blog

systemd: setting up network bridging for KVM on gentoo

/ 29 Januar 2013

first draft

I have a draft here for bridge.service … I used the init.d-script
from here as a template: link to gentoo wiki

(I used a variation of that as /etc/init.d/kvm for long now)

My service-file reads variables from a separated configfile:

# cat /etc/conf.d/network_systemd
interface=eth0
address=172.32.99.12
netmask=255.255.255.0
broadcast=172.32.99.255
gateway=172.32.99.250
bridge_name=br0
tap_name=qtap0
user=sgw

and it currently looks like this:

# cat /etc/systemd/system/bridge.service
[Unit]
Description=network bridge for KVM
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/network_systemd
ExecStart=/sbin/brctl addbr ${bridge_name}
ExecStart=/usr/bin/tunctl -b -u ${user} -t ${tap_name}
ExecStart=/bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up
ExecStart=/bin/ifconfig ${interface} up
ExecStart=/bin/ifconfig ${tap_name} up 0.0.0.0 promisc
ExecStart=/sbin/brctl addif ${bridge_name} ${tap_name} ${interface}
ExecStart=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1
ExecStart=/sbin/iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE
ExecStart=/bin/ip route add default via ${gateway}
ExecStop=/bin/ip route del default via ${gateway}
ExecStop=/sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0
ExecStop=/bin/ifconfig ${tap_name} down
ExecStop=/sbin/brctl delif ${bridge_name} ${tap_name}
ExecStop=/usr/bin/tunctl -d ${tap_name}
ExecStop=/bin/ifconfig ${bridge_name} down
ExecStop=/bin/ifconfig ${interface} down
ExecStop=/sbin/brctl delbr ${bridge_name}
ExecStop=/sbin/iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE
[Install]
WantedBy=multi-user.target

—————

I disabled network.service and enabled bridge.service, works fine so
far, I already tested connectivity from KVM-VMs.

I am sure that this quite fresh and bloody, suggestions welcome as
always …

——

Addition:

Canek Peláez Valdés suggested another solution.

# cat /usr/local/bin/kvm-bridge
#!/bin/sh
source /etc/conf.d/network_systemd
case "${1}" in
    start)
        /sbin/brctl addbr ${bridge_name}
        /usr/bin/tunctl -b -u ${user} -t ${tap_name}
        /bin/ifconfig ${bridge_name} ${address} netmask ${netmask} up
        /bin/ifconfig ${interface} up
        /bin/ifconfig ${tap_name} up 0.0.0.0 promisc
        /sbin/brctl addif ${bridge_name} ${tap_name} ${interface}
        /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=1
        #/sbin/iptables -t nat -A POSTROUTING -o ${interface} -j MASQUERADE
        /bin/ip route add default via ${gateway}
        ;;
    stop)
        /bin/ip route del default via ${gateway}
        /sbin/sysctl net.ipv4.conf.${bridge_name}.forwarding=0
        /bin/ifconfig ${tap_name} down
        /sbin/brctl delif ${bridge_name} ${tap_name}
        /usr/bin/tunctl -d ${tap_name}
        /bin/ifconfig ${bridge_name} down
        /bin/ifconfig ${interface} down
        /sbin/brctl delbr ${bridge_name}
        #/sbin/iptables -t nat -D POSTROUTING -o ${interface} -j MASQUERADE
        ;;
esac
# cat /etc/systemd/system/kvm-bridge.service 
[Unit]
Description=network bridge for KVM
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/local/bin/kvm-bridge start
ExecStop=/usr/local/bin/kvm-bridge stop
[Install]
WantedBy=multi-user.target

More cleaned up and simpler to maintain.

Zum Anfang