[meta-virtualization] [PATCH] lxc: Disable the bind-interfaces for lxc.

Mark Asselstine mark.asselstine at windriver.com
Mon Dec 18 19:14:49 PST 2017 

On Mon, Dec 18, 2017 at 8:58 PM, Liu Haitao <haitao.liu at windriver.com> wrote:
> When enable lxc service it failed with the following errors:
>
> """
> root at intel-x86-64:~# /usr/libexec/lxc/lxc-net start
>
>      dnsmasq: cannot set --bind-interfaces and --bind-dynamic
>      Failed to setup lxc-net.
> """
>
> It said that the "bind-interfaces" and "bind-dynamic" cannot cooperate together.
> These two options have the same fundamental capacity of binding network interfaces.
>
> So dnsmasq just require one of this kind of option.
>
> For some reason ,the following commit  compulsively add the "bind-dynamic" option
> for dnsamsq.
>
> """
>         c3c4d977cbb51363f9030c2e39d56a772b29f73b
> """

It is not for "some reason", it is for a specific reason that is
explained in detail in the commit log and in the comment that goes
with the setting. Libvirt will have issues setting up virbr0 if we do
not use 'bind-dynamic'.

Now you aren't touching the dnsmasq.conf file which is good since you
will not be breaking libvirt with this change but I will have to take
a closer look at your approach to see if it valid for lxc-net. Really
we should move the 'bind-dynamic' into a libvirt specific
sub-configuration file in /etc/dnsmasq.d/, so something like
/etc/dnsmasq.d/libvirt.conf, and then have another one for lxc
(/etc/dnsmasq.d/lxc.conf). The main dnsmasq.conf file should be empty.
But again I need to dig around a bit to remind myself of how things
work.

Did you do any testing other than lxc-net starting? did you validate
the dnsmasq functions on the lxcbr0 that is bound to the new instance
of dnsmasq?

MarkA

>
> So we just remove 'bind-interfaces' in lxc service scripts.
>
> Signed-off-by: Liu Haitao <haitao.liu at windriver.com>
> ---
>  ...1-lxc-Disable-the-bind-interfaces-for-lxc.patch | 45 ++++++++++++++++++++++
>  recipes-containers/lxc/lxc_2.0.8.bb                |  1 +
>  2 files changed, 46 insertions(+)
>  create mode 100644 recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
>
> diff --git a/recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch b/recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
> new file mode 100644
> index 0000000..fec6843
> --- /dev/null
> +++ b/recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
> @@ -0,0 +1,45 @@
> +From 76533652915dcca2ce4265b320fd1c20a75adff8 Mon Sep 17 00:00:00 2001
> +From: Liu Haitao <haitao.liu at windriver.com>
> +Date: Sun, 17 Dec 2017 23:02:13 -0800
> +Subject: [PATCH] lxc: Disable the bind-interfaces for lxc.
> +
> +When enable lxc service it failed with the following errors:
> +"""
> +    dnsmasq: cannot set --bind-interfaces and --bind-dynamic
> +    Failed to setup lxc-net.
> +"""
> +It said that the "bind-interfaces" and "bind-dynamic" cannot
> +cooperate together.
> +These two options have the same fundamental capacity of binding
> +network interfaces.
> +So dnsmasq just require one of this kind of option.
> +For some reason ,the following commit  compulsively add the "bind-dynamic" option
> +for dnsamsq.
> +"""
> +       c3c4d977cbb51363f9030c2e39d56a772b29f73b
> +"""
> +So we just remove 'bind-interfaces' in lxc service scripts.
> +
> +Upstream-Status: Inappropiate [Modify configuration]
> +
> +Signed-off-by: Liu Haitao <haitao.liu at windriver.com>
> +---
> + config/init/common/lxc-net.in | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
> +index f770950f..6f45228d 100644
> +--- a/config/init/common/lxc-net.in
> ++++ b/config/init/common/lxc-net.in
> +@@ -128,7 +128,7 @@ start() {
> +     done
> +
> +     dnsmasq $LXC_DHCP_CONFILE_ARG $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} \
> +-            --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid \
> ++            --strict-order --pid-file="${varrun}"/dnsmasq.pid \
> +             --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} \
> +             --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override \
> +             --except-interface=lo --interface=${LXC_BRIDGE} \
> +--
> +2.11.0
> +
> diff --git a/recipes-containers/lxc/lxc_2.0.8.bb b/recipes-containers/lxc/lxc_2.0.8.bb
> index c9ce5f0..5267bf7 100644
> --- a/recipes-containers/lxc/lxc_2.0.8.bb
> +++ b/recipes-containers/lxc/lxc_2.0.8.bb
> @@ -36,6 +36,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
>         file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \
>         file://logs-optionally-use-base-filenames-to-report-src-fil.patch \
>         file://cgroups-work-around-issue-in-gcc-7.patch \
> +       file://0001-lxc-Disable-the-bind-interfaces-for-lxc.patch \
>         "
>
>  SRC_URI[md5sum] = "7bfd95280522d7936c0979dfea92cdb5"
> --
> 2.11.0
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization

More information about the meta-virtualization mailing list