netavark: make --config required for dns

Using /tmp as default makes no sense, all callers that need dns should give us a proper path. Podman already does this so it should not cause any backwards compat problems. I had to change the teardown logic a bit as we first need to confirm if we have network with dns before we should check if --config was given. Also rework tests to always set --config to avoid code duplication. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
author: Paul Holzinger <pholzing@redhat.com> 2023-06-26 13:38:57 +0200
committer: Paul Holzinger <pholzing@redhat.com> 2023-06-26 15:02:27 +0200
commit: 6e06b7d73bc9ce07730a3a1c2f92ac67f06fc147 (patch)
tree: aaaa30fc53426873cbe931043e01548d8299d6e9 /test
parent: bc11475f4730a7d1284a8ed80e298d8054c3dd1f (diff)
3 files changed, 14 insertions, 85 deletions
diff --git a/test/100-bridge-iptables.bats b/test/100-bridge-iptables.bats
index 4178c3e..28e094d 100644
--- a/test/100-bridge-iptables.bats
+++ b/test/100-bridge-iptables.bats
@@ -150,19 +150,7 @@ fw_driver=iptables
     # get a random port directly to avoid low ports e.g. 53 would not create iptables
     dns_port=$((RANDOM+10000))
 
-    # hack to make aardvark-dns run when really root or when running as user with
-    # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run
-    # it needs to know if it should use systemd user instance or not.
-    # iptables are still setup identically.
-    rootless=false
-    if [[ ! -e "/run/dbus/system_bus_socket" ]]; then
-        rootless=true
-    fi
-
-    mkdir -p "$NETAVARK_TMPDIR/config"
-
     NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         setup $(get_container_netns_path)
 
     # check aardvark config and running
@@ -177,7 +165,6 @@ fw_driver=iptables
     assert "${lines[1]}" =~ ".*aardvark-dns --config $NETAVARK_TMPDIR/config/aardvark-dns -p $dns_port run" "aardvark not running or bad options"
 
     NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         update podman1 --network-dns-servers 8.8.8.8
 
     # check aardvark config and running
@@ -188,7 +175,6 @@ fw_driver=iptables
 
     # remove network and check running and verify if aardvark config has no nameserver
     NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         update podman1 --network-dns-servers ""
 
     # check aardvark config and running
@@ -204,14 +190,7 @@ fw_driver=iptables
     # get a random port directly to avoid low ports e.g. 53 would not create iptables
     dns_port=$((RANDOM+10000))
 
-    rootless=false
-    if [[ ! -e "/run/dbus/system_bus_socket" ]]; then
-        rootless=true
-    fi
-
-    mkdir -p "$NETAVARK_TMPDIR/config"
     NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         update podman1 --network-dns-servers 8.8.8.8
 }
 
@@ -281,19 +260,7 @@ fw_driver=iptables
     # get a random port directly to avoid low ports e.g. 53 would not create iptables
     dns_port=$((RANDOM+10000))
 
-    # hack to make aardvark-dns run when really root or when running as user with
-    # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run
-    # it needs to know if it should use systemd user instance or not.
-    # iptables are still setup identically.
-    rootless=false
-    if [[ ! -e "/run/dbus/system_bus_socket" ]]; then
-        rootless=true
-    fi
-
-    mkdir -p "$NETAVARK_TMPDIR/config"
-
     NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-custom-dns-server.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         setup $(get_container_netns_path)
 
     # check aardvark config and running
@@ -312,19 +279,7 @@ fw_driver=iptables
     # get a random port directly to avoid low ports e.g. 53 would not create iptables
     dns_port=$((RANDOM+10000))
 
-    # hack to make aardvark-dns run when really root or when running as user with
-    # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run
-    # it needs to know if it should use systemd user instance or not.
-    # iptables are still setup identically.
-    rootless=false
-    if [[ ! -e "/run/dbus/system_bus_socket" ]]; then
-        rootless=true
-    fi
-
-    mkdir -p "$NETAVARK_TMPDIR/config"
-
     NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-multiple-custom-dns-server.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         setup $(get_container_netns_path)
 
     # check aardvark config and running
@@ -343,19 +298,7 @@ fw_driver=iptables
     # get a random port directly to avoid low ports e.g. 53 would not create iptables
     dns_port=$((RANDOM+10000))
 
-    # hack to make aardvark-dns run when really root or when running as user with
-    # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run
-    # it needs to know if it should use systemd user instance or not.
-    # iptables are still setup identically.
-    rootless=false
-    if [[ ! -e "/run/dbus/system_bus_socket" ]]; then
-        rootless=true
-    fi
-
-    mkdir -p "$NETAVARK_TMPDIR/config"
-
     NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge-network-container-dns-server.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         setup $(get_container_netns_path)
 
     # check aardvark config and running
@@ -374,19 +317,7 @@ fw_driver=iptables
     # get a random port directly to avoid low ports e.g. 53 would not create iptables
     dns_port=$((RANDOM+10000))
 
-    # hack to make aardvark-dns run when really root or when running as user with
-    # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run
-    # it needs to know if it should use systemd user instance or not.
-    # iptables are still setup identically.
-    rootless=false
-    if [[ ! -e "/run/dbus/system_bus_socket" ]]; then
-        rootless=true
-    fi
-
-    mkdir -p "$NETAVARK_TMPDIR/config"
-
     NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         setup $(get_container_netns_path)
 
     # check iptables
@@ -415,7 +346,6 @@ fw_driver=iptables
     assert "${lines[0]}" =~ "10.89.3.2" "ipv6 dns resolution works"
 
     NETAVARK_DNS_PORT="$dns_port" run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         teardown $(get_container_netns_path)
 
     # check iptables got removed
diff --git a/test/200-bridge-firewalld.bats b/test/200-bridge-firewalld.bats
index 02ade71..6081cff 100644
--- a/test/200-bridge-firewalld.bats
+++ b/test/200-bridge-firewalld.bats
@@ -198,20 +198,8 @@ function teardown() {
     # get a random port directly to avoid low ports e.g. 53 would not create iptables
     dns_port=$((RANDOM+10000))
 
-    # hack to make aardvark-dns run when really root or when running as user with
-    # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run
-    # it needs to know if it should use systemd user instance or not.
-    # iptables are still setup identically.
-    rootless=false
-    if [[ ! -e "/run/dbus/system_bus_socket" ]]; then
-        rootless=true
-    fi
-
-    mkdir -p "$NETAVARK_TMPDIR/config"
-
     NETAVARK_FW=firewalld NETAVARK_DNS_PORT="$dns_port" \
         run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         setup $(get_container_netns_path)
 
     # check iptables
@@ -242,7 +230,6 @@ function teardown() {
 
     NETAVARK_FW=firewalld NETAVARK_DNS_PORT="$dns_port" \
         run_netavark --file ${TESTSDIR}/testfiles/dualstack-bridge.json \
-        --rootless "$rootless" --config "$NETAVARK_TMPDIR/config" \
         teardown $(get_container_netns_path)
 
     # check iptables got removed
diff --git a/test/helpers.bash b/test/helpers.bash
index 54b3621..6a25f06 100644
--- a/test/helpers.bash
+++ b/test/helpers.bash
@@ -32,6 +32,17 @@ function basic_setup() {
 
     NETAVARK_TMPDIR=$(mktemp -d --tmpdir=${BATS_TMPDIR:-/tmp} netavark_bats.XXXXXX)
 
+    # hack to make aardvark-dns run when really root or when running as user with
+    # podman unshare --rootless-netns; since netavark runs aardvark with systemd-run
+    # it needs to know if it should use systemd user instance or not.
+    # iptables are still setup identically.
+    rootless=false
+    if [[ ! -e "/run/dbus/system_bus_socket" ]]; then
+        rootless=true
+    fi
+
+    mkdir -p "$NETAVARK_TMPDIR/config"
+
     run_in_host_netns ip link set lo up
 }
 
@@ -75,7 +86,8 @@ function get_container_netns_path() {
 # it joins the test network namespace before it invokes $NETAVARK,
 # which may be 'netavark' or '/some/path/netavark'.
 function run_netavark() {
-    run_in_host_netns $NETAVARK "$@"
+    run_in_host_netns $NETAVARK --rootless "$rootless" \
+    --config "$NETAVARK_TMPDIR/config" "$@"
 }
 
 ################
@@ -448,7 +460,7 @@ function test_port_fw() {
       ],
       "ipv6_enabled": true,
       "internal": false,
-      "dns_enabled": true,
+      "dns_enabled": false,
       "ipam_options": {
         "driver": "host-local"
       }
author	Paul Holzinger <pholzing@redhat.com>	2023-06-26 13:38:57 +0200
committer	Paul Holzinger <pholzing@redhat.com>	2023-06-26 15:02:27 +0200
commit	6e06b7d73bc9ce07730a3a1c2f92ac67f06fc147 (patch)
tree	aaaa30fc53426873cbe931043e01548d8299d6e9 /test
parent	bc11475f4730a7d1284a8ed80e298d8054c3dd1f (diff)