nspawn: container network interface naming

systemd-nspawn now optionally supports colon-separated pair of host interface name and container interface name for --network-macvlan, --network-ipvlan and --network-interface options. Also supported in .nspawn configuration files (i.e Interface=, MACVLAN=, IPVLAN= parameters). man page changed for ntwk interface naming
author: Thierry Martin <tmartin@haproxy.com> 2022-09-05 15:02:06 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2023-04-12 14:28:43 +0200
commit: 2f091b1b49543aade4aad9ec3b35b3665abac3e7 (patch)
tree: 9fc428bbdeec30c3870c4f7ea771486aa1668009 /man
parent: 3af48a86d99b3117a44bc22258ab4d34d0ba7655 (diff)
download: systemd-2f091b1b49543aade4aad9ec3b35b3665abac3e7.tar.gz
2 files changed, 27 insertions, 13 deletions
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 39a6febb3c..3b158a0631 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -852,11 +852,13 @@
       <varlistentry>
         <term><option>--network-interface=</option></term>
 
-        <listitem><para>Assign the specified network interface to the container. This will remove the
-        specified interface from the calling namespace and place it in the container. When the container
-        terminates, it is moved back to the calling namespace.  Note that
-        <option>--network-interface=</option> implies <option>--private-network</option>. This option may be
-        used more than once to add multiple network interfaces to the container.</para>
+        <listitem><para>Assign the specified network interface to the container. Either takes a single
+        interface name, referencing the name on the host, or a colon-separated pair of interfaces, in which
+        case the first one references the name on the host, and the second one the name in the container.
+        When the container terminates, the interface is moved back to the calling namespace and renamed to
+        its original name.  Note that <option>--network-interface=</option> implies
+        <option>--private-network</option>. This option may be used more than once to add multiple network
+        interfaces to the container.</para>
 
         <para>Note that any network interface specified this way must already exist at the time the container
         is started. If the container shall be started automatically at boot via a
@@ -880,9 +882,12 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
         <term><option>--network-macvlan=</option></term>
 
         <listitem><para>Create a <literal>macvlan</literal> interface of the specified Ethernet network
-        interface and add it to the container. A <literal>macvlan</literal> interface is a virtual interface
-        that adds a second MAC address to an existing physical Ethernet link. The interface in the container
-        will be named after the interface on the host, prefixed with <literal>mv-</literal>. Note that
+        interface and add it to the container. Either takes a single interface name, referencing the name
+        on the host, or a colon-separated pair of interfaces, in which case the first one references the name
+        on the host, and the second one the name in the container. A <literal>macvlan</literal> interface is
+        a virtual interface that adds a second MAC address to an existing physical Ethernet link. If the
+        container interface name is not defined, the interface in the container will be named after the
+        interface on the host, prefixed with <literal>mv-</literal>. Note that
         <option>--network-macvlan=</option> implies <option>--private-network</option>. This option may be
         used more than once to add multiple network interfaces to the container.</para>
 
@@ -895,9 +900,13 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
         <term><option>--network-ipvlan=</option></term>
 
         <listitem><para>Create an <literal>ipvlan</literal> interface of the specified Ethernet network
-        interface and add it to the container. An <literal>ipvlan</literal> interface is a virtual interface,
+        interface and add it to the container. Either takes a single interface name, referencing the name on
+        the host, or a colon-separated pair of interfaces, in which case the first one references the name
+        on the host, and the second one the name in the container. An <literal>ipvlan</literal> interface is
+        a virtual interface,
         similar to a <literal>macvlan</literal> interface, which uses the same MAC address as the underlying
-        interface.  The interface in the container will be named after the interface on the host, prefixed
+        interface. If the container interface name is not defined, the interface in the container will be
+        named after the interface on the host, prefixed
         with <literal>iv-</literal>.  Note that <option>--network-ipvlan=</option> implies
         <option>--private-network</option>. This option may be used more than once to add multiple network
         interfaces to the container.</para>
diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml
index c1eef7853b..ec94176c01 100644
--- a/man/systemd.nspawn.xml
+++ b/man/systemd.nspawn.xml
@@ -531,8 +531,11 @@
       <varlistentry>
         <term><varname>Interface=</varname></term>
 
-        <listitem><para>Takes a space-separated list of interfaces to
-        add to the container. This option corresponds to the
+        <listitem><para>Takes a space-separated list of interfaces to add to the container.
+        The interface object is defined either by a single interface name, referencing the name on the host,
+        or a colon-separated pair of interfaces, in which case the first one references the name on the host,
+        and the second one the name in the container.
+        This option corresponds to the
         <option>--network-interface=</option> command line switch and
         implies <varname>Private=yes</varname>. This option is
         privileged (see above).</para></listitem>
@@ -544,7 +547,9 @@
 
         <listitem><para>Takes a space-separated list of interfaces to
         add MACLVAN or IPVLAN interfaces to, which are then added to
-        the container. These options correspond to the
+        the container. The interface object is defined either by a single interface name, referencing the name
+        on the host, or a colon-separated pair of interfaces, in which case the first one references the name
+        on the host, and the second one the name in the container. These options correspond to the
         <option>--network-macvlan=</option> and
         <option>--network-ipvlan=</option> command line switches and
         imply <varname>Private=yes</varname>. These options are
author	Thierry Martin <tmartin@haproxy.com>	2022-09-05 15:02:06 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2023-04-12 14:28:43 +0200
commit	2f091b1b49543aade4aad9ec3b35b3665abac3e7 (patch)
tree	9fc428bbdeec30c3870c4f7ea771486aa1668009 /man
parent	3af48a86d99b3117a44bc22258ab4d34d0ba7655 (diff)
download	systemd-2f091b1b49543aade4aad9ec3b35b3665abac3e7.tar.gz