Editing Using private IPs for Hardware Nodes
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | + | This article describes how to assign public IPs to VEs running on OVZ Hardware Nodes in case you have a following network topology: | |
− | |||
− | This article describes how to assign public IPs to | ||
− | |||
[[Image:PrivateIPs_fig1.gif|An initial network topology]] | [[Image:PrivateIPs_fig1.gif|An initial network topology]] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Prerequisites == | == Prerequisites == | ||
− | + | This article assumes you have already [[Quick installation|installed OpenVZ]], prepared the [[OS template cache]](s) and have [[Basic_operations_in_OpenVZ_environment|VE(s) created]]. If not, follow the links to perform the steps needed. | |
− | + | {{Note|don't assign an IP after VE creation.}} | |
− | + | <br> | |
− | + | == (1) An OVZ Hardware Node has the only one ethernet interface == | |
− | |||
− | This article assumes you have already [[Quick installation|installed OpenVZ]], | ||
− | prepared the [[OS template cache]](s) and have | ||
− | [[Basic_operations_in_OpenVZ_environment| | ||
− | {{Note|don't assign an IP after | ||
− | |||
− | == An OVZ Hardware Node has the only one | ||
(assume eth0) | (assume eth0) | ||
− | === Hardware Node configuration === | + | === <u>Hardware Node configuration</u> === |
− | |||
− | |||
==== Create a bridge device ==== | ==== Create a bridge device ==== | ||
− | + | <pre>[HN]# brctl addbr br0</pre> | |
==== Remove an IP from eth0 interface ==== | ==== Remove an IP from eth0 interface ==== | ||
− | + | <pre>[HN]# ifconfig eth0 0</pre> | |
==== Add eth0 interface into the bridge ==== | ==== Add eth0 interface into the bridge ==== | ||
− | + | <pre>[HN]# brctl addif br0 eth0</pre> | |
==== Assign the IP to the bridge ==== | ==== Assign the IP to the bridge ==== | ||
(the same that was assigned on eth0 earlier) | (the same that was assigned on eth0 earlier) | ||
− | + | <pre>[HN]# ifconfig br0 10.0.0.2/24</pre> | |
==== Resurrect the default routing ==== | ==== Resurrect the default routing ==== | ||
− | + | <pre>[HN]# ip route add default via 10.0.0.1 dev br0</pre> | |
− | + | {{Note|if you are '''configuring''' the node '''remotely''' you '''must''' prepare a '''script''' with the above commands and run it in background with the redirected output or you'll '''lose the access''' to the Node.}} | |
==== A script example ==== | ==== A script example ==== | ||
Line 59: | Line 41: | ||
</pre> | </pre> | ||
− | + | <pre>[HN]# /tmp/br_add >/dev/null 2>&1 &</pre> | |
− | + | <br> | |
− | === | + | === <u>VE configuration</u> === |
− | ==== Start a | + | ==== Start a VE ==== |
− | + | <pre>[HN]# vzctl start 101</pre> | |
− | ==== Add a [[Virtual_Ethernet_device|veth interface]] to the | + | ==== Add a [[Virtual_Ethernet_device|veth interface]] to the VE ==== |
− | + | <pre>[HN]# vzctl set 101 --netif_add eth0 --save</pre> | |
− | ==== Set up an IP to the newly created | + | ==== Set up an IP to the newly created VE's veth interface ==== |
− | + | <pre>[HN]# vzctl exec 101 ifconfig eth0 85.86.87.195/26</pre> | |
− | ==== Add the | + | ==== Add the VE's veth interface to the bridge ==== |
− | + | <pre>[HN]# brctl addif br0 veth101.0</pre> | |
− | + | ==== Set up the default route for the VE ==== | |
− | + | <pre>[HN]# vzctl exec 101 ip route add default via 85.86.87.193 dev eth0</pre> | |
− | |||
− | ==== Set up the default route for the | ||
− | |||
− | ==== (Optional) Add | + | ==== (Optional) Add routes VE <-> HN ==== |
− | The above | + | The configuration above provides following connections available: |
− | + | <pre> | |
− | + | VE X <-> VE Y (where VE X and VE Y can locate on any OVZ HN) | |
+ | VE <-> Internet | ||
+ | </pre> | ||
+ | * A VE accessibility from the HN depends on if the local gateway provides NAT or not (probably - yes). | ||
+ | * A HN accessibility from a VE depends on if the ISP gateway is aware about the local network addresses (most probably - no). | ||
− | + | So to provide VE <-> HN accessibility despite the gateways' configuration you can add following route rules: | |
− | + | <pre> | |
− | + | [HN]# ip route add 85.86.87.195 dev br0 | |
− | + | [HN]# vzctl exec 101 ip route add 10.0.0.2 dev eth0 | |
− | + | </pre> | |
− | |||
− | So to provide | ||
− | |||
− | |||
− | |||
− | === | + | === <u>The resulted OVZ Node configuration</u> === |
− | [[Image:PrivateIPs_fig2.gif| | + | [[Image:PrivateIPs_fig2.gif|The resulted OVZ Node configuration]] |
− | === Making the configuration persistent === | + | === <u>Making the configuration persistent</u> === |
==== Set up a bridge on a HN ==== | ==== Set up a bridge on a HN ==== | ||
− | This can be done by configuring | + | This can be done by configuring <code>ifcfg-*</code> files located in <code>/etc/sysconfig/network-scripts/</code>. |
Assuming you had a configuration file (e.g. <code>ifcfg-eth0</code>) like: | Assuming you had a configuration file (e.g. <code>ifcfg-eth0</code>) like: | ||
Line 113: | Line 91: | ||
GATEWAY=10.0.0.1 | GATEWAY=10.0.0.1 | ||
</pre> | </pre> | ||
− | + | <br> | |
− | To | + | To make bridge <code>br0</code> automatically created you can create <code>ifcfg-br0</code>: |
<pre> | <pre> | ||
DEVICE=br0 | DEVICE=br0 | ||
Line 124: | Line 102: | ||
</pre> | </pre> | ||
− | and edit <code>ifcfg-eth0</code> to add | + | and edit <code>ifcfg-eth0</code> file to add <code>eth0</code> interface into the bridge <code>br0</code>: |
<pre> | <pre> | ||
DEVICE=eth0 | DEVICE=eth0 | ||
Line 131: | Line 109: | ||
</pre> | </pre> | ||
− | ==== Edit the | + | ==== Edit the VE's configuration ==== |
− | Add | + | Add some parameters to the <code>/etc/vz/conf/$VEID.conf</code> which will be used during the network configuration: |
− | * Add | + | * Add/change CONFIG_CUSTOMIZED="yes" (indicates that a custom script should be run on a VE start) |
− | * Add | + | * Add VETH_IP_ADDRESS="<VE IP>/<MASK>" (a VE can have multiple IPs separated by spaces) |
− | * Add | + | * Add VE_DEFAULT_GATEWAY="<VE DEFAULT GATEWAY>" |
+ | * Add BRIDGEDEV="<BRIDGE NAME>" (a bridge name to which the VE veth interface should be added) | ||
An example: | An example: | ||
<pre> | <pre> | ||
# Network customization section | # Network customization section | ||
+ | CONFIG_CUSTOMIZED="yes" | ||
VETH_IP_ADDRESS="85.86.87.195/26" | VETH_IP_ADDRESS="85.86.87.195/26" | ||
VE_DEFAULT_GATEWAY="85.86.87.193" | VE_DEFAULT_GATEWAY="85.86.87.193" | ||
Line 146: | Line 126: | ||
==== Create a custom network configuration script ==== | ==== Create a custom network configuration script ==== | ||
− | which should be called each time a | + | which should be called each time a VE started (e.g. <code>/usr/sbin/vznetcfg.custom</code>): |
<pre> | <pre> | ||
#!/bin/bash | #!/bin/bash | ||
# /usr/sbin/vznetcfg.custom | # /usr/sbin/vznetcfg.custom | ||
− | # a script to bring up bridged network interfaces (veth's) in a | + | # a script to bring up bridged network interfaces (veth's) in a VE |
GLOBALCONFIGFILE=/etc/vz/vz.conf | GLOBALCONFIGFILE=/etc/vz/vz.conf | ||
− | + | VECONFIGFILE=/etc/vz/conf/$VEID.conf | |
vzctl=/usr/sbin/vzctl | vzctl=/usr/sbin/vzctl | ||
− | |||
ip=/sbin/ip | ip=/sbin/ip | ||
− | |||
. $GLOBALCONFIGFILE | . $GLOBALCONFIGFILE | ||
− | . $ | + | . $VECONFIGFILE |
NETIF_OPTIONS=`echo $NETIF | sed 's/,/\n/g'` | NETIF_OPTIONS=`echo $NETIF | sed 's/,/\n/g'` | ||
for str in $NETIF_OPTIONS; do \ | for str in $NETIF_OPTIONS; do \ | ||
# getting 'ifname' parameter value | # getting 'ifname' parameter value | ||
− | if | + | if [[ "$str" =~ "^ifname=" ]]; then |
# remove the parameter name from the string (along with '=') | # remove the parameter name from the string (along with '=') | ||
− | + | VEIFNAME=${str#*=}; | |
fi | fi | ||
# getting 'host_ifname' parameter value | # getting 'host_ifname' parameter value | ||
− | if | + | if [[ "$str" =~ "^host_ifname=" ]]; then |
# remove the parameter name from the string (along with '=') | # remove the parameter name from the string (along with '=') | ||
VZHOSTIF=${str#*=}; | VZHOSTIF=${str#*=}; | ||
Line 176: | Line 154: | ||
if [ ! -n "$VETH_IP_ADDRESS" ]; then | if [ ! -n "$VETH_IP_ADDRESS" ]; then | ||
− | echo "According to $CONFIGFILE | + | echo "According to $CONFIGFILE VE$VEID has no veth IPs configured." |
exit 1 | exit 1 | ||
fi | fi | ||
if [ ! -n "$VZHOSTIF" ]; then | if [ ! -n "$VZHOSTIF" ]; then | ||
− | echo "According to $CONFIGFILE | + | echo "According to $CONFIGFILE VE$VEID has no veth interface configured." |
exit 1 | exit 1 | ||
fi | fi | ||
− | if [ ! -n "$ | + | if [ ! -n "$VEIFNAME" ]; then |
echo "Corrupted $CONFIGFILE: no 'ifname' defined for host_ifname $VZHOSTIF." | echo "Corrupted $CONFIGFILE: no 'ifname' defined for host_ifname $VZHOSTIF." | ||
exit 1 | exit 1 | ||
fi | fi | ||
− | echo "Initializing interface $VZHOSTIF for | + | for IP in $VETH_IP_ADDRESS; do |
− | + | echo "Initializing interface $VZHOSTIF for VE$VEID." | |
+ | /sbin/ifconfig $VZHOSTIF 0 | ||
+ | done | ||
− | + | VEROUTEDEV=$VZHOSTIF | |
if [ -n "$BRIDGEDEV" ]; then | if [ -n "$BRIDGEDEV" ]; then | ||
echo "Adding interface $VZHOSTIF to the bridge $BRIDGEDEV." | echo "Adding interface $VZHOSTIF to the bridge $BRIDGEDEV." | ||
− | + | VEROUTEDEV=$BRIDGEDEV | |
− | + | /usr/sbin/brctl addif $BRIDGEDEV $VZHOSTIF | |
fi | fi | ||
− | # Up the interface $ | + | # Up the interface $VEIFNAME link in VE$VEID |
− | $vzctl exec $VEID $ip link set $ | + | $vzctl exec $VEID $ip link set $VEIFNAME up |
for IP in $VETH_IP_ADDRESS; do | for IP in $VETH_IP_ADDRESS; do | ||
− | echo "Adding an IP $IP to the $ | + | echo "Adding an IP $IP to the $VEIFNAME for VE$VEID." |
− | $vzctl exec $VEID $ip address add $IP dev $ | + | $vzctl exec $VEID $ip address add $IP dev $VEIFNAME |
# removing the netmask | # removing the netmask | ||
IP_STRIP=${IP%%/*}; | IP_STRIP=${IP%%/*}; | ||
− | echo "Adding a route from | + | echo "Adding a route from VE0 to VE$VEID." |
− | $ip route add $IP_STRIP dev $ | + | $ip route add $IP_STRIP dev $VEROUTEDEV |
done | done | ||
− | if [ -n "$ | + | if [ -n "$VE0_IP" ]; then |
− | echo "Adding a route from | + | echo "Adding a route from VE$VEID to VE0." |
− | $vzctl exec $VEID $ip route add $ | + | $vzctl exec $VEID $ip route add $VE0_IP dev $VEIFNAME |
fi | fi | ||
if [ -n "$VE_DEFAULT_GATEWAY" ]; then | if [ -n "$VE_DEFAULT_GATEWAY" ]; then | ||
− | echo "Setting $VE_DEFAULT_GATEWAY as a default gateway for | + | echo "Setting $VE_DEFAULT_GATEWAY as a default gateway for VE$VEID." |
$vzctl exec $VEID \ | $vzctl exec $VEID \ | ||
− | $ip route add default via $VE_DEFAULT_GATEWAY dev $ | + | $ip route add default via $VE_DEFAULT_GATEWAY dev $VEIFNAME |
fi | fi | ||
exit 0 | exit 0 | ||
</pre> | </pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | ==== Make the script to be run on a VE start ==== | ||
+ | In order to run above script on a VE start create the following <code>/etc/vz/vznet.conf</code> file: | ||
<pre> | <pre> | ||
#!/bin/bash | #!/bin/bash | ||
− | + | EXTERNAL_SCRIPT="/usr/sbin/vznetcfg.custom" | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
+ | {{Note|both <code>/etc/vz/vznet.conf</code> and <code>/usr/sbin/vznetcfg.custom</code> should be executable files.}} | ||
− | + | ==== Setting the route VE -> HN ==== | |
− | + | To set up a route from VE to HN the custom script has to get a HN IP (the $VE0_IP variable in the script). There can be different approaches to specify it: | |
− | ==== Setting the route | + | # Add an entry VE0_IP="VE0 IP" to the <code>$VEID.conf</code> |
− | To set up a route from | + | # Add an entry VE0_IP="VE0 IP" to the <code>/etc/vz/vz.conf</code> (the global configuration config file) |
− | + | # Implement some smart algorithm to determine the VE0 IP right in the custom network configuration script | |
− | # Add an entry | + | All the variants have their pros and cons, nevertheless for HN static IP configuration variant 2 seems acceptable (and the most simple). |
− | # Add an entry | ||
− | # Implement some smart algorithm to determine the | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | == | + | == (2) An OVZ Hardware Node has two ethernet interfaces (TODO) == |
− | + | (assume eth0 and eth1) | |
− | |||
− | |||
− | |||
− | |||
[[Category: HOWTO]] | [[Category: HOWTO]] | ||
[[Category: Networking]] | [[Category: Networking]] |