Updating dnsmasq options with virsh net-update
Laine Stump
laine at redhat.com
Thu Mar 18 01:45:30 UTC 2021
On 3/17/21 1:51 PM, brent s. wrote:
> On 3/17/21 13:19, Alex Crawford wrote:
>> I'm trying to take advantage of libvirt's support for passing through
>> options to dnsmasq
>> <https://libvirt.org/formatnetwork.html#elementsNamespaces>, but I'm
>> having trouble getting it to take effect. I have a network already
>> created and I'm trying to use net-update to add the options, but it's
>> not clear to me what section I should specify. By the way, is there a
>> good way to list the available sections? I've been resorting to reading
>> the code
>> <https://gitlab.com/libvirt/libvirt/-/blob/18d0f2f9569edf3c26d912a7d8974a54bb32eee9/include/libvirt/libvirt-network.h#L158-175>.
>> Working in a different direction, I tried using net-edit to make the
>> changes but they seem to have been silently discarded:
>>
>> $ virsh -c qemu:///system net-edit crawford-libvirt-67v2h
>> Network crawford-libvirt-67v2h XML configuration edited.
>> $ virsh -c qemu:///system net-dumpxml crawford-libvirt-67v2h | grep
>> --count <my changes>
>> 0
>>
>> Can anyone tell me what I'm doing wrong or how this feature was intended
>> to be used? Thank you.
https://wiki.libvirt.org/page/Networking#Applying_modifications_to_the_network
>>
>> -Alex
>
> The last time I tried using net-update, if I recall it didn't support
> full editing.
That is correct, and it is by design. When I added the virNetworkUpdate
API I started with exactly that idea, but during discussions we decided
against allowing such freeform changing of anything and everything in
the network's config (I don't remember the arguments in either direction
now, but I definitely remember the discussion happening :-))
> I had to net-edit the network in question and restart it
> (to do exactly what you're trying to do, I should note!). I don't think
> net-update lets you edit the root element's namespace (which is what you
> need to do for e.g. <dnsmasq:options> to not be eaten).
<dnsmasq:options> is in some ways even beyond just "editing the root
element's namespace" - it is adding opaque stuff into the dnsmasq
commandline that will have effects that can't be comprehended by
libvirt's network driver - it could do something that completely
counteracts what libvirt has purposefully added.
But I digress. You are correct that <dnsmasq:options> can't be changed
with virsh net-update.
The good news, though, is that you can safely net-destroy and then
net-start the network, and get full connectivity of all your guests
(whose tap devices have just been disconnected from the network's bridge
by the restart) back by just restarting libvirtd.service (at least if
you have a libvirt that is newer than a couple years old). This means
that, aside from the short disruption in connectivity during the time
between "virsh net-destroy $net" and "systemctl restart
libvirtd.service", the effect will be the same as if you had been able
to do the modification with virsh net-update.
>
> For reference, the modified root element looks like this:
>
> <network xmlns:dnsmasq="http://libvirt.org/schemas/network/dnsmasq/1.0">
> <!-- Normal network definition here... -->
> <dnsmasq:options>
> <dnsmasq:option value="log-dhcp"/>
> </dnsmasq:options>
> </network>
>
More information about the libvirt-users
mailing list