Bug 1181539

Summary: RFC: network: Add hook for network update event
Product: [Community] Virtualization Tools Reporter: Khramov Anton <kay.diam>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: crobinso, dyuan, mzhan, rbalakri, yalzhang
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-26 16:46:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Khramov Anton 2015-01-13 10:58:16 UTC 
Description of problem:
"virsh net-update" starts iptables rules reload for NAT network system. This event doesn't start network hooks.

Version-Release number of selected component (if applicable):
libvirt 1.2.2


How reproducible:
Add "/etc/libvirt/hooks/network" with:
-------------------------------------------
#!/bin/bash
echo "`date` $0 $@" >> /var/log/libvirt.log
-------------------------------------------
Restart libvirt and run virsh net-update command:

virsh net-update default modify ip-dhcp-host --live --config "<host mac='52:54:00:97:eb:95' name='test' ip='192.168.122.253'/>"

Steps to Reproduce:
1.
2.
3.

Actual results:
/var/log/libvirt.log log file doesn't contain events from virsh net-update command.

Expected results:
/var/log/libvirt.log log file should contain event.


Additional info:
This bug brakes iptables hooks hack for FORWARD chain with NAT network.
Comment 1 Khramov Anton 2015-06-11 08:35:18 UTC 
I've wrote workaround patch for libvirt 1.2.2:

--- libvirt-1.2.2/src/network/bridge_driver.c   2015-01-13 15:17:36.000000000 +0100
+++ libvirt-1.2.2_upd/src/network/bridge_driver.c       2015-01-13 15:15:00.978542616 +0100
@@ -2887,6 +2887,9 @@
     if (needFirewallRefresh && networkAddFirewallRules(network) < 0)
         goto cleanup;

+    if (needFirewallRefresh && networkRunHook(network, NULL, NULL, VIR_HOOK_NETWORK_OP_STARTED, VIR_HOOK_SUBOP_BEGIN) < 0)
+        goto cleanup;
+
     if (flags & VIR_NETWORK_UPDATE_AFFECT_CONFIG) {
         /* save updated persistent config to disk */
         if (virNetworkSaveConfig(driver->networkConfigDir,
Comment 2 Cole Robinson 2016-04-10 20:38:27 UTC 
Sorry there wasn't a timely response. Seems reasonable to me to add a NETWORK_OP_UPDATED hook. Please send the patch to libvir-list, even if it isn't perfect, it might motivate someone else to finish it off
Comment 3 Khramov Anton 2016-04-11 10:54:37 UTC 
Just in case. https://www.redhat.com/archives/libvir-list/2015-June/msg01066.html
Comment 4 Khramov Anton 2016-04-11 10:56:30 UTC 
And here: https://www.redhat.com/archives/libvir-list/2015-June/msg01145.html
Comment 5 Cole Robinson 2016-04-19 20:17:12 UTC 
Hmm I see. If you refresh the patch against latest git, drop the firewall check so that the hook runs unconditionally, and re-send the patch, I can help document it and drum up other reviews.
Comment 6 Khramov Anton 2016-05-25 12:31:49 UTC 
Finally, found some time. Sorry for delay. https://www.redhat.com/archives/libvir-list/2016-May/msg01872.html
Comment 7 Cole Robinson 2016-07-26 16:46:19 UTC 
Upstream now:

commit 128a8b2c9fb76ec90157cf2912bc67d62b2b39ae
Author: Anton Khramov <anton>
Date:   Wed Jul 13 13:06:05 2016 +0200

    network: Added hook for network modification event
    
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1181539


Thanks for the patch!