preflight: Ensure crc network is accessible from session libvirt

This is needed to be able to switch to session libvirt, which will be through machine-driver-libvirt (See crc-org/machine-driver-libvirt#20)
crc-org · Oct 16, 2019 · daf2f28 · daf2f28
1 parent ff31d80
commit daf2f28
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 0 deletions.
diff --git a/cmd/crc/cmd/config/config_linux.go b/cmd/crc/cmd/config/config_linux.go
@@ -26,6 +26,8 @@ var (
 	WarnCheckCrcNetwork              = cfg.AddSetting("warn-check-crc-network", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	SkipCheckCrcNetworkActive        = cfg.AddSetting("skip-check-crc-network-active", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	WarnCheckCrcNetworkActive        = cfg.AddSetting("warn-check-crc-network-active", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
+	SkipCheckCrcBridgePermissions    = cfg.AddSetting("skip-check-crc-network-permissions", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
+	WarnCheckCrcBridgePermissions    = cfg.AddSetting("warn-check-crc-network-permissions", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	SkipCheckCrcDnsmasqFile          = cfg.AddSetting("skip-check-crc-dnsmasq-file", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	WarnCheckCrcDnsmasqFile          = cfg.AddSetting("warn-check-crc-dnsmasq-file", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})
 	SkipCheckCrcNetworkManagerConfig = cfg.AddSetting("skip-check-network-manager-config", nil, []cfg.ValidationFnType{cfg.ValidateBool}, []cfg.SetFn{cfg.SuccessfullyApplied})

diff --git a/pkg/crc/preflight/preflight_checks_linux.go b/pkg/crc/preflight/preflight_checks_linux.go
@@ -44,6 +44,11 @@ server=/crc.testing/192.168.130.11
 dns=dnsmasq
 `
 	libvirtDriverDownloadURL = fmt.Sprintf("https://github.com/code-ready/machine-driver-libvirt/releases/download/%s/crc-driver-libvirt", libvirtDriverVersion)
+	qemuBridgeConfig         = "allow crc"
+	qemuBridgeConfigPaths    = [2]string{
+		"/etc/qemu/bridge.conf",     // Upstream
+		"/etc/qemu-kvm/bridge.conf", // RHEL
+	}
 )
 
 func checkVirtualizationEnabled() (bool, error) {
@@ -392,6 +397,65 @@ func fixLibvirtCrcNetworkActive() (bool, error) {
 	return true, nil
 }
 
+func checkLibvirtCrcBridgePermissions() (bool, error) {
+	logging.Debug("Checking if 'crc' bridge has appropriate permissions setup")
+	configPath := ""
+	for _, path := range qemuBridgeConfigPaths {
+		logging.Debug(fmt.Sprintf("Trying %s..", path))
+		_, err := os.Stat(path)
+		if err != nil {
+			logging.Debug(fmt.Sprintf("Failed to open %s: %s", path, err))
+		} else {
+			configPath = path
+
+			break
+		}
+	}
+	if configPath == "" {
+		return false, fmt.Errorf("Failed to find Qemu bridge configuration file")
+	}
+
+	config, err := ioutil.ReadFile(filepath.Clean(configPath))
+	if err != nil {
+		return false, fmt.Errorf("Failed to read %s: %v", configPath, err)
+	}
+	if match, _ := regexp.MatchString(qemuBridgeConfig, string(config)); !match {
+		return false, fmt.Errorf("`crc` network not allowed unprivileged access")
+	}
+	logging.Debug("'crc' bridge has appropriate permissions")
+	return true, nil
+}
+
+func fixLibvirtCrcBridgePermissions() (bool, error) {
+	logging.Debug("Fixing permissions for 'crc'")
+	configPath := ""
+	for _, path := range qemuBridgeConfigPaths {
+		logging.Debug(fmt.Sprintf("Trying %s..", path))
+		_, err := os.Stat(path)
+		if err != nil {
+			logging.Debug(fmt.Sprintf("Failed to open %s: %s", path, err))
+		} else {
+			configPath = path
+
+			break
+		}
+	}
+	if configPath == "" {
+		return false, fmt.Errorf("Failed to find Qemu bridge configuration file")
+	}
+
+	err := crcos.AppendToFileAsRoot(
+		"Allow 'crc' network to be used from session libvirt",
+		fmt.Sprintf("%s\n", qemuBridgeConfig),
+		configPath,
+	)
+	if err != nil {
+		return false, fmt.Errorf("Failed to write to %s: %v", configPath, err)
+	}
+	logging.Debug("'crc' bridge now has appropriate permissions")
+	return true, nil
+}
+
 func checkCrcDnsmasqConfigFile() (bool, error) {
 	logging.Debug("Checking dnsmasq configuration")
 	c := []byte(crcDnsmasqConfig)

diff --git a/pkg/crc/preflight/preflight_linux.go b/pkg/crc/preflight/preflight_linux.go
@@ -169,6 +169,12 @@ func SetupHost(vmDriver string) {
 		"Starting libvirt 'crc' network",
 		config.GetBool(cmdConfig.WarnCheckCrcNetworkActive.Name),
 	)
+	preflightCheckAndFix(config.GetBool(cmdConfig.SkipCheckCrcBridgePermissions.Name),
+		checkLibvirtCrcBridgePermissions,
+		fixLibvirtCrcBridgePermissions,
+		"Checking for appropriate permissions on 'crc' network",
+		config.GetBool(cmdConfig.WarnCheckCrcBridgePermissions.Name),
+	)
 	preflightCheckAndFix(config.GetBool(cmdConfig.SkipCheckNetworkManagerInstalled.Name),
 		checkNetworkManagerInstalled,
 		fixNetworkManagerInstalled,