qlen 1000
    link/ether 0e:7f:c3:fb:25:b1 brd ff:ff:ff:ff:ff:ff
-------------------------------------
host0 is down

$ journalctl -x
..................
-- Unit NetworkManager.service has begun starting up.
Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
ebtables not usable, disabling ethernet bridge firewall.
Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 FATAL ERROR:
No IPv4 and IPv6 firewall.
Apr 27 13:18:01 poppy firewalld[35]: 2015-04-27 13:18:01 ERROR:
Raising SystemExit in run_server
Apr 27 13:18:01 poppy NetworkManager[67]: <info>  NetworkManager
(version 1.0.0-8.fc22) is starting...
Apr 27 13:18:01 poppy NetworkManager[67]: <info>  Read config:
/etc/NetworkManager/NetworkManager.conf
Apr 27 13:18:01 poppy NetworkManager[67]: <info>  WEXT support is enabled
Apr 27 13:18:01 poppy NetworkManager[67]: <warn>  Could not get
hostname: failed to read /etc/sysconfig/network
Apr 27 13:18:01 poppy NetworkManager[67]: <info>  Acquired D-Bus
service com.redhat.ifcfgrh1
..........................................................

Obviously my old fashioned way to give two IP adress does not work,
and I can't find any other idea/way to do the setup.
Is this firewall story in journalctl the culprit? I do not want any
basic firewall as hardening will be done with Apparmor  (already built
in the kernel) and grsec in a second step.
Hint: I run a custom kernel. Maybe did I miss some network settings ?

Thank you for hints

-- 

google.com/+arnaudgabourygabx