IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Current thread data sharing and function decorator is hard to understand,
Changed the ip monitor output to a temp file and check it after test finished.
For ethernet or veth, `nmcli c down` will not cause link down, hence
`ip_monitor_assert_stable_link_up()` changed to fail if specified
interface is ethernet or veth.
Changed test case `test_change_mtu_with_stable_link_up` to use linux
bridge instead of veth, so it will fails when nmstate is using normal
connection activation instead of reapply.
Changed test case in `static_ip_address_test.py` to use dummy interface
for link stability tests.
Signed-off-by: Gris Ge <fge@redhat.com>
When the NM route's table is undefined, NM will use the value defined in
ipv4/6.route-table, so we need to use that value for the normalization.
When the route's metric is undefined, NM will use the value defined in
ipv4/6.route-metric, so use it too.
If these route-table and route-metric properties are set to "default",
the final used value depends on global config and even on the device
type. We cannot know what value will be used in that case, so fail the
comparison so the routes are removed and added again with table and
metric set.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Nmstate's documentation about static routes' table-id says that if a
value is not defined the main table (254) is used. However, this was not
actually enforced because it the NMConnection defines the
ipv4/6.route-table, then the main table is not used. Even if it's not
defined, NM might use a different table if that is chosen in its global
configs.
Moreover, nmstate sometimes define ipv4/6.route-table, but only for
dynamically obtained routes, if "auto-route-table-id" is defined.
Enforce table=254 for all static routes that doesn't define a
"table-id", ensuring that they are never affected by
"auto-route-table-id".
Enforce metric=1024 for ipv6, as this is the value that will be coherced
by kernel if we set metric=0. This fixes is_route_removed failing
because it expected metric=0 and gets metric=1024.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
In nmstate routes without next-hop are represented with "0.0.0.0" or
"::". This is because we need to differentiate the case "I don't care
about the next-hop for routes matching" (next-hop=None) and "This route
doesn't have next-hop" (next-hop=0.0.0.0).
However, NM doesn't do the same because it doesn't need that
differentiation. If a NM profile contains a direct route, without
next-hop, it will just leave it empty, thus we get next-hop=None.
This causes that comparing an NmIpRoute created from a nmstate route
with an NmIpRoute created from an existing NM profile will fail because
of this difference. Fix it by converting "0.0.0.0" / "::" to None when
creating a NmIpRoute from an nmstate route. This is the right
representation for it at `nm` layer, anyway.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
We forgot to enable `connection.autoconnect-ports` for OVS ports in NM
code as the `iface.is_controller()` is false for
`InterfaceType::Other("ovs-port")`
Extend verify count to 10 rounds, as NM takes longer time after enabled
`connection.autoconnect-ports` due to extra reactivations in NM internal.
With this change, we can also skip activation on OVS interface and OVS
port as OVS bridge will activate its subordinates.
Fixed and added integration test case.
Signed-off-by: Gris Ge <fge@redhat.com>
The `nmstatectl gc` will fail on OVS trunk VLAN state like:
```yml
---
interfaces:
- name: br0
type: ovs-bridge
state: up
bridge:
port:
- name: eth1
vlan:
mode: trunk
trunk-tags:
- id: 500
```
Integration test case included.
Signed-off-by: Koen de Laat <koen.de.laat@philips.com>
Given a interface is activated by a NM profile of multiconnect,
When applying empty state for this interface,
Then this interface will get IPv4 and IPv6 disabled.
This is because current nmstate code treat multiconnect or NM connection
without interface name as not matched, hence `exist_nm_conn` is set to
None which lead to nmstate discarding current IP settings.
Cloning multiconnect profiles could have risk when NM added more
properties impacting activation but nmstate not aware.
Hence we create NM connection from scratch in this case by only
preserving IP settings from multiconnect. Other non-ip settings applied
by multiconnect profile will be discard if not mentioned in desired
state.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-61890
Signed-off-by: Gris Ge <fge@redhat.com>
When applying state like:
```yml
interfaces:
- name: port1
type: ethernet
state: up
identifier: mac-address
mac-address: 00:23:45:67:89:1a
- name: port2
type: ethernet
state: up
identifier: mac-address
mac-address: 00:23:45:67:89:1b
- name: bond0
type: bond
state: up
link-aggregation:
mode: balance-rr
port:
- eth1
- eth2
```
Nmstate will complains about verification error on MAC address of eth2
because eth2 MAC address changed when attaching to bond0.
The fix is use in-config MAC address when identifier set to mac-address.
Integration test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
With NetworkManager holding `ipv6.method: ignore`, we should trust
nispor on querying the correct ipv6 status.
Current code is blindly treat it as ipv6.enabled, this fix is only use
nispor information for ipv6 status if NetworkManager found
`ipv6.method: ignore`
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-58406
Signed-off-by: Gris Ge <fge@redhat.com>
Previously, nmstate can not change profile name on existing connection.
This patch will update the profile name when `interface.profile-name`
been desired explicitly.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-59239
Signed-off-by: Gris Ge <fge@redhat.com>
When finding interface to store the route rule, we should only desired
interfaces (use loopback as fallback), so we do not touch unmentioned
interfaces which might lead to unexpected behaviour.
Integration test case included.
Unit test case updated for this change.
Resolves: https://issues.redhat.com/browse/RHEL-59965
Signed-off-by: Gris Ge <fge@redhat.com>
The github CI has changed the Ubuntu kernel to 6.8.0-1013-azure which is
using 1000 for `CONFIG_HZ`, the test
`test_linux_bridge_option_integer_rounded_on_ubuntu_kernel` will never
raise expected error on 1000HZ kernel.
Considering we can never test it in CI, removing this test case.
Signed-off-by: Gris Ge <fge@redhat.com>
When applying state with empty MPTCP address flags with auto IP, we got
error like:
VerificationError: Verification failure:
eth1.interface.mptcp.address-flags desire '[]', current 'null'
The root cause is current state during verify stage has mptcp section as
None when no IP address found, we should treat None mptcp as empty for
verification stage.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-38607
Signed-off-by: Gris Ge <fge@redhat.com>
If executed command returns non-zero exitcode with `check=True`, exception
raised by subprocess is not showing stdout/stderr, just returncode, which
is not enough for debug. Raise Exception which prints stdout and stderr
of the executed process.
Signed-off-by: Filip Pokryvka <fpokryvk@redhat.com>
In a scenario where you have a machine with multiple public IP
addresses, typically due to a multi-WAN setup, the src parameter in the
context of routes allows you to specify which source IP address should
be used when sending packets via a specific route. This is crucial when
you want to ensure that outbound traffic uses a specific IP address tied
to a particular network interface, especially when dealing with multiple
WAN connections.
Adding support for the src parameter in routes results in a more
powerful and flexible network configuration capability, especially
important in environments with multiple network interfaces or multiple
IP addresses, it provides better control over traffic routing.
The following is the example for specifying the route src in Nmstate:
```
---
interfaces:
- name: eth1
type: ethernet
state: up
ipv4:
address:
- ip: 192.0.2.251
prefix-length: 24
- ip: 192.0.2.252
prefix-length: 24
dhcp: false
enabled: true
routes:
config:
- destination: 198.51.100.0/24
source: 192.0.2.251
next-hop-address: 192.0.2.1
next-hop-interface: eth1
table-id: 254
metric: 150
```
Resolves: https://issues.redhat.com/browse/RHEL-56258
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In the static ip address test, apply the desired state with description,
so that automatically generated state examples can be used for
nmstate-yamlsmith model training.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When user want to change from global DNS to interface DNS by explicitly
define static IP and static DNS, it only works if DNS config actual
changed. Because nmstate only re-evaluate the DNS config if that is
actually changed.
This patch will do re-evaluate if DNS config is desired.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-56557
Signed-off-by: Gris Ge <fge@redhat.com>
Currently the `gen_conf` will discard routes with special
types(blackhole, unreachable, prohibit).
The root cause: `gen_conf` is taking empty network state as current
state lacking loopback interface `lo`, hence routes stored to that
interface will be ignored when generating NetworkManager connection
file.
Fixed by passing default loopback interface as current interface.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-56727
Signed-off-by: Gris Ge <fge@redhat.com>
In the vrf integration tests, apply the desired state with description,
so that automatically generated state examples can be used for
nmstate-yamlsmith model training.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
`test_create_with_empty_ports` also applies the vrf route table ID 100
in the desired state, if we do not clean up the vrf interface properly,
the diff state in the following up test `test_add_and_remove_port` will
not contain the vrf route table ID 100.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When creating OVS port for OVS system interface, nmstate use the same name
for both OVS system interface connection and OVS port connection,
the `org.freedesktop.NetworkManager.GetDeviceByIpIface` will return
unexpected `NmDevice` when we try to do `device-reapply` call.
To fix this issue, all `NmApi::connection_reapply()` call should search
all existing `NmDevice` by both interface name and type.
To achieve that this patch unified the NmDevice.iface_type (integer) with
NmConnectionSetting.iface_type (string) into `enum NmifaceType`.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-50556
Signed-off-by: Gris Ge <fge@redhat.com>
The nmconnection output writes lldp=false instead of using an int32
value - this causes the NetworkManager ignoring this setting.
Fixes https://github.com/nmstate/nmstate/issues/2743
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
In the veth, vlan, vxlan integration tests, apply the desired state with
description, so that automatically generated state examples can be
used for nmstate-yamlsmith model training.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
It is not possible to run integration tests if NetworkManager-libreswan
rpm is not installed. Pytest fails during the collection stage,
preventing from running even tests not related to Libreswan.
Fix it.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
When applying the identical YAML with OVS again, nmstate got failure
when device reapply:
Reapply operation failed on ovs-interface ovs0
93f1914e-67ea-4f91-a228-7ae384d285b3, reason:
IncompatibleReapply:Can't reapply any changes to 'ovs-interface'
setting, retry on normal activation
The root cause is OVS port and OVS interface are using the same
`connection.interface-name`, but `NmApi::connection_reapply` only search
device using interface name, which lead to nmstate asking reapply
on the wrong NmDevice.
To fix the problem, for OVS connections, we search full list of
NmDevice by matching both interface name and type.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-50556
Signed-off-by: Gris Ge <fge@redhat.com>
The python3-gobject-base is too big for test container.
Change the test code to use rpm instead to query NetworkManager version.
Signed-off-by: Gris Ge <fge@redhat.com>
In CentOS stream 10, nispor CLI is removed, hence we replace the use of
`npc` command to `ip` command in test cases.
Signed-off-by: Gris Ge <fge@redhat.com>
Using `disable_sriov` fixture to clean up upon finish of test case
`test_drivers_autoprobe_false` and
`test_drivers_autoprobe_restore_default`.
Signed-off-by: Gris Ge <fge@redhat.com>
NetworkManager already supports setting sriov_drivers_autoprobe, add it
in the nmstate schema.
Add integration test to ensure that it works as expected.
Signed-off-by: Robin Jarry <rjarry@redhat.com>
Will read and write directly from/to /etc/resolv.conf when querying and
applying.
Integration test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
Support add and remove static routes in kernel mode, these are not
supported yet:
* route table ID bigger than 255
* route weight
* route type
* route cwnd(congestion window)
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-37665
Signed-off-by: Gris Ge <fge@redhat.com>
When desired state holds empty nameserver and empty searches, with
current state holding empty DNS options, we should treat desire state as
purging all static DNS config.
The fix is move `is_purge()` function to `MergedDnsState`, so we can
determine whether we are purging DNS after merged desire state and
current state.
Both unit test cases and integration test case are included.
Signed-off-by: Gris Ge <fge@redhat.com>
When the last port of the controller is absent, the port list of the
controller becomes empty, in the situaiton of applying the controller
and port settings again, before generating the port config, we should
only validate if interface is in the desired port list of controller.
Resolves: https://issues.redhat.com/browse/RHEL-31977
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Instead of checking micro version, we should convert version to a
integer to compare using this formula:
10000 * major_version + 100 * minor_version + micro_version
Introduced `nm_libreswan_version_int()` and `version_str_to_int()` for
this and fixed all version check in ipsec test.
Signed-off-by: Gris Ge <fge@redhat.com>
With NetworkManager-libreswan 1.2.22+, IPv6 libreswan ipsec tunnel is
supported.
Integration test cases included.
Resolves: https://issues.redhat.com/browse/RHEL-32279
Signed-off-by: Gris Ge <fge@redhat.com>
Introducing `description` as top level key of YAML/JSON API holding a
String. For example:
```yml
description: Abc
```
Currently, this property will be ignored when applying or querying, no
backend will persist this property. It is designed for user to store
description for the whole YAML only for now.
By using `testlib.apply.apply_with_description()`, we could store:
`test_description: <string>` into `.descriptions`. The
`pytest ----dump-ai-train-yaml` will store the YAML file into `.states`
folder for training AI.
The `--dump-ai-train-yaml` will only store YAML files with top level
description and the output will only contains the difference between
desired state and current state.
Signed-off-by: Gris Ge <fge@redhat.com>
For C binding, introduced `nmstate_net_state_format()` to tidy up the
input network state string in YAML/JSON format.
For Python binding, wrapping C binding `nmstate_net_state_format()` into
`PrettyState` class.
Also removed the deprecation warning of `PrettyState`, it is full
support now.
Unit test for C lib added focusing on testing the memory leakage.
Integration test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
Moved the ipsec test environment setup code to `testlib/ipsec.py` which
provides python class `IpsecTestEnv` with context supported.
Since the `rsa_signatures` is generated at runtime, you can only access
it via `IpsecTestEnv().rsa_signatures` now.
Example code on using it
```python
with IpsecTestEnv() as env:
print(env.rsa_signatures)
```
Signed-off-by: Gris Ge <fge@redhat.com>
When `reorder-headers` is not mentioned in desire state, we should
set it to true to be consistent with default behavior of kernel and
NetworkManager.
Integration test cases included.
Resolves: https://issues.redhat.com/browse/RHEL-33362
Signed-off-by: Gris Ge <fge@redhat.com>
