feat(machined): merge global and per-interface DNS for OpenNebula

mcanevet · smira · commit 9f648b491b8f · 2026-03-18T20:57:16.000+04:00
Accumulate DNS servers and search domains from both global context variables (DNS, SEARCH_DOMAIN) and per-interface variables (ETH*_DNS, ETH*_SEARCH_DOMAIN) into a single merged ResolverSpecSpec, matching the reference one-apps context-linux get_nameservers() / get_searchdomains() behavior that writes one /etc/resolv.conf. Signed-off-by: Mickaël Canévet <mickael.canevet@proton.ch> Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com> (cherry picked from commit e96766e)
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/dns_test.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/dns_test.go
@@ -0,0 +1,143 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package opennebula_test
+
+import (
+	"testing"
+
+	"github.com/cosi-project/runtime/pkg/state"
+	"github.com/cosi-project/runtime/pkg/state/impl/inmem"
+	"github.com/cosi-project/runtime/pkg/state/impl/namespaced"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/siderolabs/talos/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula"
+)
+
+func TestDNSMerge(t *testing.T) {
+	t.Parallel()
+
+	o := &opennebula.OpenNebula{}
+	st := state.WrapCore(namespaced.NewState(inmem.Build))
+
+	mac := `ETH0_MAC = "02:00:c0:a8:01:5c"
+ETH0_IP = "192.168.1.92"
+ETH0_MASK = "255.255.255.0"
+NAME = "test"
+`
+
+	for _, tc := range []struct {
+		name           string
+		extra          string
+		wantDNS        []string
+		wantSearch     []string
+		wantNoResolver bool
+	}{
+		{
+			name:           "global DNS only",
+			extra:          `DNS = "9.9.9.9 1.1.1.1"`,
+			wantDNS:        []string{"9.9.9.9", "1.1.1.1"},
+			wantSearch:     nil,
+			wantNoResolver: false,
+		},
+		{
+			name:           "per-interface DNS only",
+			extra:          `ETH0_DNS = "192.168.1.1 8.8.8.8"`,
+			wantDNS:        []string{"192.168.1.1", "8.8.8.8"},
+			wantSearch:     nil,
+			wantNoResolver: false,
+		},
+		{
+			name:           "global and per-interface DNS merged, global first",
+			extra:          "DNS = \"9.9.9.9\"\nETH0_DNS = \"192.168.1.1\"",
+			wantDNS:        []string{"9.9.9.9", "192.168.1.1"},
+			wantSearch:     nil,
+			wantNoResolver: false,
+		},
+		{
+			name:           "global SEARCH_DOMAIN only",
+			extra:          `SEARCH_DOMAIN = "global.example.com"`,
+			wantDNS:        nil,
+			wantSearch:     []string{"global.example.com"},
+			wantNoResolver: false,
+		},
+		{
+			name:           "per-interface search domain only",
+			extra:          `ETH0_SEARCH_DOMAIN = "example.com"`,
+			wantDNS:        nil,
+			wantSearch:     []string{"example.com"},
+			wantNoResolver: false,
+		},
+		{
+			name:           "global and per-interface search domains merged, global first",
+			extra:          "SEARCH_DOMAIN = \"global.example.com\"\nETH0_SEARCH_DOMAIN = \"example.com\"",
+			wantDNS:        nil,
+			wantSearch:     []string{"global.example.com", "example.com"},
+			wantNoResolver: false,
+		},
+		{
+			name:           "neither global nor per-interface set — no resolver emitted",
+			extra:          "",
+			wantNoResolver: true,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			input := []byte(mac + tc.extra)
+
+			networkConfig, err := o.ParseMetadata(st, input)
+			require.NoError(t, err)
+
+			if tc.wantNoResolver {
+				assert.Empty(t, networkConfig.Resolvers)
+
+				return
+			}
+
+			require.Len(t, networkConfig.Resolvers, 1)
+
+			resolver := networkConfig.Resolvers[0]
+
+			var dnsStrs []string
+
+			for _, ip := range resolver.DNSServers {
+				dnsStrs = append(dnsStrs, ip.String())
+			}
+
+			assert.Equal(t, tc.wantDNS, dnsStrs)
+			assert.Equal(t, tc.wantSearch, resolver.SearchDomains)
+		})
+	}
+}
+
+func TestDNSMergeError(t *testing.T) {
+	t.Parallel()
+
+	o := &opennebula.OpenNebula{}
+	st := state.WrapCore(namespaced.NewState(inmem.Build))
+
+	base := `ETH0_MAC = "02:00:c0:a8:01:5c"
+ETH0_IP = "192.168.1.92"
+ETH0_MASK = "255.255.255.0"
+NAME = "test"
+`
+
+	t.Run("malformed global DNS returns error", func(t *testing.T) {
+		t.Parallel()
+
+		_, err := o.ParseMetadata(st, []byte(base+`DNS = "notanip"`))
+		require.ErrorContains(t, err, "failed to parse global DNS server")
+		require.ErrorContains(t, err, "notanip")
+	})
+
+	t.Run("malformed per-interface DNS returns error with interface name", func(t *testing.T) {
+		t.Parallel()
+
+		_, err := o.ParseMetadata(st, []byte(base+`ETH0_DNS = "notanip"`))
+		require.ErrorContains(t, err, "ETH0")
+		require.ErrorContains(t, err, "notanip")
+	})
+}
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula.go
@@ -174,6 +174,25 @@ func (o *OpenNebula) ParseMetadata(st state.State, oneContextPlain []byte) (*run
 		}
 	}
 
+	// Seed the merged DNS/search-domain slices with global variables (DNS,
+	// SEARCH_DOMAIN). These are applied regardless of interface, matching the
+	// reference get_nameservers()/get_searchdomains() which processes global
+	// variables before per-interface ones.
+	var allDNSIPs []netip.Addr
+
+	var allSearchDomains []string
+
+	for s := range strings.FieldsSeq(oneContext["DNS"]) {
+		ip, err := netip.ParseAddr(s)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse global DNS server %q: %w", s, err)
+		}
+
+		allDNSIPs = append(allDNSIPs, ip)
+	}
+
+	allSearchDomains = append(allSearchDomains, strings.Fields(oneContext["SEARCH_DOMAIN"])...)
+
 	// Iterate through parsed environment variables looking for ETHn_MAC keys.
 	// The presence of ETHn_MAC is the sole trigger for interface configuration,
 	// matching the behavior of the official OpenNebula guest contextualization
@@ -282,30 +301,31 @@ func (o *OpenNebula) ParseMetadata(st state.State, oneContextPlain []byte) (*run
 					networkConfig.Routes = append(networkConfig.Routes, staticRoutes...)
 				}
 
-				// Parse DNS servers
-				dnsServers := strings.Fields(oneContext[ifaceName+"_DNS"])
-
-				var dnsIPs []netip.Addr
-
-				for _, dnsServer := range dnsServers {
-					ip, err := netip.ParseAddr(dnsServer)
+				// Accumulate per-interface DNS servers and search domains into
+				// the shared slices (global values were seeded before the loop).
+				for s := range strings.FieldsSeq(oneContext[ifaceName+"_DNS"]) {
+					ip, err := netip.ParseAddr(s)
 					if err != nil {
-						return nil, fmt.Errorf("failed to parse DNS server IP: %w", err)
+						return nil, fmt.Errorf("interface %s: failed to parse DNS server %q: %w", ifaceName, s, err)
 					}
 
-					dnsIPs = append(dnsIPs, ip)
+					allDNSIPs = append(allDNSIPs, ip)
 				}
 
-				// Create ResolverSpecSpec entry with multiple DNS servers
-				networkConfig.Resolvers = append(networkConfig.Resolvers,
-					network.ResolverSpecSpec{
-						DNSServers:  dnsIPs,
-						ConfigLayer: network.ConfigPlatform,
-					},
-				)
+				allSearchDomains = append(allSearchDomains, strings.Fields(oneContext[ifaceName+"_SEARCH_DOMAIN"])...)
 			}
 		}
 	}
+	// Emit a single merged ResolverSpecSpec combining global and per-interface
+	// values, matching the reference single /etc/resolv.conf output.
+	if len(allDNSIPs) > 0 || len(allSearchDomains) > 0 {
+		networkConfig.Resolvers = append(networkConfig.Resolvers, network.ResolverSpecSpec{
+			DNSServers:    allDNSIPs,
+			SearchDomains: allSearchDomains,
+			ConfigLayer:   network.ConfigPlatform,
+		})
+	}
+
 	// Create HostnameSpecSpec entry
 	networkConfig.Hostnames = append(networkConfig.Hostnames,
 		network.HostnameSpecSpec{
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected.yaml
@@ -56,10 +56,14 @@ hostnames:
       layer: platform
 resolvers:
     - dnsServers:
+        - 9.9.9.9
         - 192.168.1.1
         - 8.8.8.8
         - 1.1.1.1
       layer: platform
+      searchDomains:
+        - global.example.com
+        - example.com
 timeServers: []
 operators: []
 externalIPs: []
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected_no_network_flag.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected_no_network_flag.yaml
@@ -56,10 +56,14 @@ hostnames:
       layer: platform
 resolvers:
     - dnsServers:
+        - 9.9.9.9
         - 192.168.1.1
         - 8.8.8.8
         - 1.1.1.1
       layer: platform
+      searchDomains:
+        - global.example.com
+        - example.com
 timeServers: []
 operators: []
 externalIPs: []
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/metadata.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/metadata.yaml
@@ -1,5 +1,6 @@
 # Context variables generated by OpenNebula
 DISK_ID = "1"
+DNS = "9.9.9.9"
 ETH0_DNS = "192.168.1.1 8.8.8.8 1.1.1.1"
 ETH0_EXTERNAL = ""
 ETH0_GATEWAY = "192.168.1.1"
@@ -17,11 +18,12 @@ ETH0_METRIC = ""
 ETH0_MTU = ""
 ETH0_NETWORK = "192.168.1.0"
 ETH0_ROUTES = "10.0.0.0 255.0.0.0 192.168.1.1, 172.16.0.0 255.255.0.0 192.168.1.1 500"
-ETH0_SEARCH_DOMAIN = ""
+ETH0_SEARCH_DOMAIN = "example.com"
 ETH0_VLAN_ID = "3"
 ETH0_VROUTER_IP = ""
 ETH0_VROUTER_IP6 = ""
 ETH0_VROUTER_MANAGEMENT = ""
+SEARCH_DOMAIN = "global.example.com"
 NETWORK = "YES"
 SSH_PUBLIC_KEY = ""
 TARGET = "hda"
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/metadata_no_network_flag.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/metadata_no_network_flag.yaml
@@ -2,6 +2,7 @@
 # ETH*_ variables are manually specified (e.g. for ETHER-type address ranges
 # where NETWORK=YES would cause the server to overwrite them with empty values).
 DISK_ID = "1"
+DNS = "9.9.9.9"
 ETH0_DNS = "192.168.1.1 8.8.8.8 1.1.1.1"
 ETH0_EXTERNAL = ""
 ETH0_GATEWAY = "192.168.1.1"
@@ -19,11 +20,12 @@ ETH0_METRIC = ""
 ETH0_MTU = ""
 ETH0_NETWORK = "192.168.1.0"
 ETH0_ROUTES = "10.0.0.0 255.0.0.0 192.168.1.1, 172.16.0.0 255.255.0.0 192.168.1.1 500"
-ETH0_SEARCH_DOMAIN = ""
+ETH0_SEARCH_DOMAIN = "example.com"
 ETH0_VLAN_ID = "3"
 ETH0_VROUTER_IP = ""
 ETH0_VROUTER_IP6 = ""
 ETH0_VROUTER_MANAGEMENT = ""
+SEARCH_DOMAIN = "global.example.com"
 NETWORK = "NO"
 SSH_PUBLIC_KEY = ""
 TARGET = "hda"
