[libvirt] [PATCH v2] network: add an option to make dns public

Peter Krempa pkrempa at redhat.com
Tue Jul 21 09:53:46 UTC 2015


On Mon, Jul 20, 2015 at 17:42:05 +0200, Cedric Bosdonnat wrote:
> On Mon, 2015-07-20 at 16:25 +0200, Peter Krempa wrote:
> > On Mon, Jul 20, 2015 at 11:29:15 +0200, Cédric Bosdonnat wrote:
> > > In some use cases we don't want the virtual network's DNS to only
> > > listen to the vnet interface. Adding a publiclyAccessible attribute
> > > to the dns element in the configuration allows the DNS to listen to
> > > all interfaces.
> > 
> > Would you please elaborate on the use cases where this would be useful?
> > Libvirt networks shouldn't really be used for configuring dnsmasq for
> > other purposes than for virtual machines where it's desired that the
> > instances are separated.
> 
> This has been detailed in the previous mail thread, see here:
> https://www.redhat.com/archives/libvir-list/2015-June/msg00781.html
> and here:
> https://www.redhat.com/archives/libvir-list/2015-June/msg00813.html
> 
> The feature has been requested by people using libvirt as a testing
> infrastructure for cloud setups with vlans on top of the libvirt-defined
> network. Maybe I should describe the use case in the commit log to avoid
> the question being raised again and again.

I've read the conversation now. In my opinion if users try to circumvent
the config of a libvirt network they might as well as provide a full
network config themselves rather than trying to abuse libvirt into
setting it up partially and then hacking up the rest.

As of this patch. The documentation in the XML is misleading since it
states that after that "all interfaces" will be handled. With the
"bind-interface" option that isn't entirely true, only interfaces that
share the subnetwork are handled [1].

In general, the use case you've described seems rather hackish as you
even state for yourself and I don't think we should encourage this since
for some other desired configurations it might not work and adding more
and more workarounds just isn't a good idea.

Said this, I'm not going to object if somebody else from the libvirt
team thinks that it actually might be worthwhile, so I'm not going to
explicitly NACK it. You need to persuade somebody else though.

Peter


[1] http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2012q4/006525.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150721/7015dd13/attachment-0001.sig>


More information about the libvir-list mailing list