Re: [libvirt] dnsmasq option "dhcp-authoritative" in libvirt virtual networks?
On 09/19/2016 05:25 PM, Jim Fehlig wrote:
On 09/19/2016 09:48 AM, Martin Wilck wrote:
> Hello,
>
> I am seeing a slightly annoying behavior of libvirt-created networks on
> my system. Whenever a VM fails to renew its DHCP lease in time (for
> example because my laptop is suspended), the IP address changes,
> causing various annoyances. If this happens, the log message
> "DHCPNAK(virbrX): ... lease not found" appears in the libvirtd logs.
>
> Looking at the dnsmasq code, it seems that this would be fixed by
> running dnsmasq with the "dhcp-authoritative" option, which, according
> to the dnsmasq man page, "should be set when dnsmasq is definitely the
> only DHCP server on a network" - IMO that's the case for libvirtd-
> managed virtual networks. So the question comes to my mind: is there a
> good reason why libvirtd doesn't set "dhcp-authoritative" on the
> dnsmasq instances it starts?
I've searched the list archives and didn't see any mention of the
'--dhcp-authoritative' option, so the reason may be that no one has made such an
inquiry :-). If it has been discussed and I missed it, Laine most likely knows
something about it.
Nope, this is the first I've heard of it.
A small bit of detective work shows that OpenStack neutron adopted use of this
option a while back
https://review.openstack.org/#/c/152080/
...but for a completely different reason - they were encountering
problems when they restarted their dnsmasq, because they didn't keep a
leasefile.
After reading Simon's mail, and the openstack patch and description, it
isn't clear that this will actually solve your problem. Have you tried
it? (to test it, you should be able to just kill dnsmasq, add the option
to the dnsmasq conf file referenced in its commandline, then restart it
with the same commandline. libvirt will no longer know where the dnsmasq
process is (since you will have changed its pid), but otherwise it
should operate okay)
If that does solve your problem, we could consider a patch to add it. Do
you know the first version of dnsmasq that had this option? Hopefully
the answer is "very old" so we don't have to check for support.
In a related discussion, Simon agrees with using '--dhcp-authoritative' when
dnsmasq is the only dhcp server on the network
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q1/009171.html
I also stumbled across a complaint about using '--dhcp-authoritative' on a
network with multiple dhcp servers, but I can't find that now. I'm not sure if
there are use-cases for multiple dhcp servers on a single libvirt virtual network.
Yeah, I don't think that should ever happen with libvirt's networks
(unless somebody comes up with a network that is bridged across several
hosts, and they want each host to have a DHCP server, or something like
that. *I'm certainly not going to do that though :-)