Description of problem: want to start more than 150 guests on the virtual network. but guests after the 150th can not get ip addr because the maximum number of DHCP leases is 150 by default. [root@lihuang ~]# ps -aef | grep dnsmasq nobody 3920 1 0 17:36 ? 00:00:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --listen-address 192.168.122.1 --except-interface lo --dhcp-range 192.168.122.2,192.168.122.254 [root@lihuang ~]# /usr/sbin/dnsmasq --help | grep dhcp-lease-max -X, --dhcp-lease-max=number Specify maximum number of DHCP leases (defaults to 150). [root@lihuang ~]# cat /etc/libvirt/qemu/networks/default.xml <network> <name>default</name> <uuid>d6897bcb-919e-4f6f-905c-bcbfa8b228aa</uuid> <bridge name="virbr0" /> <forward/> <ip address="192.168.122.1" netmask="255.255.255.0"> <dhcp> <range start="192.168.122.2" end="192.168.122.254" /> </dhcp> </ip> </network> Version-Release number of selected component (if applicable): # rpm -q libvirt libvirt-0.6.3-20.1.el5_4.x86_64 libvirt-0.6.3-20.1.el5_4.i386 How reproducible: 100% Steps to Reproduce: 1.Create more than 150 guest on the Virtual Network. 2. 3. Actual results: Expected results: Additional info:
From dnsmasq man page: -X, --dhcp-lease-max=<number> Limits dnsmasq to the specified maximum number of DHCP leases. The default is 150. This limit is to prevent DoS attacks from hosts which create thousands of leases and use lots of memory in the dnsmasq process. Seems to me we could add --dhcp-lease-max=254 to the args as the maximum IP lease we can do from a class C is basically 254 that should not be hard to add but I would like to make sure this is the right way to fix this, Daniel
That sounds like the right idea to me - we shouldn't hardcode assumption of 254/Class-C, but we can definitely automatically determine the maximum lease number by comparing the start + end ranges in the network XML.
Okay I posted the 3 patches needed to enable this https://www.redhat.com/archives/libvir-list/2009-October/msg00380.html Daniel
The actual fix upstream was more complex than the initial 3 patches submitted, it's basically made of the new network.[ch] utilities http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=24c8fc5dff27fc310bae13105bf35d12dd9b1b59 then extend network_conf.[ch] to check and store the ranges http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=8a659e31866a260111f6c93edbba62f593aea7f4;hp=784b5030c171f7d1e1c79a57200b92a78ecfdc46 then a small change to the bridge driver to pass the new arguments http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=f0006d9792063b0230ebc2b69339b3b5333ccca5;hp=8a659e31866a260111f6c93edbba62f593aea7f4 Daniel
Created attachment 370345 [details] Backport of the patch for 0.6.3 Basically adds the current (0.7.3) version of network.[ch] to the utils list, then also add the 2 patches to check and compute DHCP ranges size and the patch to add the argument when calling dnsmasq, Daniel
libvirt-0.6.3-22.el5 has been built in dist-5E-qu-candidate with the fixes, Daniel
The bus has been fixed in libvirt-0.6.3-28.el5 On RHEL5.4 release version with libvirt-0.6.3-20.el5, there is not "dhcp-lease-max" option given in the calling of dnsmasq, as following: /usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --listen-address 192.168.122.1 --except-interface lo --dhcp-range 192.168.122.2,192.168.122.254 For libvirt-0.6.3-28.el5 ,check the options of dnsmasq, it includes "dhcp-lease-max" option /usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --listen-address 192.168.122.1 --except-interface lo --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-lease-max=253
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0205.html