diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-04-02 09:27:03 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-04-02 09:53:39 +0200 |
| commit | b65296a0ff39e66d87e916971477cce351f6d5a5 (patch) | |
| tree | 52df62a17826126166de9d26376d687bb6217ded | |
| parent | 809f28f2b95a788d23db006a041955e7167a285d (diff) | |
| download | vyos-1x-b65296a0ff39e66d87e916971477cce351f6d5a5.tar.gz vyos-1x-b65296a0ff39e66d87e916971477cce351f6d5a5.zip | |
container: T5134: support binding container network to specific VRF
Container networks now can be bound to a specific VRF instance.
set vrf name <foo> table <xxx>
set container network <name> vrf <foo>
| -rw-r--r-- | interface-definitions/container.xml.in | 1 | ||||
| -rwxr-xr-x | src/conf_mode/container.py | 13 |
2 files changed, 14 insertions, 0 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in index b52054dd0..9b6d2369d 100644 --- a/interface-definitions/container.xml.in +++ b/interface-definitions/container.xml.in @@ -367,6 +367,7 @@ <multi/> </properties> </leafNode> + #include <include/interface/vrf.xml.i> </children> </tagNode> <tagNode name="registry"> diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py index 3827f4c70..05595f86f 100755 --- a/src/conf_mode/container.py +++ b/src/conf_mode/container.py @@ -26,6 +26,8 @@ from vyos.config import Config from vyos.configdict import dict_merge from vyos.configdict import node_changed from vyos.configdict import is_node_changed +from vyos.configverify import verify_vrf +from vyos.ifconfig import Interface from vyos.util import call from vyos.util import cmd from vyos.util import run @@ -250,6 +252,8 @@ def verify(container): if v6_prefix > 1: raise ConfigError(f'Only one IPv6 prefix can be defined for network "{network}"!') + # Verify VRF exists + verify_vrf(network_config) # A network attached to a container can not be deleted if {'network_remove', 'name'} <= set(container): @@ -469,6 +473,15 @@ def apply(container): if disabled_new: call('systemctl daemon-reload') + # Start network and assign it to given VRF if requested. this can only be done + # after the containers got started as the podman network interface will + # only be enabled by the first container and yet I do not know how to enable + # the network interface in advance + if 'network' in container: + for network, network_config in container['network'].items(): + tmp = Interface(f'podman-{network}') + tmp.set_vrf(network_config.get('vrf', '')) + return None if __name__ == '__main__': |