[meta-virtualization] [PATCH] dnsmasq: add dnsmasq.d entries for lxc and libvirt

Mark Asselstine mark.asselstine at windriver.com
Fri Dec 22 12:57:44 PST 2017 

A while ago changes were merged to meta-openembedded to make
/etc/dnsmasq.d (and specifically the files it contains) referenced
when the main instance of dnsmasq is run (see dnsmasq.service and
commit ba665493a0dd [dnsmasq: allow for dnsmasq instances to reuse
default dnsmasq.conf]).

We, however, continued to modify the global configuration
(/etc/dnsmasq.conf) to keep the main instance of dnsmasq from
attaching to virbr0 and lxcbr0, by using 'bind-dynamic'. This approach
is problematic, since it is common that other instances of dnsmasq
will make use of the global configuration file and may have
incompatible options. We see this for example when attempting to start
lxc-net which will attempt to use 'bind-interface' which is
incompatible with 'bind-dynamic' that we were adding to the global
configuration.

Here we remove our change to the global configuration (leaving it
mostly empty as it should be) and instead have lxc and libvirt
packages instruct the global instance not to bind to virbr0 and lxcbr0
by adding configuration files to /etc/dnsmasq.d (setting
except-interface).

The added benefit to this approach is that if lxc or libvirt are not
part of an image the global configuration will not be modified in such
a way as to expect that they are present.

Signed-off-by: Mark Asselstine <mark.asselstine at windriver.com>
---

I tested this with kvm-image-minimal with lxc and lxc-setup included
in the image and with all 3 instances (global, lxc and libvirt) of
dnsmasq up and running. Running a VM with libvirt and a container with
lxc (both networked) and everything was working as expected. There is
an issue with /etc/recolv.conf but it is related to the configuration
of systemd-resolved which Yocto promotes and nothing to do with these
changes. For testing I disabled systemd-resolved and use udhcpc to
populate /etc/resolv.conf.

For people using OverC this change will result in a slight change in
configuration in cube-essential as the default behavior will be used
instead of bind-dynamic that would have been present previously, as
neither lxc or libvirt are installed in cube-essential. I didn't
complete tests with OverC but although this is a slight configuration
change the runtime behavior should be identical.


 recipes-containers/lxc/files/dnsmasq.conf     | 2 ++
 recipes-containers/lxc/lxc_2.0.8.bb           | 6 ++++++
 recipes-extended/libvirt/libvirt/dnsmasq.conf | 2 ++
 recipes-extended/libvirt/libvirt_1.3.5.bb     | 6 ++++++
 recipes-support/dnsmasq/dnsmasq_2.%.bbappend  | 5 -----
 5 files changed, 16 insertions(+), 5 deletions(-)
 create mode 100644 recipes-containers/lxc/files/dnsmasq.conf
 create mode 100644 recipes-extended/libvirt/libvirt/dnsmasq.conf
 delete mode 100644 recipes-support/dnsmasq/dnsmasq_2.%.bbappend

diff --git a/recipes-containers/lxc/files/dnsmasq.conf b/recipes-containers/lxc/files/dnsmasq.conf
new file mode 100644
index 0000000..124f7eb
--- /dev/null
+++ b/recipes-containers/lxc/files/dnsmasq.conf
@@ -0,0 +1,2 @@
+bind-interfaces
+except-interface=lxcbr0
diff --git a/recipes-containers/lxc/lxc_2.0.8.bb b/recipes-containers/lxc/lxc_2.0.8.bb
index c9ce5f0..b616e94 100644
--- a/recipes-containers/lxc/lxc_2.0.8.bb
+++ b/recipes-containers/lxc/lxc_2.0.8.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
 	file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \
 	file://logs-optionally-use-base-filenames-to-report-src-fil.patch \
 	file://cgroups-work-around-issue-in-gcc-7.patch \
+	file://dnsmasq.conf \
 	"
 
 SRC_URI[md5sum] = "7bfd95280522d7936c0979dfea92cdb5"
@@ -134,6 +135,11 @@ do_install_append() {
 	    if [ -d ${D}${exec_prefix}/lib/python* ]; then mv ${D}${exec_prefix}/lib/python* ${D}${libdir}/; fi
 	    rmdir --ignore-fail-on-non-empty ${D}${exec_prefix}/lib
 	fi
+
+	# Force the main dnsmasq instance to bind only to specified interfaces and
+	# to not bind to virbr0. Libvirt will run its own instance on this interface.
+	install -d ${D}/${sysconfdir}/dnsmasq.d
+	install -m 644 ${WORKDIR}/dnsmasq.conf ${D}/${sysconfdir}/dnsmasq.d/lxc
 }
 
 EXTRA_OEMAKE += "TEST_DIR=${D}${PTEST_PATH}/src/tests"
diff --git a/recipes-extended/libvirt/libvirt/dnsmasq.conf b/recipes-extended/libvirt/libvirt/dnsmasq.conf
new file mode 100644
index 0000000..a7c3059
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/dnsmasq.conf
@@ -0,0 +1,2 @@
+bind-interfaces
+except-interface=virbr0
diff --git a/recipes-extended/libvirt/libvirt_1.3.5.bb b/recipes-extended/libvirt/libvirt_1.3.5.bb
index 8ed2505..e7a2b23 100644
--- a/recipes-extended/libvirt/libvirt_1.3.5.bb
+++ b/recipes-extended/libvirt/libvirt_1.3.5.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz;name=libvirt \
            file://tools-add-libvirt-net-rpc-to-virt-host-validate-when.patch \
            file://libvirtd.sh \
            file://libvirtd.conf \
+           file://dnsmasq.conf \
            file://runptest.patch \
            file://run-ptest \
            file://tests-allow-separated-src-and-build-dirs.patch \
@@ -219,6 +220,7 @@ require libvirt-python.inc
 do_install_append() {
 	install -d ${D}/etc/init.d
 	install -d ${D}/etc/libvirt
+	install -d ${D}/etc/dnsmasq.d
 
 	install -m 0755 ${WORKDIR}/libvirtd.sh ${D}/etc/init.d/libvirtd
 	install -m 0644 ${WORKDIR}/libvirtd.conf ${D}/etc/libvirt/libvirtd.conf
@@ -266,6 +268,10 @@ do_install_append() {
 	# Add hook support for libvirt
 	mkdir -p ${D}/etc/libvirt/hooks
 
+	# Force the main dnsmasq instance to bind only to specified interfaces and
+	# to not bind to virbr0. Libvirt will run its own instance on this interface.
+	install -m 644 ${WORKDIR}/dnsmasq.conf ${D}/${sysconfdir}/dnsmasq.d/libvirt-daemon
+
 	# remove .la references to our working diretory
 	for i in `find ${D}${libdir} -type f -name *.la`; do
 	    sed -i -e 's#-L${B}/src/.libs##g' $i
diff --git a/recipes-support/dnsmasq/dnsmasq_2.%.bbappend b/recipes-support/dnsmasq/dnsmasq_2.%.bbappend
deleted file mode 100644
index 8d66ca6..0000000
--- a/recipes-support/dnsmasq/dnsmasq_2.%.bbappend
+++ /dev/null
@@ -1,5 +0,0 @@
-# dnsmasq is greedy with interfaces by default using bind-dynamic will
-# make it less greedy but still function as it did by default.
-do_install_append() {
-    sed -i '/#bind-interfaces/a # Play nice with libvirt\nbind-dynamic' ${D}${sysconfdir}/dnsmasq.conf
-}
-- 
2.7.4

More information about the meta-virtualization mailing list