IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Normalizing the `None` route table ID into default table ID when
creating the merged routes will cause the routes difference in new NM
conncetion and activated NM connection when applying the same desired
state the second time, as the result, the activated connection will be
dactivated first and activated again. This is troublesome, because the
routes added by iproute2 utility will be deleted by mistake. To fix
that, normalize the route table of the current routes in the activated
NM connection before comparing the difference between current routes
and new routes.
Resolves: https://issues.redhat.com/browse/RHEL-29241
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Some tests were using assert_routes with an empty list of routes to
check that the routes has been removed. This is not correct because what
assert_routes does is to check that all the routes from the list are
present in the current network state. If the list is empty, it always
passes.
Use the new assert_routes_missing instead.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Nmstate uses the value '0' to indicate the default table ID, but the
kernel uses 254. Because of that, in assert_routes we must modify one of
the routes to compare them.
However, what we were doing was: if the desired route has table_id ==
default, then set the kernel route's table_id to default. This is wrong
because a desired route with table_id==default mustn't match with a
kernel route with table_id=123, for example.
Fix it by normalizing all routes to be compared to use the kernel's
default if and only if they were set to use the default table_id.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Force rebuild of CentOS stream 9 and Fedora containers to sync with
latest repos.
Removed `patchelf` from Fedora container as it is not required for
building nmstate rpm.
Signed-off-by: Gris Ge <fge@redhat.com>
To make `make` compile nmstate again when source files were changed,
make needs to know which files are dependencies. Introduce some initial
dependencies to make this work in simple scenarios.
Signed-off-by: Till Maas <opensource@till.name>
This change dumps the network configuration involved at integration test
so other projects can check their implementations with them.
Signed-off-by: Enrique Llorente <ellorent@redhat.com>
Fixed the CI badge to link to the CI status page. Corrected the crates.io badge to link to the nmstate crate page. Also, fixed the docs.rs badge to link to the nmstate documentation page.
With these corrections, the badges now correctly link to the appropriate pages, and markdown errors have been rectified.
Signed-off-by: jona42-ui <jonathanthembo123@gmail.com>
This commit adds a concise yet comprehensive guide for compiling and installing nmstate from source. It includes instructions for setting up the development environment on Linux, installing Rust's Cargo, and steps to install and compile the project.
The guide targets new contributors to ensure they can easily set up their development environment and start contributing to the project.
- Added prerequisite information for different operating systems
- Provided installation commands for Cargo on various Linux distributions
- Included steps for cloning the repository and compiling the code
- Described how to run the compiled 'nmstatectl' tool
Resolves: #2600
Signed-off-by: Abigail Inyang <abigailainyang@gmail.com>
Add compilation and installation steps in CONTRIBUTING.md
=== Breaking changes
- N/A
=== New features
- Support TCP congestion window(cwnd) in route. (59f99632)
- Support query interface driver. (67817c23)
- New API to generate changed state. (fe5327a2)
=== Bug fixes
- Include driver information for `persist-nic-names` subcommand. (1129e46b)
- nm: Protect global DNS config in checkpoint. (881373ba)
- route rule: Append rule instead of overriding when iface defined. (88d3d3ef)
Signed-off-by: Gris Ge <fge@redhat.com>
New helper function assert_routes_missing, refactoring testlib/route.py
at the same time to avoid duplications.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
A test to check that options not specified in the desired state are
treated as "I don't care" when searching for a match was missing. Add it
now.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
According to `man ip-route`, cwnd is ignored if the lock flag is
not used. If the user sets cwnd, we can asume that they want it to be
useful somehow, so let's set the lock flag for it.
As far as I know, the lock-cwnd flag doesn't have any noticeable side
effect other than making effective the use of the cwnd value, but anyway
we emit an info message to let the user know that it is being implicitly
set.
This flag is part of the RouteMetric::Lock netlink attribute. For the
moment, nmstate doesn't allow to use any of these flags directly, we only
use it internally for this lock-cwnd flag. Because of this, keep it private
for the moment so we don't have to decide the API design for it yet.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
It is not obvious that it is only used to compare a desired route with
another one (like desired_route.is_match(current_route)). Add a
documentation comment to make it clear.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
As https://issues.redhat.com/browse/OCPBUGS-30256 indicates, there might
be network setup containing multiple NIC holding the same MAC address,
including driver name to systemd link file could solve their problem.
Signed-off-by: Gris Ge <fge@redhat.com>
This commits adds a `driver` field to the base interface. It is meant to
provide an information about the driver used by the specific interface
if available. As some interfaces do not have any driver assigned (e.g.
loopback), this field will not be always present.
Example output:
```yml
interfaces:
- name: ens3
type: ethernet
driver: virtio_net
state: up
```
Since our CI has not physical NIC, we cannot have this new property
tested in CI. Only manually tested.
Signed-off-by: Mat Kowalski <mko@redhat.com>
Signed-off-by: Gris Ge <fge@redhat.com>
[NetworkManager has introduced][1] new flag for placing global DNS into
protection of checkpoint:
`NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS: 0x20`.
Since nmstate are supposed to rollback on global DNS changes also,
nmstatectl is patched to create checkpoint with that flag first and
fallback to normal flag without it.
Integration test case included.
Kubernetes-nmstate depends on checkpoint to rollback to original state when
check fails, hence marked as tier1 test case.
Resolves: https://issues.redhat.com/browse/RHEL-29001
[1]: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1875
Signed-off-by: Gris Ge <fge@redhat.com>
When using nmpolicy to modified current state and apply back, nmpolicy
generated a full state including modified and current state, this
causing NetworkManager persistent all network configuration to disk.
It become a overlap problem when the SRIOV of that interface is
controller by other component for example OpenShift networking-sriov
operator. Please refer to https://issues.redhat.com/browse/RHEL-15275
for full detail.
Introduced `NetworkState::gen_diff()` which generate new `NetworkState`
contains only the changed properties.
Changed nmpolicy to apply only changed state.
Changed `nmstatectl apply` to print out changed state instead of desired
state after state applied.
Unit test cases included.
Signed-off-by: Gris Ge <fge@redhat.com>
The CONTRIBUTING.md file had outdated information regarding the code structure,
which has now been updated to accurately reflect the current structure.
Signed-off-by: elomscansio <163124154+elomscansio@users.noreply.github.com>
This commit updates the .gitignore file to include generated directories, such as `rust/src/clib/nmstate.pc` and `rust/src/python`, which are created after running `sudo make install`.
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
When desire state contains both route rule and the interface which will
hold the desire routes, nmstate will override existing route rules
instead appending desire ones to current.
This is caused by `nm/route_rule.rs`, `append_route_rule()` is not
preserving current route rule when interface is already desired.
Integration test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
=== Breaking changes
- Deprecate PrettyState class in Python API. (6b410dcf)
=== New features
- Allowing input multiple desire states for statistics. (9b808821)
=== Bug fixes
- packaging: Fix rpm build on Fedora. (c40f3ff0)
- route: warn if the route is missing due to NM delay. (71dedc65)
- Raise invalid argument error when desired OVS bridge with MAC. (a71eed31)
- Auto managed ignored OVS port. (c7fd32e8)
- Fix resolving token in array items for nmpolicy. (58a2fd6d)
Signed-off-by: Gris Ge <fge@redhat.com>
The `%cargo_prep` in Fedora has updated to set `offline = true` and also
override `crates.io`. Instead of hacking the `.cargo/config` file, let's
just use Fedora shipped rust crates rpms.
Signed-off-by: Gris Ge <fge@redhat.com>
NetworkManager doesn't add the routes to an interface that is waiting to
receive an IP address via DHCP or autoconf until it receives at least
one address. This makes the verification to fail if DHCP/autoconf is
very slow or not working.
However, the error message only says that the route is missing, but it's
very difficult to the user to know why.
Log a warn message to nofify the user that this is probably the reason
of the verification failure.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Routes with and without a route type were verified in 2 different
code blocks. They can be unified in a single, avoiding duplication.
This will be even more relevant for the next commit.
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
The PrettyState class is deprecated as it is only used for test code. The output of libnmstate.show() is already sorted, making PrettyState unnecessary. This commit marks the PrettyState class as deprecated and provides a warning message to inform users about its deprecation.
Additionally, test cases related to PrettyState are removed as they are no longer relevant.
Signed-off-by: jona42-ui <jonathanthembo123@gmail.com>
Introducing `NetworkState::merge_desire()`, use could merge multiple
desire states and generate the statistic of the final outcome.
The `nmstatectl statistic` subcommand now support multiple desired
state files.
Manpage of `nmstatectl` updated to include this change.
Unit test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
When user desired OVS bridge with MAC address defined, they will get
Verification as OVS bridge does not have MAC address after applied.
This patch raise `InvalidArgument` error in sanitize stage with
suggestion to use OVS internal interface as error message.
Unit test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
The commit 399c46b27 introduced auto manage ignored ports when all below
conditions met:
1. Not mentioned in desire state.
2. Been listed as port of a controller.
3. Controller interface is new or does not contains ignored interfaces.
But we missed OVS bridge as it is user space interface and
`Interfaces::auto_managed_controller_ports()` only checks kernel
interfaces. Fixed by include user space controller into iterator also.
Unit test case and integration test case included.
Resolves: https://issues.redhat.com/browse/RHEL-23292
Signed-off-by: Gris Ge <fge@redhat.com>
When policy has reference token in array, nmstate will failed to replace
it. The policy in question is:
```yml
capture:
primary-nic: interfaces.mac-address == "52:54:00:F6:80:01"
desiredState:
interfaces:
- name: bondcnv
type: bond
state: up
link-aggregation:
port:
- "{{ capture.primary-nic.interfaces.0.name }}"
```
The root cause is the code forgot to update the array after get the
resolved data in the match branch of array.
Unit test case included.
Signed-off-by: Gris Ge <fge@redhat.com>
=== Breaking changes
- Removed the support of deprecated `slaves` in linux bridge, ovs bridge and
bond. Please use `ports` instead. (2657650c, 51bdb012)
=== New features
- Support MacSec hardware offload. (1198339e)
=== Bug fixes
- ipsec: Treat DHCPv4 off with no static address as IPv4 disabled. (4d0f0829)
- Revert "brdige/bond: Add support of `slaves` back as deprecated". (2657650c)
- Revert "ovs: Add support of deprecated `slaves` property in ovs bond". (51bdb012)
- controller: Fix incorrect ports name matching when validating ports. (6dc9e880)
Signed-off-by: Gris Ge <fge@redhat.com>
When user desired `dhcp: off` with no static address for IPSec interface,
nmstate will fail as verification error.
For IPSec connection, the DHCPv4 off with empty IP address should be
treated by IP disabled as we have no intention on supporting routes on
IPSec connection yet. The route should be set by IPSec daemon or to xfrm
interface.
Unit test case and integration test cases included.
Signed-off-by: Gris Ge <fge@redhat.com>
