[pve-devel] [PATCH container v5 08/17] configure static IP in LXC config for custom entrypoint

Thomas Lamprecht t.lamprecht at proxmox.com
Wed Nov 12 20:33:07 CET 2025 

Am 08.10.25 um 19:12 schrieb Filip Schauer:
> When a container uses the default `/sbin/init` entrypoint, network
> interface configuration is usually managed by processes within the
> container. However, containers with a different entrypoint might not
> have any internal network management process. Consequently, IP addresses
> might not be assigned.
> 
> This change ensures that a static IP address is explicitly set in the
> LXC config for the container.
> 
> Signed-off-by: Filip Schauer <f.schauer at proxmox.com>
> ---
> Changed since v2:
> * rebase onto newest master (5a8b3f962f16) and re-format with
>   proxmox-perltidy
> * add an "ipmanagehost" property to pct.conf to control whether network
>   interface IP configuration should be handled by the host.
> 
>  src/PVE/API2/LXC.pm   |  4 ++++
>  src/PVE/LXC.pm        | 15 +++++++++++++++
>  src/PVE/LXC/Config.pm | 14 ++++++++++++++
>  3 files changed, 33 insertions(+)
> 
> diff --git a/src/PVE/API2/LXC.pm b/src/PVE/API2/LXC.pm
> index 546f4ee..c8aa984 100644
> --- a/src/PVE/API2/LXC.pm
> +++ b/src/PVE/API2/LXC.pm
> @@ -598,6 +598,10 @@ __PACKAGE__->register_method({
>                                  # An entrypoint other than /sbin/init breaks the tty console mode.
>                                  # This is fixed by setting cmode: console
>                                  $conf->{cmode} = 'console';
> +
> +                                # Manage the IP configuration for the container. A container with a
> +                                # custom entrypoint likely lacks internal network management.
> +                                $conf->{ipmanagehost} = 1;
>                              }
>                          }
>  
> diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
> index 5eaa57c..6fdef79 100644
> --- a/src/PVE/LXC.pm
> +++ b/src/PVE/LXC.pm
> @@ -886,6 +886,21 @@ sub update_lxc_config {
>          if ($lxc_major >= 4) {
>              $raw .= "lxc.net.$ind.script.up = /usr/share/lxc/lxcnetaddbr\n";
>          }
> +
> +        if ((!defined($d->{link_down}) || $d->{link_down} != 1) && $conf->{ipmanagehost}) {
> +            if (defined($d->{ip})) {
> +                die "$k: DHCP is not supported with a custom entrypoint\n" if $d->{ip} eq 'dhcp';
> +                $raw .= "lxc.net.$ind.ipv4.address = $d->{ip}\n" if $d->{ip} ne 'manual';
> +            }
> +            $raw .= "lxc.net.$ind.ipv4.gateway = $d->{gw}\n" if defined($d->{gw});
> +            if (defined($d->{ip6})) {
> +                die "$k: DHCPv6 and SLAAC are not supported with a custom entrypoint\n"
> +                    if $d->{ip6} =~ /^(auto|dhcp)$/;
> +                $raw .= "lxc.net.$ind.ipv6.address = $d->{ip6}\n" if $d->{ip6} ne 'manual';
> +            }
> +            $raw .= "lxc.net.$ind.ipv6.gateway = $d->{gw6}\n" if defined($d->{gw6});
> +            $raw .= "lxc.net.$ind.flags = up\n";
> +        }
>      }
>  
>      my $had_cpuset = 0;
> diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
> index 56cb01c..afa2fcf 100644
> --- a/src/PVE/LXC/Config.pm
> +++ b/src/PVE/LXC/Config.pm
> @@ -594,6 +594,12 @@ my $confdesc = {
>              . " This is saved as comment inside the configuration file.",
>          maxLength => 1024 * 8,
>      },
> +    ipmanagehost => {

I know the existing code base does not leads as best example in this regard, but
I'd *really* like to avoid having glued together words as options or parameter
names in the future, zero benefit but makes life for everybody a tiny bit harder.

This here is also not really telling when written as kebab-case though, so if this
option is required (and not a Setup::OCI module + ostype: oci can be enough, see
my reply to 06/17) I'd rather spell it as, e.g., one of 'network-setup-by-host' or
'network-managed-by-host'. Or slightly shorter 'network-host-managed', or make it
an enum like `network-managed-by: ['ct', 'host']`

Surely there are other/better variants, so no need to take my proposed ones, just
lets node "code-golf" optimize away names all to much in general though. And yes,
no need for to much bikeshedding, but these become part of the public config API
that we will need to support for basically ever (even if we update to a new config
version we will still need to support the old one to allow restore), so these things
deserve a bit more care.

> +        type => 'boolean',
> +        description =>
> +            "Whether this interface's IP configuration should be managed by the host.",
> +        optional => 1,
> +    },
>      searchdomain => {
>          optional => 1,
>          type => 'string',
> @@ -1288,6 +1294,14 @@ sub update_pct_config {
>                  die "$opt: MTU size '$mtu' is bigger than bridge MTU '$bridge_mtu'\n"
>                      if ($mtu > $bridge_mtu);
>              }
> +
> +            if ((!defined($res->{link_down}) || $res->{link_down} != 1) && $conf->{ipmanagehost}) {
> +                die "$opt: DHCP is not supported with a custom entrypoint\n"
> +                    if defined($res->{ip}) && $res->{ip} eq 'dhcp';
> +
> +                die "$opt: DHCPv6 and SLAAC are not supported with a custom entrypoint\n"
> +                    if defined($res->{ip6}) && $res->{ip6} =~ /^(auto|dhcp)$/;
> +            }
>          } elsif ($opt =~ m/^dev(\d+)$/) {
>              my $device = $class->parse_device($value);
>

More information about the pve-devel mailing list