From 44a8ad7a24fb6cfb797b7d911b8800b1cd9d27a1 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 3 Mar 2021 17:28:09 +0100 Subject: [PATCH] man: document how to use --network-interface= during boot Fixes: #18793 --- man/systemd-nspawn.xml | 79 +++++++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 31 deletions(-) diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 187baceec21..6a27bab1e30 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -801,46 +801,59 @@ - Assign the specified network interface to the - container. This will remove the specified interface from the - calling namespace and place it in the container. When the - container terminates, it is moved back to the host namespace. - Note that implies - . This option may be used - more than once to add multiple network interfaces to the - container. + Assign the specified network interface to the container. This will remove the + specified interface from the calling namespace and place it in the container. When the container + terminates, it is moved back to the calling namespace. Note that + implies . This option may be + used more than once to add multiple network interfaces to the container. + + Note that any network interface specified this way must already exist at the time the container + is started. If the container shall be started automatically at boot via a + systemd-nspawn@.service unit file instance, it might hence make sense to add a + unit file drop-in to the service instance + (e.g. /etc/systemd/system/systemd-nspawn@foobar.service.d/50-network.conf) with + contents like the following: + + [Unit] +Wants=sys-subsystem-net-devices-ens1.device +After=sys-subsystem-net-devices-ens1.device + + This will make sure that activation of the container service will be delayed until the + ens1 network interface has shown up. This is required since hardware probing is + fully asynchronous, and network interfaces might be discovered only later during the boot process, + after the container would normally be started without these explicit dependencies. + - Create a macvlan interface - of the specified Ethernet network interface and add it to the - container. A macvlan interface is a virtual - interface that adds a second MAC address to an existing - physical Ethernet link. The interface in the container will be - named after the interface on the host, prefixed with - mv-. Note that - implies - . This option may be used - more than once to add multiple network interfaces to the - container. + Create a macvlan interface of the specified Ethernet network + interface and add it to the container. A macvlan interface is a virtual interface + that adds a second MAC address to an existing physical Ethernet link. The interface in the container + will be named after the interface on the host, prefixed with mv-. Note that + implies . This option may be + used more than once to add multiple network interfaces to the container. + + As with , the underlying Ethernet network interface must + already exist at the time the container is started, and thus similar unit file drop-ins as described + above might be useful. - Create an ipvlan interface - of the specified Ethernet network interface and add it to the - container. An ipvlan interface is a virtual - interface, similar to a macvlan interface, - which uses the same MAC address as the underlying interface. - The interface in the container will be named after the - interface on the host, prefixed with iv-. - Note that implies - . This option may be used - more than once to add multiple network interfaces to the - container. + Create an ipvlan interface of the specified Ethernet network + interface and add it to the container. An ipvlan interface is a virtual interface, + similar to a macvlan interface, which uses the same MAC address as the underlying + interface. The interface in the container will be named after the interface on the host, prefixed + with iv-. Note that implies + . This option may be used more than once to add multiple network + interfaces to the container. + + As with , the underlying Ethernet network interface must + already exist at the time the container is started, and thus similar unit file drop-ins as described + above might be useful. @@ -907,7 +920,11 @@ this option is used, the host side of the Ethernet link will use the vb- prefix instead of ve-. Regardless of the used naming prefix the same network interface name length limits imposed by Linux apply, along with the complications this creates (for details see - above). + above). + + As with , the underlying bridge network interface must + already exist at the time the container is started, and thus similar unit file drop-ins as described + above might be useful.