[meta-virtualization] [PATCH] lxc: Disable the bind-interfaces for lxc.

Mark Asselstine mark.asselstine at windriver.com
Tue Dec 19 19:55:51 PST 2017 

On Tue, Dec 19, 2017 at 4:27 AM, Haitaoliu <Haitao.Liu at windriver.com> wrote:
>
>
> On 2017年12月19日 11:14, Mark Asselstine wrote:
>
> On Mon, Dec 18, 2017 at 8:58 PM, Liu Haitao <haitao.liu at windriver.com>
> wrote:
>
> When enable lxc service it failed with the following errors:
>
> """
> root at intel-x86-64:~# /usr/libexec/lxc/lxc-net start
>
>      dnsmasq: cannot set --bind-interfaces and --bind-dynamic
>      Failed to setup lxc-net.
> """
>
> It said that the "bind-interfaces" and "bind-dynamic" cannot cooperate
> together.
> These two options have the same fundamental capacity of binding network
> interfaces.
>
> So dnsmasq just require one of this kind of option.
>
> For some reason ,the following commit  compulsively add the "bind-dynamic"
> option
> for dnsamsq.
>
> """
>         c3c4d977cbb51363f9030c2e39d56a772b29f73b
> """
>
> It is not for "some reason", it is for a specific reason that is
> explained in detail in the commit log and in the comment that goes
> with the setting. Libvirt will have issues setting up virbr0 if we do
> not use 'bind-dynamic'.
>
> Now you aren't touching the dnsmasq.conf file which is good since you
> will not be breaking libvirt with this change but I will have to take
> a closer look at your approach to see if it valid for lxc-net. Really
> we should move the 'bind-dynamic' into a libvirt specific
> sub-configuration file in /etc/dnsmasq.d/, so something like
> /etc/dnsmasq.d/libvirt.conf, and then have another one for lxc
> (/etc/dnsmasq.d/lxc.conf). The main dnsmasq.conf file should be empty.
> But again I need to dig around a bit to remind myself of how things
> work.
>
> Did you do any testing other than lxc-net starting? did you validate
> the dnsmasq functions on the lxcbr0 that is bound to the new instance
> of dnsmasq?
>
> I did not do any other test about lxc-net except starting.
> if we don't remove 'bind-interfaces' , the lxcbr0 would also be created
> correctly . But the dnsmasq will fail. I have no idea if it has an influence
> on  IP address assignment of lxc.
>
> I will validate it later.

I didn't get around to looking at this in more detail yet. I did
examine how things are setup in Ubuntu when both lxc and libvirt are
present and it matches what I had planned with both a libvirt and lxc
config file in dnsmasq.d. I am in the process of reviving the
'kvm-image-minimal' in meta-virtualization such that I can test things
out properly. Now that I have this image up and running with both lxc
and libvirt running I can start to try out some configurations.

MarkA


>
> thanks,
> haitao
>
>
> MarkA
>
> So we just remove 'bind-interfaces' in lxc service scripts.
>
> Signed-off-by: Liu Haitao <haitao.liu at windriver.com>
> ---
>  ...1-lxc-Disable-the-bind-interfaces-for-lxc.patch | 45
> ++++++++++++++++++++++
>  recipes-containers/lxc/lxc_2.0.8.bb                |  1 +
>  2 files changed, 46 insertions(+)
>  create mode 100644
> recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
>
> diff --git
> a/recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
> b/recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
> new file mode 100644
> index 0000000..fec6843
> --- /dev/null
> +++
> b/recipes-containers/lxc/files/0001-lxc-Disable-the-bind-interfaces-for-lxc.patch
> @@ -0,0 +1,45 @@
> +From 76533652915dcca2ce4265b320fd1c20a75adff8 Mon Sep 17 00:00:00 2001
> +From: Liu Haitao <haitao.liu at windriver.com>
> +Date: Sun, 17 Dec 2017 23:02:13 -0800
> +Subject: [PATCH] lxc: Disable the bind-interfaces for lxc.
> +
> +When enable lxc service it failed with the following errors:
> +"""
> +    dnsmasq: cannot set --bind-interfaces and --bind-dynamic
> +    Failed to setup lxc-net.
> +"""
> +It said that the "bind-interfaces" and "bind-dynamic" cannot
> +cooperate together.
> +These two options have the same fundamental capacity of binding
> +network interfaces.
> +So dnsmasq just require one of this kind of option.
> +For some reason ,the following commit  compulsively add the "bind-dynamic"
> option
> +for dnsamsq.
> +"""
> +       c3c4d977cbb51363f9030c2e39d56a772b29f73b
> +"""
> +So we just remove 'bind-interfaces' in lxc service scripts.
> +
> +Upstream-Status: Inappropiate [Modify configuration]
> +
> +Signed-off-by: Liu Haitao <haitao.liu at windriver.com>
> +---
> + config/init/common/lxc-net.in | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
> +index f770950f..6f45228d 100644
> +--- a/config/init/common/lxc-net.in
> ++++ b/config/init/common/lxc-net.in
> +@@ -128,7 +128,7 @@ start() {
> +     done
> +
> +     dnsmasq $LXC_DHCP_CONFILE_ARG $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} \
> +-            --strict-order --bind-interfaces
> --pid-file="${varrun}"/dnsmasq.pid \
> ++            --strict-order --pid-file="${varrun}"/dnsmasq.pid \
> +             --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} \
> +             --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override \
> +             --except-interface=lo --interface=${LXC_BRIDGE} \
> +--
> +2.11.0
> +
> diff --git a/recipes-containers/lxc/lxc_2.0.8.bb
> b/recipes-containers/lxc/lxc_2.0.8.bb
> index c9ce5f0..5267bf7 100644
> --- a/recipes-containers/lxc/lxc_2.0.8.bb
> +++ b/recipes-containers/lxc/lxc_2.0.8.bb
> @@ -36,6 +36,7 @@ SRC_URI =
> "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
>         file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \
>         file://logs-optionally-use-base-filenames-to-report-src-fil.patch \
>         file://cgroups-work-around-issue-in-gcc-7.patch \
> +       file://0001-lxc-Disable-the-bind-interfaces-for-lxc.patch \
>         "
>
>  SRC_URI[md5sum] = "7bfd95280522d7936c0979dfea92cdb5"
> --
> 2.11.0
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
>
>
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization
>

More information about the meta-virtualization mailing list