[lxc-devel] [lxd/master] Add `dns.search`

stgraber on Github lxc-bot at linuxcontainers.org
Thu May 21 15:42:05 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200521/e2588686/attachment-0001.bin>
-------------- next part --------------
From c11bf20310f0adbb15408b5ef67da64b56caa0ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 21 May 2020 11:28:18 -0400
Subject: [PATCH 1/4] lxd/networks: Warn on small IPv6 subnets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #7404

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/networks.md        | 10 ++++++++++
 lxd/network/network.go |  7 ++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/doc/networks.md b/doc/networks.md
index 389262da6e..6df258a2dd 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -146,6 +146,16 @@ exists, so you must repeat this command each reboot and after
 LXD is restarted.  Also note this only works if the bridge
 `dns.mode` is not `none`.
 
+## IPv6 prefix size
+For optimal operation, a prefix size of 64 is preferred.
+Larger subnets (prefix smaller than 64) should work properly too but
+aren't typically that useful for SLAAC.
+
+Smaller subnets while in theory possible when using stateful DHCPv6 for
+IPv6 allocation aren't properly supported by dnsmasq and may be the
+source of issue. If you must use one of those, static allocation or
+another standalone RA daemon be used.
+
 ## Allow DHCP, DNS with Firewalld
 
 In order to allow instances to access the DHCP and DNS server that LXD runs on the host when using firewalld
diff --git a/lxd/network/network.go b/lxd/network/network.go
index 37ae7fa203..93f6ea60e6 100644
--- a/lxd/network/network.go
+++ b/lxd/network/network.go
@@ -24,6 +24,7 @@ import (
 	"github.com/lxc/lxd/lxd/util"
 	"github.com/lxc/lxd/shared"
 	"github.com/lxc/lxd/shared/api"
+	log "github.com/lxc/lxd/shared/log15"
 	"github.com/lxc/lxd/shared/logger"
 	"github.com/lxc/lxd/shared/subprocess"
 	"github.com/lxc/lxd/shared/version"
@@ -536,6 +537,11 @@ func (n *Network) setup(oldConfig map[string]string) error {
 		if err != nil {
 			return err
 		}
+		subnetSize, _ := subnet.Mask.Size()
+
+		if subnetSize > 64 {
+			logger.Warn("IPv6 networks with a prefix larger than 64 aren't properly supported by dnsmasq", log.Ctx{"network": n.name})
+		}
 
 		// Update the dnsmasq config
 		dnsmasqCmd = append(dnsmasqCmd, []string{fmt.Sprintf("--listen-address=%s", ip.String()), "--enable-ra"}...)
@@ -559,7 +565,6 @@ func (n *Network) setup(oldConfig map[string]string) error {
 			}
 
 			if shared.IsTrue(n.config["ipv6.dhcp.stateful"]) {
-				subnetSize, _ := subnet.Mask.Size()
 				if n.config["ipv6.dhcp.ranges"] != "" {
 					for _, dhcpRange := range strings.Split(n.config["ipv6.dhcp.ranges"], ",") {
 						dhcpRange = strings.TrimSpace(dhcpRange)

From b10d82bfd1f7fe7e377ea371898aa7a2aa60d77e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 21 May 2020 11:40:13 -0400
Subject: [PATCH 2/4] lxd/network: Force DHCP custom gateway
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/network/network.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/network/network.go b/lxd/network/network.go
index 93f6ea60e6..edd2d53910 100644
--- a/lxd/network/network.go
+++ b/lxd/network/network.go
@@ -431,7 +431,7 @@ func (n *Network) setup(oldConfig map[string]string) error {
 			}
 
 			if n.config["ipv4.dhcp.gateway"] != "" {
-				dnsmasqCmd = append(dnsmasqCmd, fmt.Sprintf("--dhcp-option=3,%s", n.config["ipv4.dhcp.gateway"]))
+				dnsmasqCmd = append(dnsmasqCmd, fmt.Sprintf("--dhcp-option-force=3,%s", n.config["ipv4.dhcp.gateway"]))
 			}
 
 			if mtu != "1500" {

From 1af356dffa8ae28743af7dc05e3ee94963bd8984 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 21 May 2020 11:40:31 -0400
Subject: [PATCH 3/4] api: Add network_dns_search
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/api-extensions.md | 3 +++
 shared/version/api.go | 1 +
 2 files changed, 4 insertions(+)

diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index 54bdb546e3..dfb2c878fa 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -1038,3 +1038,6 @@ This adds system information to the output of `/1.0/resources`.
 This adds the push and relay modes to image copy.
 It also introduces the following new endpoint:
  - `POST 1.0/images/<fingerprint>/export`
+
+## network\_dns\_search
+This introduces the `dns.search` config option on networks.
diff --git a/shared/version/api.go b/shared/version/api.go
index da32e9921a..975d0221cf 100644
--- a/shared/version/api.go
+++ b/shared/version/api.go
@@ -210,6 +210,7 @@ var APIExtensions = []string{
 	"container_nic_ipvlan_mode",
 	"resources_system",
 	"images_push_relay",
+	"network_dns_search",
 }
 
 // APIExtensionsCount returns the number of available API extensions.

From 86bf750519e353cac343c855e7dcb92c2d9fa478 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 21 May 2020 11:40:37 -0400
Subject: [PATCH 4/4] lxd/network: Support specifying search domain
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #7372

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 doc/networks.md         | 1 +
 lxd/network/network.go  | 5 +++++
 lxd/networks_config.go  | 1 +
 scripts/bash/lxd-client | 2 +-
 4 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/doc/networks.md b/doc/networks.md
index 6df258a2dd..94cb191bbb 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -59,6 +59,7 @@ bridge.hwaddr                   | string    | -                     | -
 bridge.mode                     | string    | -                     | standard                  | Bridge operation mode ("standard" or "fan")
 bridge.mtu                      | integer   | -                     | 1500                      | Bridge MTU (default varies if tunnel or fan setup)
 dns.domain                      | string    | -                     | lxd                       | Domain to advertise to DHCP clients and use for DNS resolution
+dns.search                      | string    | -                     | -                         | Full comma eparate domain search list, defaulting to dns.domain
 dns.mode                        | string    | -                     | managed                   | DNS registration mode ("none" for no DNS record, "managed" for LXD generated static records or "dynamic" for client generated records)
 fan.overlay\_subnet             | string    | fan mode              | 240.0.0.0/8               | Subnet to use as the overlay for the FAN (CIDR notation)
 fan.type                        | string    | fan mode              | vxlan                     | The tunneling type for the FAN ("vxlan" or "ipip")
diff --git a/lxd/network/network.go b/lxd/network/network.go
index edd2d53910..b033b673a4 100644
--- a/lxd/network/network.go
+++ b/lxd/network/network.go
@@ -438,6 +438,11 @@ func (n *Network) setup(oldConfig map[string]string) error {
 				dnsmasqCmd = append(dnsmasqCmd, fmt.Sprintf("--dhcp-option-force=26,%s", mtu))
 			}
 
+			dnsSearch := n.config["dns.search"]
+			if dnsSearch != "" {
+				dnsmasqCmd = append(dnsmasqCmd, fmt.Sprintf("--dhcp-option-force=119,%s", strings.Trim(dnsSearch, " ")))
+			}
+
 			expiry := "1h"
 			if n.config["ipv4.dhcp.expiry"] != "" {
 				expiry = n.config["ipv4.dhcp.expiry"]
diff --git a/lxd/networks_config.go b/lxd/networks_config.go
index 26c6b4c7a7..66b2ef5101 100644
--- a/lxd/networks_config.go
+++ b/lxd/networks_config.go
@@ -97,6 +97,7 @@ var networkConfigKeys = map[string]func(value string) error{
 	"ipv6.routing":       shared.IsBool,
 
 	"dns.domain": shared.IsAny,
+	"dns.search": shared.IsAny,
 	"dns.mode": func(value string) error {
 		return shared.IsOneOf(value, []string{"dynamic", "managed", "none"})
 	},
diff --git a/scripts/bash/lxd-client b/scripts/bash/lxd-client
index c50e5ca295..173bf03a10 100644
--- a/scripts/bash/lxd-client
+++ b/scripts/bash/lxd-client
@@ -124,7 +124,7 @@ _have lxc && {
       boot.priority"
 
     networks_keys="bridge.driver bridge.external_interfaces bridge.mode \
-      bridge.mtu bridge.hwaddr dns.domain dns.mode fan.overlay_subnet fan.type \
+      bridge.mtu bridge.hwaddr dns.domain dns.mode dns.search fan.overlay_subnet fan.type \
       fan.underlay_subnet ipv4.address ipv4.dhcp ipv4.dhcp.expiry ipv4.dhcp.gateway \
       ipv4.dhcp.ranges ipv4.firewall ipv4.nat ipv4.nat.address ipv4.nat.order \
       ipv4.routes ipv4.routing ipv6.address ipv6.dhcp ipv6.dhcp.expiry ipv6.dhcp.ranges \

More information about the lxc-devel mailing list