[PATCH 0/7] network: implement automatic subnet selection for virtual networks

Laine Stump posted 7 patches 1 month, 1 week ago
docs/formatnetwork.rst                        |  42 +++-
libvirt.spec.in                               |  38 +---
meson.build                                   |  14 +-
meson_options.txt                             |   4 +
src/conf/network_conf.c                       |  75 +++++--
src/conf/network_conf.h                       |   7 +
src/conf/schemas/network.rng                  |   5 +
src/network/bridge_driver.c                   | 201 +++++++++++++++++-
src/network/bridge_driver_conf.c              |  61 ++++++
src/network/bridge_driver_conf.h              |   4 +
src/network/bridge_driver_linux.c             | 132 +++++++-----
src/network/bridge_driver_nop.c               |  22 +-
src/network/bridge_driver_platform.h          |   5 +-
src/network/default.xml.in                    |   2 +-
src/network/libvirtd_network.aug              |   8 +-
src/network/meson.build                       |  12 ++
src/network/network.conf.in                   |  11 +
src/network/nm-dispatcher-check-nets.py       | 196 +++++++++++++++++
src/network/test_libvirtd_network.aug.in      |   3 +
.../networkxml2xmlin/nat-network-autoaddr.xml |  11 +
.../nat-network-autoaddr.xml                  |  11 +
tests/networkxml2xmltest.c                    |   1 +
22 files changed, 744 insertions(+), 121 deletions(-)
create mode 100755 src/network/nm-dispatcher-check-nets.py
create mode 100644 tests/networkxml2xmlin/nat-network-autoaddr.xml
create mode 100644 tests/networkxml2xmlout/nat-network-autoaddr.xml
[PATCH 0/7] network: implement automatic subnet selection for virtual networks
Posted by Laine Stump 1 month, 1 week ago
The problem this is solving has a very long history. with a simple
bugzilla search I found reports all the way back to 2012.

The issue is that sometimes when a libvirt virtual network is started,
it could be on exactly the same subnet as another interface already
active on the host at libvirt install time (which was fixed long ago),
or as another interface that isn't active in the install environment,
but will be active when libvirt is actually started at a later time,
possibly in a completely different environment than the install (this
*wasn't* fixed. until now).

At one point (which I've located in this bugzilla comment in 2014 -
https://bugzilla.redhat.com/1146232#c17) I thought of having a config
knob in virtual networks that would look for an unused network at
runtime, and start the network with that subnet. Of course that would
have solved the problem where the conflicting network was already
active when libvirt started its networks, but wouldn't do anything
about the case where the conflicting network was started *after*
libvirt had started its networks. And anyway it would have required
config settings in /etc/libvirt/network.conf which didn't exist at the
time.

Several years later (around 2020) I learned about NetworkManager
dispatcher scripts, which are called any time NM brings an interface
up or down, and wrote a python script that would use this to destroy
any libvirt network that had a conflict with a newly activated NM
interface. After sending it as an RFC patch, I promptly forgot about
it (except for being on my "list of things I should get to someday").

A few weeks ago I realized that the "there is no network.conf to store
config items" problem was recently solved (I had to add a network.conf
file for the knob that selects nftables vs iptables), which prompted
me to go back and find the branch with the NM dispatcher script, and
*finally* implement the runtime auto address selection. Combining this
with enhancing the NM dispatcher script to not only destroy
conflicting networks, but to also then *restart* them if they have
autoaddr set, gives what I think is finally a full solution to the
problem - no matter what order interfaces are started vs. libvirt
networks being started, a network with "autoaddr='yes'" set will
*always* end up with all networks being usable.

(Well, the one issue that still remains is that if there are already
guests attached to the autoaddr='yes' network when its address is
changed, those guests will then be disconnected, and once reconnected
they will have stale IP addresses. That's another hill for another day
though; I don't think anyone has complained about that. Yet.)

I think this may break the record for "oldest bug to be fixed", which
was previously set when danpb fixed the firewalling issue with guests
on two different NATed networks being able to communicate with each
other. :-)

Laine Stump (7):
  conf: add XML config for autoaddr networks
  network: add configurable network autoaddr items to driver config
  network: reorganize the check for route collisions
  network: turn on autoaddr selection in bridge driver
  network: NetworkManager script to monitor/resolve conflicts with new
    interfaces
  network: turn on autoaddr in default network
  spec: stop trying to find unused network during deamon-network-config
    %post

 docs/formatnetwork.rst                        |  42 +++-
 libvirt.spec.in                               |  38 +---
 meson.build                                   |  14 +-
 meson_options.txt                             |   4 +
 src/conf/network_conf.c                       |  75 +++++--
 src/conf/network_conf.h                       |   7 +
 src/conf/schemas/network.rng                  |   5 +
 src/network/bridge_driver.c                   | 201 +++++++++++++++++-
 src/network/bridge_driver_conf.c              |  61 ++++++
 src/network/bridge_driver_conf.h              |   4 +
 src/network/bridge_driver_linux.c             | 132 +++++++-----
 src/network/bridge_driver_nop.c               |  22 +-
 src/network/bridge_driver_platform.h          |   5 +-
 src/network/default.xml.in                    |   2 +-
 src/network/libvirtd_network.aug              |   8 +-
 src/network/meson.build                       |  12 ++
 src/network/network.conf.in                   |  11 +
 src/network/nm-dispatcher-check-nets.py       | 196 +++++++++++++++++
 src/network/test_libvirtd_network.aug.in      |   3 +
 .../networkxml2xmlin/nat-network-autoaddr.xml |  11 +
 .../nat-network-autoaddr.xml                  |  11 +
 tests/networkxml2xmltest.c                    |   1 +
 22 files changed, 744 insertions(+), 121 deletions(-)
 create mode 100755 src/network/nm-dispatcher-check-nets.py
 create mode 100644 tests/networkxml2xmlin/nat-network-autoaddr.xml
 create mode 100644 tests/networkxml2xmlout/nat-network-autoaddr.xml

-- 
2.45.2