IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Current thread data sharing and function decorator is hard to understand,
Changed the ip monitor output to a temp file and check it after test finished.
For ethernet or veth, `nmcli c down` will not cause link down, hence
`ip_monitor_assert_stable_link_up()` changed to fail if specified
interface is ethernet or veth.
Changed test case `test_change_mtu_with_stable_link_up` to use linux
bridge instead of veth, so it will fails when nmstate is using normal
connection activation instead of reapply.
Changed test case in `static_ip_address_test.py` to use dummy interface
for link stability tests.
Signed-off-by: Gris Ge <fge@redhat.com>
In nmstate routes without next-hop are represented with "0.0.0.0" or
"::". This is because we need to differentiate the case "I don't care
about the next-hop for routes matching" (next-hop=None) and "This route
doesn't have next-hop" (next-hop=0.0.0.0).
However, NM doesn't do the same because it doesn't need that
differentiation. If a NM profile contains a direct route, without
next-hop, it will just leave it empty, thus we get next-hop=None.
This causes that comparing an NmIpRoute created from a nmstate route
with an NmIpRoute created from an existing NM profile will fail because
of this difference. Fix it by converting "0.0.0.0" / "::" to None when
creating a NmIpRoute from an nmstate route. This is the right
representation for it at `nm` layer, anyway.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
The github CI has changed the Ubuntu kernel to 6.8.0-1013-azure which is
using 1000 for `CONFIG_HZ`, the test
`test_linux_bridge_option_integer_rounded_on_ubuntu_kernel` will never
raise expected error on 1000HZ kernel.
Considering we can never test it in CI, removing this test case.
Signed-off-by: Gris Ge <fge@redhat.com>
If executed command returns non-zero exitcode with `check=True`, exception
raised by subprocess is not showing stdout/stderr, just returncode, which
is not enough for debug. Raise Exception which prints stdout and stderr
of the executed process.
Signed-off-by: Filip Pokryvka <fpokryvk@redhat.com>
Currently the `gen_conf` will discard routes with special
types(blackhole, unreachable, prohibit).
The root cause: `gen_conf` is taking empty network state as current
state lacking loopback interface `lo`, hence routes stored to that
interface will be ignored when generating NetworkManager connection
file.
Fixed by passing default loopback interface as current interface.
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-56727
Signed-off-by: Gris Ge <fge@redhat.com>
It is not possible to run integration tests if NetworkManager-libreswan
rpm is not installed. Pytest fails during the collection stage,
preventing from running even tests not related to Libreswan.
Fix it.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
The python3-gobject-base is too big for test container.
Change the test code to use rpm instead to query NetworkManager version.
Signed-off-by: Gris Ge <fge@redhat.com>
Support add and remove static routes in kernel mode, these are not
supported yet:
* route table ID bigger than 255
* route weight
* route type
* route cwnd(congestion window)
Integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-37665
Signed-off-by: Gris Ge <fge@redhat.com>
Instead of checking micro version, we should convert version to a
integer to compare using this formula:
10000 * major_version + 100 * minor_version + micro_version
Introduced `nm_libreswan_version_int()` and `version_str_to_int()` for
this and fixed all version check in ipsec test.
Signed-off-by: Gris Ge <fge@redhat.com>
With NetworkManager-libreswan 1.2.22+, IPv6 libreswan ipsec tunnel is
supported.
Integration test cases included.
Resolves: https://issues.redhat.com/browse/RHEL-32279
Signed-off-by: Gris Ge <fge@redhat.com>
Introducing `description` as top level key of YAML/JSON API holding a
String. For example:
```yml
description: Abc
```
Currently, this property will be ignored when applying or querying, no
backend will persist this property. It is designed for user to store
description for the whole YAML only for now.
By using `testlib.apply.apply_with_description()`, we could store:
`test_description: <string>` into `.descriptions`. The
`pytest ----dump-ai-train-yaml` will store the YAML file into `.states`
folder for training AI.
The `--dump-ai-train-yaml` will only store YAML files with top level
description and the output will only contains the difference between
desired state and current state.
Signed-off-by: Gris Ge <fge@redhat.com>
Moved the ipsec test environment setup code to `testlib/ipsec.py` which
provides python class `IpsecTestEnv` with context supported.
Since the `rsa_signatures` is generated at runtime, you can only access
it via `IpsecTestEnv().rsa_signatures` now.
Example code on using it
```python
with IpsecTestEnv() as env:
print(env.rsa_signatures)
```
Signed-off-by: Gris Ge <fge@redhat.com>
Nmstate uses the value '0' to indicate the default table ID, but the
kernel uses 254. Because of that, in assert_routes we must modify one of
the routes to compare them.
However, what we were doing was: if the desired route has table_id ==
default, then set the kernel route's table_id to default. This is wrong
because a desired route with table_id==default mustn't match with a
kernel route with table_id=123, for example.
Fix it by normalizing all routes to be compared to use the kernel's
default if and only if they were set to use the default table_id.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
New helper function assert_routes_missing, refactoring testlib/route.py
at the same time to avoid duplications.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
The `nmcli c delete dummy1` in previous tests does not guarantee
the interface been deleted upon the command return, hence we might
got interface exist error if we do `ip link add dummy1 type dummy`
in `test_convert_unmanged_interface_to_managed`.
To fix it, just delete the test interface before create it.
Signed-off-by: Gris Ge <fge@redhat.com>
When users have BGP routing setups, it is common practice to blackhole
some less-specific routes in order to avoid routing loops, and the BGP
router might insert a more specific route dynamically afterwards.
Examples:
```
interfaces:
- name: eth1
type: ethernet
state: up
ipv4:
address:
- ip: 192.0.2.251
prefix-length: 24
dhcp: false
enabled: true
routes:
config:
- destination: 198.51.100.0/24
metric: 150
next-hop-address: 192.0.2.1
next-hop-interface: eth1
table-id: 254
- destination: 198.51.200.0/24
route-type: blackhole
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
With enough user complains, we would like to adding old property `slaves` back
to bond, linux bridge and ovs bridge as alias of `port`/`ports`.
A warning message will be emitted when this deprecated property been
used in YAML/JSON desire state.
Considering we never expose this property via Rust API, hence no need to
mark this internal property as deprecated in Rust API.
Unit and integration test case included.
Manually confirmed warning message will show when used, it is waste of
time to write test case to assert warning message in this case.
Signed-off-by: Gris Ge <fge@redhat.com>
For test `test_create_ovs_with_internal_ports_in_reverse_order` which
check absent of interface right after the `state: absent` applied,
if we use `verify_change=False`, nmstate will not wait till interface
gone.
This patch removed all `verify_change=False` for absent action.
Signed-off-by: Gris Ge <fge@redhat.com>
Previously we were using run-tests.sh to setup the eth1 and eth2,
after moving this into pytest fixture, the `pytest` could works out of
box.
Signed-off-by: Gris Ge <fge@redhat.com>
Introducing `allow-extra-patch-ports` to OVS bridge section which will
allows extra OVS patch port found when applying or verifying. For
example:
```yml
- name: br0
type: ovs-bridge
state: up
bridge:
allow-extra-patch-ports: true
port:
- name: eth1
```
This YAML will not remove existing patch port of `br0` when applying,
and also ignore extra OVS patch found during verification.
This property will not be persisted, every time you modify
ports of specified OVS bridge, you need to explicitly define this
property if not using default value.
Unit test cases and integration test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
Nmstate is using `routes` instead of `gateway` for storing gateway.
When a NM connection has IP config change without route changes, the
gateway stored in `gateway` property will lose.
To fix that, we do not reset `gateway` property unless IP been disabled
or has route changes.
Integration test case included.
Reference: https://bugzilla.redhat.com/show_bug.cgi?id=2212741
Signed-off-by: Gris Ge <fge@redhat.com>
Add test case to simulate the import use case in
https://bugzilla.redhat.com/show_bug.cgi?id=2207690
The IP on VLAN of bond should be assigned back when bond port link
revived.
Signed-off-by: Gris Ge <fge@redhat.com>
The `test_new_bond_uses_mac_of_first_port_by_name` has random failure
with 1% rate, it is caused by nmstate not properly clean up in previous
test as it is instructed to delete interface with `verify=False` which
cause nmstate return when interface might be still deleting by
NetworkManager.
Signed-off-by: Gris Ge <fge@redhat.com>
In https://github.com/nmstate/nmstate/actions/runs/5000804973/jobs/8958880385
we noticed the `setup of test_ignore_interface_mentioned_in_port_list`
will fail as `ip link add brtest0 type bridge` return 2 indicating a
bridge with the same name exists.
This is because in previous test, the clean up is using
`verify_change=False` which does not grantee the linux bridge is removed
by absent action.
To fix that, we remove `verify_change=False` and the clean up of
`linux_bridge()` should make sure the bridge is removed.
The `ip link del` command does not guarantee on link been removed on
exit, hence we use nmstate to replace all `ip link del` command in
tests.
Signed-off-by: Gris Ge <fge@redhat.com>
Introducing two properties for IP address:
* `valid-left`: seconds for IP address been valid. `forever` means
static.
* `preferred_left`: seconds for IP address been preferred. `forever`
means static.
With above properties, we can identify which certain IP address is
retrieved from DHCP/Autoconf so we don't convert dynamic IP address to
static when user apply the queried state back.
With this patch, user is allowed to set static IP address with
`dhcp: true` and/or `autoconf: true`.
When desire state has DHCP/Autoconf disabled but all desired IP
addresses are dynamic, nmstate will convert those dynamic IP to static.
This is common use case where user just copy retrieved dynamic IP and
hoping nmstate can convert it to static.
Integration test cases included.
Signed-off-by: Gris Ge <fge@redhat.com>
On some `mlx5_core` NIC, the `ip -d link show <pf_name>` does not have
VF interface name, which will fail the `test_wait_sriov_vf_been_created`
for VF name not found.
The fix would be changed the test code to use this folder for VF
interface name as the production code:
/sys/class/net/{pf_name}/device/virtfn{sriov_id}/net/
Manually test on mlx5 MT27710 NIC.
Signed-off-by: Gris Ge <fge@redhat.com>
In order to be able to use VXLAN interfaces as part of an
EVPN fabric (separate control plane for VTEP and MAC learning),
some expansions are done to the configurable properties:
- Make base-if non-mandatory
EVPN networks are often run on top of a L3 underlay, which
means that there are several L3 links to the host where
ECMP routing is desired. The VXLAN interface should not be
tied to any physical interface (and it's not required since
multicast is not used) and the egress interface is determined
through standard routing.
- Allow specifying local IP
Since the VXLAN interface is not tied to any physical interface,
it is often desired to source the tunnel from a loopback IP.
- Disable data plane MAC learning
In EVPN MAC learning is handled through a separate control
plane like MP-BGP (e.g. FRR as daemon) writing entries to the
bridge FDB.
Unit test cases and integration test case included.
Signed-off-by: Esa Varemo <git@esav.fi>
Currently, we isolate SR-IOV PF changes out for `enable-and-use` use
case, but the second desire state contains no SR-IOV PF changes which
cause the verification stage does not wait on VF shows up again.
Instead of isolating PF changes out to apply first, we only clone PF
changes to apply first when VF count changed and has missing ethernet in
desire state. This means we will apply twice SR-IOV PF changes to ensure
the final apply also wait on VF shows up.
Unit test cases included.
Current integration test case `test_wait_sriov_vf_been_created` and
`test_enable_sriov_and_use_future_vf` have covered the use case.
Signed-off-by: Gris Ge <fge@redhat.com>
The Rust API changed:
The `OvsBridgeBondConfig.other_config: Option<HashMap>` changed to
`OvsBridgeBondConfig.ovs_db: Option<OvsDbIfaceConfig>`
The YAML API changed:
The `other_config` under ovs bond should be stored under `ovs-db`
section, please check follow up example for detail.
Considering the interface level `other_config` never works in previous
release, this is API change is acceptable.
Example on `other_config` of OVS bridge:
```yml
interfaces:
- name: br0
type: ovs-bridge
state: up
ovs-db:
other_config:
in-band-queue: '12'
bridge:
port:
- name: eth1
- name: ovs0
```
Example on `other_config` of OVS Bond:
```yml
- name: br0
type: ovs-bridge
state: up
bridge:
port:
- name: bond1
link-aggregation:
mode: balance-slb
ovs-db:
other_config:
bond-miimon-interval: "100"
port:
- name: eth2
- name: eth1
```
Example on `other_config` of OVS interface:
```yml
- name: eth1
type: ethernet
state: up
ovs-db:
other_config:
emc-insert-inv-prob: 90
```
We hide interface level `ovs-db` section if it is empty. This help us
supporting older NetworkManager where `other_config` is not supported
yet. User will get error when they apply above yaml on old
NetworkManager:
NmstateError: DependencyError: Please upgrade NetworkManager for
specified interface type: Connection(InvalidSetting):ovs-other-config:
unknown setting name
Integration test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
When applying `ovs-db: {}` with ovs daemon stopped, nmstate will fail
with:
NmstateError: VerificationError: Verification failure:
ovsdb.external_ids desire '{}', current 'null'
Fixed by treating `ovs-db: {}` as
```yml
ovs-db:
external_ids: {}
other_config: {}
```
Unit test case and integration test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
When moving IP and DNS config from port to controller, nmstate will fail
with verification error as nmstate failed to store DNS config to
controller.
Fixed by:
* `apply_ctrller_change()` should purge IP stack if interface is not
valid to IP any more in merge state.
* `store_dns_config()` should reconfig the DNS if changed interface is
DNS interface and not valid for current DNS anymore even DNS config
not changed.
* `purge_dns_config()` should do nothing for absent interface.
Integration test case crated for two use cases:
* Move identical IP and DNS config from port to controller.
* Move identical IP from port to controller but with DNS changed.
Signed-off-by: Gris Ge <fge@redhat.com>
The`test_state_absent_can_remove_down_profiles` takes 90 seconds to
finish as the `assertlib.assert_state_match()` will keep retrying till
matches or expired.
Fixed by add `no_retry` option to `assertlib.assert_state_match()`
Signed-off-by: Gris Ge <fge@redhat.com>
The `test_ipv6_dhcp_switch_on_to_off` and other similar test cases
use `assert not _poll()` which only returns after `DEFAULT_TIMEOUT`
(20 seconds) expires.
Fix it by introduce `_poll_till_not()` for waiting on false instead of
true.
Signed-off-by: Gris Ge <fge@redhat.com>
* Added `RouteRule.iif` for matching on incoming interface name.
* Added `RouteRule.action` for these actions:
* `RouteRuleAction::Blackhole`
* `RouteRuleAction::Unreachable`
* `RouteRuleAction::Prohibit`
Bumped required of nispor to 1.2.9 for the fix of route rule actions.
Integration test cases included.
Signed-off-by: Gris Ge <fge@redhat.com>
There is a race when we delete OVS interface via NM and querying OVS
interface right after it. NM might still how this OVS interface in its
cache.
Instead of instant fail, we retry in `assert_absent()`.
Signed-off-by: Gris Ge <fge@redhat.com>
Add missing integration tests for OVS Link Aggregation support. We
support downdelay and updelay so they need to be tested properly.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Introducing support of nmpolicy syntax[1] including rust, python and C
bindings.
Implementation workflow:
* `NetworkPolicy` could deserialize from existing nmpolicy file.
* Each of capture line will produce a new `NetworkState` and stored for
follow up capture line processing.
* Each capture line will be converted to `Vec<NetworkCaptureToken>`,
then fill into `NetworkCaptureCommand` for filtering or updating
matched `NetworkState`.
* We use `serde_json::Map` to walk through the property defined in the
format of `routes.running.next-hop-interface`.
The cli tools could be used also:
nmstatectl p <policy.yml> [-c current_state.yml] \
[-s saved_capture.yml] [-o /path/to/output_capture.yml]
API:
* Using running current to generate `NetworkState`:
```rust
let policy: NetworkPolicy = serde_yaml::from_str(policy_content)?;
let state = NetworkState::try_from(policy)?
```
* Use saved current to generate `NetworkState`:
```rust
let mut policy: NetworkPolicy = serde_yaml::from_str(policy_content)?;
policy.current = Some(serde_yaml::from_str(current_state_content)?);
let state = NetworkState::try_from(policy)?
```
* Store captured data:
```rust
let policy: NetworkPolicy = serde_yaml::from_str(policy_content)?;
let current_state = serde_yaml::from_str(current_state_content)?;
let captured_states = policy.capture.execute(¤t_state)?;
// Use your own way to store the captured data
// You may also use `NetworkCaptureRules::execute()` directly.
```
* Load captured data:
```rust
// Use your own way to load the data. We just need
// HashMap<String, NetworkState> for captured_states
let current_state = serde_yaml::from_str(current_state_content)?;
let policy: NetworkPolicy = serde_yaml::from_str(policy_content)?;
let state = policy.desired.fill_with_captured_data(&captured_states)?;
// You may also use `NetworkStateTemplate::fill_with_captured_data()`
// directly.
```
Both unit test cases and integration test case are included.
[1]: https://nmstate.io/nmpolicy/user-guide/102-policy-syntax.html
Signed-off-by: Gris Ge <fge@redhat.com>
Add support to `from all to all` routing policy. In static config
generator it will add `from 0.0.0.0/0` or `from ::/0` to the keyfile.
A new parameter `family` have been introduced to the route-rule config
field. This parameter is used to specify the address family. If `family`
is not specified it will fail on validation, if not specified from
Nispor it will assume IPv4 as it was done in the past.
Example:
```yaml
route-rules:
config:
- route-table: 254
priority: 100
family: ipv4
```
Integration test cases added.
Fixes#1417
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Add test case to test the order of IP addresses is preserved.
It is known issue in RHEL 8 with reverted IPv6 address order. Downstream
nmstate package will have their own patch to revert the address list
before sent to NM.
Signed-off-by: Gris Ge <fge@redhat.com>
Kernel function `dev_valid_name()` indicate `:` is not allowed character
for interface name. Hence we introduce special interface name format
when referring a SRIOV VF interface without knowing its real interface
name.
sriov:<pf_name>:<vf_id>
You may use this SRIOV VF naming schema for:
* Top interface name
* Bond port name
* Linux bridge port name
* OVS bridge port name
* OVS bond port name
Both Unit test cases and integration test cases are included.
Integration test cases are tested on Mellanox MT27710(mlx5).
Signed-off-by: Gris Ge <fge@redhat.com>
In the genconf test, we should wait extra time after `nmcli c reload`.
Extending to timeout of `assert_state_match` to 50 seconds.
Signed-off-by: Gris Ge <fge@redhat.com>
Previously, in order to simplify the code workflow, we are showing both
veth and normal ethernet as `type: ethernet`. This has break kubernetes
use case where they need it to identify the veth interfaces.
Changed to show veth interface as `type: veth`. When its peer is in
another network namespace, hide the `veth` section.
Expand the integration test cases to cover these use cases:
* `test_eth_with_veth_conf`
Desire state is desiring ethernet interface with veth configuration.
Raise InvalidArgument error (NmstateValueError exception in python)
* `test_add_veth_with_ethernet_peer`
Desire state contains both veth and veth peer interface. But veth
peer interface is set as `type: ethernet`.
* `test_add_veth_with_veth_peer_in_desire`
Desire state contains both veth and veth peer interface. Both veth
and peer interfaces are set as `type: veth` with `veth` configure
pointing to each other.
* `test_modify_veth_peer`
Change veth peer. The old peer should be removed.
* `test_veth_without_peer_fails`
When adding new veth(not exist) without veth peer defined in veth
configure, raise InvalidArgument error (NmstateValueError exception
in python).
* `test_change_veth_with_veth_type_without_veth_conf`
With pre-exist veth, changing other configure with `type: veth` and
no veth configure.
* `test_change_veth_with_eth_type_without_veth_conf`
With pre-exist veth, changing other configure with `type: ethernet` and
no veth configure.
* `test_veth_with_ignored_peer`
With pre-exist veth and its peer marked as ignored (unmanaged by NM).
Applying desire state with `type: veth` and veth configuration should
not fail. And the veth configuration should be ignored.
* `test_veth_with_ignored_peer_changed_to_new_peer`
With pre-exist veth and its peer marked as ignored (unmanaged by NM).
Nmstate will raise InvalidArgument error (NmstateValueError exception
in python) when user try to change its peer. Also have unit test case
for this.
Signed-off-by: Gris Ge <fge@redhat.com>
