From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 293351FF179 for ; Wed, 12 Nov 2025 20:32:49 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 2F870BFA2; Wed, 12 Nov 2025 20:33:41 +0100 (CET) Message-ID: Date: Wed, 12 Nov 2025 20:33:07 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Beta To: Proxmox VE development discussion , Filip Schauer References: <20251008171028.196998-1-f.schauer@proxmox.com> <20251008171028.196998-9-f.schauer@proxmox.com> Content-Language: en-US From: Thomas Lamprecht In-Reply-To: <20251008171028.196998-9-f.schauer@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1762975962501 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.026 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [config.pm, lxc.pm] Subject: Re: [pve-devel] [PATCH container v5 08/17] configure static IP in LXC config for custom entrypoint X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Am 08.10.25 um 19:12 schrieb Filip Schauer: > When a container uses the default `/sbin/init` entrypoint, network > interface configuration is usually managed by processes within the > container. However, containers with a different entrypoint might not > have any internal network management process. Consequently, IP addresses > might not be assigned. > > This change ensures that a static IP address is explicitly set in the > LXC config for the container. > > Signed-off-by: Filip Schauer > --- > Changed since v2: > * rebase onto newest master (5a8b3f962f16) and re-format with > proxmox-perltidy > * add an "ipmanagehost" property to pct.conf to control whether network > interface IP configuration should be handled by the host. > > src/PVE/API2/LXC.pm | 4 ++++ > src/PVE/LXC.pm | 15 +++++++++++++++ > src/PVE/LXC/Config.pm | 14 ++++++++++++++ > 3 files changed, 33 insertions(+) > > diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm > index 546f4ee..c8aa984 100644 > --- a/src/PVE/API2/LXC.pm > +++ b/src/PVE/API2/LXC.pm > @@ -598,6 +598,10 @@ __PACKAGE__->register_method({ > # An entrypoint other than /sbin/init breaks the tty console mode. > # This is fixed by setting cmode: console > $conf->{cmode} = 'console'; > + > + # Manage the IP configuration for the container. A container with a > + # custom entrypoint likely lacks internal network management. > + $conf->{ipmanagehost} = 1; > } > } > > diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm > index 5eaa57c..6fdef79 100644 > --- a/src/PVE/LXC.pm > +++ b/src/PVE/LXC.pm > @@ -886,6 +886,21 @@ sub update_lxc_config { > if ($lxc_major >= 4) { > $raw .= "lxc.net.$ind.script.up = /usr/share/lxc/lxcnetaddbr\n"; > } > + > + if ((!defined($d->{link_down}) || $d->{link_down} != 1) && $conf->{ipmanagehost}) { > + if (defined($d->{ip})) { > + die "$k: DHCP is not supported with a custom entrypoint\n" if $d->{ip} eq 'dhcp'; > + $raw .= "lxc.net.$ind.ipv4.address = $d->{ip}\n" if $d->{ip} ne 'manual'; > + } > + $raw .= "lxc.net.$ind.ipv4.gateway = $d->{gw}\n" if defined($d->{gw}); > + if (defined($d->{ip6})) { > + die "$k: DHCPv6 and SLAAC are not supported with a custom entrypoint\n" > + if $d->{ip6} =~ /^(auto|dhcp)$/; > + $raw .= "lxc.net.$ind.ipv6.address = $d->{ip6}\n" if $d->{ip6} ne 'manual'; > + } > + $raw .= "lxc.net.$ind.ipv6.gateway = $d->{gw6}\n" if defined($d->{gw6}); > + $raw .= "lxc.net.$ind.flags = up\n"; > + } > } > > my $had_cpuset = 0; > diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm > index 56cb01c..afa2fcf 100644 > --- a/src/PVE/LXC/Config.pm > +++ b/src/PVE/LXC/Config.pm > @@ -594,6 +594,12 @@ my $confdesc = { > . " This is saved as comment inside the configuration file.", > maxLength => 1024 * 8, > }, > + ipmanagehost => { I know the existing code base does not leads as best example in this regard, but I'd *really* like to avoid having glued together words as options or parameter names in the future, zero benefit but makes life for everybody a tiny bit harder. This here is also not really telling when written as kebab-case though, so if this option is required (and not a Setup::OCI module + ostype: oci can be enough, see my reply to 06/17) I'd rather spell it as, e.g., one of 'network-setup-by-host' or 'network-managed-by-host'. Or slightly shorter 'network-host-managed', or make it an enum like `network-managed-by: ['ct', 'host']` Surely there are other/better variants, so no need to take my proposed ones, just lets node "code-golf" optimize away names all to much in general though. And yes, no need for to much bikeshedding, but these become part of the public config API that we will need to support for basically ever (even if we update to a new config version we will still need to support the old one to allow restore), so these things deserve a bit more care. > + type => 'boolean', > + description => > + "Whether this interface's IP configuration should be managed by the host.", > + optional => 1, > + }, > searchdomain => { > optional => 1, > type => 'string', > @@ -1288,6 +1294,14 @@ sub update_pct_config { > die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n" > if ($mtu > $bridge_mtu); > } > + > + if ((!defined($res->{link_down}) || $res->{link_down} != 1) && $conf->{ipmanagehost}) { > + die "$opt: DHCP is not supported with a custom entrypoint\n" > + if defined($res->{ip}) && $res->{ip} eq 'dhcp'; > + > + die "$opt: DHCPv6 and SLAAC are not supported with a custom entrypoint\n" > + if defined($res->{ip6}) && $res->{ip6} =~ /^(auto|dhcp)$/; > + } > } elsif ($opt =~ m/^dev(\d+)$/) { > my $device = $class->parse_device($value); > _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel