Added example files

Signed-off-by: Kevin Carter <[email protected]>

Author: cloudnull

README.md

@@ -0,0 +1,12 @@
+The repository was created to show how to run services from within
+a network namespace. The files within this repository are within
+the directories that they would need to be in on a local system
+which has been done to highlight the file structure and to provide
+context.
+
+This example repository is setup to run haproxy from within a
+namespace however nothing in the systemd service units is bound to
+only haproxy.
+
+See https://cloudnull.io/running-services-in-network-name-spaces-with-systemd/
+for more details on how these files are used.

etc/systemd/system/haproxy.service.d/haproxy.conf

@@ -0,0 +1,14 @@
+[Unit]
+BindsTo = [email protected]
+JoinsNamespaceOf = [email protected]
+After = [email protected]
+Documentation = file:/var/run/netns/haproxy
+
+[Service]
+CPUAccounting = true
+BlockIOAccounting = true
+MemoryAccounting = true
+TasksAccounting = true
+PrivateNetwork = true
+PrivateTmp = true
+Slice = haproxy.slice

etc/systemd/system/[email protected]

@@ -0,0 +1,31 @@
+[Unit]
+Description=Named network namespace %I
+Documentation=https://github.com/openstack/ansible-role-systemd_service
+After=syslog.target network.target systemd-netns@%i.service
+Before=%i.service
+BindsTo=systemd-netns@%i.service
+
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+
+# Create system process
+ExecStartPre=-/usr/bin/env ip link add mv-int link ${GATEWAY_DEVICE} type macvlan mode bridge
+ExecStartPre=-/usr/bin/env ip link set mv-int up
+ExecStartPre=-/usr/bin/env sysctl -w net.ipv4.ip_forward=1
+
+# Pivot link
+ExecStart=/usr/bin/env ip link add mv0 link mv-int type macvlan mode bridge
+ExecStart=/usr/bin/env ip link set mv0 netns %i name mv0
+
+# Configure link
+ExecStart=-/usr/bin/env ip netns exec %i ip link set lo up
+ExecStart=-/usr/bin/env ip netns exec %i ip link set dev mv0 up
+ExecStop=/usr/bin/env if [[ -e "/usr/local/bin/ns-%i" ]]; then bash /usr/local/bin/ns-%i start %i; fi
+
+ExecStop=/usr/bin/env if [[ -e "/usr/local/bin/ns-%i" ]]; then bash /usr/local/bin/ns-%i stop; fi
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=network-online.target

etc/systemd/system/[email protected]

@@ -0,0 +1,26 @@
+[Unit]
+Description=Named network namespace %i
+Documentation=https://github.com/openstack/ansible-role-systemd_service
+JoinsNamespaceOf=systemd-netns@%i.service
+BindsTo=systemd-netns-access@%i.service
+PartOf=%i.service
+After=syslog.target network.target systemd-netns@%i.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=true
+PrivateNetwork=true
+
+# Start process
+ExecStartPre=-/usr/bin/env ip netns delete %I
+ExecStart=/usr/bin/env ip netns add %I
+ExecStart=/usr/bin/env ip netns exec %I ip link set lo up
+ExecStart=/usr/bin/env umount /var/run/netns/%I
+ExecStart=/usr/bin/env mount --bind /proc/self/ns/net /var/run/netns/%I
+
+# Stop process
+ExecStop=/usr/bin/env ip netns delete %I
+
+[Install]
+WantedBy=multi-user.target
+WantedBy=network-online.target

usr/local/bin/ns-haproxy

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+
+function start {
+  /usr/bin/env ip netns exec $2 sysctl -w net.ipv4.conf.mv0.forwarding=1
+  /usr/bin/env ip netns exec $2 sysctl -w net.ipv4.conf.mv0.arp_notify=1
+  /usr/bin/env ip netns exec $2 sysctl -w net.ipv4.conf.mv0.arp_announce=2
+  /usr/bin/env ip netns exec $2 sysctl -w net.ipv4.conf.mv0.use_tempaddr=0
+  /usr/bin/env ip netns exec $2 ip address add 172.16.26.1/22 dev mv0
+  /usr/bin/env ip netns exec $2 ip address add 172.16.26.2/22 dev mv0
+  /usr/bin/env ip route add 172.16.26.1/32 dev mv-int metric 100 table local
+  /usr/bin/env ip route add 172.16.26.2/32 dev mv-int metric 100 table local
+}
+
+
+function stop {
+  /usr/bin/env ip route del 172.16.26.1/32 dev mv-int metric 100 table local
+  /usr/bin/env ip route del 172.16.26.2/32 dev mv-int metric 100 table local
+}
+
+
+case "$1" in
+   start)
+      start
+   ;;
+   stop)
+      stop
+   ;;
+   restart)
+      stop
+      start
+   ;;
+   *)
+      echo "Usage: $0 {start|stop|restart}"
+esac