cni
cni copied to clipboard
containernetworking
How to use a bridge "virbr1" created by libvirt to run a container?
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind network usage question
Description
- I would like to use the following bridge "virbr1" created by libvirt to run a container.
# brctl show
bridge name bridge id STP enabled interfaces
cni0 8000.6a23de05fdd2 no
virbr0 8000.5254007fa2f3 yes virbr0-nic
virbr1 8000.525400ee6dae yes virbr1-nic
-
I would also like to set a custom IP when I start this container.
-
Are 1 and 2 doable using podman?
Technically yes. But are you sure you want to?
1/ You would need to create a cni config file which uses the bridge plugin "type": bridge and set "bridge": virbr1 and use "ipam": "host-local" (or static). an example using .conflist:
{
"name": "bridge-virbr1-range-chain",
"cniVersion": "0.4.0",
"plugins": [{
"type": "bridge",
"bridge": "virbr1",
"ipam": {
"type": "host-local",
"dataDir": "/var/lib/cni.d/networks",
"ranges": [
[{
"subnet": "192.168.111.0/24",
"gateway": "192.168.111.1"
}]
]
}
},
{
"name": "mytuning",
"type": "tuning",
"sysctl": {
"net.core.somaxconn": "501"
}
}
]
}
2/ For static IPAM you would specify the custom IP explicitly. For host-local, use CNI_ARGS to specify the IP address if the runtime doesn't currently support this. Note: using CNI_ARGS for setting IP address is deprecated, but still works. I use it for e.g. cnitool which doesn't support using runtime args to specify the static IP.
How would you keep libvirt from allocating the same IP to a VM? See above re do you want to do this?
export CNI_ARGS="IgnoreUnknown=1;IP=192.168.111.199"
$ ip addr show virbr1
8: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:78:95:38 brd ff:ff:ff:ff:ff:ff
inet 192.168.111.1/24 brd 192.168.111.255 scope global virbr1
valid_lft forever preferred_lft forever
$ sudo ./cnitool-virbr1-bridge.sh mccv1r0 plugins virbr1 add ens1 mcc-cni-test0
CNI_ARGS set to IgnoreUnknown=1;IP=192.168.111.199
CNI_PATH is /home/mcambria/go/src/github.com/mccv1r0/plugins/bin
NETCONFPATH is /home/mcambria/go/src/github.com/containernetworking
$ cnitool add bridge-virbr1-range-chain /var/run/netns/cni-test0
{
"cniVersion": "0.4.0",
"interfaces": [
{
"name": "virbr1",
"mac": "52:54:00:78:95:38"
},
{
"name": "vethfd6ac98f",
"mac": "62:4f:62:37:8a:de"
},
{
"name": "ens1",
"mac": "a2:3e:2d:d4:8d:f9",
"sandbox": "/var/run/netns/cni-test0"
}
],
"ips": [
{
"version": "4",
"interface": 2,
"address": "192.168.111.199/24",
"gateway": "192.168.111.1"
}
],
"dns": {}
}
$ ping 192.168.111.199
PING 192.168.111.199 (192.168.111.199) 56(84) bytes of data.
64 bytes from 192.168.111.199: icmp_seq=1 ttl=64 time=0.045 ms
64 bytes from 192.168.111.199: icmp_seq=2 ttl=64 time=0.029 ms
^C
--- 192.168.111.199 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1039ms
rtt min/avg/max/mdev = 0.029/0.037/0.045/0.008 ms
$
3/ If podman doesn't currently support specifying a static IP yet, use CNI_ARGS as shown. You need to put the cni conf/conflist which is setup to use virbr1 in a place where podman expects to find it (default location /etc/cni/net.d/ and name this config on the podman command line using --network=.
$ export CNI_ARGS="IgnoreUnknown=1;IP=10.89.2.199"
$ sudo -E podman run -p 80:80 -it --network="podman" -d fedora/apache
7bb32272f195c2181fb71e3436c0848eb6bf82d9855478b3ceb5e1f3ae1f8b81
$ curl 10.89.2.199:80
Apache
$
