shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Code

Merge pull request #34761 from ikruglov/ikruglov/io-systemd-Machine-GetAddresses

Browse Source 
machine: add Addresses, OSRelease, and UIDShift fields in varlink io.systemd.Machine.List output
This commit is contained in:
Lennart Poettering 2024-10-22 09:06:56 +02:00 committed by GitHub
commit 35f51be4f8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 184 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/machine/machine.c
View File

@ -967,3 +967,11 @@ static const char* const kill_whom_table[_KILL_WHOM_MAX] = {
};
DEFINE_STRING_TABLE_LOOKUP(kill_whom, KillWhom);
static const char* const acquire_metadata_table[_ACQUIRE_METADATA_MAX] = {
[ACQUIRE_METADATA_NO] = "no",
[ACQUIRE_METADATA_YES] = "yes",
[ACQUIRE_METADATA_GRACEFUL] = "graceful"
};
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(acquire_metadata, AcquireMetadata, ACQUIRE_METADATA_YES);

14
src/machine/machine.h
View File

@ -110,3 +110,17 @@ int machine_owns_gid(Machine *m, gid_t host_gid, gid_t *ret_internal_gid);
int machine_translate_uid(Machine *m, uid_t internal_uid, uid_t *ret_host_uid);
int machine_translate_gid(Machine *m, gid_t internal_gid, gid_t *ret_host_gid);
typedef enum AcquireMetadata {
ACQUIRE_METADATA_NO,
ACQUIRE_METADATA_YES,
ACQUIRE_METADATA_GRACEFUL,
_ACQUIRE_METADATA_MAX,
_ACQUIRE_METADATA_INVALID = -EINVAL,
} AcquireMetadata;
AcquireMetadata acquire_metadata_from_string(const char *s) _pure_;
const char* acquire_metadata_to_string(AcquireMetadata am) _const_;
inline static bool should_acquire_metadata(AcquireMetadata am) {
return am == ACQUIRE_METADATA_YES || am == ACQUIRE_METADATA_GRACEFUL;
}

105
src/machine/machined-varlink.c
View File

@ -391,14 +391,82 @@ static int vl_method_get_memberships(sd_varlink *link, sd_json_variant *paramete
return sd_varlink_error(link, "io.systemd.UserDatabase.NoRecordFound", NULL);
}
static int list_machine_one(sd_varlink *link, Machine *m, bool more) {
static int json_build_local_addresses(const struct local_address *addresses, size_t n_addresses, sd_json_variant **ret) {
int r;
if (n_addresses == 0)
return 0;
assert(addresses);
assert(ret);
FOREACH_ARRAY(a, addresses, n_addresses) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *entry = NULL;
r = sd_json_buildo(
&entry,
JSON_BUILD_PAIR_UNSIGNED_NON_ZERO("ifindex", a->ifindex),
SD_JSON_BUILD_PAIR_INTEGER("family", a->family),
SD_JSON_BUILD_PAIR_BYTE_ARRAY("address", &a->address.bytes, FAMILY_ADDRESS_SIZE(a->family)));
if (r < 0)
return r;
r = sd_json_variant_append_array(ret, entry);
if (r < 0)
return r;
}
return 0;
}
static int list_machine_one_and_maybe_read_metadata(sd_varlink *link, Machine *m, bool more, AcquireMetadata am) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *addr_array = NULL;
_cleanup_strv_free_ char **os_release = NULL;
uid_t shift = UID_INVALID;
int r, n = 0;
assert(link);
assert(m);
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
if (should_acquire_metadata(am)) {
_cleanup_free_ struct local_address *addresses = NULL;
n = machine_get_addresses(m, &addresses);
if (n < 0 && am == ACQUIRE_METADATA_GRACEFUL)
log_debug_errno(n, "Failed to get address (graceful mode), ignoring: %m");
else if (n == -ENONET)
return sd_varlink_error(link, "io.systemd.Machine.NoPrivateNetworking", NULL);
else if (ERRNO_IS_NEG_NOT_SUPPORTED(n))
return sd_varlink_error(link, "io.systemd.Machine.NotAvailable", NULL);
else if (n < 0)
return log_debug_errno(n, "Failed to get addresses: %m");
else {
r = json_build_local_addresses(addresses, n, &addr_array);
if (r < 0)
return r;
}
r = machine_get_os_release(m, &os_release);
if (r < 0 && am == ACQUIRE_METADATA_GRACEFUL)
log_debug_errno(r, "Failed to get OS release (graceful mode), ignoring: %m");
else if (r == -ENONET)
return sd_varlink_error(link, "io.systemd.Machine.NoOSReleaseInformation", NULL);
else if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
return sd_varlink_error(link, "io.systemd.Machine.NotAvailable", NULL);
else if (r < 0)
return log_debug_errno(r, "Failed to get OS release: %m");
r = machine_get_uid_shift(m, &shift);
if (r < 0 && am == ACQUIRE_METADATA_GRACEFUL)
log_debug_errno(r, "Failed to get UID shift (graceful mode), ignoring: %m");
else if (r == -ENXIO)
return sd_varlink_error(link, "io.systemd.Machine.NoUIDShift", NULL);
else if (ERRNO_IS_NEG_NOT_SUPPORTED(r))
return sd_varlink_error(link, "io.systemd.Machine.NotAvailable", NULL);
else if (r < 0)
return log_debug_errno(r, "Failed to get UID shift: %m");
}
r = sd_json_buildo(
&v,
SD_JSON_BUILD_PAIR("name", SD_JSON_BUILD_STRING(m->name)),
@ -411,7 +479,10 @@ static int list_machine_one(sd_varlink *link, Machine *m, bool more) {
SD_JSON_BUILD_PAIR_CONDITION(dual_timestamp_is_set(&m->timestamp), "timestamp", JSON_BUILD_DUAL_TIMESTAMP(&m->timestamp)),
SD_JSON_BUILD_PAIR_CONDITION(m->vsock_cid != VMADDR_CID_ANY, "vSockCid", SD_JSON_BUILD_UNSIGNED(m->vsock_cid)),
JSON_BUILD_PAIR_STRING_NON_EMPTY("sshAddress", m->ssh_address),
JSON_BUILD_PAIR_STRING_NON_EMPTY("sshPrivateKeyPath", m->ssh_private_key_path));
JSON_BUILD_PAIR_STRING_NON_EMPTY("sshPrivateKeyPath", m->ssh_private_key_path),
SD_JSON_BUILD_PAIR_CONDITION(n > 0, "addresses", SD_JSON_BUILD_VARIANT(addr_array)),
SD_JSON_BUILD_PAIR_CONDITION(!strv_isempty(os_release), "OSRelease", JSON_BUILD_STRV_ENV_PAIR(os_release)),
JSON_BUILD_PAIR_UNSIGNED_NOT_EQUAL("UIDShift", shift, UID_INVALID));
if (r < 0)
return r;
@ -424,6 +495,7 @@ static int list_machine_one(sd_varlink *link, Machine *m, bool more) {
typedef struct MachineLookupParameters {
const char *name;
PidRef pidref;
AcquireMetadata acquire_metadata;
} MachineLookupParameters;
static void machine_lookup_parameters_done(MachineLookupParameters *p) {
@ -432,9 +504,12 @@ static void machine_lookup_parameters_done(MachineLookupParameters *p) {
pidref_done(&p->pidref);
}
static JSON_DISPATCH_ENUM_DEFINE(json_dispatch_acquire_metadata, AcquireMetadata, acquire_metadata_from_string);
static int vl_method_list(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
static const sd_json_dispatch_field dispatch_table[] = {
VARLINK_DISPATCH_MACHINE_LOOKUP_FIELDS(MachineLookupParameters),
{ "acquireMetadata", SD_JSON_VARIANT_STRING, json_dispatch_acquire_metadata, offsetof(MachineLookupParameters, acquire_metadata), 0 },
VARLINK_DISPATCH_POLKIT_FIELD,
{}
};
@ -442,7 +517,9 @@ static int vl_method_list(sd_varlink *link, sd_json_variant *parameters, sd_varl
Manager *m = ASSERT_PTR(userdata);
_cleanup_(machine_lookup_parameters_done) MachineLookupParameters p = {
.pidref = PIDREF_NULL,
.acquire_metadata = ACQUIRE_METADATA_NO,
};
Machine *machine;
int r;
@ -460,7 +537,7 @@ static int vl_method_list(sd_varlink *link, sd_json_variant *parameters, sd_varl
if (r != 0)
return r;
return list_machine_one(link, machine, /* more= */ false);
return list_machine_one_and_maybe_read_metadata(link, machine, /* more = */ false, p.acquire_metadata);
}
if (!FLAGS_SET(flags, SD_VARLINK_METHOD_MORE))
@ -469,7 +546,7 @@ static int vl_method_list(sd_varlink *link, sd_json_variant *parameters, sd_varl
Machine *previous = NULL, *i;
HASHMAP_FOREACH(i, m->machines) {
if (previous) {
r = list_machine_one(link, previous, /* more= */ true);
r = list_machine_one_and_maybe_read_metadata(link, previous, /* more = */ true, p.acquire_metadata);
if (r < 0)
return r;
}
@ -478,7 +555,7 @@ static int vl_method_list(sd_varlink *link, sd_json_variant *parameters, sd_varl
}
if (previous)
return list_machine_one(link, previous, /* more= */ false);
return list_machine_one_and_maybe_read_metadata(link, previous, /* more = */ false, p.acquire_metadata);
return sd_varlink_error(link, "io.systemd.Machine.NoSuchMachine", NULL);
}
@ -521,16 +598,18 @@ static int vl_method_terminate(sd_varlink *link, sd_json_variant *parameters, sd
return lookup_machine_and_call_method(link, parameters, flags, userdata, vl_method_terminate_internal);
}
static int list_image_one_and_maybe_read_metadata(sd_varlink *link, Image *image, bool more, bool read_metadata) {
static int list_image_one_and_maybe_read_metadata(sd_varlink *link, Image *image, bool more, AcquireMetadata am) {
int r;
assert(link);
assert(image);
if (read_metadata && !image->metadata_valid) {
if (should_acquire_metadata(am) && !image->metadata_valid) {
r = image_read_metadata(image, &image_policy_container);
if (r < 0)
if (r < 0 && am != ACQUIRE_METADATA_GRACEFUL)
return log_debug_errno(r, "Failed to read image metadata: %m");
if (r < 0)
log_debug_errno(r, "Failed to read image metadata (graceful mode), ignoring: %m");
}
_cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;
@ -551,7 +630,7 @@ static int list_image_one_and_maybe_read_metadata(sd_varlink *link, Image *image
if (r < 0)
return r;
if (image->metadata_valid) {
if (should_acquire_metadata(am) && image->metadata_valid) {
r = sd_json_variant_merge_objectbo(
&v,
JSON_BUILD_PAIR_STRING_NON_EMPTY("hostname", image->hostname),
@ -571,13 +650,13 @@ static int list_image_one_and_maybe_read_metadata(sd_varlink *link, Image *image
static int vl_method_list_images(sd_varlink *link, sd_json_variant *parameters, sd_varlink_method_flags_t flags, void *userdata) {
struct params {
const char *image_name;
bool acquire_metadata;
} p = {};
AcquireMetadata acquire_metadata;
} p = { .acquire_metadata = ACQUIRE_METADATA_NO };
int r;
static const sd_json_dispatch_field dispatch_table[] = {
{ "name", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct params, image_name), 0 },
{ "acquireMetadata", SD_JSON_VARIANT_BOOLEAN, sd_json_dispatch_stdbool, offsetof(struct params, acquire_metadata), 0 },
{ "name", SD_JSON_VARIANT_STRING, sd_json_dispatch_const_string, offsetof(struct params, image_name), 0 },
{ "acquireMetadata", SD_JSON_VARIANT_STRING, json_dispatch_acquire_metadata, offsetof(struct params, acquire_metadata), 0 },
VARLINK_DISPATCH_POLKIT_FIELD,
{}
};

43
src/shared/varlink-io.systemd.Machine.c
View File

@ -13,6 +13,21 @@
SD_VARLINK_DEFINE_INPUT_BY_TYPE(pid, ProcessId, SD_VARLINK_NULLABLE), \
VARLINK_DEFINE_POLKIT_INPUT
static SD_VARLINK_DEFINE_ENUM_TYPE(
AcquireMetadata,
SD_VARLINK_FIELD_COMMENT("Do not include metadata in the output"),
SD_VARLINK_DEFINE_ENUM_VALUE(no),
SD_VARLINK_FIELD_COMMENT("Include metadata in the output"),
SD_VARLINK_DEFINE_ENUM_VALUE(yes),
SD_VARLINK_FIELD_COMMENT("Include metadata in the output, but gracefully eat up errors"),
SD_VARLINK_DEFINE_ENUM_VALUE(graceful));
static SD_VARLINK_DEFINE_STRUCT_TYPE(
Address,
SD_VARLINK_DEFINE_FIELD(ifindex, SD_VARLINK_INT, SD_VARLINK_NULLABLE),
SD_VARLINK_DEFINE_FIELD(family, SD_VARLINK_INT, 0),
SD_VARLINK_DEFINE_FIELD(address, SD_VARLINK_INT, SD_VARLINK_ARRAY));
static SD_VARLINK_DEFINE_METHOD(
Register,
SD_VARLINK_DEFINE_INPUT(name, SD_VARLINK_STRING, 0),
@ -49,6 +64,8 @@ static SD_VARLINK_DEFINE_METHOD_FULL(
List,
SD_VARLINK_SUPPORTS_MORE,
VARLINK_DEFINE_MACHINE_LOOKUP_AND_POLKIT_INPUT_FIELDS,
SD_VARLINK_FIELD_COMMENT("If 'yes' the output will include machine metadata fields such as 'Addresses', 'OSRelease', and 'UIDShift'. If 'graceful' it's equal to true but gracefully eats up errors"),
SD_VARLINK_DEFINE_INPUT_BY_TYPE(acquireMetadata, AcquireMetadata, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Name of the machine"),
SD_VARLINK_DEFINE_OUTPUT(name, SD_VARLINK_STRING, 0),
SD_VARLINK_FIELD_COMMENT("128bit ID identifying this machine, formatted in hexadecimal"),
@ -70,10 +87,20 @@ static SD_VARLINK_DEFINE_METHOD_FULL(
SD_VARLINK_FIELD_COMMENT("SSH address to connect to"),
SD_VARLINK_DEFINE_OUTPUT(sshAddress, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("Path to private SSH key"),
SD_VARLINK_DEFINE_OUTPUT(sshPrivateKeyPath, SD_VARLINK_STRING, SD_VARLINK_NULLABLE));
SD_VARLINK_DEFINE_OUTPUT(sshPrivateKeyPath, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("List of addresses of the machine"),
SD_VARLINK_DEFINE_OUTPUT_BY_TYPE(addresses, Address, SD_VARLINK_ARRAY | SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("OS release information of the machine. It contains an array of key value pairs read from the os-release(5) file in the image."),
SD_VARLINK_DEFINE_OUTPUT(OSRelease, SD_VARLINK_STRING, SD_VARLINK_NULLABLE|SD_VARLINK_ARRAY),
SD_VARLINK_FIELD_COMMENT("Return the base UID/GID of the machine"),
SD_VARLINK_DEFINE_OUTPUT(UIDShift, SD_VARLINK_INT, SD_VARLINK_NULLABLE));
static SD_VARLINK_DEFINE_ERROR(NoSuchMachine);
static SD_VARLINK_DEFINE_ERROR(MachineExists);
static SD_VARLINK_DEFINE_ERROR(NoPrivateNetworking);
static SD_VARLINK_DEFINE_ERROR(NoOSReleaseInformation);
static SD_VARLINK_DEFINE_ERROR(NoUIDShift);
static SD_VARLINK_DEFINE_ERROR(NotAvailable);
SD_VARLINK_DEFINE_INTERFACE(
io_systemd_Machine,
@ -82,6 +109,10 @@ SD_VARLINK_DEFINE_INTERFACE(
&vl_type_ProcessId,
SD_VARLINK_SYMBOL_COMMENT("A timestamp object consisting of both CLOCK_REALTIME and CLOCK_MONOTONIC timestamps"),
&vl_type_Timestamp,
SD_VARLINK_SYMBOL_COMMENT("A enum field allowing to gracefully get metadata"),
&vl_type_AcquireMetadata,
SD_VARLINK_SYMBOL_COMMENT("An address object"),
&vl_type_Address,
&vl_method_Register,
&vl_method_Unregister,
SD_VARLINK_SYMBOL_COMMENT("Terminate machine, killing its processes"),
@ -92,4 +123,12 @@ SD_VARLINK_DEFINE_INTERFACE(
&vl_method_List,
SD_VARLINK_SYMBOL_COMMENT("No matching machine currently running"),
&vl_error_NoSuchMachine,
&vl_error_MachineExists);
&vl_error_MachineExists,
SD_VARLINK_SYMBOL_COMMENT("Machine does not use private networking"),
&vl_error_NoPrivateNetworking,
SD_VARLINK_SYMBOL_COMMENT("Machine does not contain OS release information"),
&vl_error_NoOSReleaseInformation,
SD_VARLINK_SYMBOL_COMMENT("Machine uses a complex UID/GID mapping, cannot determine shift"),
&vl_error_NoUIDShift,
SD_VARLINK_SYMBOL_COMMENT("Requested information is not available"),
&vl_error_NotAvailable);

13
src/shared/varlink-io.systemd.MachineImage.c
View File

@ -5,13 +5,22 @@
#include "bus-polkit.h"
#include "varlink-io.systemd.MachineImage.h"
static SD_VARLINK_DEFINE_ENUM_TYPE(
AcquireMetadata,
SD_VARLINK_FIELD_COMMENT("Do not include metadata in the output"),
SD_VARLINK_DEFINE_ENUM_VALUE(no),
SD_VARLINK_FIELD_COMMENT("Include metadata in the output"),
SD_VARLINK_DEFINE_ENUM_VALUE(yes),
SD_VARLINK_FIELD_COMMENT("Include metadata in the output, but gracefully eat up errors"),
SD_VARLINK_DEFINE_ENUM_VALUE(graceful));
static SD_VARLINK_DEFINE_METHOD_FULL(
List,
SD_VARLINK_SUPPORTS_MORE,
SD_VARLINK_FIELD_COMMENT("If non-null the name of a image to report details on."),
SD_VARLINK_DEFINE_INPUT(name, SD_VARLINK_STRING, SD_VARLINK_NULLABLE),
SD_VARLINK_FIELD_COMMENT("If true the output will include image metadata fields such as 'machineInfo' and 'OSRelease'."),
SD_VARLINK_DEFINE_INPUT(acquireMetadata, SD_VARLINK_BOOL, SD_VARLINK_NULLABLE),
SD_VARLINK_DEFINE_INPUT_BY_TYPE(acquireMetadata, AcquireMetadata, SD_VARLINK_NULLABLE),
VARLINK_DEFINE_POLKIT_INPUT,
SD_VARLINK_FIELD_COMMENT("Name of the image"),
SD_VARLINK_DEFINE_OUTPUT(name, SD_VARLINK_STRING, 0),
@ -61,6 +70,8 @@ static SD_VARLINK_DEFINE_ERROR(NoSuchImage);
SD_VARLINK_DEFINE_INTERFACE(
io_systemd_MachineImage,
"io.systemd.MachineImage",
SD_VARLINK_SYMBOL_COMMENT("A enum field allowing to gracefully get metadata"),
&vl_type_AcquireMetadata,
SD_VARLINK_SYMBOL_COMMENT("List images"),
&vl_method_List,
SD_VARLINK_SYMBOL_COMMENT("Update image allowing to rename or toggle read-only flag"),

18
test/units/TEST-13-NSPAWN.machined.sh
View File

@ -302,11 +302,27 @@ varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List
varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name":"registered-container"}' | jq '.sshPrivateKeyPath' | grep -q 'non-existent'
varlinkctl call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.Unregister '{"name": "registered-container"}'
# test io.systemd.Machine.List with addresses, OSRelease, and UIDShift fields
create_dummy_container "/var/lib/machines/container-without-os-release"
machinectl start "container-without-os-release"
rm -f /var/lib/machines/container-without-os-release/etc/os-release /var/lib/machines/container-without-os-release/usr/lib/os-release
(! varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": "container-without-os-release", "acquireMetadata": "yes"}')
varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": "container-without-os-release", "acquireMetadata": "graceful"}'
machinectl terminate "container-without-os-release"
(ip addr show lo | grep -q 192.168.1.100) || ip address add 192.168.1.100/24 dev lo
(! varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host"}' | grep 'addresses')
varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host", "acquireMetadata": "yes"}' | grep 'addresses'
(! varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host"}' | grep 'OSRelease')
varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host", "acquireMetadata": "yes"}' | grep 'OSRelease'
(! varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host"}' | grep 'acquireUIDShift')
varlinkctl --more call /run/systemd/machine/io.systemd.Machine io.systemd.Machine.List '{"name": ".host", "acquireMetadata": "yes"}' | grep 'UIDShift'
# test io.systemd.MachineImage.List
varlinkctl --more call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{}' | grep 'long-running'
varlinkctl --more call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{}' | grep '.host'
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running"}'
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running", "acquireMetadata": true}' | grep 'OSRelease'
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.List '{"name":"long-running", "acquireMetadata": "yes"}' | grep 'OSRelease'
# test io.systemd.MachineImage.Update
varlinkctl call /run/systemd/machine/io.systemd.MachineImage io.systemd.MachineImage.Update '{"name":"long-running", "newName": "long-running-renamed", "readOnly": true}'