summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/container.xml.in1
-rwxr-xr-xsrc/conf_mode/container.py13
2 files changed, 14 insertions, 0 deletions
diff --git a/interface-definitions/container.xml.in b/interface-definitions/container.xml.in
index b52054dd0..9b6d2369d 100644
--- a/interface-definitions/container.xml.in
+++ b/interface-definitions/container.xml.in
@@ -367,6 +367,7 @@
<multi/>
</properties>
</leafNode>
+ #include <include/interface/vrf.xml.i>
</children>
</tagNode>
<tagNode name="registry">
diff --git a/src/conf_mode/container.py b/src/conf_mode/container.py
index 3827f4c70..05595f86f 100755
--- a/src/conf_mode/container.py
+++ b/src/conf_mode/container.py
@@ -26,6 +26,8 @@ from vyos.config import Config
from vyos.configdict import dict_merge
from vyos.configdict import node_changed
from vyos.configdict import is_node_changed
+from vyos.configverify import verify_vrf
+from vyos.ifconfig import Interface
from vyos.util import call
from vyos.util import cmd
from vyos.util import run
@@ -250,6 +252,8 @@ def verify(container):
if v6_prefix > 1:
raise ConfigError(f'Only one IPv6 prefix can be defined for network "{network}"!')
+ # Verify VRF exists
+ verify_vrf(network_config)
# A network attached to a container can not be deleted
if {'network_remove', 'name'} <= set(container):
@@ -469,6 +473,15 @@ def apply(container):
if disabled_new:
call('systemctl daemon-reload')
+ # Start network and assign it to given VRF if requested. this can only be done
+ # after the containers got started as the podman network interface will
+ # only be enabled by the first container and yet I do not know how to enable
+ # the network interface in advance
+ if 'network' in container:
+ for network, network_config in container['network'].items():
+ tmp = Interface(f'podman-{network}')
+ tmp.set_vrf(network_config.get('vrf', ''))
+
return None
if __name__ == '__main__':