From f206eab5753bd9ee2d5b1126c6ec5a18e75cac89 Mon Sep 17 00:00:00 2001 From: Hiroyuki Ishii Date: Thu, 14 Jul 2022 16:23:37 +0900 Subject: [PATCH] agl-lxc: Enable network bridge via lxc-net On lxc-host-image-demo, network (physical ethernet) is statically assigned to the ivi-guest space currently. This may be a bit problematic since the other guests and also host can't use network for some future usecases, for example we can't login to host by ssh. This change enables network bridge settings via lxc-net to solve this problem. Bug-AGL: SPEC-4475 Signed-off-by: Hiroyuki Ishii Change-Id: Ic1a39b64de932f67b7be833d469ef1a80e0c52c9 --- .../lxc-config/lxc-config-ivi-demo/network.in | 7 ++++--- meta-agl-lxc/recipes-container/lxc/files/lxc-net.service | 15 +++++++++++++++ meta-agl-lxc/recipes-container/lxc/lxc_%.bbappend | 11 ++++++++--- .../recipes-demo/mominavi/mominavi/mominavi.service | 4 ++-- meta-agl-lxc/recipes-kernel/linux/linux/lxc-net.cfg | 5 +++++ meta-agl-lxc/recipes-kernel/linux/linux_lxc.inc | 3 ++- .../recipes-platform/images/lxc-host-image-demo.bb | 13 +++++++++++++ 7 files changed, 49 insertions(+), 9 deletions(-) create mode 100644 meta-agl-lxc/recipes-container/lxc/files/lxc-net.service create mode 100644 meta-agl-lxc/recipes-kernel/linux/linux/lxc-net.cfg diff --git a/meta-agl-lxc/dynamic-layers/meta-rcar-gen3/recipes-container/lxc-config/lxc-config-ivi-demo/network.in b/meta-agl-lxc/dynamic-layers/meta-rcar-gen3/recipes-container/lxc-config/lxc-config-ivi-demo/network.in index 5af82a2b..6545b1ad 100644 --- a/meta-agl-lxc/dynamic-layers/meta-rcar-gen3/recipes-container/lxc-config/lxc-config-ivi-demo/network.in +++ b/meta-agl-lxc/dynamic-layers/meta-rcar-gen3/recipes-container/lxc-config/lxc-config-ivi-demo/network.in @@ -1,4 +1,5 @@ # lxc network setting -lxc.net.0.type = phys -lxc.net.0.link = eth0 - +lxc.net.0.type = veth +lxc.net.0.link = lxcbr0 +lxc.net.0.flags = up +lxc.net.0.hwaddr = 00:16:3e:69:87:a4 diff --git a/meta-agl-lxc/recipes-container/lxc/files/lxc-net.service b/meta-agl-lxc/recipes-container/lxc/files/lxc-net.service new file mode 100644 index 00000000..1b6e8451 --- /dev/null +++ b/meta-agl-lxc/recipes-container/lxc/files/lxc-net.service @@ -0,0 +1,15 @@ +[Unit] +Description=LXC network bridge setup +After=network-online.target systemd-resolved.service +Before=lxc.service +Documentation=man:lxc +ConditionVirtualization=!lxc + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=@LIBEXECDIR@/lxc/lxc-net start +ExecStop=@LIBEXECDIR@/lxc/lxc-net stop + +[Install] +WantedBy=multi-user.target diff --git a/meta-agl-lxc/recipes-container/lxc/lxc_%.bbappend b/meta-agl-lxc/recipes-container/lxc/lxc_%.bbappend index b8456f7f..75ab98c0 100644 --- a/meta-agl-lxc/recipes-container/lxc/lxc_%.bbappend +++ b/meta-agl-lxc/recipes-container/lxc/lxc_%.bbappend @@ -4,11 +4,16 @@ SYSTEMD_AUTO_ENABLE:${PN} = "enable" FILESEXTRAPATHS:prepend := "${THISDIR}/files:" -SRC_URI += "file://lxc.service" +SRC_URI += " \ + file://lxc.service \ + file://lxc-net.service \ + " do_install:append () { - install -D -m 0644 ${WORKDIR}/lxc.service ${D}${systemd_system_unitdir}/lxc.service - sed -i -e 's,@LIBEXECDIR@,${libexecdir},g' ${D}${systemd_system_unitdir}/lxc.service + for service in lxc.service lxc-net.service; do + install -D -m 0644 ${WORKDIR}/$service ${D}${systemd_system_unitdir}/$service + sed -i -e 's,@LIBEXECDIR@,${libexecdir},g' ${D}${systemd_system_unitdir}/$service + done } # NOTE: diff --git a/meta-agl-lxc/recipes-demo/mominavi/mominavi/mominavi.service b/meta-agl-lxc/recipes-demo/mominavi/mominavi/mominavi.service index 4dcba06b..b49609e0 100644 --- a/meta-agl-lxc/recipes-demo/mominavi/mominavi/mominavi.service +++ b/meta-agl-lxc/recipes-demo/mominavi/mominavi/mominavi.service @@ -1,7 +1,7 @@ [Unit] Description=mominavi -After=multi-user.target weston.service -Requires=multi-user.target weston.service +After=multi-user.target weston.service network-online.target +Requires=multi-user.target weston.service network-online.target [Service] Type=simple diff --git a/meta-agl-lxc/recipes-kernel/linux/linux/lxc-net.cfg b/meta-agl-lxc/recipes-kernel/linux/linux/lxc-net.cfg new file mode 100644 index 00000000..e9bd7b80 --- /dev/null +++ b/meta-agl-lxc/recipes-kernel/linux/linux/lxc-net.cfg @@ -0,0 +1,5 @@ +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m +CONFIG_IP_NF_FILTER=m +CONFIG_NF_NAT=m +CONFIG_NF_CONNTRACK=y diff --git a/meta-agl-lxc/recipes-kernel/linux/linux_lxc.inc b/meta-agl-lxc/recipes-kernel/linux/linux_lxc.inc index 327beb18..87e1edc5 100644 --- a/meta-agl-lxc/recipes-kernel/linux/linux_lxc.inc +++ b/meta-agl-lxc/recipes-kernel/linux/linux_lxc.inc @@ -3,7 +3,8 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/linux:" # Disable all other AGL provided kernel configuration (barring # base BSP provided configuration), and just enable a locally # provided fragment with minimal LXC required configuration. -AGL_KCONFIG_FRAGMENTS = "lxc.cfg" +AGL_KCONFIG_FRAGMENTS += "lxc.cfg " +AGL_KCONFIG_FRAGMENTS += "lxc-net.cfg " diff --git a/meta-agl-lxc/recipes-platform/images/lxc-host-image-demo.bb b/meta-agl-lxc/recipes-platform/images/lxc-host-image-demo.bb index 0be9c591..c7424f57 100644 --- a/meta-agl-lxc/recipes-platform/images/lxc-host-image-demo.bb +++ b/meta-agl-lxc/recipes-platform/images/lxc-host-image-demo.bb @@ -15,4 +15,17 @@ IMAGE_INSTALL += " \ wireplumber-config-agl \ " +# packages required for network bridge settings via lxc-net +IMAGE_INSTALL += " \ + lxc-networking \ + iptables-modules \ + dnsmasq \ + systemd-netif-config \ + kernel-module-xt-addrtype \ + kernel-module-xt-multiport \ +" + +# network manager to use +VIRTUAL-RUNTIME_net_manager = "systemd" + IMAGE_INSTALL:append:rcar-gen3 = " kernel-module-gles " -- 2.16.6