8:14 a.m.
See 6/7 for more details.
Version 2:
- Patch 2/7 no longer tries (or pretends) to be a refactor. Instead it
unifies they way we check for systemd services.
- requireSystemd argument of virSystemdHasService was dropped
Jiri Denemark (7):
util: Unify virSystemdHas{Machined,Logind}
util: Introduce virSystemdHasResolved
util: Introduce virSocketAddrBytes
util: Introduce virSystemdResolvedRegisterNameServer
tests: Add tests for virSystemdResolvedRegisterNameServer
network: Make virtual domains resolvable from the host
NEWS: Mention systemd-resolved support in network driver
NEWS.rst | 7 ++
docs/formatnetwork.rst | 9 +-
src/conf/network_conf.c | 18 ++++
src/conf/network_conf.h | 1 +
src/conf/schemas/network.rng | 3 +
src/libvirt_private.syms | 4 +
src/network/bridge_driver.c | 32 ++++++-
src/util/virsocketaddr.c | 63 ++++++++++++++
src/util/virsocketaddr.h | 4 +
src/util/virsystemd.c | 164 ++++++++++++++++++++++++++---------
src/util/virsystemd.h | 7 ++
src/util/virsystemdpriv.h | 1 +
tests/virsystemdtest.c | 147 +++++++++++++++++++++++++++++++
13 files changed, 419 insertions(+), 41 deletions(-)
--
2.43.0
8:14 a.m.
New subject: [libvirt PATCH v2 1/7] util: Unify virSystemdHas{Machined,Logind}
When checking for machined we do not really care whether systemd itself
is running, we just need machined to be either running or socket
activated by systemd. That is, exactly the same we do for logind.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/util/virsystemd.c | 74 ++++++++++++++++++++-----------------------
1 file changed, 34 insertions(+), 40 deletions(-)
diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c
index cd4de0eef8..36820e81fe 100644
--- a/src/util/virsystemd.c
+++ b/src/util/virsystemd.c
@@ -141,57 +141,35 @@ void virSystemdHasLogindResetCachedValue(void)
}
-/* -2 = machine1 is not supported on this machine
- * -1 = error
- * 0 = machine1 is available
+/**
+ * virSystemdHasService:
+ *
+ * Check whether a DBus @service is enabled and either the service itself is
+ * running or will be started on demand by a running systemd1 service.
+ *
+ * Returns
+ * -2 when service is not supported on this machine
+ * -1 on error
+ * 0 when service is available
*/
-int
-virSystemdHasMachined(void)
-{
- int ret;
- int val;
-
- val = g_atomic_int_get(&virSystemdHasMachinedCachedValue);
- if (val != -1)
- return val;
-
- if ((ret = virGDBusIsServiceEnabled("org.freedesktop.machine1")) < 0) {
- if (ret == -2)
- g_atomic_int_set(&virSystemdHasMachinedCachedValue, -2);
- return ret;
- }
-
- if ((ret = virGDBusIsServiceRegistered("org.freedesktop.systemd1")) == -1)
- return ret;
- g_atomic_int_set(&virSystemdHasMachinedCachedValue, ret);
- return ret;
-}
-
-int
-virSystemdHasLogind(void)
+static int
+virSystemdHasService(const char *service,
+ int *cached)
{
int ret;
int val;
- val = g_atomic_int_get(&virSystemdHasLogindCachedValue);
+ val = g_atomic_int_get(cached);
if (val != -1)
return val;
- ret = virGDBusIsServiceEnabled("org.freedesktop.login1");
- if (ret < 0) {
+ if ((ret = virGDBusIsServiceEnabled(service)) < 0) {
if (ret == -2)
- g_atomic_int_set(&virSystemdHasLogindCachedValue, -2);
+ g_atomic_int_set(cached, -2);
return ret;
}
- /*
- * Want to use logind if:
- * - logind is already running
- * Or
- * - logind is not running, but this is a systemd host
- * (rely on dbus activation)
- */
- if ((ret = virGDBusIsServiceRegistered("org.freedesktop.login1")) == -1)
+ if ((ret = virGDBusIsServiceRegistered(service)) == -1)
return ret;
if (ret == -2) {
@@ -199,11 +177,27 @@ virSystemdHasLogind(void)
return ret;
}
- g_atomic_int_set(&virSystemdHasLogindCachedValue, ret);
+ g_atomic_int_set(cached, ret);
return ret;
}
+int
+virSystemdHasMachined(void)
+{
+ return virSystemdHasService("org.freedesktop.machine1",
+ &virSystemdHasMachinedCachedValue);
+}
+
+
+int
+virSystemdHasLogind(void)
+{
+ return virSystemdHasService("org.freedesktop.login1",
+ &virSystemdHasLogindCachedValue);
+}
+
+
/**
* virSystemdGetMachineByPID:
* @conn: dbus connection
--
2.43.0
8:42 a.m.
New subject: [libvirt PATCH v2 1/7] util: Unify virSystemdHas{Machined,Logind}
On Mon, Feb 05, 2024 at 03:14:08PM +0100, Jiri Denemark wrote:
When checking for machined we do not really care whether systemd
itself
is running, we just need machined to be either running or socket
activated by systemd. That is, exactly the same we do for logind.
That's not right. We very much *do* care whether systemd is
running.
If systemd-machined is installed on the host but the OS is
booted into sysvinit, then DBus will report that machined
can be activated, but if it is activated then it certainly
won't actually work.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/util/virsystemd.c | 74 ++++++++++++++++++++-----------------------
1 file changed, 34 insertions(+), 40 deletions(-)
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
9:02 a.m.
New subject: [libvirt PATCH v2 1/7] util: Unify
virSystemdHas{Machined,Logind}
On Mon, Feb 05, 2024 at 14:42:09 +0000, Daniel P. Berrangé wrote:
On Mon, Feb 05, 2024 at 03:14:08PM +0100, Jiri Denemark wrote:
> When checking for machined we do not really care whether systemd itself
> is running, we just need machined to be either running or socket
> activated by systemd. That is, exactly the same we do for logind.
That's not right. We very much *do* care whether systemd is
running.
If systemd-machined is installed on the host but the OS is
booted into sysvinit, then DBus will report that machined
can be activated, but if it is activated then it certainly
won't actually work.
I guess I didn't explain myself correctly, but this just changes our
machind service check to do the same we do for logind. That is, machine1
service must be enabled (listed by ListActivatableNames). If it is, it
must already be running (reported by ListNames) or systemd must be
running.
Are you saying we should properly handle situations when a service we
want to talk to is already running, but cannot work because systemd is
not running? I would expect the service never be running in such case as
it would just fail to start without systemd.
Jirka
9:08 a.m.
New subject: [libvirt PATCH v2 1/7] util: Unify
virSystemdHas{Machined,Logind}
On Mon, Feb 05, 2024 at 04:02:55PM +0100, Jiri Denemark wrote:
On Mon, Feb 05, 2024 at 14:42:09 +0000, Daniel P. Berrangé wrote:
> On Mon, Feb 05, 2024 at 03:14:08PM +0100, Jiri Denemark wrote:
> > When checking for machined we do not really care whether systemd itself
> > is running, we just need machined to be either running or socket
> > activated by systemd. That is, exactly the same we do for logind.
>
> That's not right. We very much *do* care whether systemd is
> running.
>
> If systemd-machined is installed on the host but the OS is
> booted into sysvinit, then DBus will report that machined
> can be activated, but if it is activated then it certainly
> won't actually work.
I guess I didn't explain myself correctly, but this just changes our
machind service check to do the same we do for logind. That is, machine1
service must be enabled (listed by ListActivatableNames). If it is, it
must already be running (reported by ListNames) or systemd must be
running.
Are you saying we should properly handle situations when a service we
want to talk to is already running, but cannot work because systemd is
not running? I would expect the service never be running in such case as
it would just fail to start without systemd.
Hmm, I guess that's safe enough actually.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
5:03 a.m.
New subject: [libvirt PATCH v2 1/7] util: Unify virSystemdHas{Machined,Logind}
On a Monday in 2024, Jiri Denemark wrote:
When checking for machined we do not really care whether systemd
itself
is running, we just need machined to be either running or socket
activated by systemd. That is, exactly the same we do for logind.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
src/util/virsystemd.c | 74 ++++++++++++++++++++-----------------------
1 file changed, 34 insertions(+), 40 deletions(-)
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano
8:14 a.m.
New subject: [libvirt PATCH v2 2/7] util: Introduce virSystemdHasResolved
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
---
src/libvirt_private.syms | 2 ++
src/util/virsystemd.c | 15 +++++++++++++++
src/util/virsystemd.h | 2 ++
src/util/virsystemdpriv.h | 1 +
4 files changed, 20 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c398371734..c336d06fb3 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -3489,6 +3489,8 @@ virSystemdHasLogind;
virSystemdHasLogindResetCachedValue;
virSystemdHasMachined;
virSystemdHasMachinedResetCachedValue;
+virSystemdHasResolved;
+virSystemdHasResolvedResetCachedValue;
virSystemdMakeScopeName;
virSystemdMakeSliceName;
virSystemdNotifyStartup;
diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c
index 36820e81fe..fd2b1db3ee 100644
--- a/src/util/virsystemd.c
+++ b/src/util/virsystemd.c
@@ -127,6 +127,7 @@ char *virSystemdMakeSliceName(const char *partition)
static int virSystemdHasMachinedCachedValue = -1;
static int virSystemdHasLogindCachedValue = -1;
+static int virSystemdHasResolvedCachedValue = -1;
/* Reset the cache from tests for testing the underlying dbus calls
* as well */
@@ -140,6 +141,12 @@ void virSystemdHasLogindResetCachedValue(void)
virSystemdHasLogindCachedValue = -1;
}
+void
+virSystemdHasResolvedResetCachedValue(void)
+{
+ virSystemdHasResolvedCachedValue = -1;
+}
+
/**
* virSystemdHasService:
@@ -198,6 +205,14 @@ virSystemdHasLogind(void)
}
+int
+virSystemdHasResolved(void)
+{
+ return virSystemdHasService("org.freedesktop.resolve1",
+ &virSystemdHasResolvedCachedValue);
+}
+
+
/**
* virSystemdGetMachineByPID:
* @conn: dbus connection
diff --git a/src/util/virsystemd.h b/src/util/virsystemd.h
index 19fb714132..65add8b5b9 100644
--- a/src/util/virsystemd.h
+++ b/src/util/virsystemd.h
@@ -49,6 +49,8 @@ int virSystemdHasMachined(void);
int virSystemdHasLogind(void);
+int virSystemdHasResolved(void);
+
int virSystemdCanSuspend(bool *result);
int virSystemdCanHibernate(bool *result);
diff --git a/src/util/virsystemdpriv.h b/src/util/virsystemdpriv.h
index 736c53d3fa..1f1dda456c 100644
--- a/src/util/virsystemdpriv.h
+++ b/src/util/virsystemdpriv.h
@@ -29,3 +29,4 @@
void virSystemdHasMachinedResetCachedValue(void);
void virSystemdHasLogindResetCachedValue(void);
+void virSystemdHasResolvedResetCachedValue(void);
--
2.43.0
8:14 a.m.
New subject: [libvirt PATCH v2 3/7] util: Introduce virSocketAddrBytes
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
---
src/libvirt_private.syms | 1 +
src/util/virsocketaddr.c | 63 ++++++++++++++++++++++++++++++++++++++++
src/util/virsocketaddr.h | 4 +++
3 files changed, 68 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c336d06fb3..5fe7ebe9d2 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -3378,6 +3378,7 @@ virSocketSendMsgWithFDs;
# util/virsocketaddr.h
virSocketAddrBroadcast;
virSocketAddrBroadcastByPrefix;
+virSocketAddrBytes;
virSocketAddrCheckNetmask;
virSocketAddrEqual;
virSocketAddrFormat;
diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c
index fbda858cfe..0a1ae1ac5f 100644
--- a/src/util/virsocketaddr.c
+++ b/src/util/virsocketaddr.c
@@ -30,6 +30,7 @@
*/
typedef unsigned char virSocketAddrIPv4[4];
typedef unsigned short virSocketAddrIPv6[8];
+typedef unsigned char virSocketAddrIPv6Bytes[16];
typedef unsigned char virSocketAddrIPv6Nibbles[32];
static int
@@ -68,6 +69,23 @@ virSocketAddrGetIPv6Addr(const virSocketAddr *addr, virSocketAddrIPv6
*tab)
return 0;
}
+
+static int
+virSocketAddrGetIPv6Bytes(const virSocketAddr *addr,
+ virSocketAddrIPv6Bytes *tab)
+{
+ size_t i;
+
+ if (!addr || !tab || addr->data.stor.ss_family != AF_INET6)
+ return -1;
+
+ for (i = 0; i < 16; i++)
+ (*tab)[i] = addr->data.inet6.sin6_addr.s6_addr[i];
+
+ return 0;
+}
+
+
static int
virSocketAddrGetIPv6Nibbles(const virSocketAddr *addr,
virSocketAddrIPv6Nibbles *tab)
@@ -1331,6 +1349,51 @@ virSocketAddrPTRDomain(const virSocketAddr *addr,
return 0;
}
+
+/**
+ * virSocketAddrBytes:
+ * @addr: address to convert to byte array
+ * @bytes: a preallocated array to store the address bytes to
+ * @maxBytes: the size of @bytes
+ *
+ * Extracts individual bytes of an IPv4 or IPv6 address in the provided @bytes
+ * array, which should be large enough to store 16 bytes (the size of an IPv6
+ * address). Bytes are stored in network order.
+ *
+ * Returns the number of bytes stored in @bytes on success or 0 when @bytes
+ * array is not big enough or @addr is not IPv4 or IPv6.
+ */
+int
+virSocketAddrBytes(const virSocketAddr *addr,
+ unsigned char *bytes,
+ int maxBytes)
+{
+ if (VIR_SOCKET_ADDR_IS_FAMILY(addr, AF_INET6)) {
+ virSocketAddrIPv6Bytes ip;
+
+ if (maxBytes < sizeof(ip))
+ return 0;
+
+ virSocketAddrGetIPv6Bytes(addr, &ip);
+ memcpy(bytes, ip, sizeof(ip));
+ return sizeof(ip);
+ }
+
+ if (VIR_SOCKET_ADDR_IS_FAMILY(addr, AF_INET)) {
+ virSocketAddrIPv4 ip;
+
+ if (maxBytes < sizeof(ip))
+ return 0;
+
+ virSocketAddrGetIPv4Addr(addr, &ip);
+ memcpy(bytes, ip, sizeof(ip));
+ return sizeof(ip);
+ }
+
+ return 0;
+}
+
+
void
virSocketAddrFree(virSocketAddr *addr)
{
diff --git a/src/util/virsocketaddr.h b/src/util/virsocketaddr.h
index ec265d6e44..47b8effa85 100644
--- a/src/util/virsocketaddr.h
+++ b/src/util/virsocketaddr.h
@@ -143,6 +143,10 @@ int virSocketAddrPTRDomain(const virSocketAddr *addr,
char **ptr)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3);
+int virSocketAddrBytes(const virSocketAddr *addr,
+ unsigned char *bytes,
+ int maxBytes);
+
void virSocketAddrFree(virSocketAddr *addr);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSocketAddr, virSocketAddrFree);
--
2.43.0
8:14 a.m.
New subject: [libvirt PATCH v2 4/7] util: Introduce virSystemdResolvedRegisterNameServer
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
---
src/libvirt_private.syms | 1 +
src/util/virsystemd.c | 79 +++++++++++++++++++++++++++++++++++++++-
src/util/virsystemd.h | 5 +++
3 files changed, 84 insertions(+), 1 deletion(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 5fe7ebe9d2..396bd80844 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -3495,6 +3495,7 @@ virSystemdHasResolvedResetCachedValue;
virSystemdMakeScopeName;
virSystemdMakeSliceName;
virSystemdNotifyStartup;
+virSystemdResolvedRegisterNameServer;
virSystemdTerminateMachine;
diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c
index fd2b1db3ee..5b772e29dd 100644
--- a/src/util/virsystemd.c
+++ b/src/util/virsystemd.c
@@ -34,7 +34,6 @@
#include "virerror.h"
#include "virfile.h"
#include "virhash.h"
-#include "virsocketaddr.h"
#define VIR_FROM_THIS VIR_FROM_SYSTEMD
@@ -1040,3 +1039,81 @@ virSystemdActivationFree(virSystemdActivation *act)
g_free(act);
}
+
+
+/**
+ * virSystemdResolvedRegisterNameServer:
+ * @link: network interface ID
+ * @domain: registered domain
+ * @addr: address the DNS server is listening on
+ *
+ * Talk to systemd-resolved and register a DNS server listening on @addr
+ * as a resolver for @domain. This configuration is bound to @link interface
+ * and automatically dropped when the interface goes away.
+ *
+ * Returns -2 when systemd-resolved is unavailable,
+ * -1 on error,
+ * 0 on success.
+ */
+int
+virSystemdResolvedRegisterNameServer(int link,
+ const char *domain,
+ virSocketAddr *addr)
+{
+ int rc;
+ GDBusConnection *conn;
+ GVariant *params;
+ GVariant *byteArray;
+ unsigned char addrBytes[16];
+ int nBytes;
+
+ if ((rc = virSystemdHasResolved()) < 0)
+ return rc;
+
+ if (!(conn = virGDBusGetSystemBus()))
+ return -1;
+
+ /*
+ * SetLinkDomains(in i ifindex,
+ * in a(sb) domains);
+ */
+ params = g_variant_new_parsed("(%i, [(%s, true)])",
+ (gint32) link,
+ domain);
+
+ rc = virGDBusCallMethod(conn, NULL, NULL, NULL,
+ "org.freedesktop.resolve1",
+ "/org/freedesktop/resolve1",
+ "org.freedesktop.resolve1.Manager",
+ "SetLinkDomains",
+ params);
+ g_variant_unref(params);
+
+ if (rc < 0)
+ return -1;
+
+ /*
+ * SetLinkDNS(in i ifindex,
+ * in a(iay) addresses);
+ */
+ nBytes = virSocketAddrBytes(addr, addrBytes, sizeof(addrBytes));
+ byteArray = g_variant_new_fixed_array(G_VARIANT_TYPE("y"),
+ addrBytes, nBytes, 1);
+ params = g_variant_new_parsed("(%i, [(%i, %@ay)])",
+ (gint32) link,
+ VIR_SOCKET_ADDR_FAMILY(addr),
+ byteArray);
+
+ rc = virGDBusCallMethod(conn, NULL, NULL, NULL,
+ "org.freedesktop.resolve1",
+ "/org/freedesktop/resolve1",
+ "org.freedesktop.resolve1.Manager",
+ "SetLinkDNS",
+ params);
+ g_variant_unref(params);
+
+ if (rc < 0)
+ return -1;
+
+ return 0;
+}
diff --git a/src/util/virsystemd.h b/src/util/virsystemd.h
index 65add8b5b9..b7fdaf67df 100644
--- a/src/util/virsystemd.h
+++ b/src/util/virsystemd.h
@@ -22,6 +22,7 @@
#pragma once
#include "internal.h"
+#include "virsocketaddr.h"
typedef struct _virSystemdActivation virSystemdActivation;
@@ -76,3 +77,7 @@ void virSystemdActivationClaimFDs(virSystemdActivation *act,
void virSystemdActivationFree(virSystemdActivation *act);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSystemdActivation, virSystemdActivationFree);
+
+int virSystemdResolvedRegisterNameServer(int link,
+ const char *domain,
+ virSocketAddr *addr);
--
2.43.0
8:14 a.m.
New subject: [libvirt PATCH v2 5/7] tests: Add tests for virSystemdResolvedRegisterNameServer
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
---
tests/virsystemdtest.c | 147 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 147 insertions(+)
diff --git a/tests/virsystemdtest.c b/tests/virsystemdtest.c
index fcd76514e1..004b0549ce 100644
--- a/tests/virsystemdtest.c
+++ b/tests/virsystemdtest.c
@@ -87,6 +87,34 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
reply = g_variant_new("()");
}
}
+ } else if (STREQ(bus_name, "org.freedesktop.resolve1")) {
+ g_autofree char *actual = NULL;
+
+ if (getenv("FAIL_BAD_SERVICE")) {
+ *error =
g_dbus_error_new_for_dbus_error("org.freedesktop.systemd.badthing",
+ "Contacting resolved
failed");
+ } else if (STREQ(method_name, "SetLinkDomains")) {
+ const char *expected = getenv("TEST_RESOLVED_LINK_DOMAINS");
+ actual = g_variant_print(params, FALSE);
+
+ if (virTestCompareToString(expected, actual) < 0)
+ *error =
g_dbus_error_new_for_dbus_error("org.freedesktop.systemd.badthing",
+ "Unexpected params to
SetLinkDomains");
+ else
+ reply = g_variant_new("()");
+ } else if (STREQ(method_name, "SetLinkDNS")) {
+ const char *expected = getenv("TEST_RESOLVED_LINK_DNS");
+ actual = g_variant_print(params, FALSE);
+
+ if (virTestCompareToString(expected, actual) < 0)
+ *error =
g_dbus_error_new_for_dbus_error("org.freedesktop.systemd.badthing",
+ "Unexpected params to
SetLinkDNS");
+ else
+ reply = g_variant_new("()");
+ } else {
+ *error =
g_dbus_error_new_for_dbus_error("org.freedesktop.systemd.badthing",
+ "Unknown resolved
method");
+ }
} else if (STREQ(bus_name, "org.freedesktop.login1")) {
reply = g_variant_new("(s)", getenv("RESULT_SUPPORT"));
} else if (STREQ(bus_name, "org.freedesktop.DBus") &&
@@ -100,6 +128,7 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
if (!getenv("FAIL_NO_SERVICE")) {
g_variant_builder_add(&builder, "s",
"org.freedesktop.machine1");
g_variant_builder_add(&builder, "s",
"org.freedesktop.login1");
+ g_variant_builder_add(&builder, "s",
"org.freedesktop.resolve1");
}
reply = g_variant_new("(@as)", g_variant_builder_end(&builder));
@@ -114,6 +143,7 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
if (!getenv("FAIL_NO_SERVICE") &&
!getenv("FAIL_NOT_REGISTERED")) {
g_variant_builder_add(&builder, "s",
"org.freedesktop.systemd1");
g_variant_builder_add(&builder, "s",
"org.freedesktop.login1");
+ g_variant_builder_add(&builder, "s",
"org.freedesktop.resolve1");
}
reply = g_variant_new("(@as)", g_variant_builder_end(&builder));
@@ -613,6 +643,83 @@ testActivationEmpty(const void *opaque G_GNUC_UNUSED)
return 0;
}
+
+struct testResolvedData {
+ int link;
+ const char *env;
+ const char *dom;
+ const char *addr;
+ const char *expDomains;
+ const char *expDNS;
+};
+
+
+static int
+testResolvedFailed(const void *opaque)
+{
+ const struct testResolvedData *data = opaque;
+ virSocketAddr addr = {0};
+ int ret = -1;
+ int expected = -2;
+ int rv;
+
+ if (!data->env) {
+ fprintf(stderr, "%s",
+ "testResolvedFailed called without environment variable
name");
+ return -1;
+ }
+
+ if (data->addr &&
+ virSocketAddrParse(&addr, data->addr, AF_UNSPEC) < 0)
+ return -1;
+
+ if (STREQ(data->env, "FAIL_BAD_SERVICE"))
+ expected = -1;
+
+ g_setenv(data->env, "1", TRUE);
+
+ rv = virSystemdResolvedRegisterNameServer(data->link, data->dom, &addr);
+
+ if (rv == 0)
+ fprintf(stderr, "%s", "Updating resolved succeeded
unexpectedly\n");
+ else if (rv != expected)
+ fprintf(stderr, "%s", "Updating resolved failed
unexpectedly\n");
+ else
+ ret = 0;
+
+ g_unsetenv(data->env);
+ return ret;
+}
+
+
+static int
+testResolved(const void *opaque)
+{
+ const struct testResolvedData *data = opaque;
+ virSocketAddr addr = {0};
+ int ret = -1;
+
+ if (data->addr &&
+ virSocketAddrParse(&addr, data->addr, AF_UNSPEC) < 0)
+ return -1;
+
+ g_setenv("TEST_RESOLVED_LINK_DOMAINS", data->expDomains, TRUE);
+ g_setenv("TEST_RESOLVED_LINK_DNS", data->expDNS, TRUE);
+
+ if (virSystemdResolvedRegisterNameServer(data->link, data->dom, &addr) <
0) {
+ fprintf(stderr, "%s", "Updating resolved failed
unexpectedly\n");
+ goto cleanup;
+ }
+
+ ret = 0;
+
+ cleanup:
+ g_unsetenv("TEST_RESOLVED_LINK_DOMAINS");
+ g_unsetenv("TEST_RESOLVED_LINK_DNS");
+ return ret;
+}
+
+
static int
mymain(void)
{
@@ -732,6 +839,46 @@ mymain(void)
VIR_INFO("Skipping activation tests as FD 3/4/5 is open");
}
+# define TEST_RESOLVED_HELPER(name, func, linkId, variable, domain, ip, \
+ expectedDomains, expectedDNS) \
+ do { \
+ struct testResolvedData data = { \
+ .link = linkId, \
+ .env = variable, \
+ .dom = domain, \
+ .addr = ip, \
+ .expDomains = expectedDomains, \
+ .expDNS = expectedDNS, \
+ }; \
+ if (virTestRun("Test resolved " name, func, &data) < 0) \
+ ret = -1; \
+ virSystemdHasResolvedResetCachedValue(); \
+ } while (0)
+
+# define TEST_RESOLVED_FAILURE(name, variable, ip) \
+ TEST_RESOLVED_HELPER(name, testResolvedFailed, 42, variable, "virt", ip,
NULL, NULL)
+
+# define TEST_RESOLVED_EXP(name, linkId, domain, ip, ipFamily, ipBytes) \
+ TEST_RESOLVED_HELPER(name, testResolved, linkId, NULL, domain, ip, \
+ "(" #linkId ", [('" domain "',
true)])", \
+ "(" #linkId ", [(" #ipFamily ", ["
ipBytes "])])")
+
+# define TEST_RESOLVED(name, linkId, domain, ip, ipFamily, ipBytes) \
+ TEST_RESOLVED_EXP(name, linkId, domain, ip, ipFamily, ipBytes)
+
+ TEST_RESOLVED_FAILURE("not enabled", "FAIL_NO_SERVICE", NULL);
+ TEST_RESOLVED_FAILURE("not registered", "FAIL_NOT_REGISTERED",
NULL);
+ TEST_RESOLVED_FAILURE("bad service", "FAIL_BAD_SERVICE",
"1.2.3.4");
+
+ TEST_RESOLVED("IPv4", 84, "private",
+ "172.17.18.19", AF_INET,
+ "0xac, 0x11, 0x12, 0x13");
+
+ TEST_RESOLVED("IPv6", 21, "virt.local",
+ "e8f7:ae03:b089:d4e1:764a:53ec:658b:2547", AF_INET6,
+ "0xe8, 0xf7, 0xae, 0x03, 0xb0, 0x89, 0xd4, 0xe1, "
+ "0x76, 0x4a, 0x53, 0xec, 0x65, 0x8b, 0x25, 0x47");
+
return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
--
2.43.0
8:14 a.m.
New subject: [libvirt PATCH v2 6/7] network: Make virtual domains resolvable from the host
This patch adds a new attribute "register" to the <domain> element. If
set to "yes", the DNS server created for the virtual network is
registered with systemd-resolved as a name server for the associated
domain. The names known to the dnsmasq process serving DNS and DHCP
requests for the virtual network will then be resolvable from the host
by appending the domain name to them.
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
---
docs/formatnetwork.rst | 9 ++++++++-
src/conf/network_conf.c | 18 ++++++++++++++++++
src/conf/network_conf.h | 1 +
src/conf/schemas/network.rng | 3 +++
src/network/bridge_driver.c | 32 +++++++++++++++++++++++++++++++-
5 files changed, 61 insertions(+), 2 deletions(-)
diff --git a/docs/formatnetwork.rst b/docs/formatnetwork.rst
index 16e81246fa..dcdaf1e5a5 100644
--- a/docs/formatnetwork.rst
+++ b/docs/formatnetwork.rst
@@ -88,7 +88,7 @@ to the physical LAN (if at all).
...
<bridge name="virbr0" stp="on" delay="5"
macTableManager="libvirt"/>
<mtu size="9000"/>
- <domain name="example.com" localOnly="no"/>
+ <domain name="example.com" localOnly="no"
register="no"/>
<forward mode="nat" dev="eth0"/>
...
@@ -162,6 +162,13 @@ to the physical LAN (if at all).
DNS server. If ``localOnly`` is "no", and by default, unresolved requests
**will** be forwarded. :since:`Since 1.2.12`
+ :since:`Since 10.1.0` the optional ``register`` attribute can be used to
+ request registering the DNS server for resolving this domain with the host's
+ DNS resolver. When set to "yes", the host resolver will forward all
requests
+ for domain names from this domain to the DNS server created for this virtual
+ network. To avoid DNS loops ``localOnly`` has to be set to "yes" as well.
+ This feature requires ``systemd-resolved`` to be running on the host.
+
``forward``
Inclusion of the ``forward`` element indicates that the virtual network is to
be connected to the physical LAN. :since:`Since 0.3.0.` The ``mode``
diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
index ef3415cd89..cc92ed0b03 100644
--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
@@ -1582,6 +1582,19 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt,
&def->domainLocalOnly) < 0)
return NULL;
+ if (virXMLPropTristateBool(domain_node, "register",
+ VIR_XML_PROP_NONE,
+ &def->domainRegister) < 0)
+ return NULL;
+
+ if (def->domainRegister == VIR_TRISTATE_BOOL_YES &&
+ def->domainLocalOnly != VIR_TRISTATE_BOOL_YES) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("attribute 'register=yes' in <domain> element
requires 'localOnly=yes' in network %1$s"),
+ def->name);
+ return NULL;
+ }
+
if ((bandwidthNode = virXPathNode("./bandwidth", ctxt)) &&
virNetDevBandwidthParse(&def->bandwidth, NULL, bandwidthNode, false) <
0)
return NULL;
@@ -2405,6 +2418,11 @@ virNetworkDefFormatBuf(virBuffer *buf,
virBufferAsprintf(buf, " localOnly='%s'", local);
}
+ if (def->domainRegister) {
+ virBufferAsprintf(buf, " register='%s'",
+ virTristateBoolTypeToString(def->domainRegister));
+ }
+
virBufferAddLit(buf, "/>\n");
}
diff --git a/src/conf/network_conf.h b/src/conf/network_conf.h
index 1d7fd3ab6a..c2a4198abc 100644
--- a/src/conf/network_conf.h
+++ b/src/conf/network_conf.h
@@ -245,6 +245,7 @@ struct _virNetworkDef {
int macTableManager; /* enum virNetworkBridgeMACTableManager */
char *domain;
virTristateBool domainLocalOnly; /* yes disables dns forwarding */
+ virTristateBool domainRegister;
unsigned long delay; /* Bridge forward delay (ms) */
bool stp; /* Spanning tree protocol */
unsigned int mtu; /* MTU for bridge, 0 means "default" i.e. unset in config
*/
diff --git a/src/conf/schemas/network.rng b/src/conf/schemas/network.rng
index e56e07d130..b7c8551fad 100644
--- a/src/conf/schemas/network.rng
+++ b/src/conf/schemas/network.rng
@@ -258,6 +258,9 @@
<optional>
<attribute name="localOnly"><ref
name="virYesNo"/></attribute>
</optional>
+ <optional>
+ <attribute name="register"><ref
name="virYesNo"/></attribute>
+ </optional>
</element>
</optional>
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 9921c7cd14..d89700c6ee 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -63,7 +63,7 @@
#include "virjson.h"
#include "virnetworkportdef.h"
#include "virutil.h"
-
+#include "virsystemd.h"
#include "netdev_bandwidth_conf.h"
#define VIR_FROM_THIS VIR_FROM_NETWORK
@@ -1902,6 +1902,7 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
bool dnsmasqStarted = false;
bool devOnline = false;
bool firewalRulesAdded = false;
+ virSocketAddr *dnsServer = NULL;
/* Check to see if any network IP collides with an existing route */
if (networkCheckRouteCollision(def) < 0)
@@ -1958,6 +1959,9 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
if (VIR_SOCKET_ADDR_IS_FAMILY(&ipdef->address, AF_INET6))
v6present = true;
+ if (!dnsServer)
+ dnsServer = &ipdef->address;
+
/* Add the IP address/netmask to the bridge */
if (networkAddAddrToBridge(obj, ipdef) < 0)
goto error;
@@ -2011,6 +2015,32 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
goto error;
dnsmasqStarted = true;
+
+ if (def->domain && def->domainRegister && dnsServer) {
+ unsigned int link;
+ int rc;
+
+ if ((link = if_nametoindex(def->bridge)) == 0) {
+ virReportSystemError(ENODEV,
+ _("unable to get interface index for
%1$s"),
+ def->bridge);
+ goto error;
+ }
+
+ rc = virSystemdResolvedRegisterNameServer(link, def->domain,
+ dnsServer);
+ if (rc == -2) {
+ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+ _("failed to register name server: systemd-resolved
is not available"));
+ goto error;
+ }
+
+ if (rc < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("failed to register name server"));
+ goto error;
+ }
+ }
}
if (virNetDevBandwidthSet(def->bridge, def->bandwidth, true, true) < 0)
--
2.43.0
8:14 a.m.
New subject: [libvirt PATCH v2 7/7] NEWS: Mention systemd-resolved support in network driver
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
---
NEWS.rst | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index e2796fd8b2..15b0da31b6 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -23,6 +23,13 @@ v10.1.0 (unreleased)
Additionally, if CPU clusters are present in the host topology, they will
be reported as part of the capabilities XML.
+ * network: Make virtual domains resolvable from the host
+
+ When starting a virtual network with a new ``register='yes'`` attribute
+ in the ``<domain>`` element, libvirt will configure ``systemd-resolved``
+ to resolve names of the connected guests using the name server started
+ for this network.
+
* **Improvements**
* **Bug fixes**
--
2.43.0
288
days inactive
290
days old
11 comments
3 participants
participants (3)
-
Daniel P. Berrangé -
Jiri Denemark -
Ján Tomko