octavia/octavia/amphorae/backends/agent/api_server/templates/amphora-netns.systemd.j2

[Unit]
Description=Configure {{ amphora_nsname }} network namespace
StopWhenUnneeded=true

[Service]
Type=oneshot
RemainAfterExit=yes

# Re-add the namespace
ExecStart=-/sbin/ip netns add {{ amphora_nsname }}
# Load the system sysctl into the new namespace
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl --system
# Set nf_conntrack_buckets sysctl in the main namespace (nf_conntrack_buckets
# cannot be set in another net namespace, but its value is inherited from the
# main namespace)
ExecStart=-/sbin/sysctl -w net.netfilter.nf_conntrack_buckets=125000
# Update conntrack table sizes using the formula for the default values
ExecStart=-/sbin/sysctl -w net.netfilter.nf_conntrack_max=125000
ExecStart=-/sbin/sysctl -w net.netfilter.nf_conntrack_expect_max=488
# Enable kernel module ip_vs for lvs function in amphora network namespace
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} modprobe ip_vs
# Enable ip_forward and conntrack kernel configuration
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl -w net.ipv4.ip_forward=1
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl -w net.ipv4.vs.conntrack=1
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} sysctl -w net.ipv6.conf.all.forwarding=1
# We need the plugged_interfaces file sorted to join the host interfaces
ExecStart=-/bin/sh -c '/usr/bin/sort -k 1 /var/lib/octavia/plugged_interfaces > /var/lib/octavia/plugged_interfaces.sorted'
# Assign the interfaces into the namespace with the appropriate name
ExecStart=-/bin/sh -c '/sbin/ip link | awk \'{getline n; print $0,n}\' | awk \'{sub(":","",$2)} { for(i=1;i<=NF;i++) if ($i == "link/ether") {print $(i+1) " " $2} }\' | sort -k 1 | join -j 1 - /var/lib/octavia/plugged_interfaces.sorted | awk \'{system("ip link set "$2" netns {{ amphora_nsname }} name "$3"")}\''
# Bring up all of the namespace interfaces
ExecStart=-/sbin/ip netns exec {{ amphora_nsname }} amphora-interface up all