Network namespaces are amazingly powerful but every guide I can find seems to include a whole bunch of manual IP address management (either through virtual ethernet pairs or through VPNs). The guides also seem to skip over IPv6 in many cases, which is another downside I've noticed.
Is there a tool out there to manage these namespaces automatically? I'd like to isolate applications from each other or put them in groups together, but I really don't want to deal with writing scripts for every single application.
I have read that some use NetworkManager by running a whole separate instance of it in their netns, along with a a D-Bus broker running in there too for clients to communicate with NM.
I use systemd-nspawn to create test containers so I can muck with the internals without dealing with docker cp and exec commands. The containers themselves are just directories sitting in a filesystem.
I ended up writing a shell script to handle setting up a bridge, launching the container with systemd-nspawn and kick off commands to bring up the virtual ethernet interfaces inside the container and handle some other housekeeping
systemd-nspawn with systemd-network/resolve/etc can automatically manage the IP addresses for you. I'm using it as a wrapper around cgroup/netns commands.
One of these days, I will remove the dependency on systemd-nspawn so that I can use it on Linux systems without systemd or docker.
I haven't been able to find a solution for this either. Most people seem to just use docker for this and just deal with all the baggage that comes with it.
Is there a tool out there to manage these namespaces automatically? I'd like to isolate applications from each other or put them in groups together, but I really don't want to deal with writing scripts for every single application.