[arch-general] Bridge interface with netctl

arnaud gaboury arnaud.gaboury at gmail.com
Wed Feb 26 03:11:33 EST 2014 

>
> This profile is wrong. Here is the right one:
> ---
> $ cat /etc/netctl/lxc_lan_bridge
> Description="LAN bridge for LXC containers"
> Connection=bridge
> Interface=br0
> SkipNoCarrier="yes"
> BindsToInterfaces=()
> IP=static
> Address=(10.137.0.1/24)
> ---
> Also, since you are running systemd >= 209, you can use networkd. Here are the
> config files:
> ---
> $ cat /etc/systemd/network/lxc_bridge.netdev
> [NetDev]
> Name=br0
> Kind=bridge
> $ cat /etc/systemd/network/lxc_bridge.network
> [Match]
> Name=br0
>
> [Network]
> Description=LAN bridge for LXC containers
> DHCP=false
>
> [Address]
> Address=10.137.0.1/24
> ---

For now, I have a working setup, but I am not satisfied and I think I
can improve it.

*******
% cat /etc/netctl/dhcp-hortensia
Description='A basic dhcp ethernet connection'
Interface=enp7s0
Connection=ethernet
IP=dhcp
*********

This profile is enable and start at boot.


Then  I manually
# start bridge-hortensia

***********
 % cat /etc/netctl/bridge-hortensia
Description="Example Bridge connection"
Interface=br0
Connection=bridge
BindsToInterfaces=(enp7s0)
IP=dhcp
***************

What puzzles me is that IF I enable the bridge profile, my system
boots with a borken network with an empty /etc/resolv.conf. I would
like to overcome this issue. Shall I go static ? Shall I start a
specific profile before the other one? Why my resolv.conf is left
empty  when enabling both profiles ?

then my systemd-networkd :

******
% cat /etc/systemd/network/70-dahlia.netdev
[Match]
#Host=dahlia
Virtualization=container

[NetDev]
Name=br0
Kind=bridge
*******************
gabx at hortensia ➤➤ ~ % cat /etc/systemd/network/80-dahlia.network
[Match]
Virtualization=container
MACAddress=14:da:e9:b5:7a:88

[Network]
DHCP=yes

[Address]
Address=192.168.1.94

[Route]
Gateway=192.168.1.254
**********************

Nothing on the container side, no netctl profile.

This set up leave me with a working network. I can for example
http://my_public_ip and then be on the nginx welcome page.
But again this set up doesn't sound very academic neither solid to me.

last:

 % ip addr
2: enp7s0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master br0 state UP group default qlen 1000
    link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
       valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default
    link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.94/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
       valid_lft forever preferred_lft forever

As you can see, 192.168.1.94/24 is attached to br0, but no IP for my
eth interface.

Thank you for your help fine tuning this set up. It took me lots of
reading and work (yes) to find a way to setup correctly the container
network (and other). Documentation on container administered by
systemd-nspawn are spare if non existent. I am left with the systemd
man page and systemd-dev mailing list for lonely friends.

More information about the arch-general mailing list