On Tue, Jan 29, 2013 at 1:05 PM, Michael Mol <mike...@gmail.com> wrote: > On Tue, Jan 29, 2013 at 1:57 PM, Canek Peláez Valdés <can...@gmail.com> wrote: >> On Tue, Jan 29, 2013 at 10:32 AM, Stefan G. Weichinger <li...@xunil.at> >> wrote: >>> Am 28.01.2013 22:49, schrieb Stefan G. Weichinger: >>> >>>>>> ps: my bigger hurdle will be the bridging-setup for running >>>>>> KVM-virtualization. This was one of the reasons to go back to openrc >>>>>> back then. >>>>> >>>>> I have no experience with that, but if it works in OpenRC it should >>>>> work in systemd. Probably better, even. >>>> >>>> I don't think it won't work, I just wonder how to do it in the right and >>>> most efficient way. I will think about that later/tomorrow maybe, >>>> already late here ... >>> >>> I have a *draft* here for bridge.service ... I used the init.d-script >>> from here as a template: >>> >>> http://en.gentoo-wiki.com/wiki/KVM#Script_to_ease_the_configuration >>> >>> (I used a variation of that as /etc/init.d/kvm for long now) >>> >>> My service-file reads variables from a separated configfile: >>> >>> # cat /etc/conf.d/network_systemd >>> interface=eth0 >>> address=172.32.99.12 >>> netmask=255.255.255.0 >>> broadcast=172.32.99.255 >>> gateway=172.32.99.250 >>> bridge_name=br0 >>> tap_name=qtap0 >>> user=sgw >>> >>> >>> and it currently looks like this: >>> >>> # cat /etc/systemd/system/bridge.service >>> [Unit] >>> Description=network bridge for KVM >>> After=network.target >>> >>> [Service] >>> Type=oneshot >>> RemainAfterExit=yes >>> >>> EnvironmentFile=/etc/conf.d/network_systemd >>> >>> ExecStart=/sbin/brctl addbr ${bridge_name} >>> ExecStart=/usr/bin/tunctl -b -u ${user} -t ${tap_name} >>> ExecStart=/bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up >>> ExecStart=/bin/ifconfig ${interface} up >>> ExecStart=/bin/ifconfig ${tap_name} up 0.0.0.0 promisc >>> ExecStart=/sbin/brctl addif ${bridge_name} ${tap_name} ${interface} >>> ExecStart=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1 >>> ExecStart=iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE >>> ExecStart=/bin/ip route add default via ${gateway} >>> >>> ExecStop=/bin/ip route del default via ${gateway} >>> ExecStop=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0 >>> ExecStop=/bin/ifconfig ${tap_name} down >>> ExecStop=/sbin/brctl delif ${bridge_name} ${tap_name} >>> ExecStop=/usr/bin/tunctl -d ${tap_name} >>> ExecStop=/bin/ifconfig ${bridge_name} down >>> ExecStop=/bin/ifconfig ${interface} down >>> ExecStop=/sbin/brctl delbr ${bridge_name} >>> ExecStop=iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE >>> >>> [Install] >>> WantedBy=multi-user.target >>> >>> ---------- >>> >>> I disabled network.service and enabled bridge.service, works fine so >>> far, I already tested connectivity from KVM-VMs. >>> >>> I am sure that this quite fresh and bloody, suggestions welcome as >>> always ... >> >> If it works, it works. It just looks... wrong :D >> >> If you really need so much commands from your unit, you can use a script: >> >> ------------------------------------------------------------------------ >> $ cat /usr/local/bin/kvm-brigdge >> #!/bin/sh >> >> source /etc/conf.d/network_systemd >> >> case "${1}" in >> start) >> /sbin/brctl addbr ${bridge_name} >> /usr/bin/tunctl -b -u ${user} -t ${tap_name} >> /bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up >> /bin/ifconfig ${interface} up >> /bin/ifconfig ${tap_name} up 0.0.0.0 promisc >> /sbin/brctl addif ${bridge_name} ${tap_name} ${interface} >> /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1 >> iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE >> /bin/ip route add default via ${gateway} >> ;; >> stop) >> /bin/ip route del default via ${gateway} >> /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0 >> /bin/ifconfig ${tap_name} down >> /sbin/brctl delif ${bridge_name} ${tap_name} >> /usr/bin/tunctl -d ${tap_name} >> /bin/ifconfig ${bridge_name} down >> /bin/ifconfig ${interface} down >> /sbin/brctl delbr ${bridge_name} >> iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE >> ;; >> esac >> >> ------------------------------------------------------------------------ >> $ cat /etc/systemd/system/kvm-bridge.service >> [Unit] >> Description=network bridge for KVM >> After=network.target >> >> [Service] >> Type=oneshot >> RemainAfterExit=yes >> >> ExecStart=/usr/local/bin/kvm-brigdge start >> ExecStop=/usr/local/bin/kvm-brigdge stop >> >> [Install] >> WantedBy=multi-user.target >> >> As I have been saying all this years: that systemd can work without >> using scripts, doesn't mean that it isn't able to use them. I use a >> couple of them myself; I think this is a perfect example of one. Your >> unit file then it's small and simple, as all of them should be. >> >> Remember that /usr/local/bin/kvm-brigdge needs to be executable. > > I'll note that in your version, you're ignoring the exit statuses of > each of those commands. From a correctness standpoint, I prefer > Stefan's version.
I really believe the most important thing abount systemd unit files is that they are small and simple. You can also check the exit status from each command in the script, or even better, you can do a test after all the commands are done to check the status of the bridge and see if it was created correctly. None of this belongs in the unit service, IMO. Otherwise, you end creating ssh keys and user groups in unit files, and none of this belongs there. Clear separation between the services and the init system. But of course, as I said to Stefan, if it works it works. Regards. -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México
