1

I have a few docker containers which are supposed to access a shared PostgreSQL running on the Gentoo host. This works well if the dockerized apps connect to the database using the public IP of the host.

However, I'd like to decouple things a little by using an additional private IP on loopback instead of the public IP, say 10.172.17.1.

I'm not sure what has to be added to /etc/conf.d/net and since this is a remote box to which I don't have physical access, I'm a little hesitant just playing around. Maybe someone has a hint for me?

Thanks a lot!

svoop
  • 145
  • 1
  • 6

1 Answers1

1

I figured it out myself:

It is possible to add config_lo 10.172.17.1/32 to /etc/conf.d/net and then assign this additional IP by restarting the net.lo service with rc-service net.lo restart. However... this won't survive the next reboot.

As of today, Gentoo does not start the net.lo service to bring up the loopback, but uses a separate script /etc/init.d/loopback. The script uses ifconfig to do it's job, the IPs are hardcoded. Patching the script itself would certainly be a bad idea.

But since the additional IP is only needed once the docker containers start, it can be added by the local service:

cat "ip addr add 10.172.17.1/32 dev lo scope host" >/etc/local.d/docker_loopback.start
cat "ip addr del 10.172.17.1/32 dev lo scope host" >/etc/local.d/docker_loopback.stop
chmod a+x /etc/local.d/docker_loopback.*

Now either reboot or just run the start script and then check the result:

/etc/local.d/docker_loopback.start
ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
    inet 10.172.17.1/32 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
svoop
  • 145
  • 1
  • 6