import unittest
HAVE_DNSMASQ = shutil.which('dnsmasq') is not None
+IS_CONTAINER = subprocess.call(['systemd-detect-virt', '--quiet', '--container']) == 0
NETWORK_UNITDIR = '/run/systemd/network'
raise NotImplementedError('must be implemented by a subclass')
- def do_test(self, coldplug=True, ipv6=False, extra_opts='',
- online_timeout=10, dhcp_mode='yes'):
+ def start_unit(self, unit):
try:
- subprocess.check_call(['systemctl', 'start', 'systemd-resolved'])
+ subprocess.check_call(['systemctl', 'start', unit])
except subprocess.CalledProcessError:
- self.show_journal('systemd-resolved.service')
+ self.show_journal(unit)
raise
+
+ def do_test(self, coldplug=True, ipv6=False, extra_opts='',
+ online_timeout=10, dhcp_mode='yes'):
+ self.start_unit('systemd-resolved')
self.write_network(self.config, '''\
[Match]
Name={}
if coldplug:
# create interface first, then start networkd
self.create_iface(ipv6=ipv6)
- subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
+ self.start_unit('systemd-networkd')
elif coldplug is not None:
# start networkd first, then create interface
- subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
+ self.start_unit('systemd-networkd')
self.create_iface(ipv6=ipv6)
else:
# "None" means test sets up interface by itself
- subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
+ self.start_unit('systemd-networkd')
try:
subprocess.check_call([NETWORKD_WAIT_ONLINE, '--interface',
[Match]
Name=dummy0
[Network]
-Address=192.168.42.100
+Address=192.168.42.100/24
DNS=192.168.42.1
Domains= ~company''')
- self.do_test(coldplug=True, ipv6=False,
- extra_opts='IPv6AcceptRouterAdvertisements=False')
+ try:
+ self.do_test(coldplug=True, ipv6=False,
+ extra_opts='IPv6AcceptRouterAdvertisements=False')
+ except subprocess.CalledProcessError as e:
+ # networkd often fails to start in LXC: https://github.com/systemd/systemd/issues/11848
+ if IS_CONTAINER and e.cmd == ['systemctl', 'start', 'systemd-networkd']:
+ raise unittest.SkipTest('https://github.com/systemd/systemd/issues/11848')
+ else:
+ raise
with open(RESOLV_CONF) as f:
contents = f.read()
self.write_network('myvpn.network', '''[Match]
Name=dummy0
[Network]
-Address=192.168.42.100
+Address=192.168.42.100/24
DNS=192.168.42.1
Domains= ~company ~.''')
- self.do_test(coldplug=True, ipv6=False,
- extra_opts='IPv6AcceptRouterAdvertisements=False')
+ try:
+ self.do_test(coldplug=True, ipv6=False,
+ extra_opts='IPv6AcceptRouterAdvertisements=False')
+ except subprocess.CalledProcessError as e:
+ # networkd often fails to start in LXC: https://github.com/systemd/systemd/issues/11848
+ if IS_CONTAINER and e.cmd == ['systemctl', 'start', 'systemd-networkd']:
+ raise unittest.SkipTest('https://github.com/systemd/systemd/issues/11848')
+ else:
+ raise
with open(RESOLV_CONF) as f:
contents = f.read()
def test_resolved_domain_restricted_dns(self):
'''resolved: domain-restricted DNS servers'''
+ # FIXME: resolvectl query fails with enabled DNSSEC against our dnsmasq
+ conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf'
+ os.makedirs(os.path.dirname(conf), exist_ok=True)
+ with open(conf, 'w') as f:
+ f.write('[Resolve]\nDNSSEC=no\n')
+ self.addCleanup(os.remove, conf)
+
# create interface for generic connections; this will map all DNS names
# to 192.168.42.1
self.create_iface(dnsmasq_opts=['--address=/#/192.168.42.1'])
DNS=10.241.3.1
Domains= ~company ~lab''')
- subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
+ self.start_unit('systemd-networkd')
subprocess.check_call([NETWORKD_WAIT_ONLINE, '--interface', self.iface,
'--interface=testvpnclient', '--timeout=20'])
'''resolved queries to /etc/hosts'''
# FIXME: -t MX query fails with enabled DNSSEC (even when using
- # the known negative trust anchor .internal instead of .example)
+ # the known negative trust anchor .internal instead of .example.com)
conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf'
os.makedirs(os.path.dirname(conf), exist_ok=True)
with open(conf, 'w') as f:
- f.write('[Resolve]\nDNSSEC=no')
+ f.write('[Resolve]\nDNSSEC=no\nLLMNR=no\nMulticastDNS=no\n')
self.addCleanup(os.remove, conf)
- # create /etc/hosts bind mount which resolves my.example for IPv4
+ # create /etc/hosts bind mount which resolves my.example.com for IPv4
hosts = os.path.join(self.workdir, 'hosts')
with open(hosts, 'w') as f:
- f.write('172.16.99.99 my.example\n')
+ f.write('172.16.99.99 my.example.com\n')
subprocess.check_call(['mount', '--bind', hosts, '/etc/hosts'])
self.addCleanup(subprocess.call, ['umount', '/etc/hosts'])
subprocess.check_call(['systemctl', 'stop', 'systemd-resolved.service'])
# note: different IPv4 address here, so that it's easy to tell apart
# what resolved the query
- self.create_iface(dnsmasq_opts=['--host-record=my.example,172.16.99.1,2600::99:99',
- '--host-record=other.example,172.16.0.42,2600::42',
- '--mx-host=example,mail.example'],
+ self.create_iface(dnsmasq_opts=['--host-record=my.example.com,172.16.99.1,2600::99:99',
+ '--host-record=other.example.com,172.16.0.42,2600::42',
+ '--mx-host=example.com,mail.example.com'],
ipv6=True)
self.do_test(coldplug=None, ipv6=True)
try:
# family specific queries
- out = subprocess.check_output(['resolvectl', 'query', '-4', 'my.example'])
- self.assertIn(b'my.example: 172.16.99.99', out)
+ out = subprocess.check_output(['resolvectl', 'query', '-4', 'my.example.com'])
+ self.assertIn(b'my.example.com: 172.16.99.99', out)
# we don't expect an IPv6 answer; if /etc/hosts has any IP address,
# it's considered a sufficient source
- self.assertNotEqual(subprocess.call(['resolvectl', 'query', '-6', 'my.example']), 0)
+ self.assertNotEqual(subprocess.call(['resolvectl', 'query', '-6', 'my.example.com']), 0)
# "any family" query; IPv4 should come from /etc/hosts
- out = subprocess.check_output(['resolvectl', 'query', 'my.example'])
- self.assertIn(b'my.example: 172.16.99.99', out)
+ out = subprocess.check_output(['resolvectl', 'query', 'my.example.com'])
+ self.assertIn(b'my.example.com: 172.16.99.99', out)
# IP → name lookup; again, takes the /etc/hosts one
out = subprocess.check_output(['resolvectl', 'query', '172.16.99.99'])
- self.assertIn(b'172.16.99.99: my.example', out)
+ self.assertIn(b'172.16.99.99: my.example.com', out)
# non-address RRs should fall back to DNS
- out = subprocess.check_output(['resolvectl', 'query', '--type=MX', 'example'])
- self.assertIn(b'example IN MX 1 mail.example', out)
+ out = subprocess.check_output(['resolvectl', 'query', '--type=MX', 'example.com'])
+ self.assertIn(b'example.com IN MX 1 mail.example.com', out)
# other domains query DNS
- out = subprocess.check_output(['resolvectl', 'query', 'other.example'])
+ out = subprocess.check_output(['resolvectl', 'query', 'other.example.com'])
self.assertIn(b'172.16.0.42', out)
out = subprocess.check_output(['resolvectl', 'query', '172.16.0.42'])
- self.assertIn(b'172.16.0.42: other.example', out)
+ self.assertIn(b'172.16.0.42: other.example.com', out)
except (AssertionError, subprocess.CalledProcessError):
self.show_journal('systemd-resolved.service')
self.print_server_log()
[Match]
Name=dummy0
[Network]
-Address=192.168.42.100
+Address=192.168.42.100/24
DNS=192.168.42.1
Domains= one two three four five six seven eight nine ten''')
- subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
+ self.start_unit('systemd-networkd')
for timeout in range(50):
with open(RESOLV_CONF) as f:
[Match]
Name=dummy0
[Network]
-Address=192.168.42.100
+Address=192.168.42.100/24
DNS=192.168.42.1
Domains={p}0 {p}1 {p}2 {p}3 {p}4'''.format(p=name_prefix))
- subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
+ self.start_unit('systemd-networkd')
for timeout in range(50):
with open(RESOLV_CONF) as f:
[Match]
Name=dummy0
[Network]
-Address=192.168.42.100
+Address=192.168.42.100/24
DNS=192.168.42.1''')
self.write_network_dropin('test.network', 'dns', '''\
[Network]
DNS=127.0.0.1''')
- subprocess.check_call(['systemctl', 'start', 'systemd-networkd'])
+ self.start_unit('systemd-resolved')
+ self.start_unit('systemd-networkd')
for timeout in range(50):
with open(RESOLV_CONF) as f:
contents = f.read()
- if ' 127.0.0.1' in contents:
+ if ' 127.0.0.1' in contents and '192.168.42.1' in contents:
break
time.sleep(0.1)
self.assertIn('nameserver 192.168.42.1\n', contents)