dnsmasq: add dnsmasq.d entries for lxc and libvirt

A while ago changes were merged to meta-openembedded to make /etc/dnsmasq.d (and specifically the files it contains) referenced when the main instance of dnsmasq is run (see dnsmasq.service and commit ba665493a0dd [dnsmasq: allow for dnsmasq instances to reuse default dnsmasq.conf]). We, however, continued to modify the global configuration (/etc/dnsmasq.conf) to keep the main instance of dnsmasq from attaching to virbr0 and lxcbr0, by using 'bind-dynamic'. This approach is problematic, since it is common that other instances of dnsmasq will make use of the global configuration file and may have incompatible options. We see this for example when attempting to start lxc-net which will attempt to use 'bind-interface' which is incompatible with 'bind-dynamic' that we were adding to the global configuration. Here we remove our change to the global configuration (leaving it mostly empty as it should be) and instead have lxc and libvirt packages instruct the global instance not to bind to virbr0 and lxcbr0 by adding configuration files to /etc/dnsmasq.d (setting except-interface). The added benefit to this approach is that if lxc or libvirt are not part of an image the global configuration will not be modified in such a way as to expect that they are present. Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Mark Asselstine <mark.asselstine@windriver.com> 2017-12-22 15:57:44 -0500
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2017-12-28 11:12:26 -0500
commit: 00a801aee140c91ae968ffad271fc85702ff80ff (patch)
tree: 41d465a0c6515d838ef3d73c252c4da0e1e6125f
parent: 9390b98ba54904b8ad8e6b0af3a70e3cf540479c (diff)
download: meta-virtualization-00a801aee140c91ae968ffad271fc85702ff80ff.tar.gz
5 files changed, 16 insertions, 5 deletions
diff --git a/recipes-containers/lxc/files/dnsmasq.conf b/recipes-containers/lxc/files/dnsmasq.conf
new file mode 100644
index 00000000..124f7ebe
--- /dev/null
+++ b/recipes-containers/lxc/files/dnsmasq.conf
@@ -0,0 +1,2 @@
+bind-interfaces
+except-interface=lxcbr0
diff --git a/recipes-containers/lxc/lxc_2.0.8.bb b/recipes-containers/lxc/lxc_2.0.8.bb
index c9ce5f06..b616e947 100644
--- a/recipes-containers/lxc/lxc_2.0.8.bb
+++ b/recipes-containers/lxc/lxc_2.0.8.bb
@@ -36,6 +36,7 @@ SRC_URI = "http://linuxcontainers.org/downloads/${BPN}-${PV}.tar.gz \
        file://lxc-doc-upgrade-to-use-docbook-3.1-DTD.patch \
        file://logs-optionally-use-base-filenames-to-report-src-fil.patch \
        file://cgroups-work-around-issue-in-gcc-7.patch \
+        file://dnsmasq.conf \
        "
 SRC_URI[md5sum] = "7bfd95280522d7936c0979dfea92cdb5"
@@ -134,6 +135,11 @@ do_install_append() {
            if [ -d ${D}${exec_prefix}/lib/python* ]; then mv ${D}${exec_prefix}/lib/python* ${D}${libdir}/; fi
            rmdir --ignore-fail-on-non-empty ${D}${exec_prefix}/lib
        fi
+        # Force the main dnsmasq instance to bind only to specified interfaces and
+        # to not bind to virbr0. Libvirt will run its own instance on this interface.
+        install -d ${D}/${sysconfdir}/dnsmasq.d
+        install -m 644 ${WORKDIR}/dnsmasq.conf ${D}/${sysconfdir}/dnsmasq.d/lxc
 }
 EXTRA_OEMAKE += "TEST_DIR=${D}${PTEST_PATH}/src/tests"
diff --git a/recipes-extended/libvirt/libvirt/dnsmasq.conf b/recipes-extended/libvirt/libvirt/dnsmasq.conf
new file mode 100644
index 00000000..a7c30598
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/dnsmasq.conf
@@ -0,0 +1,2 @@
+bind-interfaces
+except-interface=virbr0
diff --git a/recipes-extended/libvirt/libvirt_1.3.5.bb b/recipes-extended/libvirt/libvirt_1.3.5.bb
index 8ed2505e..e7a2b235 100644
--- a/recipes-extended/libvirt/libvirt_1.3.5.bb
+++ b/recipes-extended/libvirt/libvirt_1.3.5.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz;name=libvirt \
           file://tools-add-libvirt-net-rpc-to-virt-host-validate-when.patch \
           file://libvirtd.sh \
           file://libvirtd.conf \
+           file://dnsmasq.conf \
           file://runptest.patch \
           file://run-ptest \
           file://tests-allow-separated-src-and-build-dirs.patch \
@@ -219,6 +220,7 @@ require libvirt-python.inc
 do_install_append() {
        install -d ${D}/etc/init.d
        install -d ${D}/etc/libvirt
+        install -d ${D}/etc/dnsmasq.d
        install -m 0755 ${WORKDIR}/libvirtd.sh ${D}/etc/init.d/libvirtd
        install -m 0644 ${WORKDIR}/libvirtd.conf ${D}/etc/libvirt/libvirtd.conf
@@ -266,6 +268,10 @@ do_install_append() {
        # Add hook support for libvirt
        mkdir -p ${D}/etc/libvirt/hooks
+        # Force the main dnsmasq instance to bind only to specified interfaces and
+        # to not bind to virbr0. Libvirt will run its own instance on this interface.
+        install -m 644 ${WORKDIR}/dnsmasq.conf ${D}/${sysconfdir}/dnsmasq.d/libvirt-daemon
        # remove .la references to our working diretory
        for i in `find ${D}${libdir} -type f -name *.la`; do
            sed -i -e 's#-L${B}/src/.libs##g' $i
diff --git a/recipes-support/dnsmasq/dnsmasq_2.%.bbappend b/recipes-support/dnsmasq/dnsmasq_2.%.bbappend
deleted file mode 100644
index 8d66ca6a..00000000
--- a/recipes-support/dnsmasq/dnsmasq_2.%.bbappend
+++ /dev/null
@@ -1,5 +0,0 @@
-# dnsmasq is greedy with interfaces by default using bind-dynamic will
-# make it less greedy but still function as it did by default.
-do_install_append() {
-    sed -i '/#bind-interfaces/a # Play nice with libvirt\nbind-dynamic' ${D}${sysconfdir}/dnsmasq.conf
-}
author	Mark Asselstine <mark.asselstine@windriver.com>	2017-12-22 15:57:44 -0500
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2017-12-28 11:12:26 -0500
commit	00a801aee140c91ae968ffad271fc85702ff80ff (patch)
tree	41d465a0c6515d838ef3d73c252c4da0e1e6125f
parent	9390b98ba54904b8ad8e6b0af3a70e3cf540479c (diff)
download	meta-virtualization-00a801aee140c91ae968ffad271fc85702ff80ff.tar.gz