From 2187536f80b91f2417c044a7b76e2df865a4f237 Mon Sep 17 00:00:00 2001 From: Ricardo Pardini Date: Fri, 16 Aug 2024 10:26:45 +0200 Subject: [PATCH 1/2] hook: vlan.sh: fix 'parse_cmdline' bug; if no hw_addr specified, default ifname to eth0 - `parse_cmdline` is actually `parse_kernel_cmdline_for` - no reason to double-newline results - allow for simple vlan_id=xxx without hwaddr for single-interface or first-interface VLAN scenarios Signed-off-by: Ricardo Pardini --- files/vlan.sh | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/files/vlan.sh b/files/vlan.sh index 165a9c1c..449ccdd7 100755 --- a/files/vlan.sh +++ b/files/vlan.sh @@ -26,7 +26,7 @@ function parse_kernel_cmdline_for() { if [ -z "${result}" ]; then return 1 else - printf "%s\n" "$result" + printf "%s" "$result" fi } @@ -43,15 +43,14 @@ function add_vlan_interface() { # check if hw_addr are set in the kernel commandline, otherwise return. if ! kernel_cmdline_exists hw_addr; then - echo "No hw_addr=xx:xx:xx:xx:xx:xx set in kernel commandline; no VLAN handling." >&2 - return + echo "No hw_addr=xx:xx:xx:xx:xx:xx set in kernel commandline." >&2 fi echo "Starting VLAN handling, parsing..." >&2 declare vlan_id hw_addr - vlan_id="$(parse_cmdline vlan_id)" - hw_addr="$(parse_cmdline hw_addr)" + vlan_id="$(parse_kernel_cmdline_for vlan_id)" + hw_addr="$(parse_kernel_cmdline_for hw_addr)" echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}'" >&2 @@ -60,21 +59,23 @@ function add_vlan_interface() { echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', searching for interface..." >&2 ifname="$(ip -br link | awk '$3 ~ /'"${hw_addr}"'/ {print $1}')" echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', found interface: '${ifname}'" >&2 - if [ -n "$ifname" ]; then - echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', adding VLAN interface..." >&2 - ip link set dev "${ifname}" up || true - ip link add link "${ifname}" name "${ifname}.${vlan_id}" type vlan id "${vlan_id}" || true - ip link set "${ifname}.${vlan_id}" up || true - echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', added VLAN interface: '${ifname}.${vlan_id}'" >&2 - return 0 - else - echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', no interface found for hw_addr." >&2 - return 3 - fi else - echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', no hw_addr found in kernel commandline." >&2 - return 2 + echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', no hw_addr found in kernel commandline; default ifname to eth0." >&2 + ifname="eth0" fi + + if [ -n "$ifname" ]; then + echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', adding VLAN interface..." >&2 + ip link set dev "${ifname}" up || true + ip link add link "${ifname}" name "${ifname}.${vlan_id}" type vlan id "${vlan_id}" || true + ip link set "${ifname}.${vlan_id}" up || true + echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', added VLAN interface: '${ifname}.${vlan_id}'" >&2 + return 0 + else + echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', no interface found for hw_addr." >&2 + return 3 + fi + else echo "VLAN handling - vlan_id: '${vlan_id}', hw_addr: '${hw_addr}', no vlan_id found in kernel commandline." >&2 return 1 From 145a87750a963f8d4cc56408d304e6d8dbc8b969 Mon Sep 17 00:00:00 2001 From: Ricardo Pardini Date: Fri, 16 Aug 2024 15:45:38 +0200 Subject: [PATCH 2/2] hook: introduce hook-ip container for vlan.sh - Based on linuxkit/ip pkg, sans wireguard stuff; add GNU sed needed for /proc/cmdline parsing Signed-off-by: Ricardo Pardini --- bash/hook-lk-containers.sh | 1 + bash/linuxkit.sh | 5 +++-- images/hook-ip/Dockerfile | 23 +++++++++++++++++++++++ linuxkit-templates/hook.template.yaml | 3 ++- 4 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 images/hook-ip/Dockerfile diff --git a/bash/hook-lk-containers.sh b/bash/hook-lk-containers.sh index 7c9ce845..1c9a8a87 100644 --- a/bash/hook-lk-containers.sh +++ b/bash/hook-lk-containers.sh @@ -7,6 +7,7 @@ function build_all_hook_linuxkit_containers() { # when adding new container builds here you'll also want to add them to the # `linuxkit_build` function in the linuxkit.sh file. # # NOTE: linuxkit containers must be in the images/ directory + build_hook_linuxkit_container hook-ip HOOK_CONTAINER_IP_IMAGE build_hook_linuxkit_container hook-bootkit HOOK_CONTAINER_BOOTKIT_IMAGE build_hook_linuxkit_container hook-docker HOOK_CONTAINER_DOCKER_IMAGE build_hook_linuxkit_container hook-mdev HOOK_CONTAINER_MDEV_IMAGE diff --git a/bash/linuxkit.sh b/bash/linuxkit.sh index 94edfaf7..bf4dea0d 100644 --- a/bash/linuxkit.sh +++ b/bash/linuxkit.sh @@ -50,7 +50,7 @@ function linuxkit_build() { fi # Build the containers in this repo used in the LinuxKit YAML; - build_all_hook_linuxkit_containers # sets HOOK_CONTAINER_BOOTKIT_IMAGE, HOOK_CONTAINER_DOCKER_IMAGE, HOOK_CONTAINER_MDEV_IMAGE, HOOK_CONTAINER_CONTAINERD_IMAGE + build_all_hook_linuxkit_containers # sets HOOK_CONTAINER_IP_IMAGE, HOOK_CONTAINER_BOOTKIT_IMAGE, HOOK_CONTAINER_DOCKER_IMAGE, HOOK_CONTAINER_MDEV_IMAGE, HOOK_CONTAINER_CONTAINERD_IMAGE # Template the linuxkit configuration file. # - You'd think linuxkit would take --build-args or something by now, but no. @@ -64,12 +64,13 @@ function linuxkit_build() { # shellcheck disable=SC2016 # I'm using single quotes to avoid shell expansion, envsubst wants the dollar signs. cat "linuxkit-templates/${kernel_info['TEMPLATE']}.template.yaml" | HOOK_KERNEL_IMAGE="${kernel_oci_image}" HOOK_KERNEL_ID="${inventory_id}" HOOK_KERNEL_VERSION="${kernel_oci_version}" \ + HOOK_CONTAINER_IP_IMAGE="${HOOK_CONTAINER_IP_IMAGE}" \ HOOK_CONTAINER_BOOTKIT_IMAGE="${HOOK_CONTAINER_BOOTKIT_IMAGE}" \ HOOK_CONTAINER_DOCKER_IMAGE="${HOOK_CONTAINER_DOCKER_IMAGE}" \ HOOK_CONTAINER_MDEV_IMAGE="${HOOK_CONTAINER_MDEV_IMAGE}" \ HOOK_CONTAINER_CONTAINERD_IMAGE="${HOOK_CONTAINER_CONTAINERD_IMAGE}" \ HOOK_CONTAINER_RUNC_IMAGE="${HOOK_CONTAINER_RUNC_IMAGE}" \ - envsubst '$HOOK_VERSION $HOOK_KERNEL_IMAGE $HOOK_KERNEL_ID $HOOK_KERNEL_VERSION $HOOK_CONTAINER_BOOTKIT_IMAGE $HOOK_CONTAINER_DOCKER_IMAGE $HOOK_CONTAINER_MDEV_IMAGE $HOOK_CONTAINER_CONTAINERD_IMAGE $HOOK_CONTAINER_RUNC_IMAGE' \ + envsubst '$HOOK_VERSION $HOOK_KERNEL_IMAGE $HOOK_KERNEL_ID $HOOK_KERNEL_VERSION $HOOK_CONTAINER_IP_IMAGE $HOOK_CONTAINER_BOOTKIT_IMAGE $HOOK_CONTAINER_DOCKER_IMAGE $HOOK_CONTAINER_MDEV_IMAGE $HOOK_CONTAINER_CONTAINERD_IMAGE $HOOK_CONTAINER_RUNC_IMAGE' \ > "hook.${inventory_id}.yaml" declare -g linuxkit_bin="" diff --git a/images/hook-ip/Dockerfile b/images/hook-ip/Dockerfile new file mode 100644 index 00000000..17bb8d29 --- /dev/null +++ b/images/hook-ip/Dockerfile @@ -0,0 +1,23 @@ +FROM linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e AS mirror +RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/ +RUN apk add curl +RUN apk add --no-cache --initdb -p /out \ + alpine-baselayout \ + bash \ + busybox \ + iproute2 \ + iptables \ + ebtables \ + ipvsadm \ + bridge-utils \ + musl \ + sed + +# Remove apk residuals +RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache + +FROM scratch +ENTRYPOINT [] +CMD [] +WORKDIR / +COPY --from=mirror /out/ / diff --git a/linuxkit-templates/hook.template.yaml b/linuxkit-templates/hook.template.yaml index 18529d51..26db724d 100644 --- a/linuxkit-templates/hook.template.yaml +++ b/linuxkit-templates/hook.template.yaml @@ -3,6 +3,7 @@ # - HOOK_KERNEL_IMAGE: ${HOOK_KERNEL_IMAGE} # - HOOK_KERNEL_ID: ${HOOK_KERNEL_ID} # - HOOK_KERNEL_VERSION: ${HOOK_KERNEL_VERSION} +# - HOOK_CONTAINER_IP_IMAGE: ${HOOK_CONTAINER_IP_IMAGE} # - HOOK_CONTAINER_BOOTKIT_IMAGE: ${HOOK_CONTAINER_BOOTKIT_IMAGE} # - HOOK_CONTAINER_DOCKER_IMAGE: ${HOOK_CONTAINER_DOCKER_IMAGE} # - HOOK_CONTAINER_MDEV_IMAGE: ${HOOK_CONTAINER_MDEV_IMAGE} @@ -38,7 +39,7 @@ onboot: command: [ "modprobe", "cdc_ncm" ] # for usb ethernet dongles - name: vlan - image: linuxkit/ip:v1.0.0 + image: "${HOOK_CONTAINER_IP_IMAGE}" capabilities: - all binds.add: