[lxc-devel] [lxd/master] lxd/network/network: tell systemd-resolved we can resolve .lxd

ddstreet on Github lxc-bot at linuxcontainers.org
Fri Mar 13 00:24:52 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 540 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200312/96175dbb/attachment-0001.bin>
-------------- next part --------------
From c8b262da42a7e53efbe8c828a83548d7646a44be Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet at canonical.com>
Date: Fri, 6 Mar 2020 11:10:11 +0100
Subject: [PATCH] lxd/network/network: tell systemd-resolved we can resolve
 .lxd

This allows the local system to resolve all running lxd
containers, using the (by default) .lxd domain.  This will
work only if the local system is using systemd-resolved for DNS.

Signed-off-by: Dan Streetman <ddstreet at canonical.com>
---
 lxd/network/network.go | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

diff --git a/lxd/network/network.go b/lxd/network/network.go
index 3510bec05a..de6461847f 100644
--- a/lxd/network/network.go
+++ b/lxd/network/network.go
@@ -415,6 +415,7 @@ func (n *Network) setup(oldConfig map[string]string) error {
 	}
 
 	// Configure IPv4
+	ipv4addr := ""
 	if !shared.StringInSlice(n.config["ipv4.address"], []string{"", "none"}) {
 		// Parse the subnet
 		ip, subnet, err := net.ParseCIDR(n.config["ipv4.address"])
@@ -422,8 +423,10 @@ func (n *Network) setup(oldConfig map[string]string) error {
 			return err
 		}
 
+		ipv4addr = ip.String()
+
 		// Update the dnsmasq config
-		dnsmasqCmd = append(dnsmasqCmd, fmt.Sprintf("--listen-address=%s", ip.String()))
+		dnsmasqCmd = append(dnsmasqCmd, fmt.Sprintf("--listen-address=%s", ipv4addr))
 		if n.HasDHCPv4() {
 			if !shared.StringInSlice("--dhcp-no-override", dnsmasqCmd) {
 				dnsmasqCmd = append(dnsmasqCmd, []string{"--dhcp-no-override", "--dhcp-authoritative", fmt.Sprintf("--dhcp-leasefile=%s", shared.VarPath("networks", n.name, "dnsmasq.leases")), fmt.Sprintf("--dhcp-hostsfile=%s", shared.VarPath("networks", n.name, "dnsmasq.hosts"))}...)
@@ -520,6 +523,7 @@ func (n *Network) setup(oldConfig map[string]string) error {
 	}
 
 	// Configure IPv6
+	ipv6addr := ""
 	if !shared.StringInSlice(n.config["ipv6.address"], []string{"", "none"}) {
 		// Enable IPv6 for the subnet
 		err := util.SysctlSet(fmt.Sprintf("net/ipv6/conf/%s/disable_ipv6", n.name), "0")
@@ -533,8 +537,10 @@ func (n *Network) setup(oldConfig map[string]string) error {
 			return err
 		}
 
+		ipv6addr = ip.String()
+
 		// Update the dnsmasq config
-		dnsmasqCmd = append(dnsmasqCmd, []string{fmt.Sprintf("--listen-address=%s", ip.String()), "--enable-ra"}...)
+		dnsmasqCmd = append(dnsmasqCmd, []string{fmt.Sprintf("--listen-address=%s", ipv6addr), "--enable-ra"}...)
 		if n.HasDHCPv6() {
 			if n.config["ipv6.firewall"] == "" || shared.IsTrue(n.config["ipv6.firewall"]) {
 				// Setup basic iptables overrides for DHCP/DNS
@@ -926,7 +932,7 @@ func (n *Network) setup(oldConfig map[string]string) error {
 	}
 
 	// Configure dnsmasq
-	if n.config["bridge.mode"] == "fan" || !shared.StringInSlice(n.config["ipv4.address"], []string{"", "none"}) || !shared.StringInSlice(n.config["ipv6.address"], []string{"", "none"}) {
+	if n.config["bridge.mode"] == "fan" || ipv4addr != "" || ipv6addr != "" {
 		// Setup the dnsmasq domain
 		dnsDomain := n.config["dns.domain"]
 		if dnsDomain == "" {
@@ -1019,6 +1025,26 @@ func (n *Network) setup(oldConfig map[string]string) error {
 				return err
 			}
 		}
+
+		// Tell systemd-resolved we can resolve for dnsDomain
+		if n.config["dns.mode"] != "none" && (ipv4addr != "" || ipv6addr != "") {
+			// newer systemd uses 'resolvectl' instead of 'systemd-resolve',
+			// which has different usage, but systemd-resolve with the older usage
+			// is still supported everywhere, for now
+			resolveCmd := "systemd-resolve"
+			resolveArgs := []string{"--interface", n.name}
+
+			resolveArgs = append(resolveArgs, []string{"--set-domain", fmt.Sprintf("~%s", dnsDomain)}...)
+			if ipv4addr != "" {
+				resolveArgs = append(resolveArgs, []string{"--set-dns", ipv4addr}...)
+			}
+			if ipv6addr != "" {
+				resolveArgs = append(resolveArgs, []string{"--set-dns", ipv6addr}...)
+			}
+
+			// ignore error, maybe resolved isn't running/used...?
+			shared.RunCommand(resolveCmd, resolveArgs...)
+		}
 	} else {
 		// Clean up old dnsmasq config if exists and we are not starting dnsmasq.
 		leasesPath := shared.VarPath("networks", n.name, "dnsmasq.leases")

More information about the lxc-devel mailing list