[meta-virtualization] [PATCH 3/4] libvirt: change how we make updates to the dnsmasq configuration

Mark Asselstine mark.asselstine at windriver.com
Wed Nov 23 11:53:05 PST 2016 

On Wed, Nov 23, 2016 at 2:24 PM, Bruce Ashfield
<bruce.ashfield at gmail.com> wrote:
>
>
> On Tue, Nov 22, 2016 at 1:56 PM, Mark Asselstine
> <mark.asselstine at windriver.com> wrote:
>>
>> Our old approach of making the default configuration of dnsmasq use
>> 'bind-dynamic' has some negative side effects. ie. by making this
>> change when meta-virtualization is used but when libvirtd is not
>> installed in the rootfs we prevent dnsmasq from binding to all
>> interfaces (which is the expected/builtin default behavior of
>> dnsmasq). The results can also be non-deterministic when multiple
>> instances of dnsmasq are being run (which instance configured with
>> bind-dynamic should attend to new network interfaces?)
>>
>> Additionally our approach modifies the default dnsmasq configuration
>> file which ideally should have now changes, allowing dnsmasq to be
>> configured using its builtin configuration values and also allowing
>> for other instances of dnsmasq to better reuse the default
>> configuration file.
>>
>> These changes allow for better coexistence of libvirt with packages
>> like lxc which run their own instances of dnsmasq.
>>
>> Signed-off-by: Mark Asselstine <mark.asselstine at windriver.com>
>> ---
>>  recipes-extended/libvirt/libvirt/dnsmasq.libvirt-daemon | 2 ++
>>  recipes-extended/libvirt/libvirt_1.3.5.bb               | 6 ++++++
>>  2 files changed, 8 insertions(+)
>>  create mode 100644
>> recipes-extended/libvirt/libvirt/dnsmasq.libvirt-daemon
>>
>> diff --git a/recipes-extended/libvirt/libvirt/dnsmasq.libvirt-daemon
>> b/recipes-extended/libvirt/libvirt/dnsmasq.libvirt-daemon
>> new file mode 100644
>> index 0000000..a7c3059
>> --- /dev/null
>> +++ b/recipes-extended/libvirt/libvirt/dnsmasq.libvirt-daemon
>> @@ -0,0 +1,2 @@
>> +bind-interfaces
>> +except-interface=virbr0
>> diff --git a/recipes-extended/libvirt/libvirt_1.3.5.bb
>> b/recipes-extended/libvirt/libvirt_1.3.5.bb
>> index c848c99..b8e8159 100644
>> --- a/recipes-extended/libvirt/libvirt_1.3.5.bb
>> +++ b/recipes-extended/libvirt/libvirt_1.3.5.bb
>> @@ -37,6 +37,7 @@ SRC_URI =
>> "http://libvirt.org/sources/libvirt-${PV}.tar.gz;name=libvirt \
>>
>> file://0001-qemu-Let-empty-default-VNC-password-work-as-document.patch \
>>             file://0001-ptest-add-missing-test_helper-files.patch \
>>
>> file://0001-ptest-Remove-Windows-1252-check-from-esxutilstest.patch \
>> +           file://dnsmasq.libvirt-daemon \
>>            "
>>
>>  SRC_URI[libvirt.md5sum] = "f9dc1e63d559eca50ae0ee798a4c6c6d"
>> @@ -112,6 +113,7 @@ FILES_${PN}-libvirtd = " \
>>         ${sbindir}/libvirtd \
>>         ${systemd_unitdir}/system/* \
>>         ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', '',
>> '${libexecdir}/libvirt-guests.sh', d)} \
>> +       ${sysconfdir}/dnsmasq.d/libvirt-daemon \
>
>
> I'm not a packaging expert .. but should one package be installing config
> files for another ?
> Wouldn't this imply that libvirt really needs to be a distro feature, and
> then we can make all
> the behaviour changes trigger off a single variable ?
>
> My point is .. from the libvirt package, I'm not aware of how dnsmasq sees
> this file "libvirt-daemon".. what exactly does it do ? Does it match on the
> executable
> name ? Are all the files in dnsmasq.d always processed on startup of dnsmasq
> ?
> .. what if there are competing settings from other packages ?

Basically dnsmasq "offers" the /etc/dnsmasq.d directory for other packages
to put configuration snippets. One of the changes I sent to meta-openembedded
(which I mention in my 0 of N) includes the change that dnsmasq will look
for snippets in this directory. Previously they were creating the
directory but not
doing anything with it. With this in place it is expected and acceptable that
other packages contribute config snippets.

An example might help. If I have a rootfs with dnsmasq installed but
no lxc or libvirt the
dnsmasq configuration will have dnsmasq listen on all interfaces. Now
if I have a rootfs
with dnsmasq and libvirt both installed we can't allow dnsmasq to
listen on all interfaces
as this will conflict on virbr0, for example. So libvirt contributes
this fragment that will
change the default instance of dnsmasq to only listen on specified interfaces
(bind-interfaces).

Not to use the 'if your friends jump off the bridge are you going to
too' argument that my
mother used to make, but this is inline with other distros and as far
as I can tell is the
expected behavior.

Mark


>
> Bruce
>
>>
>>          "
>>
>>  FILES_${PN}-virsh = "${bindir}/virsh"
>> @@ -258,6 +260,10 @@ do_install_append() {
>>         for i in `find ${D}${libdir} -type f -name *.la`; do
>>             sed -i -e 's#-L${B}/src/.libs##g' $i
>>         done
>> +
>> +       # ensure dnsmasq doesn't default to listenning on all interfaces
>> +       install -d ${D}/${sysconfdir}/dnsmasq.d
>> +       install -m 644 ${WORKDIR}/dnsmasq.libvirt-daemon
>> ${D}/${sysconfdir}/dnsmasq.d/libvirt-daemon
>>  }
>>
>>  EXTRA_OECONF += " \
>> --
>> 2.7.4
>>
>> --
>> _______________________________________________
>> meta-virtualization mailing list
>> meta-virtualization at yoctoproject.org
>> https://lists.yoctoproject.org/listinfo/meta-virtualization
>
>
>
>
> --
> "Thou shalt not follow the NULL pointer, for chaos and madness await thee at
> its end"
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
>

More information about the meta-virtualization mailing list