Re: [libvirt] [PATCH v1 2/2] network: Introduce start and shutdown hooks
On Mon, Feb 03, 2014 at 12:36:32PM +0100, Michal Privoznik wrote:
On 31.01.2014 17:43, Michal Privoznik wrote:
>There might be some use cases, where user wants to prepare the host or
>its environment prior to starting a network and do some cleanup after
>the network has been shut down. Consider all the functionality that
>libvirt doesn't currently have as an example what a hook script can
>possibly do.
>
>Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
>---
> docs/hooks.html.in | 43 +++++++++++++++++++++++++++++--------------
> src/network/bridge_driver.c | 29 +++++++++++++++++++++++++++++
> src/util/virhook.c | 10 +++++++++-
> src/util/virhook.h | 8 ++++++++
> 4 files changed, 75 insertions(+), 15 deletions(-)
>
>diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
>index 53c2274..2bca5bc 100644
>--- a/src/network/bridge_driver.c
>+++ b/src/network/bridge_driver.c
>@@ -71,6 +71,7 @@
> #include "virstring.h"
> #include "viraccessapicheck.h"
> #include "network_event.h"
>+#include "virhook.h"
>
> #define VIR_FROM_THIS VIR_FROM_NETWORK
>
>@@ -2011,6 +2012,23 @@ networkStartNetwork(virNetworkDriverStatePtr driver,
> if (virNetworkObjSetDefTransient(network, true) < 0)
> goto cleanup;
>
>+ /* Run an early hook to set-up missing devices */
>+ if (virHookPresent(VIR_HOOK_DRIVER_NETWORK)) {
>+ char *xml = virNetworkDefFormat(network->def, 0);
>+ int hookret;
>+
>+ hookret = virHookCall(VIR_HOOK_DRIVER_NETWORK, network->def->name,
>+ VIR_HOOK_NETWORK_OP_START, VIR_HOOK_SUBOP_BEGIN,
>+ NULL, xml, NULL);
>+ VIR_FREE(xml);
>+
>+ /*
>+ * If the script raised an error abort the launch
>+ */
>+ if (hookret < 0)
>+ goto cleanup;
>+ }
>+
> switch (network->def->forward.type) {
I've just realized, that if the hook is going to be used to
insert/delete some iptables rules or some tc work, maybe it's
desired to have yet another hook that is executed *after*
networkStartNetworkVirtual or networkStartNetworkExternal. Moreover,
do we want to taint such networks that use hook scripts (bearing in
mind that we don't do nothing like that for domains)? Any thoughts?
We use 'tainting' as a way to identify anything which could alter the
operation/behaviour of the VM in a way that isn't obvious from the XML
config. As such I'd say that use of hooks should cause tainting, and
likewise we should have a tainting concept for networks too.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|