[meta-virtualization] [PATCH] dnsmasq: add dnsmasq.d entries for lxc and libvirt

Bruce Ashfield bruce.ashfield at gmail.com
Thu Dec 28 08:16:33 PST 2017 

merged.

Bruce

On Fri, Dec 22, 2017 at 4:57 PM, Mark Asselstine
<mark.asselstine at windriver.com> wrote:
> A while ago changes were merged to meta-openembedded to make
> /etc/dnsmasq.d (and specifically the files it contains) referenced
> when the main instance of dnsmasq is run (see dnsmasq.service and
> commit ba665493a0dd [dnsmasq: allow for dnsmasq instances to reuse
> default dnsmasq.conf]).
>
> We, however, continued to modify the global configuration
> (/etc/dnsmasq.conf) to keep the main instance of dnsmasq from
> attaching to virbr0 and lxcbr0, by using 'bind-dynamic'. This approach
> is problematic, since it is common that other instances of dnsmasq
> will make use of the global configuration file and may have
> incompatible options. We see this for example when attempting to start
> lxc-net which will attempt to use 'bind-interface' which is
> incompatible with 'bind-dynamic' that we were adding to the global
> configuration.
>
> Here we remove our change to the global configuration (leaving it
> mostly empty as it should be) and instead have lxc and libvirt
> packages instruct the global instance not to bind to virbr0 and lxcbr0
> by adding configuration files to /etc/dnsmasq.d (setting
> except-interface).
>
> The added benefit to this approach is that if lxc or libvirt are not
> part of an image the global configuration will not be modified in such
> a way as to expect that they are present.
>
> Signed-off-by: Mark Asselstine <mark.asselstine at windriver.com>
> ---
>
> I tested this with kvm-image-minimal with lxc and lxc-setup included
> in the image and with all 3 instances (global, lxc and libvirt) of
> dnsmasq up and running. Running a VM with libvirt and a container with
> lxc (both networked) and everything was working as expected. There is
> an issue with /etc/recolv.conf but it is related to the configuration
> of systemd-resolved which Yocto promotes and nothing to do with these
> changes. For testing I disabled systemd-resolved and use udhcpc to
> populate /etc/resolv.conf.
>
> For people using OverC this change will result in a slight change in
> configuration in cube-essential as the default behavior will be used
> instead of bind-dynamic that would have been present previously, as
> neither lxc or libvirt are installed in cube-essential. I didn't
> complete tests with OverC but although this is a slight configuration
> change the runtime behavior should be identical.
>
>
>  recipes-containers/lxc/files/dnsmasq.conf     | 2 ++
>  recipes-containers/lxc/lxc_2.0.8.bb           | 6 ++++++
>  recipes-extended/libvirt/libvirt/dnsmasq.conf | 2 ++
>  recipes-extended/libvirt/libvirt_1.3.5.bb     | 6 ++++++
>  recipes-support/dnsmasq/dnsmasq_2.%.bbappend  | 5 -----
>  5 files changed, 16 insertions(+), 5 deletions(-)
>  create mode 100644 recipes-containers/lxc/files/dnsmasq.conf
>  create mode 100644 recipes-extended/libvirt/libvirt/dnsmasq.conf
>  delete mode 100644 recipes-support/dnsmasq/dnsmasq_2.%.bbappend
>
> diff --git a/recipes-containers/lxc/files/dnsmasq.conf b/recipes-containers/lxc/files/dnsmasq.conf
> new file mode 100644
> index 0000000..124f7eb
> --- /dev/null
> +++ b/recipes-containers/lxc/files/dnsmasq.conf
> @@ -0,0 +1,2 @@
> +bind-interfaces
> +except-interface=lxcbr0
> diff --git a/recipes-containers/lxc/lxc_2.0.8.bb b/recipes-containers/lxc/lxc_2.0.8.bb
> index c9ce5f0..b616e94 100644
> --- a/recipes-containers/lxc/lxc_2.0.8.bb
> +++ b/recipes-containers/lxc/lxc_2.0.8.bb
> @@ -36,6 +36,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
>         file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \
>         file://logs-optionally-use-base-filenames-to-report-src-fil.patch \
>         file://cgroups-work-around-issue-in-gcc-7.patch \
> +       file://dnsmasq.conf \
>         "
>
>  SRC_URI[md5sum] = "7bfd95280522d7936c0979dfea92cdb5"
> @@ -134,6 +135,11 @@ do_install_append() {
>             if [ -d ${D}${exec_prefix}/lib/python* ]; then mv ${D}${exec_prefix}/lib/python* ${D}${libdir}/; fi
>             rmdir --ignore-fail-on-non-empty ${D}${exec_prefix}/lib
>         fi
> +
> +       # Force the main dnsmasq instance to bind only to specified interfaces and
> +       # to not bind to virbr0. Libvirt will run its own instance on this interface.
> +       install -d ${D}/${sysconfdir}/dnsmasq.d
> +       install -m 644 ${WORKDIR}/dnsmasq.conf ${D}/${sysconfdir}/dnsmasq.d/lxc
>  }
>
>  EXTRA_OEMAKE += "TEST_DIR=${D}${PTEST_PATH}/src/tests"
> diff --git a/recipes-extended/libvirt/libvirt/dnsmasq.conf b/recipes-extended/libvirt/libvirt/dnsmasq.conf
> new file mode 100644
> index 0000000..a7c3059
> --- /dev/null
> +++ b/recipes-extended/libvirt/libvirt/dnsmasq.conf
> @@ -0,0 +1,2 @@
> +bind-interfaces
> +except-interface=virbr0
> diff --git a/recipes-extended/libvirt/libvirt_1.3.5.bb b/recipes-extended/libvirt/libvirt_1.3.5.bb
> index 8ed2505..e7a2b23 100644
> --- a/recipes-extended/libvirt/libvirt_1.3.5.bb
> +++ b/recipes-extended/libvirt/libvirt_1.3.5.bb
> @@ -27,6 +27,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz;name=libvirt \
>             file://tools-add-libvirt-net-rpc-to-virt-host-validate-when.patch \
>             file://libvirtd.sh \
>             file://libvirtd.conf \
> +           file://dnsmasq.conf \
>             file://runptest.patch \
>             file://run-ptest \
>             file://tests-allow-separated-src-and-build-dirs.patch \
> @@ -219,6 +220,7 @@ require libvirt-python.inc
>  do_install_append() {
>         install -d ${D}/etc/init.d
>         install -d ${D}/etc/libvirt
> +       install -d ${D}/etc/dnsmasq.d
>
>         install -m 0755 ${WORKDIR}/libvirtd.sh ${D}/etc/init.d/libvirtd
>         install -m 0644 ${WORKDIR}/libvirtd.conf ${D}/etc/libvirt/libvirtd.conf
> @@ -266,6 +268,10 @@ do_install_append() {
>         # Add hook support for libvirt
>         mkdir -p ${D}/etc/libvirt/hooks
>
> +       # Force the main dnsmasq instance to bind only to specified interfaces and
> +       # to not bind to virbr0. Libvirt will run its own instance on this interface.
> +       install -m 644 ${WORKDIR}/dnsmasq.conf ${D}/${sysconfdir}/dnsmasq.d/libvirt-daemon
> +
>         # remove .la references to our working diretory
>         for i in `find ${D}${libdir} -type f -name *.la`; do
>             sed -i -e 's#-L${B}/src/.libs##g' $i
> diff --git a/recipes-support/dnsmasq/dnsmasq_2.%.bbappend b/recipes-support/dnsmasq/dnsmasq_2.%.bbappend
> deleted file mode 100644
> index 8d66ca6..0000000
> --- a/recipes-support/dnsmasq/dnsmasq_2.%.bbappend
> +++ /dev/null
> @@ -1,5 +0,0 @@
> -# dnsmasq is greedy with interfaces by default using bind-dynamic will
> -# make it less greedy but still function as it did by default.
> -do_install_append() {
> -    sed -i '/#bind-interfaces/a # Play nice with libvirt\nbind-dynamic' ${D}${sysconfdir}/dnsmasq.conf
> -}
> --
> 2.7.4
>
> --
> _______________________________________________
> meta-virtualization mailing list
> meta-virtualization at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/meta-virtualization



-- 
"Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end"

More information about the meta-virtualization mailing list