Support the DNS priority

liangwen12year · richm · commit 3d10af067a22 · 2022-11-01T11:55:11.000-06:00
The users want to configure the priority of DNS servers, add support for that. Fixes #505. Signed-off-by: Wen Liang <liangwen12year@gmail.com>
diff --git a/README.md b/README.md
@@ -514,6 +514,15 @@ The IP configuration supports the following options:
     When using a caching DNS plugin (dnsmasq or systemd-resolved in NetworkManager.conf)
     then "edns0" and "trust-ad" are automatically added.
 
+- `dns_priority`
+
+    DNS servers priority. The relative priority for DNS servers specified by this
+    setting. The default value is 0, a lower numerical value has higher priority.
+    The valid value of `dns_priority` ranges from -2147483648 to 2147483647. Negative
+    values have the special effect of excluding other configurations with a greater
+    numerical priority value; so in presence of at least one negative priority, only
+    DNS servers from connections with the lowest priority value will be used.
+
 - `gateway4` and `gateway6`
 
     The default gateway for IPv4 (`gateway4`) or IPv6 (`gateway6`) packets.
diff --git a/examples/eth_dns_support.yml b/examples/eth_dns_support.yml
@@ -9,6 +9,7 @@
           route_metric4: 100
           dhcp4: no
           gateway4: 192.0.2.1
+          dns_priority: 9999
           dns:
             - 192.0.2.2
             - 198.51.100.5
diff --git a/library/network_connections.py b/library/network_connections.py
@@ -1092,6 +1092,10 @@ def connection_create(self, connections, idx, connection_current=None):
             s_ip4.clear_dns_options(False)
             for option in ip["dns_options"]:
                 s_ip4.add_dns_option(option)
+            if ip["dns_priority"] is not None:
+                s_ip4.set_property(
+                    NM.SETTING_IP_CONFIG_DNS_PRIORITY, ip["dns_priority"]
+                )
 
             is_ipv6_configured = False
             if ip["ipv6_disabled"]:
@@ -1144,6 +1148,10 @@ def connection_create(self, connections, idx, connection_current=None):
             s_ip6.clear_dns_options(False)
             for option in ip["dns_options"]:
                 s_ip6.add_dns_option(option)
+            if ip["dns_priority"] is not None:
+                s_ip6.set_property(
+                    NM.SETTING_IP_CONFIG_DNS_PRIORITY, ip["dns_priority"]
+                )
 
             if ip["route_append_only"] and connection_current:
                 for r in self.setting_ip_config_get_routes(
diff --git a/module_utils/network_lsr/argument_validator.py b/module_utils/network_lsr/argument_validator.py
@@ -887,6 +887,12 @@ def __init__(self):
                     ),
                     default_value=list,
                 ),
+                ArgValidatorNum(
+                    "dns_priority",
+                    val_min=-2147483648,
+                    val_max=2147483647,
+                    default_value=0,
+                ),
                 ArgValidatorList(
                     "routing_rule",
                     nested=ArgValidatorIPRoutingRule("routing_rule[?]"),
@@ -911,6 +917,7 @@ def __init__(self):
                 "dns": [],
                 "dns_search": [],
                 "dns_options": [],
+                "dns_priority": 0,
             },
         )
 
@@ -2470,19 +2477,23 @@ def _ipv6_is_not_configured(connection):
                     "IPv6 needs to be enabled to support IPv6 nameservers.",
                 )
         # when IPv4 and IPv6 are disabled, setting ip.dns_options or
-        # ip.dns_search is not allowed
-        if connection["ip"]["dns_search"] or connection["ip"]["dns_options"]:
+        # ip.dns_search or ip.dns_priority is not allowed
+        if (
+            connection["ip"]["dns_search"]
+            or connection["ip"]["dns_options"]
+            or connection["ip"]["dns_priority"]
+        ):
             if not _ipv4_enabled(connection) and connection["ip"]["ipv6_disabled"]:
                 raise ValidationError.from_connection(
                     idx,
-                    "Setting 'dns_search' or 'dns_options' is not allowed when "
-                    "both IPv4 and IPv6 are disabled.",
+                    "Setting 'dns_search', 'dns_options' and 'dns_priority' are not "
+                    "allowed when both IPv4 and IPv6 are disabled.",
                 )
             elif not _ipv4_enabled(connection) and _ipv6_is_not_configured(connection):
                 raise ValidationError.from_connection(
                     idx,
-                    "Setting 'dns_search' or 'dns_options' is not allowed when "
-                    "IPv4 is disabled and IPv6 is not configured.",
+                    "Setting 'dns_search', 'dns_options' and 'dns_priority' are not "
+                    "allowed when IPv4 is disabled and IPv6 is not configured.",
                 )
         # DNS options 'inet6', 'ip6-bytestring', 'ip6-dotint', 'no-ip6-dotint' are only
         # supported for IPv6 configuration, so raise errors when IPv6 is disabled
diff --git a/tests/playbooks/tests_eth_dns_support.yml b/tests/playbooks/tests_eth_dns_support.yml
@@ -34,6 +34,7 @@
               route_metric4: 100
               dhcp4: no
               gateway4: 192.0.2.1
+              dns_priority: 9999
               dns:
                 - 192.0.2.2
                 - 198.51.100.5
@@ -108,6 +109,13 @@
           - "'timeout:1' in ipv6_dns.stdout"
         msg: "DNS options are configured incorrectly"
 
+    - name: "Assert that DNS priority is configured correctly"
+      assert:
+        that:
+          - "'9999' in ipv4_dns.stdout"
+          - "'9999' in ipv6_dns.stdout"
+        msg: "DNS priority is configured incorrectly"
+
 - import_playbook: down_profile+delete_interface.yml
   vars:
     profile: "{{ interface }}"
diff --git a/tests/playbooks/tests_ipv6_dns_search.yml b/tests/playbooks/tests_ipv6_dns_search.yml
@@ -138,11 +138,11 @@
           assert:
             that:
               - __network_connections_result.stderr is search("Setting
-                'dns_search' or 'dns_options' is not allowed when both IPv4 and
-                IPv6 are disabled.")
+                'dns_search', 'dns_options' and 'dns_priority' are not allowed
+                when both IPv4 and IPv6 are disabled.")
             msg: Reconfiguring network connection is not failed with the error
-              "Setting 'dns_search' or 'dns_options' is not allowed when both
-              IPv4 and IPv6 are disabled."
+              "Setting 'dns_search', 'dns_options', and 'dns_priority' are not
+              allowed when both IPv4 and IPv6 are disabled."
           when: ansible_distribution_major_version | int > 7
 
       always:
diff --git a/tests/unit/test_network_connections.py b/tests/unit/test_network_connections.py
