IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Current thread data sharing and function decorator is hard to understand,
Changed the ip monitor output to a temp file and check it after test finished.
For ethernet or veth, `nmcli c down` will not cause link down, hence
`ip_monitor_assert_stable_link_up()` changed to fail if specified
interface is ethernet or veth.
Changed test case `test_change_mtu_with_stable_link_up` to use linux
bridge instead of veth, so it will fails when nmstate is using normal
connection activation instead of reapply.
Changed test case in `static_ip_address_test.py` to use dummy interface
for link stability tests.
Signed-off-by: Gris Ge <fge@redhat.com>
When the NM route's table is undefined, NM will use the value defined in
ipv4/6.route-table, so we need to use that value for the normalization.
When the route's metric is undefined, NM will use the value defined in
ipv4/6.route-metric, so use it too.
If these route-table and route-metric properties are set to "default",
the final used value depends on global config and even on the device
type. We cannot know what value will be used in that case, so fail the
comparison so the routes are removed and added again with table and
metric set.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Nmstate's documentation about static routes' table-id says that if a
value is not defined the main table (254) is used. However, this was not
actually enforced because it the NMConnection defines the
ipv4/6.route-table, then the main table is not used. Even if it's not
defined, NM might use a different table if that is chosen in its global
configs.
Moreover, nmstate sometimes define ipv4/6.route-table, but only for
dynamically obtained routes, if "auto-route-table-id" is defined.
Enforce table=254 for all static routes that doesn't define a
"table-id", ensuring that they are never affected by
"auto-route-table-id".
Enforce metric=1024 for ipv6, as this is the value that will be coherced
by kernel if we set metric=0. This fixes is_route_removed failing
because it expected metric=0 and gets metric=1024.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
In nmstate routes without next-hop are represented with "0.0.0.0" or
"::". This is because we need to differentiate the case "I don't care
about the next-hop for routes matching" (next-hop=None) and "This route
doesn't have next-hop" (next-hop=0.0.0.0).
However, NM doesn't do the same because it doesn't need that
differentiation. If a NM profile contains a direct route, without
next-hop, it will just leave it empty, thus we get next-hop=None.
This causes that comparing an NmIpRoute created from a nmstate route
with an NmIpRoute created from an existing NM profile will fail because
of this difference. Fix it by converting "0.0.0.0" / "::" to None when
creating a NmIpRoute from an nmstate route. This is the right
representation for it at `nm` layer, anyway.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
=== Breaking changes
- N/A
=== New features
- N/A
=== Bug fixes
- nm ovs: Enable connection.autoconnect-ports for OVS port. (4c996abd)
- gc: Fix trunk vlans for ovs port in gen_conf. (614c66dc)
- nm: Preserve current IP setting for multiconnect profile. (23247afb)
Signed-off-by: Gris Ge <fge@redhat.com>
We forgot to enable `connection.autoconnect-ports` for OVS ports in NM
code as the `iface.is_controller()` is false for
`InterfaceType::Other("ovs-port")`
Extend verify count to 10 rounds, as NM takes longer time after enabled
`connection.autoconnect-ports` due to extra reactivations in NM internal.
With this change, we can also skip activation on OVS interface and OVS
port as OVS bridge will activate its subordinates.
Fixed and added integration test case.
Signed-off-by: Gris Ge <fge@redhat.com>
Add alternative baseurl repos as We see some issues lately with
mirrorlink based repos. This should workaround it together with
skip_if_unavailable=True. If all repos are OK, this is doing
nothing. These were added for c9s but we need those for c10s, too.
Signed-off-by: Vladimír Beneš <vbenes@redhat.com>
The `nmstatectl gc` will fail on OVS trunk VLAN state like:
```yml
---
interfaces:
- name: br0
type: ovs-bridge
state: up
bridge:
port:
- name: eth1
vlan:
mode: trunk
trunk-tags:
- id: 500
```
Integration test case included.
Signed-off-by: Koen de Laat <koen.de.laat@philips.com>
Given a interface is activated by a NM profile of multiconnect,
When applying empty state for this interface,
Then this interface will get IPv4 and IPv6 disabled.
This is because current nmstate code treat multiconnect or NM connection
without interface name as not matched, hence `exist_nm_conn` is set to
None which lead to nmstate discarding current IP settings.
Cloning multiconnect profiles could have risk when NM added more
properties impacting activation but nmstate not aware.
Hence we create NM connection from scratch in this case by only
preserving IP settings from multiconnect. Other non-ip settings applied
by multiconnect profile will be discard if not mentioned in desired
state.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-61890
Signed-off-by: Gris Ge <fge@redhat.com>
The valgrind will report possible leak when tokio is compiled by
rust nightly `rustc 1.83.0-nightly (9096f4faf 2024-10-05)`:
https://github.com/tokio-rs/tokio/issues/6889
The nmstate team has no knowledge base to debug memory leak in rust
nightly, hence we only run memory leak check on rust stable channel.
Signed-off-by: Gris Ge <fge@redhat.com>
Since we are depending on IP VLAN support of nispor, we should place
minimum version 1.2.21 in our Cargo.toml for nispor.
Signed-off-by: Gris Ge <fge@redhat.com>
As of latest upload github action by default is not uploading hidden
files [1]. This change configures the flag to do so, so the .states are
uploades.
[1] https://github.com/actions/upload-artifact/releases/tag/v4.4.0
Signed-off-by: Enrique Llorente <ellorent@redhat.com>
=== Breaking changes
- N/A
=== New features
- IPVLAN interface support. (50c267c9)
=== Bug fixes
- mac identifier: Fix error when attaching mac-based iface to bond. (0ebf1078)
- packaging: Generate vendor tarbal for Rust 1.66 also. (2ef57297)
- async: Use tokio::time::sleep in stead of std:🧵:sleep. (b6e7adec)
- policy: Sort the capture base on dependent relationship. (71ea2399)
- nm: Handle `ipv6.method: ignore`. (3456e97b)
- nm: Fix profile name changing. (a44f555a)
- nm route rule: Only search desired interface for storing route rule. (36af0f85)
- policy: Fix capture full state with simple line. (58389eee)
- policy: Fix error when capture is mentioned in the right. (245fcb16)
Signed-off-by: Gris Ge <fge@redhat.com>
When applying state like:
```yml
interfaces:
- name: port1
type: ethernet
state: up
identifier: mac-address
mac-address: 00:23:45:67:89:1a
- name: port2
type: ethernet
state: up
identifier: mac-address
mac-address: 00:23:45:67:89:1b
- name: bond0
type: bond
state: up
link-aggregation:
mode: balance-rr
port:
- eth1
- eth2
```
Nmstate will complains about verification error on MAC address of eth2
because eth2 MAC address changed when attaching to bond0.
The fix is use in-config MAC address when identifier set to mac-address.
Integration test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
The `RELEASE=1 make release` will generate rust vendor tarball for Rust
1.66 also now using:
* mio 0.8.9 (because mio 1.0.2 need new version of rust)
* tokio 1.38.1 (last version of tokio using mio 0.8)
* tokio-macros 2.3.0 (required by tokio 1.38.1)
The `packaging/download_rust_crate.py` is used by `make` command to
download specific crate and generate hash like `cargo vendor` did.
Signed-off-by: Gris Ge <fge@redhat.com>
The `std:🧵:sleep()` is blocking the thread which prevent the
handling of `Control+C` signal in CLI.
Changing to async sleep `tokio::time::sleep()` will fix it.
We still have blocking sleep `nm_dbus` code, cannot change it yet as we
are using the blocking method of DBUS, need to migrate from zbus 1.x to
2.x+ for async support there.
It is hard to have auto test case evaluation `Control+C` got instant
feedback or not. Hence no test case, manually tested.
Signed-off-by: Gris Ge <fge@redhat.com>
When child capture been placed before parent capture, nmstate will
complain about capture not found. Like this YAML:
```yml
child: interfaces.name==capture.child.routes.running.0.next-hop-interface
parent: routes.running.next-hop-interface=="eth1"
```
This patch will sort above YAML by placing capture after its parent capture
like:
```yml
parent: routes.running.next-hop-interface=="eth1"
child: interfaces.name==capture.child.routes.running.0.next-hop-interface
```
Implementation detail:
* Each run of `set_capture_priority()`,
`NetworkCaptureCommand::capture_priority` will be set to its parent's
`capture_priority`. For standalone, set to 1. For parent not holding
`capture_priority`, do nothing and wait next round by return
false(indicate not finished).
* Nmstate will run the `set_capture_priority()` up to 10 times allowing
10 captures in any order.
Changed example policy `bridge-on-default-gw-no-dhcp` to unsorted
captures, the unit test case `test_policy_examples` will use it to test
this patch.
Signed-off-by: Gris Ge <fge@redhat.com>
Add alternative baseurl repos as We see some issues lately with
mirrorlink based repos. This should workaround it together with
skip_if_unavailable=True. If all repos are OK, this is doing
nothing.
Signed-off-by: Vladimír Beneš <vbenes@redhat.com>
With NetworkManager holding `ipv6.method: ignore`, we should trust
nispor on querying the correct ipv6 status.
Current code is blindly treat it as ipv6.enabled, this fix is only use
nispor information for ipv6 status if NetworkManager found
`ipv6.method: ignore`
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-58406
Signed-off-by: Gris Ge <fge@redhat.com>
Previously, nmstate can not change profile name on existing connection.
This patch will update the profile name when `interface.profile-name`
been desired explicitly.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-59239
Signed-off-by: Gris Ge <fge@redhat.com>
When finding interface to store the route rule, we should only desired
interfaces (use loopback as fallback), so we do not touch unmentioned
interfaces which might lead to unexpected behaviour.
Integration test case included.
Unit test case updated for this change.
Resolves: https://issues.redhat.com/browse/RHEL-59965
Signed-off-by: Gris Ge <fge@redhat.com>
For capture like `default-gw: override me with the cache`, nmstate
should store the full state to `default-gw`.
Example file created and will be used for unit tests.
Signed-off-by: Gris Ge <fge@redhat.com>
For capture like:
des_r: routes.running.next-hop-interface == capture.foo.interfaces.0.name
Incorrectly use current state to resolve capture data in the right part.
Unit test case included as the example file will be tested by
`test_policy_examples` test case.
Signed-off-by: Gris Ge <fge@redhat.com>
=== Breaking changes
- N/A
=== New features
- ipsec: support require-id-on-certificate. (90a56cc0)
- route: Add support for route source. (d4487de1)
- gen_conf: Support special route type. (2207c40b)
=== Bug fixes
- mptcp: Treat none as empty MPTCP flags in current state when verifying. (755333cb)
- nm dns: Re-evaluate DNS settings if desired even not changed. (9fe7836c)
- vrf: Skip serializing if port is undefined. (fa013cc3)
Signed-off-by: Gris Ge <fge@redhat.com>
The github CI has changed the Ubuntu kernel to 6.8.0-1013-azure which is
using 1000 for `CONFIG_HZ`, the test
`test_linux_bridge_option_integer_rounded_on_ubuntu_kernel` will never
raise expected error on 1000HZ kernel.
Considering we can never test it in CI, removing this test case.
Signed-off-by: Gris Ge <fge@redhat.com>
The `assert(state[0] == '{');` should only been checked when
`NMSTATE_PASS`.
For CI environment, when MPTCP enabled, the
`nmstate_net_state_retrieve()` will fail due to permission deny on MPTCP
querying.
The workaround is disable MPTCP in CI system, and will remove this
workaround once https://github.com/nispor/nispor/pull/276 shipped.
Signed-off-by: Gris Ge <fge@redhat.com>
Due to MPTCP bug, `nmstatectl show` will need NET_ADMIN permission
when MPTCP is enabled. This fails our unit test on running code in
document.
Considering unit test should not access real host network, this patch is
disabling the `cargo test` for document code.
Signed-off-by: Gris Ge <fge@redhat.com>
When applying state with empty MPTCP address flags with auto IP, we got
error like:
VerificationError: Verification failure:
eth1.interface.mptcp.address-flags desire '[]', current 'null'
The root cause is current state during verify stage has mptcp section as
None when no IP address found, we should treat None mptcp as empty for
verification stage.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-38607
Signed-off-by: Gris Ge <fge@redhat.com>
If executed command returns non-zero exitcode with `check=True`, exception
raised by subprocess is not showing stdout/stderr, just returncode, which
is not enough for debug. Raise Exception which prints stdout and stderr
of the executed process.
Signed-off-by: Filip Pokryvka <fpokryvk@redhat.com>
In a scenario where you have a machine with multiple public IP
addresses, typically due to a multi-WAN setup, the src parameter in the
context of routes allows you to specify which source IP address should
be used when sending packets via a specific route. This is crucial when
you want to ensure that outbound traffic uses a specific IP address tied
to a particular network interface, especially when dealing with multiple
WAN connections.
Adding support for the src parameter in routes results in a more
powerful and flexible network configuration capability, especially
important in environments with multiple network interfaces or multiple
IP addresses, it provides better control over traffic routing.
The following is the example for specifying the route src in Nmstate:
```
---
interfaces:
- name: eth1
type: ethernet
state: up
ipv4:
address:
- ip: 192.0.2.251
prefix-length: 24
- ip: 192.0.2.252
prefix-length: 24
dhcp: false
enabled: true
routes:
config:
- destination: 198.51.100.0/24
source: 192.0.2.251
next-hop-address: 192.0.2.1
next-hop-interface: eth1
table-id: 254
metric: 150
```
Resolves: https://issues.redhat.com/browse/RHEL-56258
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In the static ip address test, apply the desired state with description,
so that automatically generated state examples can be used for
nmstate-yamlsmith model training.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When user want to change from global DNS to interface DNS by explicitly
define static IP and static DNS, it only works if DNS config actual
changed. Because nmstate only re-evaluate the DNS config if that is
actually changed.
This patch will do re-evaluate if DNS config is desired.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-56557
Signed-off-by: Gris Ge <fge@redhat.com>
