[systemd-devel] How to add a second bridge to a nspawn container?
Lennart Poettering
lennart at poettering.net
Sun Jan 6 16:47:14 UTC 2019
On Do, 03.01.19 17:26, Wojtek Swiatek (w at swtk.info) wrote:
> Hello everyone,
>
> I have an nspawn container which is currently connected to a bridge on the
> host:
>
> root at srv /e/s/nspawn# cat domotique.nspawn
> [Exec]
> Boot=yes
> [Network]
> Bridge=br0
> #Bridge=wlx00c0ca384bd9
>
> This results in a host0 interface being present in the container.
> Everything works.
>
> I now would like to add another interface in the container, which would be
> bridged with a wireless card on the host. The commented out line above is
> my attempt to add another bridge but it failed with
So, first of all, the above (with the commented line uncommented)
won't work, since the "wlx00c0ca384bd9" interface is not a bridge, is
it?
More importantly though: nspawn's network interface handling is
designed around the concept of having one primary interface to the
host, and that is particularly well supported. This interface is
enabled through --network-veth, and it's name is "host0". As a special
shortcut for linking this interface to a bridge there is
--network-bridge=, which implies --network-veth, but allows you to add
the specified interface to a bridge in one go. This model follows the
rule that the common logic should be easy to reach, and it is. Now, in
some cases there's the need to have more veth links, in addition to
"host0", and for that there's --network-veth-extra=. With that you can
add arbitrary numbers of additional veth links, but it will just
create them, not do anything with them, and in particular nspawn will
not add them to any bridge or so, this is left for you to do. This
follows the logic that the uncommon case should be possible but
doesn't necessarily have to be easy.
In systemd unit files as well as in nspawn files we have two types of
settings: the ones that are a singleton setting taking a single
argument. And then those which may be used multiple times, to
configured multuple values, one after the other. If you use the former
kind multiple times in the same configuration file then each setting
overrides the earlier one. If you use the latter kind multiple times
in the same configuration file then each setting gets added to the
list.
Now, coming back to your .nspawn file above: Bridge= is the same as
--network-bridge= which is of the singleton kind. If you use it twice,
then you just override the earlier setting, and that ealier line will
have zero effect. The failure you are seeing originates from the
second line hence (for the reasons mentioned above), and only from
that, because the first line will simply be ignored...
To do what you want to do use --network-veth-extra= (on the cmdline)
or VirtualEthernetExtra= (in the .nspawn file), and use it for as many
interfaces you like. Then use a tool like "ip" or systemd-networkd to
add the veth links popping up on the host to a bridge.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list