Netplan

Bug #1664847
Comment #17

Comment 17 for bug 1664847

Revision history for this message

Bulk Adhesive (bulkadhesive) wrote on 2020-05-15:

#17

Like #10, I stumbled across this bug searching for "netplan macvlan". Hopefully the following helps anyone else that ends up here.

netplan handles nearly all of my current networking needs. However, I have a requirement to access Docker containers on a macvlan from the host (like #12). Rather than give up and revert back an alternative network configuration system (which seems to be the [officially endorsed solution](https://netplan.io/faq#how-to-go-back-to-ifupdown)), I'd like to stick with it.

Most solutions posted here and elsewhere focus on direct configuration of systemd-networkd as a way to get around the limitation. This is likely fine in Ubuntu Server where systemd-networkd is the default renderer, but my use case is the desktop where NetworkManager makes certain things easier. I'm not entirely certain adding systemd-networkd to the mix is a good idea in this case. (Or would even work; I'm interested to hear what is 'best practice' in this situation.)

Instead I'm making use of NetworkManager's [dispatcher scripts](https://developer.gnome.org/NetworkManager/stable/NetworkManager.html) to handle macvlan setup and teardown based on the state of the parent interface defined by netplan. Again this likely isn't the best or most elegant solution, so I'm open too feedback.

# /etc/NetworkManager/macvlan.sh
```
#!/usr/bin/bash

IFACE=${1}
ACTION=${2}

if [[ "${IFACE}" == "br0" && "${ACTION}" == "up" ]]; then
        ip link add link br0 name macvlan0 type macvlan mode bridge
        ip addr add 172.29.10.224/32 dev macvlan0
        ip link set macvlan0 up
        ip route add 172.29.10.224/27 dev macvlan0
fi

if [[ "${IFACE}" == "br0" && "${ACTION}" == "pre-down" ]]; then
        ip route del 172.29.10.224/27
        ip link set macvlan0 down
        ip link del dev macvlan0
fi
```

Then set appropriate ownership/permissions and symlink to the hook locations

    $ chown root:root /etc/NetworkManager/macvlan.sh
    $ sudo chmod 700 /etc/NetworkManager/macvlan.sh
    $ sudo ln -s /etc/NetworkManager/macvlan.sh /etc/NetworkManager/dispatcher.d/pre-up.d/macvlan.sh
    $ sudo ln -s /etc/NetworkManager/macvlan.sh /etc/NetworkManager/dispatcher.d/pre-down.d/macvlan.sh
    $ sudo ln -s /etc/NetworkManager/macvlan.sh /etc/NetworkManager/dispatcher.d/no-wait.d/macvlan.sh
    $ sudo ln -s /etc/NetworkManager/macvlan.sh /etc/NetworkManager/dispatcher.d/macvlan.sh

It'd be nice if netplan supported creation and management of macvlan/ipvlan interfaces so this kind of abomination and others like it (#15) aren't required.

Like #10, I stumbled across this bug searching for "netplan macvlan".  Hopefully the following helps anyone else that ends up here.

netplan handles nearly all of my current networking needs.  However, I have a requirement to access Docker containers on a macvlan from the host (like #12).  Rather than give up and revert back an alternative network configuration system (which seems to be the [officially endorsed solution](https://netplan.io/faq#how-to-go-back-to-ifupdown)), I'd like to stick with it.

Most solutions posted here and elsewhere focus on direct configuration of systemd-networkd as a way to get around the limitation.  This is likely fine in Ubuntu Server where systemd-networkd is the default renderer, but my use case is the desktop where NetworkManager makes certain things easier.  I'm not entirely certain adding systemd-networkd to the mix is a good idea in this case. (Or would even work; I'm interested to hear what is 'best practice' in this situation.)

Instead I'm making use of NetworkManager's [dispatcher scripts](https://developer.gnome.org/NetworkManager/stable/NetworkManager.html) to handle macvlan setup and teardown based on the state of the parent interface defined by netplan.  Again this likely isn't the best or most elegant solution, so I'm open too feedback.

# /etc/NetworkManager/macvlan.sh
```
#!/usr/bin/bash

IFACE=${1}
ACTION=${2}

if [[ "${IFACE}" == "br0" && "${ACTION}" == "pre-down" ]]; then
        ip route del 172.29.10.224/27
        ip link set macvlan0 down
        ip link del dev macvlan0
fi
```

Then set appropriate ownership/permissions and symlink to the hook locations

It'd be nice if netplan supported creation and management of macvlan/ipvlan interfaces so this kind of abomination and others like it (#15) aren't required.