agl-lxc: Enable network bridge via lxc-net

On lxc-host-image-demo, network (physical ethernet) is statically
assigned to the ivi-guest space currently. This may be a bit
problematic since the other guests and also host can't use network
for some future usecases, for example we can't login to host by
ssh. This change enables network bridge settings via lxc-net to
solve this problem.

Bug-AGL: SPEC-4475

Signed-off-by: Hiroyuki Ishii <ishii.hiroyuki002@jp.panasonic.com>
Change-Id: Ic1a39b64de932f67b7be833d469ef1a80e0c52c9

diff --git a/meta-agl-lxc/dynamic-layers/meta-rcar-gen3/recipes-container/lxc-config/lxc-config-ivi-demo/network.in b/meta-agl-lxc/dynamic-layers/meta-rcar-gen3/recipes-container/lxc-config/lxc-config-ivi-demo/network.in
index 5af82a2..6545b1a 100644 (file)
--- a/meta-agl-lxc/dynamic-layers/meta-rcar-gen3/recipes-container/lxc-config/lxc-config-ivi-demo/network.in
+++ b/meta-agl-lxc/dynamic-layers/meta-rcar-gen3/recipes-container/lxc-config/lxc-config-ivi-demo/network.in
@@ -1,4 +1,5 @@
 # lxc network setting
-lxc.net.0.type = phys
-lxc.net.0.link = eth0
-
+lxc.net.0.type = veth
+lxc.net.0.link = lxcbr0
+lxc.net.0.flags = up
+lxc.net.0.hwaddr = 00:16:3e:69:87:a4

diff --git a/meta-agl-lxc/recipes-container/lxc/files/lxc-net.service b/meta-agl-lxc/recipes-container/lxc/files/lxc-net.service
new file mode 100644 (file)
index 0000000..1b6e845
--- /dev/null
+++ b/meta-agl-lxc/recipes-container/lxc/files/lxc-net.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=LXC network bridge setup
+After=network-online.target systemd-resolved.service
+Before=lxc.service
+Documentation=man:lxc
+ConditionVirtualization=!lxc
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=@LIBEXECDIR@/lxc/lxc-net start
+ExecStop=@LIBEXECDIR@/lxc/lxc-net stop
+
+[Install]
+WantedBy=multi-user.target

diff --git a/meta-agl-lxc/recipes-container/lxc/lxc_%.bbappend b/meta-agl-lxc/recipes-container/lxc/lxc_%.bbappend
index b8456f7..75ab98c 100644 (file)
--- a/meta-agl-lxc/recipes-container/lxc/lxc_%.bbappend
+++ b/meta-agl-lxc/recipes-container/lxc/lxc_%.bbappend
@@ -4,11 +4,16 @@ SYSTEMD_AUTO_ENABLE:${PN} = "enable"
 
 FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
 
-SRC_URI += "file://lxc.service"
+SRC_URI += " \
+    file://lxc.service \
+    file://lxc-net.service \
+    "
 
 do_install:append () {
-    install -D -m 0644 ${WORKDIR}/lxc.service ${D}${systemd_system_unitdir}/lxc.service
-    sed -i -e 's,@LIBEXECDIR@,${libexecdir},g' ${D}${systemd_system_unitdir}/lxc.service
+    for service in lxc.service lxc-net.service; do
+        install -D -m 0644 ${WORKDIR}/$service ${D}${systemd_system_unitdir}/$service
+        sed -i -e 's,@LIBEXECDIR@,${libexecdir},g' ${D}${systemd_system_unitdir}/$service
+    done
 }
 
 # NOTE:

diff --git a/meta-agl-lxc/recipes-demo/mominavi/mominavi/mominavi.service b/meta-agl-lxc/recipes-demo/mominavi/mominavi/mominavi.service
index 4dcba06..b49609e 100644 (file)
--- a/meta-agl-lxc/recipes-demo/mominavi/mominavi/mominavi.service
+++ b/meta-agl-lxc/recipes-demo/mominavi/mominavi/mominavi.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=mominavi
-After=multi-user.target weston.service
-Requires=multi-user.target weston.service
+After=multi-user.target weston.service network-online.target
+Requires=multi-user.target weston.service network-online.target
 
 [Service]
 Type=simple

diff --git a/meta-agl-lxc/recipes-kernel/linux/linux/lxc-net.cfg b/meta-agl-lxc/recipes-kernel/linux/linux/lxc-net.cfg
new file mode 100644 (file)
index 0000000..e9bd7b8
--- /dev/null
+++ b/meta-agl-lxc/recipes-kernel/linux/linux/lxc-net.cfg
@@ -0,0 +1,5 @@
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
+CONFIG_IP_NF_FILTER=m
+CONFIG_NF_NAT=m
+CONFIG_NF_CONNTRACK=y

diff --git a/meta-agl-lxc/recipes-kernel/linux/linux_lxc.inc b/meta-agl-lxc/recipes-kernel/linux/linux_lxc.inc
index 327beb1..87e1edc 100644 (file)
--- a/meta-agl-lxc/recipes-kernel/linux/linux_lxc.inc
+++ b/meta-agl-lxc/recipes-kernel/linux/linux_lxc.inc
@@ -3,7 +3,8 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/linux:"
 # Disable all other AGL provided kernel configuration (barring
 # base BSP provided configuration), and just enable a locally
 # provided fragment with minimal LXC required configuration.
-AGL_KCONFIG_FRAGMENTS = "lxc.cfg"
+AGL_KCONFIG_FRAGMENTS += "lxc.cfg "
+AGL_KCONFIG_FRAGMENTS += "lxc-net.cfg "
 
 
 

diff --git a/meta-agl-lxc/recipes-platform/images/lxc-host-image-demo.bb b/meta-agl-lxc/recipes-platform/images/lxc-host-image-demo.bb
index 0be9c59..c7424f5 100644 (file)
--- a/meta-agl-lxc/recipes-platform/images/lxc-host-image-demo.bb
+++ b/meta-agl-lxc/recipes-platform/images/lxc-host-image-demo.bb
@@ -15,4 +15,17 @@ IMAGE_INSTALL += " \
     wireplumber-config-agl \
 "
 
+# packages required for network bridge settings via lxc-net
+IMAGE_INSTALL += " \
+    lxc-networking \
+    iptables-modules \
+    dnsmasq \
+    systemd-netif-config \
+    kernel-module-xt-addrtype \
+    kernel-module-xt-multiport \
+"
+
+# network manager to use
+VIRTUAL-RUNTIME_net_manager = "systemd"
+
 IMAGE_INSTALL:append:rcar-gen3 = " kernel-module-gles "