pyrox.dev / nixpkgs
lol
fork atom

Add macvlan support for declarative containers

authored by

montag451 and committed by
Jörg Thalheim 4889c271 42a0fc43

+94
unified split
+12
nixos/modules/virtualisation/containers.nix
··· 476 ''; 477 }; 478 479 extraVeths = mkOption { 480 type = with types; attrsOf (submodule { options = networkOptions; }); 481 default = {}; ··· 654 ''} 655 ''} 656 INTERFACES="${toString cfg.interfaces}" 657 ${optionalString cfg.autoStart '' 658 AUTO_START=1 659 ''}
··· 476 ''; 477 }; 478 479 + macvlans = mkOption { 480 + type = types.listOf types.str; 481 + default = []; 482 + example = [ "eth1" "eth2" ]; 483 + description = '' 484 + The list of host interfaces from which macvlans will be 485 + created. For each interface specified, a macvlan interface 486 + will be created and moved to the container. 487 + ''; 488 + }; 489 + 490 extraVeths = mkOption { 491 type = with types; attrsOf (submodule { options = networkOptions; }); 492 default = {}; ··· 665 ''} 666 ''} 667 INTERFACES="${toString cfg.interfaces}" 668 + MACVLANS="${toString cfg.macvlans}" 669 ${optionalString cfg.autoStart '' 670 AUTO_START=1 671 ''}
+82
nixos/tests/containers-macvlans.nix
···
··· 1 + # Test for NixOS' container support. 2 + 3 + let 4 + # containers IP on VLAN 1 5 + containerIp1 = "192.168.1.253"; 6 + containerIp2 = "192.168.1.254"; 7 + in 8 + 9 + import ./make-test.nix ({ pkgs, ...} : { 10 + name = "containers-macvlans"; 11 + meta = with pkgs.stdenv.lib.maintainers; { 12 + maintainers = [ montag451 ]; 13 + }; 14 + 15 + nodes = { 16 + 17 + machine1 = 18 + { config, pkgs, lib, ... }: 19 + { 20 + virtualisation.memorySize = 256; 21 + virtualisation.vlans = [ 1 ]; 22 + 23 + # To be able to ping containers from the host, it is necessary 24 + # to create a macvlan on the host on the VLAN 1 network. 25 + networking.macvlans.mv-eth1-host = { 26 + interface = "eth1"; 27 + mode = "bridge"; 28 + }; 29 + networking.interfaces.eth1.ip4 = lib.mkForce []; 30 + networking.interfaces.mv-eth1-host = { 31 + ip4 = [ { address = "192.168.1.1"; prefixLength = 24; } ]; 32 + }; 33 + 34 + containers.test1 = { 35 + autoStart = true; 36 + macvlans = [ "eth1" ]; 37 + 38 + config = { 39 + networking.interfaces.mv-eth1 = { 40 + ip4 = [ { address = containerIp1; prefixLength = 24; } ]; 41 + }; 42 + }; 43 + }; 44 + 45 + containers.test2 = { 46 + autoStart = true; 47 + macvlans = [ "eth1" ]; 48 + 49 + config = { 50 + networking.interfaces.mv-eth1 = { 51 + ip4 = [ { address = containerIp2; prefixLength = 24; } ]; 52 + }; 53 + }; 54 + }; 55 + }; 56 + 57 + machine2 = 58 + { config, pkgs, ... }: 59 + { 60 + virtualisation.memorySize = 256; 61 + virtualisation.vlans = [ 1 ]; 62 + }; 63 + 64 + }; 65 + 66 + testScript = '' 67 + startAll; 68 + $machine1->waitForUnit("default.target"); 69 + $machine2->waitForUnit("default.target"); 70 + 71 + # Ping between containers to check that macvlans are created in bridge mode 72 + $machine1->succeed("nixos-container run test1 -- ping -n -c 1 ${containerIp2}"); 73 + 74 + # Ping containers from the host (machine1) 75 + $machine1->succeed("ping -n -c 1 ${containerIp1}"); 76 + $machine1->succeed("ping -n -c 1 ${containerIp2}"); 77 + 78 + # Ping containers from the second machine to check that containers are reachable from the outside 79 + $machine2->succeed("ping -n -c 1 ${containerIp1}"); 80 + $machine2->succeed("ping -n -c 1 ${containerIp2}"); 81 + ''; 82 + })