OS-223 zone's should create vnics as needed instead of requiring them to be set up in advance

7 files changed, 185 insertions, 27 deletions

diff --git a/usr/src/cmd/zoneadm/zoneadm.c b/usr/src/cmd/zoneadm/zoneadm.c
index 342cabb0f3..80e7528929 100644
--- a/usr/src/cmd/zoneadm/zoneadm.c
+++ b/usr/src/cmd/zoneadm/zoneadm.c
@@ -2598,11 +2598,6 @@ verify_handle(int cmd_num, zone_dochandle_t handle, char *argv[])
 				dladm_close(dh);
 			}
 			if (status != DLADM_STATUS_OK) {
-				(void) fprintf(stderr,
-				    gettext("WARNING: skipping network "
-				    "interface '%s': %s\n"),
-				    nwiftab.zone_nwif_physical,
-				    dladm_status2str(status, errmsg));
 				break;
 			}
 			dl_owner_zid = ALL_ZONES;
diff --git a/usr/src/cmd/zoneadmd/vplat.c b/usr/src/cmd/zoneadmd/vplat.c
index 628e82b4ba..c9edf5e276 100644
--- a/usr/src/cmd/zoneadmd/vplat.c
+++ b/usr/src/cmd/zoneadmd/vplat.c
@@ -2184,13 +2184,7 @@ configure_one_interface(zlog_t *zlogp, zoneid_t zone_id,
 	if (ioctl(s, SIOCLIFADDIF, (caddr_t)&lifr) < 0) {
 		/*
 		 * Here, we know that the interface can't be brought up.
-		 * A similar warning message was already printed out to
-		 * the console by zoneadm(1M) so instead we log the
-		 * message to syslog and continue.
 		 */
-		zerror(&logsys, B_TRUE, "WARNING: skipping network interface "
-		    "'%s' which may not be present/plumbed in the "
-		    "global zone.", lifr.lifr_name);
 		(void) close(s);
 		return (Z_OK);
 	}
diff --git a/usr/src/cmd/zoneadmd/zoneadmd.c b/usr/src/cmd/zoneadmd/zoneadmd.c
index 9a28e6c3f5..ae1306849e 100644
--- a/usr/src/cmd/zoneadmd/zoneadmd.c
+++ b/usr/src/cmd/zoneadmd/zoneadmd.c
@@ -741,14 +741,20 @@ mount_early_fs(void *data, const char *spec, const char *dir,
 
 /*
  * env variable name format
- *	_ZONECFG;{resource name};{identifying attr. name};{property name}
+ *	_ZONECFG_{resource name}_{identifying attr. name}_{property name}
+ * Any dashes (-) in the property names are replaced with underscore (_).
  */
 static void
 set_zonecfg_env(char *phys, char *name, char *val)
 {
+	char *p;
 	char nm[MAXNAMELEN];
 
-	(void) snprintf(nm, sizeof (nm), "_ZONECFG;net;%s;%s", phys, name);
+	(void) snprintf(nm, sizeof (nm), "_ZONECFG_net_%s_%s", phys, name);
+
+	p = nm;
+	while ((p = strchr(p, '-')) != NULL)
+		*p++ = '_';
 
 	(void) setenv(nm, val, 1);
 }
@@ -765,10 +771,12 @@ setup_subproc_env()
 	int res;
 	zone_dochandle_t handle;
 	struct zone_nwiftab ntab;
+	char net_resources[MAXNAMELEN * 2];
 
 	if ((handle = zonecfg_init_handle()) == NULL)
 		exit(Z_NOMEM);
 
+	net_resources[0] = '\0';
 	if ((res = zonecfg_get_handle(zone_name, handle)) != Z_OK)
 		goto done;
 
@@ -781,8 +789,10 @@ setup_subproc_env()
 
 		phys = ntab.zone_nwif_physical;
 
-		set_zonecfg_env(phys, "physical",
-		    ntab.zone_nwif_physical);
+		(void) strlcat(net_resources, phys, sizeof (net_resources));
+		(void) strlcat(net_resources, " ", sizeof (net_resources));
+
+		set_zonecfg_env(phys, "physical", phys);
 
 		set_zonecfg_env(phys, "address", ntab.zone_nwif_address);
 		set_zonecfg_env(phys, "allowed-address",
@@ -798,6 +808,8 @@ setup_subproc_env()
 			    np->zone_nwif_attr_value);
 	}
 
+	(void) setenv("_ZONECFG_net_resources", net_resources, 1);
+
 	(void) zonecfg_endnwifent(handle);
 	res = Z_OK;
 
diff --git a/usr/src/lib/brand/joyent/zone/Makefile b/usr/src/lib/brand/joyent/zone/Makefile
index 6a22b39360..1f8f909519 100644
--- a/usr/src/lib/brand/joyent/zone/Makefile
+++ b/usr/src/lib/brand/joyent/zone/Makefile
@@ -24,7 +24,7 @@
 # Use is subject to license terms.
 #
 
-PROGS =		jinstall juninstall pinstall prestate
+PROGS =		jinstall juninstall pinstall prestate poststate
 XMLDOCS=	config.xml platform.xml
 USERFILES=
 MANIFEST=	joyinit.xml
diff --git a/usr/src/lib/brand/joyent/zone/config.xml b/usr/src/lib/brand/joyent/zone/config.xml
index 55f3319246..6b796ed7d1 100644
--- a/usr/src/lib/brand/joyent/zone/config.xml
+++ b/usr/src/lib/brand/joyent/zone/config.xml
@@ -20,7 +20,7 @@
 
  CDDL HEADER END
 
- Copyright 2010 Joyent, Inc.  All rights reserved.
+ Copyright 2010,2011 Joyent, Inc.  All rights reserved.
  Use is subject to license terms.
 
  DO NOT EDIT THIS FILE.
@@ -50,6 +50,7 @@
 	<clone></clone>
 	<uninstall>/usr/lib/brand/joyent/juninstall -z %z -R %R</uninstall>
 	<prestatechange>/usr/lib/brand/joyent/prestate %z %R</prestatechange>
+	<poststatechange>/usr/lib/brand/joyent/poststate %z %R</poststatechange>
 
 	<privilege set="default" name="contract_event" />
 	<privilege set="default" name="contract_identity" />
diff --git a/usr/src/lib/brand/joyent/zone/poststate.ksh b/usr/src/lib/brand/joyent/zone/poststate.ksh
new file mode 100644
index 0000000000..bad727516a
--- /dev/null
+++ b/usr/src/lib/brand/joyent/zone/poststate.ksh
@@ -0,0 +1,61 @@
+#!/bin/ksh -p
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright 2010, 2011 Joyent, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+
+unset LD_LIBRARY_PATH
+PATH=/usr/bin:/usr/sbin
+export PATH
+
+# state
+# ZONE_STATE_CONFIGURED		0 (script will never see this)
+# ZONE_STATE_INCOMPLETE		1 (script will never see this)
+# ZONE_STATE_INSTALLED		2
+# ZONE_STATE_READY		3
+# ZONE_STATE_RUNNING		4
+# ZONE_STATE_SHUTTING_DOWN	5
+# ZONE_STATE_DOWN		6
+# ZONE_STATE_MOUNTED		7
+
+# cmd
+#
+# ready				0
+# boot				1
+# halt				4
+
+ZONENAME=$1
+ZONEPATH=$2
+state=$3
+cmd=$4
+ALTROOT=$5
+
+# We only do work if we're halting the zone.
+(( $cmd != 4 )) && exit 0;
+
+for nic in $_ZONECFG_net_resources
+do
+	dladm delete-vnic $nic
+done
+
+exit 0
+
diff --git a/usr/src/lib/brand/joyent/zone/prestate.ksh b/usr/src/lib/brand/joyent/zone/prestate.ksh
index cc3fe7828d..be32b1518f 100644
--- a/usr/src/lib/brand/joyent/zone/prestate.ksh
+++ b/usr/src/lib/brand/joyent/zone/prestate.ksh
@@ -27,6 +27,8 @@ unset LD_LIBRARY_PATH
 PATH=/usr/bin:/usr/sbin
 export PATH
 
+. /lib/sdc/config.sh
+
 # state
 # ZONE_STATE_CONFIGURED		0 (script will never see this)
 # ZONE_STATE_INCOMPLETE		1 (script will never see this)
@@ -49,18 +51,111 @@ state=$3
 cmd=$4
 ALTROOT=$5
 
-# If we're readying the zone, then make sure the per-zone writable
+# We only do work if we're readying the zone.
+if [ $cmd -ne 0 ]; then
+	exit 0;
+fi
+
+# We're readying the zone.  Make sure the per-zone writable
 # directories exist so that we can lofs mount them.  We do this here,
 # instead of in the install script, since this list has evolved and there
 # are already zones out there in the installed state.
-if [ $cmd -eq 0 ]; then
-	[ ! -d $ZONEPATH/site ] && mkdir -m755 $ZONEPATH/site
-	[ ! -d $ZONEPATH/local ] && mkdir -m755 $ZONEPATH/local
-	[ ! -d $ZONEPATH/root/checkpoints ] && \
-	    mkdir -m755 $ZONEPATH/root/checkpoints
-
-	# Force zone snapshots to get mounted
-	ls $ZONEPATH/.zfs/snapshot/* >/dev/null 2>&1
-fi
+[ ! -d $ZONEPATH/site ] && mkdir -m755 $ZONEPATH/site
+[ ! -d $ZONEPATH/local ] && mkdir -m755 $ZONEPATH/local
+[ ! -d $ZONEPATH/root/checkpoints ] &&  mkdir -m755 $ZONEPATH/root/checkpoints
+
+# Force zone snapshots to get mounted
+ls $ZONEPATH/.zfs/snapshot/* >/dev/null 2>&1
+
+#
+# Finish by setting up the vnic(s) for the zone.
+#
+
+# Load sysinfo variables with SYSINFO_ prefix
+load_sdc_sysinfo
+# Load config variables with CONFIG_ prefix, and sets the headnode variable
+load_sdc_config
+
+for nic in $_ZONECFG_net_resources
+do
+	# Get simplified versions of the network config. variables.
+	address=$(eval echo \$_ZONECFG_net_${nic}_address)
+	dhcp_spoof=$(eval echo \$_ZONECFG_net_${nic}_dhcp_spoof)
+	global_nic=$(eval echo \$_ZONECFG_net_${nic}_global_nic)
+	mac_addr=$(eval echo \$_ZONECFG_net_${nic}_mac_addr)
+	vlan_id=$(eval echo \$_ZONECFG_net_${nic}_vlan_id)
+
+	# If address set, must be a shared stack zone
+	[[ -n $address ]] && exit 0
+
+	# XXX For backwards compatibility
+	orig_global=$global_nic
+	[[ "$global_nic" == "admin" ]] && global_nic=$SYSINFO_NIC_admin
+	[[ "$global_nic" == "external" ]] && global_nic=$SYSINFO_NIC_external
+
+	# For backwards compatibility with the other parts of the
+	# system, check if this zone already has this vnic setup.
+	# If so, move on to the next vnic.
+	dladm show-vnic -p -o LINK $nic >/dev/null 2>&1
+	(( $? == 0 )) && continue
+
+	#
+	# Create the vnic.
+	#
+
+	opt_str=""
+	[[ -n $mac_addr ]] && opt_str="$opt_str -m $mac_addr"
+
+	[[ -n $vlan_id && $vlan_id != 0 ]] && opt_str="$opt_str -v $vlan_id"
+
+	dladm create-vnic -l $global_nic $opt_str $nic
+	(( $? != 0 )) && exit 1
+
+	if [[ -z $mac_addr ]]; then
+		# There was no assigned mac address
+
+		# Get newly assigned mac address.
+		mac_addr=$(dladm show-vnic -p -o MACADDRESS ${nic})
+
+		# Save newly assigned mac address
+		[[ -n $mac_addr ]] && zonecfg -z $ZONENAME \
+		    "select net physical=$nic; " \
+		    "set mac-addr=$mac_addr; end; exit"
+	fi
+
+	#
+	# XXX For backwards compatibility, special handling for zone
+	# named "dhcpd".  Remove this check once property is added to zone.
+	#
+	if [[ $ZONENAME == "dhcpd" ]]; then
+		dladm set-linkprop -p "protection=mac-nospoof" ${nic}
+	else
+		# Enable antispoof, but not dhcp antispoof if the zone's
+		# dhcp-spoof property is set.
+		spoof_opts="ip-nospoof,mac-nospoof,restricted,dhcp-nospoof"
+		[[ -n $dhcp_spoof ]] && spoof_opts="mac-nospoof"
+		dladm set-linkprop -p "protection=${spoof_opts}" ${nic}
+	fi
+
+	# Get the static IP for the vnic from the zone config file.
+	hostname_file="/zones/$ZONENAME/root/etc/hostname.$nic"
+	if [ -e $hostname_file ]; then
+		zone_ip=`nawk '{if ($1 ~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/)
+		    print $1}' $hostname_file`
+
+		[[ -n "${zone_ip}" ]] && \
+		    dladm set-linkprop -p "allowed-ips=${zone_ip}" ${nic}
+
+	fi
+
+	# If on VMWare and we have external IPs, create a bridge to allow
+	# zones to reach the external gateway
+	# XXX fix orig_global
+	if [[ ${headnode} == "true" && ${orig_global} == "external" ]]; then
+		dladm show-bridge -p -o BRIDGE vmwareextbr >/dev/null 2>&1
+		(( $? != 0 )) && dladm create-bridge \
+		    -l ${SYSINFO_NIC_external} vmwareextbr
+	fi
+done
 
 exit 0