From 475fe27c0bbd9aa2f7ddc1274cb446cfebe7d789 Mon Sep 17 00:00:00 2001
From: Oleksandr Ivantsiv <oivantsiv@nvidia.com>
Date: Thu, 22 Jun 2023 18:12:30 +0200
Subject: [PATCH] [dns] Add support for static DNS configuration. (#14549)

- Why I did it
Add support for static DNS configuration. According to sonic-net/SONiC#1262 HLD.

- How I did it
Add a new resolv-config.service that is responsible for transferring configuration from Config DB into /etc/resolv.conf file that is consumed by various subsystems in Linux to resolve domain names into IP addresses.

- How to verify it
Run the image compilation. Each component related to the static DNS feature is covered with the unit tests.
Run sonic-mgmt tests. Static DNS feature will be covered with the system tests.
Install the image and run manual tests.
---
 build_debian.sh                               |  7 ++-
 .../build_templates/sonic_debian_extension.j2 |  9 +++
 .../interfaces/interfaces-config.sh           |  2 +
 .../resolv-config/resolv-config.service       | 15 +++++
 .../resolv-config/resolv-config.sh            | 61 +++++++++++++++++++
 files/image_config/resolv-config/resolv.conf  |  0
 .../resolv-config/resolv.conf.head            |  2 +
 .../image_config/resolv-config/resolv.conf.j2 |  3 +
 .../resolv-config/update-containers           |  7 +++
 src/sonic-config-engine/minigraph.py          |  9 ++-
 .../tests/data/dns/resolv.conf                |  3 +
 .../tests/data/dns/static_dns.json            |  6 ++
 .../tests/multi_npu_data/sample-minigraph.xml |  5 ++
 .../tests/simple-sample-graph-case.xml        |  6 ++
 .../tests/simple-sample-graph-metadata.xml    |  6 ++
 src/sonic-config-engine/tests/test_cfggen.py  |  5 ++
 src/sonic-config-engine/tests/test_j2files.py |  8 +++
 .../tests/test_minigraph_case.py              |  5 ++
 .../tests/test_multinpu_cfggen.py             | 11 ++++
 19 files changed, 167 insertions(+), 3 deletions(-)
 create mode 100644 files/image_config/resolv-config/resolv-config.service
 create mode 100755 files/image_config/resolv-config/resolv-config.sh
 delete mode 100644 files/image_config/resolv-config/resolv.conf
 create mode 100644 files/image_config/resolv-config/resolv.conf.head
 create mode 100644 files/image_config/resolv-config/resolv.conf.j2
 create mode 100755 files/image_config/resolv-config/update-containers
 create mode 100644 src/sonic-config-engine/tests/data/dns/resolv.conf
 create mode 100644 src/sonic-config-engine/tests/data/dns/static_dns.json

diff --git a/build_debian.sh b/build_debian.sh
index 9462e4a54fba..6c1e9c381a3b 100755
--- a/build_debian.sh
+++ b/build_debian.sh
@@ -400,6 +400,7 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
     jq                      \
     auditd                  \
     linux-perf              \
+    resolvconf              \
 	lsof                    \
 	sysstat
 
@@ -762,7 +763,11 @@ sudo rm -f $ONIE_INSTALLER_PAYLOAD $FILESYSTEM_SQUASHFS
 ## Note: -x to skip directories on different file systems, such as /proc
 sudo du -hsx $FILESYSTEM_ROOT
 sudo mkdir -p $FILESYSTEM_ROOT/var/lib/docker
-sudo cp files/image_config/resolv-config/resolv.conf $FILESYSTEM_ROOT/etc/resolv.conf
+
+## Clear DNS configuration inherited from the build server
+sudo rm -f $FILESYSTEM_ROOT/etc/resolvconf/resolv.conf.d/original
+sudo cp files/image_config/resolv-config/resolv.conf.head $FILESYSTEM_ROOT/etc/resolvconf/resolv.conf.d/head
+
 sudo mksquashfs $FILESYSTEM_ROOT $FILESYSTEM_SQUASHFS -comp zstd -b 1M -e boot -e var/lib/docker -e $PLATFORM_DIR
 
 # Ensure admin gid is 1000
diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2
index 04a404688ff3..fee493990867 100644
--- a/files/build_templates/sonic_debian_extension.j2
+++ b/files/build_templates/sonic_debian_extension.j2
@@ -430,6 +430,15 @@ j2 files/dhcp/dhclient.conf.j2 | sudo tee $FILESYSTEM_ROOT/etc/dhcp/dhclient.con
 sudo cp files/dhcp/ifupdown2_policy.json $FILESYSTEM_ROOT/etc/network/ifupdown2/policy.d
 sudo cp files/dhcp/90-dhcp6-systcl.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
 
+# Copy DNS configuration files and templates
+sudo cp $IMAGE_CONFIGS/resolv-config/resolv-config.service $FILESYSTEM_ROOT_USR_LIB_SYSTEMD_SYSTEM
+sudo cp $IMAGE_CONFIGS/resolv-config/resolv-config.sh $FILESYSTEM_ROOT/usr/bin/
+sudo cp $IMAGE_CONFIGS/resolv-config/resolv.conf.j2 $FILESYSTEM_ROOT_USR_SHARE_SONIC_TEMPLATES/
+echo "resolv-config.service" | sudo tee -a $GENERATED_SERVICE_FILE
+sudo LANG=C chroot $FILESYSTEM_ROOT systemctl disable resolvconf.service
+sudo mkdir -p $FILESYSTEM_ROOT/etc/resolvconf/update-libc.d/
+sudo cp $IMAGE_CONFIGS/resolv-config/update-containers $FILESYSTEM_ROOT/etc/resolvconf/update-libc.d/
+
 # Copy initial interfaces configuration file, will be overwritten on first boot
 sudo cp $IMAGE_CONFIGS/interfaces/init_interfaces $FILESYSTEM_ROOT/etc/network/interfaces
 sudo mkdir -p $FILESYSTEM_ROOT/etc/network/interfaces.d
diff --git a/files/image_config/interfaces/interfaces-config.sh b/files/image_config/interfaces/interfaces-config.sh
index f6aa4147a4e4..cb2faea91f31 100755
--- a/files/image_config/interfaces/interfaces-config.sh
+++ b/files/image_config/interfaces/interfaces-config.sh
@@ -60,6 +60,8 @@ for intf_pid in $(ls -1 /var/run/dhclient*.Ethernet*.pid 2> /dev/null); do
     [[ -f ${intf_pid} ]] && kill `cat ${intf_pid}` && rm -f ${intf_pid}
 done
 
+/usr/bin/resolv-config.sh cleanup
+
 # Read sysctl conf files again
 sysctl -p /etc/sysctl.d/90-dhcp6-systcl.conf
 
diff --git a/files/image_config/resolv-config/resolv-config.service b/files/image_config/resolv-config/resolv-config.service
new file mode 100644
index 000000000000..18a261dcf5d0
--- /dev/null
+++ b/files/image_config/resolv-config/resolv-config.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Update DNS configuration
+Requires=updategraph.service
+After=updategraph.service
+BindsTo=sonic.target
+After=sonic.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/resolv-config.sh start
+
+[Install]
+WantedBy=sonic.target
diff --git a/files/image_config/resolv-config/resolv-config.sh b/files/image_config/resolv-config/resolv-config.sh
new file mode 100755
index 000000000000..cffda6acb54b
--- /dev/null
+++ b/files/image_config/resolv-config/resolv-config.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+WD=/var/run/resolvconf/
+CONFIG_DIR=${WD}/interface/
+STATIC_CONFIG_FILE=mgmt.static
+DYNAMIC_CONFIG_FILE_TEMPLATE=*.dhclient
+
+update_symlink()
+{
+    ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf
+}
+
+start()
+{
+    update_symlink
+
+    redis-dump -d 4 -k "DNS_NAMESERVER*" -y > /tmp/dns.json
+    if [[ $? -eq 0 && "$(cat /tmp/dns.json)" != "{}" ]]; then
+        # Apply static DNS configuration and disable updates
+        /sbin/resolvconf --disable-updates
+        pushd ${CONFIG_DIR}
+        # Backup dynamic configuration to restore it when the static configuration is removed
+        mv ${DYNAMIC_CONFIG_FILE_TEMPLATE} ${WD} || true
+
+        sonic-cfggen -d -t /usr/share/sonic/templates/resolv.conf.j2,${STATIC_CONFIG_FILE}
+
+        /sbin/resolvconf --enable-updates
+        /sbin/resolvconf -u
+        /sbin/resolvconf --disable-updates
+        popd
+    else
+        # Dynamic DNS configuration. Enable updates. It is expected to receive configuraution for DHCP server
+        /sbin/resolvconf --disable-updates
+        pushd ${CONFIG_DIR}
+        rm -f ${STATIC_CONFIG_FILE}
+        # Restore dynamic configuration if it exists
+        mv ${WD}/${DYNAMIC_CONFIG_FILE_TEMPLATE} ${CONFIG_DIR} || true
+
+        /sbin/resolvconf --enable-updates
+        /sbin/resolvconf -u
+    fi
+}
+
+clean-dynamic-conf()
+{
+    rm -f ${WD}/${DYNAMIC_CONFIG_FILE_TEMPLATE}
+    rm -f ${WD}/postponed-update
+}
+
+case $1 in
+    start)
+        start
+        ;;
+    cleanup)
+        clean-dynamic-conf
+        ;;
+    *)
+        echo "Usage: $0 {start|clean-dynamic-conf}"
+        exit 2
+        ;;
+esac
diff --git a/files/image_config/resolv-config/resolv.conf b/files/image_config/resolv-config/resolv.conf
deleted file mode 100644
index e69de29bb2d1..000000000000
diff --git a/files/image_config/resolv-config/resolv.conf.head b/files/image_config/resolv-config/resolv.conf.head
new file mode 100644
index 000000000000..db81bded75e9
--- /dev/null
+++ b/files/image_config/resolv-config/resolv.conf.head
@@ -0,0 +1,2 @@
+# Dynamic resolv.conf(5) file generated by resolvconf(8)
+# The content of this file may be overwritten during a config reload.
diff --git a/files/image_config/resolv-config/resolv.conf.j2 b/files/image_config/resolv-config/resolv.conf.j2
new file mode 100644
index 000000000000..4887d2e01d45
--- /dev/null
+++ b/files/image_config/resolv-config/resolv.conf.j2
@@ -0,0 +1,3 @@
+{% for ip in DNS_NAMESERVER|sort %}
+nameserver {{ ip }}
+{% endfor -%}
diff --git a/files/image_config/resolv-config/update-containers b/files/image_config/resolv-config/update-containers
new file mode 100755
index 000000000000..47d8328a80fe
--- /dev/null
+++ b/files/image_config/resolv-config/update-containers
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+for container in $(docker ps -a --format=" {{ .ID }}"); do
+    docker cp -L /etc/resolv.conf ${container}:/_resolv.conf
+    docker exec -t ${container} bash -c "cat /_resolv.conf > /etc/resolv.conf"
+    docker exec -t ${container} bash -c "rm /_resolv.conf"
+done
diff --git a/src/sonic-config-engine/minigraph.py b/src/sonic-config-engine/minigraph.py
index 81479d83669b..558c7e24e929 100644
--- a/src/sonic-config-engine/minigraph.py
+++ b/src/sonic-config-engine/minigraph.py
@@ -993,6 +993,7 @@ def parse_meta(meta, hname):
     dhcp_servers = []
     dhcpv6_servers = []
     ntp_servers = []
+    dns_nameservers = []
     tacacs_servers = []
     mgmt_routes = []
     erspan_dst = []
@@ -1023,6 +1024,8 @@ def parse_meta(meta, hname):
                     dhcp_servers = value_group
                 elif name == "NtpResources":
                     ntp_servers = value_group
+                elif name == "DnsNameserverResources":
+                    dns_nameservers = value_group
                 elif name == "SyslogResources":
                     syslog_servers = value_group
                 elif name == "TacacsServer":
@@ -1061,7 +1064,7 @@ def parse_meta(meta, hname):
                     qos_profile = value
                 elif name == "RackMgmtMap":
                     rack_mgmt_map = value
-    return syslog_servers, dhcp_servers, dhcpv6_servers, ntp_servers, tacacs_servers, mgmt_routes, erspan_dst, deployment_id, region, cloudtype, resource_type, downstream_subrole, switch_id, switch_type, max_cores, kube_data, macsec_profile, downstream_redundancy_types, redundancy_type, qos_profile, rack_mgmt_map
+    return syslog_servers, dhcp_servers, dhcpv6_servers, ntp_servers, dns_nameservers, tacacs_servers, mgmt_routes, erspan_dst, deployment_id, region, cloudtype, resource_type, downstream_subrole, switch_id, switch_type, max_cores, kube_data, macsec_profile, downstream_redundancy_types, redundancy_type, qos_profile, rack_mgmt_map
 
 
 def parse_linkmeta(meta, hname):
@@ -1488,6 +1491,7 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw
     dhcp_servers = []
     dhcpv6_servers = []
     ntp_servers = []
+    dns_nameservers = []
     tacacs_servers = []
     mgmt_routes = []
     erspan_dst = []
@@ -1543,7 +1547,7 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw
             elif child.tag == str(QName(ns, "UngDec")):
                 (u_neighbors, u_devices, _, _, _, _, _, _) = parse_png(child, hostname, None)
             elif child.tag == str(QName(ns, "MetadataDeclaration")):
-                (syslog_servers, dhcp_servers, dhcpv6_servers, ntp_servers, tacacs_servers, mgmt_routes, erspan_dst, deployment_id, region, cloudtype, resource_type, downstream_subrole, switch_id, switch_type, max_cores, kube_data, macsec_profile, downstream_redundancy_types, redundancy_type, qos_profile, rack_mgmt_map) = parse_meta(child, hostname)
+                (syslog_servers, dhcp_servers, dhcpv6_servers, ntp_servers, dns_nameservers, tacacs_servers, mgmt_routes, erspan_dst, deployment_id, region, cloudtype, resource_type, downstream_subrole, switch_id, switch_type, max_cores, kube_data, macsec_profile, downstream_redundancy_types, redundancy_type, qos_profile, rack_mgmt_map) = parse_meta(child, hostname)
             elif child.tag == str(QName(ns, "LinkMetadataDeclaration")):
                 linkmetas = parse_linkmeta(child, hostname)
             elif child.tag == str(QName(ns, "DeviceInfos")):
@@ -1995,6 +1999,7 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw
     results['DHCP_SERVER'] = dict((item, {}) for item in dhcp_servers)
     results['DHCP_RELAY'] = dhcp_relay_table
     results['NTP_SERVER'] = dict((item, {}) for item in ntp_servers)
+    results['DNS_NAMESERVER'] = dict((item, {}) for item in dns_nameservers)
     results['TACPLUS_SERVER'] = dict((item, {'priority': '1', 'tcp_port': '49'}) for item in tacacs_servers)
     if len(acl_table_types) > 0:
         results['ACL_TABLE_TYPE'] = acl_table_types
diff --git a/src/sonic-config-engine/tests/data/dns/resolv.conf b/src/sonic-config-engine/tests/data/dns/resolv.conf
new file mode 100644
index 000000000000..b90cade8f92d
--- /dev/null
+++ b/src/sonic-config-engine/tests/data/dns/resolv.conf
@@ -0,0 +1,3 @@
+nameserver 1.1.1.1
+nameserver 2001:4860:4860::8888
+
diff --git a/src/sonic-config-engine/tests/data/dns/static_dns.json b/src/sonic-config-engine/tests/data/dns/static_dns.json
new file mode 100644
index 000000000000..0d2cf1804317
--- /dev/null
+++ b/src/sonic-config-engine/tests/data/dns/static_dns.json
@@ -0,0 +1,6 @@
+{
+    "DNS_NAMESERVER": {
+        "1.1.1.1": {},
+        "2001:4860:4860::8888": {}
+    }
+}
diff --git a/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph.xml b/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph.xml
index be3938f24bc4..0adcec5c8420 100644
--- a/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph.xml
+++ b/src/sonic-config-engine/tests/multi_npu_data/sample-minigraph.xml
@@ -1425,6 +1425,11 @@
             <a:Reference i:nil="true"/>
             <a:Value>17.39.1.129;17.39.1.130</a:Value>
           </a:DeviceProperty>
+          <a:DeviceProperty>
+            <a:Name>DnsNameserverResources</a:Name>
+            <a:Reference i:nil="true"/>
+            <a:Value>1.1.1.1;8.8.8.8</a:Value>
+          </a:DeviceProperty>
           <a:DeviceProperty>
             <a:Name>SnmpResources</a:Name>
             <a:Reference i:nil="true"/>
diff --git a/src/sonic-config-engine/tests/simple-sample-graph-case.xml b/src/sonic-config-engine/tests/simple-sample-graph-case.xml
index 69b27c33e7b4..7e8f1579cdf4 100644
--- a/src/sonic-config-engine/tests/simple-sample-graph-case.xml
+++ b/src/sonic-config-engine/tests/simple-sample-graph-case.xml
@@ -500,6 +500,12 @@
       10.0.10.1;10.0.10.2
      </a:Value>
     </a:DeviceProperty>
+    <a:DeviceProperty>
+     <a:Name>DnsNameserverResources</a:Name>
+     <a:Value>
+      1.1.1.1;8.8.8.8
+     </a:Value>
+    </a:DeviceProperty>
     <a:DeviceProperty>
      <a:Name>SnmpResources</a:Name>
      <a:Value>
diff --git a/src/sonic-config-engine/tests/simple-sample-graph-metadata.xml b/src/sonic-config-engine/tests/simple-sample-graph-metadata.xml
index fbc33b49862a..c841ff8d1a9f 100644
--- a/src/sonic-config-engine/tests/simple-sample-graph-metadata.xml
+++ b/src/sonic-config-engine/tests/simple-sample-graph-metadata.xml
@@ -236,6 +236,12 @@
       10.0.10.1;10.0.10.2
      </a:Value>
     </a:DeviceProperty>
+    <a:DeviceProperty>
+     <a:Name>DnsNameserverResources</a:Name>
+     <a:Value>
+      20.2.2.2;30.3.3.3
+     </a:Value>
+    </a:DeviceProperty>
     <a:DeviceProperty>
      <a:Name>SnmpResources</a:Name>
      <a:Value>
diff --git a/src/sonic-config-engine/tests/test_cfggen.py b/src/sonic-config-engine/tests/test_cfggen.py
index 1428250aada4..50e3c2758a1e 100644
--- a/src/sonic-config-engine/tests/test_cfggen.py
+++ b/src/sonic-config-engine/tests/test_cfggen.py
@@ -696,6 +696,11 @@ def test_metadata_ntp(self):
         output = self.run_script(argument)
         self.assertEqual(utils.to_dict(output.strip()), utils.to_dict("{'10.0.10.1': {}, '10.0.10.2': {}}"))
 
+    def test_metadata_dns_nameserver(self):
+        argument = ['-m', self.sample_graph_metadata, '-p', self.port_config, '-v', "DNS_NAMESERVER"]
+        output = self.run_script(argument)
+        self.assertEqual(utils.to_dict(output.strip()), utils.to_dict("{'20.2.2.2': {}, '30.3.3.3': {}}"))
+
     def test_minigraph_vnet(self, **kwargs):
         graph_file = kwargs.get('graph_file', self.sample_graph_simple)
         argument = ['-m', graph_file, '-p', self.port_config, '-v', "VNET"]
diff --git a/src/sonic-config-engine/tests/test_j2files.py b/src/sonic-config-engine/tests/test_j2files.py
index ae49c445f583..50e5df4a4660 100644
--- a/src/sonic-config-engine/tests/test_j2files.py
+++ b/src/sonic-config-engine/tests/test_j2files.py
@@ -695,6 +695,14 @@ def test_backend_acl_template_render(self):
             self.run_script(argument, output_file=self.output_file)
             assert utils.cmp(sample_output_file, self.output_file), self.run_diff(sample_output_file, self.output_file)
 
+    def test_dns_template_render(self):
+        conf_template = os.path.join(self.test_dir, '..', '..', '..', 'files', 'image_config', 'resolv-config', 'resolv.conf.j2')
+        static_dns_conf = os.path.join(self.test_dir, "data", "dns", "static_dns.json")
+        expected = os.path.join(self.test_dir, "data", "dns", "resolv.conf")
+
+        argument = ['-j', static_dns_conf, '-t', conf_template]
+        self.run_script(argument, output_file=self.output_file)
+        assert utils.cmp(expected, self.output_file), self.run_diff(expected, self.output_file)
 
     def test_buffers_edgezone_aggregator_render_template(self):
         self._test_buffers_render_template('arista', 'x86_64-arista_7060_cx32s', 'Arista-7060CX-32S-D48C8', 'sample-arista-7060-t0-minigraph.xml', 'buffers.json.j2', 'buffer-arista7060-t0.json')
diff --git a/src/sonic-config-engine/tests/test_minigraph_case.py b/src/sonic-config-engine/tests/test_minigraph_case.py
index d33d2c14e825..035cff6edb25 100644
--- a/src/sonic-config-engine/tests/test_minigraph_case.py
+++ b/src/sonic-config-engine/tests/test_minigraph_case.py
@@ -277,6 +277,11 @@ def test_metadata_ntp(self):
         output = self.run_script(argument)
         self.assertEqual(output.strip(), "{'10.0.10.1': {}, '10.0.10.2': {}}")
 
+    def test_metadata_dns_nameserver(self):
+        argument = ['-m', self.sample_graph, '-p', self.port_config, '-v', "DNS_NAMESERVER"]
+        output = self.run_script(argument)
+        self.assertEqual(output.strip(), "{'1.1.1.1': {}, '8.8.8.8': {}}")
+
     def test_minigraph_vnet(self):
         argument = ['-m', self.sample_graph, '-p', self.port_config, '-v', "VNET"]
         output = self.run_script(argument)
diff --git a/src/sonic-config-engine/tests/test_multinpu_cfggen.py b/src/sonic-config-engine/tests/test_multinpu_cfggen.py
index bc4227f85d52..7026dfa84a61 100644
--- a/src/sonic-config-engine/tests/test_multinpu_cfggen.py
+++ b/src/sonic-config-engine/tests/test_multinpu_cfggen.py
@@ -150,6 +150,17 @@ def test_metadata_ntp(self):
             print("Log:asic{} sku {}".format(asic,output))
             self.assertDictEqual(output, {})
 
+    def test_metadata_dns_nameserver(self):
+        argument = ['-m', self.sample_graph, '-p', self.sample_port_config, '--var-json', "DNS_NAMESERVER"]
+        output = json.loads(self.run_script(argument))
+        self.assertDictEqual(output, {'1.1.1.1': {}, '8.8.8.8': {}})
+        #DNS_NAMESERVER data is present only in the host config
+        argument = ['-m', self.sample_graph, '--var-json', "DNS_NAMESERVER"]
+        for asic in range(NUM_ASIC):
+            output = json.loads(self.run_script_for_asic(argument, asic, self.port_config[asic]))
+            print("Log:asic{} sku {}".format(asic,output))
+            self.assertDictEqual(output, {})
+
     def test_mgmt_port(self):
         argument = ['-m', self.sample_graph, '-p', self.sample_port_config, '--var-json', "MGMT_PORT"]
         output = json.loads(self.run_script(argument))