The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7409
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
From c11bf20310f0adbb15408b5ef67da64b56caa0ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Thu, 21 May 2020 11:28:18 -0400
Subject: [PATCH 1/4] lxd/networks: Warn on small IPv6 subnets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #7404
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
doc/networks.md | 10 ++++++++++
lxd/network/network.go | 7 ++++++-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/doc/networks.md b/doc/networks.md
index 389262da6e..6df258a2dd 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -146,6 +146,16 @@ exists, so you must repeat this command each reboot and
after
LXD is restarted. Also note this only works if the bridge
`dns.mode` is not `none`.
+## IPv6 prefix size
+For optimal operation, a prefix size of 64 is preferred.
+Larger subnets (prefix smaller than 64) should work properly too but
+aren't typically that useful for SLAAC.
+
+Smaller subnets while in theory possible when using stateful DHCPv6 for
+IPv6 allocation aren't properly supported by dnsmasq and may be the
+source of issue. If you must use one of those, static allocation or
+another standalone RA daemon be used.
+
## Allow DHCP, DNS with Firewalld
In order to allow instances to access the DHCP and DNS server that LXD runs on
the host when using firewalld
diff --git a/lxd/network/network.go b/lxd/network/network.go
index 37ae7fa203..93f6ea60e6 100644
--- a/lxd/network/network.go
+++ b/lxd/network/network.go
@@ -24,6 +24,7 @@ import (
"github.com/lxc/lxd/lxd/util"
"github.com/lxc/lxd/shared"
"github.com/lxc/lxd/shared/api"
+ log "github.com/lxc/lxd/shared/log15"
"github.com/lxc/lxd/shared/logger"
"github.com/lxc/lxd/shared/subprocess"
"github.com/lxc/lxd/shared/version"
@@ -536,6 +537,11 @@ func (n *Network) setup(oldConfig map[string]string) error
{
if err != nil {
return err
}
+ subnetSize, _ := subnet.Mask.Size()
+
+ if subnetSize > 64 {
+ logger.Warn("IPv6 networks with a prefix larger than 64
aren't properly supported by dnsmasq", log.Ctx{"network": n.name})
+ }
// Update the dnsmasq config
dnsmasqCmd = append(dnsmasqCmd,
[]string{fmt.Sprintf("--listen-address=%s", ip.String()), "--enable-ra"}...)
@@ -559,7 +565,6 @@ func (n *Network) setup(oldConfig map[string]string) error {
}
if shared.IsTrue(n.config["ipv6.dhcp.stateful"]) {
- subnetSize, _ := subnet.Mask.Size()
if n.config["ipv6.dhcp.ranges"] != "" {
for _, dhcpRange := range
strings.Split(n.config["ipv6.dhcp.ranges"], ",") {
dhcpRange =
strings.TrimSpace(dhcpRange)
From b10d82bfd1f7fe7e377ea371898aa7a2aa60d77e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Thu, 21 May 2020 11:40:13 -0400
Subject: [PATCH 2/4] lxd/network: Force DHCP custom gateway
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
lxd/network/network.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/network/network.go b/lxd/network/network.go
index 93f6ea60e6..edd2d53910 100644
--- a/lxd/network/network.go
+++ b/lxd/network/network.go
@@ -431,7 +431,7 @@ func (n *Network) setup(oldConfig map[string]string) error {
}
if n.config["ipv4.dhcp.gateway"] != "" {
- dnsmasqCmd = append(dnsmasqCmd,
fmt.Sprintf("--dhcp-option=3,%s", n.config["ipv4.dhcp.gateway"]))
+ dnsmasqCmd = append(dnsmasqCmd,
fmt.Sprintf("--dhcp-option-force=3,%s", n.config["ipv4.dhcp.gateway"]))
}
if mtu != "1500" {
From 1af356dffa8ae28743af7dc05e3ee94963bd8984 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Thu, 21 May 2020 11:40:31 -0400
Subject: [PATCH 3/4] api: Add network_dns_search
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
doc/api-extensions.md | 3 +++
shared/version/api.go | 1 +
2 files changed, 4 insertions(+)
diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index 54bdb546e3..dfb2c878fa 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -1038,3 +1038,6 @@ This adds system information to the output of
`/1.0/resources`.
This adds the push and relay modes to image copy.
It also introduces the following new endpoint:
- `POST 1.0/images/<fingerprint>/export`
+
+## network\_dns\_search
+This introduces the `dns.search` config option on networks.
diff --git a/shared/version/api.go b/shared/version/api.go
index da32e9921a..975d0221cf 100644
--- a/shared/version/api.go
+++ b/shared/version/api.go
@@ -210,6 +210,7 @@ var APIExtensions = []string{
"container_nic_ipvlan_mode",
"resources_system",
"images_push_relay",
+ "network_dns_search",
}
// APIExtensionsCount returns the number of available API extensions.
From 86bf750519e353cac343c855e7dcb92c2d9fa478 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Thu, 21 May 2020 11:40:37 -0400
Subject: [PATCH 4/4] lxd/network: Support specifying search domain
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #7372
Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
doc/networks.md | 1 +
lxd/network/network.go | 5 +++++
lxd/networks_config.go | 1 +
scripts/bash/lxd-client | 2 +-
4 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/doc/networks.md b/doc/networks.md
index 6df258a2dd..94cb191bbb 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -59,6 +59,7 @@ bridge.hwaddr | string | -
| -
bridge.mode | string | - | standard
| Bridge operation mode ("standard" or "fan")
bridge.mtu | integer | - | 1500
| Bridge MTU (default varies if tunnel or fan setup)
dns.domain | string | - | lxd
| Domain to advertise to DHCP clients and use for DNS
resolution
+dns.search | string | - | -
| Full comma eparate domain search list, defaulting to
dns.domain
dns.mode | string | - | managed
| DNS registration mode ("none" for no DNS record, "managed"
for LXD generated static records or "dynamic" for client generated records)
fan.overlay\_subnet | string | fan mode |
240.0.0.0/8 | Subnet to use as the overlay for the FAN (CIDR
notation)
fan.type | string | fan mode | vxlan
| The tunneling type for the FAN ("vxlan" or "ipip")
diff --git a/lxd/network/network.go b/lxd/network/network.go
index edd2d53910..b033b673a4 100644
--- a/lxd/network/network.go
+++ b/lxd/network/network.go
@@ -438,6 +438,11 @@ func (n *Network) setup(oldConfig map[string]string) error
{
dnsmasqCmd = append(dnsmasqCmd,
fmt.Sprintf("--dhcp-option-force=26,%s", mtu))
}
+ dnsSearch := n.config["dns.search"]
+ if dnsSearch != "" {
+ dnsmasqCmd = append(dnsmasqCmd,
fmt.Sprintf("--dhcp-option-force=119,%s", strings.Trim(dnsSearch, " ")))
+ }
+
expiry := "1h"
if n.config["ipv4.dhcp.expiry"] != "" {
expiry = n.config["ipv4.dhcp.expiry"]
diff --git a/lxd/networks_config.go b/lxd/networks_config.go
index 26c6b4c7a7..66b2ef5101 100644
--- a/lxd/networks_config.go
+++ b/lxd/networks_config.go
@@ -97,6 +97,7 @@ var networkConfigKeys = map[string]func(value string) error{
"ipv6.routing": shared.IsBool,
"dns.domain": shared.IsAny,
+ "dns.search": shared.IsAny,
"dns.mode": func(value string) error {
return shared.IsOneOf(value, []string{"dynamic", "managed",
"none"})
},
diff --git a/scripts/bash/lxd-client b/scripts/bash/lxd-client
index c50e5ca295..173bf03a10 100644
--- a/scripts/bash/lxd-client
+++ b/scripts/bash/lxd-client
@@ -124,7 +124,7 @@ _have lxc && {
boot.priority"
networks_keys="bridge.driver bridge.external_interfaces bridge.mode \
- bridge.mtu bridge.hwaddr dns.domain dns.mode fan.overlay_subnet fan.type
\
+ bridge.mtu bridge.hwaddr dns.domain dns.mode dns.search
fan.overlay_subnet fan.type \
fan.underlay_subnet ipv4.address ipv4.dhcp ipv4.dhcp.expiry
ipv4.dhcp.gateway \
ipv4.dhcp.ranges ipv4.firewall ipv4.nat ipv4.nat.address ipv4.nat.order \
ipv4.routes ipv4.routing ipv6.address ipv6.dhcp ipv6.dhcp.expiry
ipv6.dhcp.ranges \
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
