2444 Commits

Author SHA1 Message Date
Abigail Inyang
6be960c37f Use Workspace Dependencies
Signed-off-by: Abigail Inyang <abigailainyang@gmail.com>

use workspace dependencies
2024-04-12 15:19:23 +08:00
Abigail Inyang
7c6d155430 Create alias for nmstaetctl subcommand #2579
Signed-off-by: Abigail Inyang <abigailainyang@gmail.com>
2024-04-10 12:42:29 +02:00
Wen Liang
96a5c776a4 route: Normalize route table of current route when determining route removed
Normalizing the `None` route table ID into default table ID when
creating the merged routes will cause the routes difference in new NM
conncetion and activated NM connection when applying the same desired
state the second time, as the result, the activated connection will be
dactivated first and activated again. This is troublesome, because the
routes added by iproute2 utility will be deleted by mistake. To fix
that, normalize the route table of the current routes in the activated
NM connection before comparing the difference between current routes
and new routes.

Resolves: https://issues.redhat.com/browse/RHEL-29241

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
2024-04-09 21:17:59 +08:00
Íñigo Huguet
f33cea644d test: integration: routes: fix tests checking for missing routes
Some tests were using assert_routes with an empty list of routes to
check that the routes has been removed. This is not correct because what
assert_routes does is to check that all the routes from the list are
present in the current network state. If the list is empty, it always
passes.

Use the new assert_routes_missing instead.

Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-04-09 17:48:14 +08:00
Íñigo Huguet
193cf8e4c5 test: integration: routes: fix wrong default table_id comparison
Nmstate uses the value '0' to indicate the default table ID, but the
kernel uses 254. Because of that, in assert_routes we must modify one of
the routes to compare them.

However, what we were doing was: if the desired route has table_id ==
default, then set the kernel route's table_id to default. This is wrong
because a desired route with table_id==default mustn't match with a
kernel route with table_id=123, for example.

Fix it by normalizing all routes to be compared to use the kernel's
default if and only if they were set to use the default table_id.

Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-04-09 17:48:14 +08:00
Gris Ge
84a45fd71e CI container: Sync container with latest repos
Force rebuild of CentOS stream 9 and Fedora containers to sync with
latest repos.

Removed `patchelf` from Fedora container as it is not required for
building nmstate rpm.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-04-09 12:13:41 +08:00
Till Maas
39f0bc3cbd Make: Depend on rust source files
To make `make` compile nmstate again when source files were changed,
make needs to know which files are dependencies. Introduce some initial
dependencies to make this work in simple scenarios.

Signed-off-by: Till Maas <opensource@till.name>
2024-04-05 09:03:28 +08:00
Enrique Llorente
163427cca4 integ: Dump applied and showed states
This change dumps the network configuration involved at integration test
so other projects can check their implementations with them.

Signed-off-by: Enrique Llorente <ellorent@redhat.com>
2024-04-03 20:24:42 +08:00
jona42-ui
0d69e0c94d markdown: Correct badges and fix markdown errors
Fixed the CI badge to link to the CI status page. Corrected the crates.io badge to link to the nmstate crate page. Also, fixed the docs.rs badge to link to the nmstate documentation page.

With these corrections, the badges now correctly link to the appropriate pages, and markdown errors have been rectified.

Signed-off-by: jona42-ui <jonathanthembo123@gmail.com>
2024-04-03 19:13:28 +08:00
Gris Ge
cb5e33667d Fix cargo clippy
Signed-off-by: Gris Ge <fge@redhat.com>
2024-04-02 21:00:45 +08:00
Abee
fe3e9eec02 Add compilation and installation steps
This commit adds a concise yet comprehensive guide for compiling and installing nmstate from source. It includes instructions for setting up the development environment on Linux, installing Rust's Cargo, and steps to install and compile the project.

The guide targets new contributors to ensure they can easily set up their development environment and start contributing to the project.

- Added prerequisite information for different operating systems
- Provided installation commands for Cargo on various Linux distributions
- Included steps for cloning the repository and compiling the code
- Described how to run the compiled 'nmstatectl' tool

Resolves: #2600
Signed-off-by: Abigail Inyang <abigailainyang@gmail.com>

Add compilation and installation steps in CONTRIBUTING.md
2024-03-29 09:41:34 +08:00
Gris Ge
65c77a21f2 Bump version to 2.2.28
Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-20 19:48:29 +08:00
Gris Ge
b2f5de3833 New release 2.2.27
Some checks failed
Release / linux-x64 (push) Failing after 22s
Release / macos-x64 (push) Has been cancelled
Release / macos-aarch64 (push) Has been cancelled
=== Breaking changes
 - N/A

=== New features
 - Support TCP congestion window(cwnd) in route. (59f99632)
 - Support query interface driver. (67817c23)
 - New API to generate changed state. (fe5327a2)

=== Bug fixes
 - Include driver information for `persist-nic-names` subcommand. (1129e46b)
 - nm: Protect global DNS config in checkpoint. (881373ba)
 - route rule: Append rule instead of overriding when iface defined. (88d3d3ef)

Signed-off-by: Gris Ge <fge@redhat.com>
v2.2.27
2024-03-20 19:39:08 +08:00
Íñigo Huguet
615bf12e6d test: route: add integration test for cwnd attribute
New helper function assert_routes_missing, refactoring testlib/route.py
at the same time to avoid duplications.

Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-03-20 19:08:19 +08:00
Íñigo Huguet
5dea415c62 test: routes: test that unspecified options are treated as "don't care"
A test to check that options not specified in the desired state are
treated as "I don't care" when searching for a match was missing. Add it
now.

Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-03-20 19:08:19 +08:00
Íñigo Huguet
f96696d72b route: automatically set lock-cwnd if cwnd is requested
According to `man ip-route`, cwnd is ignored if the lock flag is
not used. If the user sets cwnd, we can asume that they want it to be
useful somehow, so let's set the lock flag for it.

As far as I know, the lock-cwnd flag doesn't have any noticeable side
effect other than making effective the use of the cwnd value, but anyway
we emit an info message to let the user know that it is being implicitly
set.

This flag is part of the RouteMetric::Lock netlink attribute. For the
moment, nmstate doesn't allow to use any of these flags directly, we only
use it internally for this lock-cwnd flag. Because of this, keep it private
for the moment so we don't have to decide the API design for it yet.

Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-03-20 19:08:19 +08:00
Íñigo Huguet
59f9963284 route: support congestion window (cwnd) attribute
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-03-20 19:08:19 +08:00
Íñigo Huguet
284db30a29 route: document RouteEntry::is_match
It is not obvious that it is only used to compare a desired route with
another one (like desired_route.is_match(current_route)). Add a
documentation comment to make it clear.

Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-03-20 19:08:19 +08:00
Gris Ge
1129e46b38 ncl: Include driver information for persist-nic-names subcommand
As https://issues.redhat.com/browse/OCPBUGS-30256 indicates, there might
be network setup containing multiple NIC holding the same MAC address,
including driver name to systemd link file could solve their problem.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-20 18:36:24 +08:00
Mat Kowalski
67817c2323 base_iface: Add driver property
This commits adds a `driver` field to the base interface. It is meant to
provide an information about the driver used by the specific interface
if available. As some interfaces do not have any driver assigned (e.g.
loopback), this field will not be always present.

Example output:

```yml
interfaces:
- name: ens3
  type: ethernet
  driver: virtio_net
  state: up
```

Since our CI has not physical NIC, we cannot have this new property
tested in CI. Only manually tested.

Signed-off-by: Mat Kowalski <mko@redhat.com>
Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-20 18:36:24 +08:00
Gris Ge
881373baba nm dns: Protect global DNS config in checkpoint
[NetworkManager has introduced][1] new flag for placing global DNS into
protection of checkpoint:
`NM_CHECKPOINT_CREATE_FLAG_TRACK_INTERNAL_GLOBAL_DNS: 0x20`.

Since nmstate are supposed to rollback on global DNS changes also,
nmstatectl is patched to create checkpoint with that flag first and
fallback to normal flag without it.

Integration test case included.

Kubernetes-nmstate depends on checkpoint to rollback to original state when
check fails, hence marked as tier1 test case.

Resolves: https://issues.redhat.com/browse/RHEL-29001

[1]: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1875

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-20 17:47:04 +08:00
Gris Ge
fe5327a2a4 NetworkState: New API to generate changed state
When using nmpolicy to modified current state and apply back, nmpolicy
generated a full state including modified and current state, this
causing NetworkManager persistent all network configuration to disk.
It become a overlap problem when the SRIOV of that interface is
controller by other component for example OpenShift networking-sriov
operator. Please refer to https://issues.redhat.com/browse/RHEL-15275
for full detail.

Introduced `NetworkState::gen_diff()` which generate new `NetworkState`
contains only the changed properties.

Changed nmpolicy to apply only changed state.

Changed `nmstatectl apply` to print out changed state instead of desired
state after state applied.

Unit test cases included.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-20 17:03:00 +08:00
elomscansio
5cc77d1b71 Update code structure section in CONTRIBUTING.md (#2592)
The CONTRIBUTING.md file had outdated information regarding the code structure,
which has now been updated to accurately reflect the current structure.

Signed-off-by: elomscansio <163124154+elomscansio@users.noreply.github.com>
2024-03-20 10:31:24 +08:00
Emmanuel Elom
ebbcaeb1f5 Ignore Generated Directories in .gitignore
This commit updates the .gitignore file to include generated directories, such as `rust/src/clib/nmstate.pc` and `rust/src/python`, which are created after running `sudo make install`.

Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
2024-03-19 20:27:23 +08:00
Gris Ge
7be1b3d2e3 Fix cargo clippy
Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-15 16:48:36 +08:00
Gris Ge
88d3d3ef20 route rule: Append rule instead of overriding when iface defined
When desire state contains both route rule and the interface which will
hold the desire routes, nmstate will override existing route rules
instead appending desire ones to current.

This is caused by `nm/route_rule.rs`, `append_route_rule()` is not
preserving current route rule when interface is already desired.

Integration test case included.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-15 16:48:36 +08:00
beekaz
9a7d32ab5b README: Add link to Rust crate documentation
Signed-off-by: beekaz <sooperfect00@gmail.com>
2024-03-14 14:55:53 +08:00
Gris Ge
c2ce615b2a Bump version to 2.2.27
Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-13 12:52:54 +08:00
Gris Ge
93d109b7f1 New release 2.2.26
Some checks failed
Release / linux-x64 (push) Failing after 24s
Release / macos-x64 (push) Has been cancelled
Release / macos-aarch64 (push) Has been cancelled
=== Breaking changes
 - Deprecate PrettyState class in Python API. (6b410dcf)

=== New features
 - Allowing input multiple desire states for statistics. (9b808821)

=== Bug fixes
 - packaging: Fix rpm build on Fedora. (c40f3ff0)
 - route: warn if the route is missing due to NM delay. (71dedc65)
 - Raise invalid argument error when desired OVS bridge with MAC. (a71eed31)
 - Auto managed ignored OVS port. (c7fd32e8)
 - Fix resolving token in array items for nmpolicy. (58a2fd6d)

Signed-off-by: Gris Ge <fge@redhat.com>
v2.2.26
2024-03-13 12:05:12 +08:00
Gris Ge
c93ca3dfcf Fix cargo clippy
Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-13 11:19:50 +08:00
Gris Ge
c40f3ff0a4 packaging: Fix rpm build on Fedora
The `%cargo_prep` in Fedora has updated to set `offline = true` and also
override `crates.io`. Instead of hacking the `.cargo/config` file, let's
just use Fedora shipped rust crates rpms.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-11 22:46:53 +08:00
Íñigo Huguet
46e220cb4e test: route: add test_route_delayed_by_nm_fails integration test
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-03-11 16:00:58 +08:00
Íñigo Huguet
71dedc655c route: warn if the route is missing due to NM delay
NetworkManager doesn't add the routes to an interface that is waiting to
receive an IP address via DHCP or autoconf until it receives at least
one address. This makes the verification to fail if DHCP/autoconf is
very slow or not working.

However, the error message only says that the route is missing, but it's
very difficult to the user to know why.

Log a warn message to nofify the user that this is probably the reason
of the verification failure.

Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-03-11 16:00:58 +08:00
Íñigo Huguet
a3d10a0ec7 route: refactor MergedRoutes::verify
Routes with and without a route type were verified in 2 different
code blocks. They can be unified in a single, avoiding duplication.
This will be even more relevant for the next commit.

Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-03-11 16:00:58 +08:00
jona42-ui
6b410dcfbb deprecation: Deprecate PrettyState class
The PrettyState class is deprecated as it is only used for test code. The output of libnmstate.show() is already sorted, making PrettyState unnecessary. This commit marks the PrettyState class as deprecated and provides a warning message to inform users about its deprecation.

Additionally, test cases related to PrettyState are removed as they are no longer relevant.

Signed-off-by: jona42-ui <jonathanthembo123@gmail.com>
2024-03-08 18:07:14 +01:00
Thembo Jonathan
6a1d3c70be Update CONTRIBUTING.md
slight spelling correction

Signed-off-by: Thembo Jonathan <jonathanthembo123@gmail.com>
2024-03-08 17:16:09 +08:00
Gris Ge
2daf92e798 README: Add public matrix room to contact info
Promoting `#nmstate:fedora.im` as matrix room for nmstate discussion.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-08 09:47:46 +01:00
Gris Ge
eb4f4db3f2 Fix cargo clippy warnings
Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-08 16:16:38 +08:00
Gris Ge
9b80882148 statistic: Allowing input multiple desire states
Introducing `NetworkState::merge_desire()`, use could merge multiple
desire states and generate the statistic of the final outcome.

The `nmstatectl statistic` subcommand now support multiple desired
state files.

Manpage of `nmstatectl` updated to include this change.

Unit test case included.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-07 18:20:11 +08:00
Gris Ge
a71eed3148 ovs: Raise invalid argument error when desired OVS bridge with MAC
When user desired OVS bridge with MAC address defined, they will get
Verification as OVS bridge does not have MAC address after applied.

This patch raise `InvalidArgument` error in sanitize stage with
suggestion to use OVS internal interface as error message.

Unit test case included.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-07 15:04:45 +08:00
Gris Ge
f7e7cd4637 lint: Remove debug print
Removing the `println!("HAHA {e}")` line which is debugging line I added
during coding.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-07 13:30:29 +08:00
Íñigo Huguet
bcc318d5ad Ignore .vscode
It's just IDE stuff

Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
2024-03-05 18:49:31 +08:00
Gris Ge
c7fd32e842 ovs: Auto managed ignored OVS port
The commit 399c46b27 introduced auto manage ignored ports when all below
conditions met:
  1. Not mentioned in desire state.
  2. Been listed as port of a controller.
  3. Controller interface is new or does not contains ignored interfaces.

But we missed OVS bridge as it is user space interface and
`Interfaces::auto_managed_controller_ports()` only checks kernel
interfaces. Fixed by include user space controller into iterator also.

Unit test case and integration test case included.

Resolves: https://issues.redhat.com/browse/RHEL-23292

Signed-off-by: Gris Ge <fge@redhat.com>
2024-03-04 08:30:38 +08:00
Gris Ge
01144b3dd7 Fix cargo clippy warnings
Signed-off-by: Gris Ge <fge@redhat.com>
2024-02-28 15:08:23 +08:00
Gris Ge
58a2fd6d8d policy: Fix resolving token in array items
When policy has reference token in array, nmstate will failed to replace
it. The policy in question is:

```yml
capture:
  primary-nic: interfaces.mac-address == "52:54:00:F6:80:01"
desiredState:
  interfaces:
  - name: bondcnv
    type: bond
    state: up
    link-aggregation:
      port:
      - "{{ capture.primary-nic.interfaces.0.name }}"
```

The root cause is the code forgot to update the array after get the
resolved data in the match branch of array.

Unit test case included.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-02-26 16:56:20 +08:00
Gris Ge
38647a69b4 Bump version to 2.2.26
Signed-off-by: Gris Ge <fge@redhat.com>
2024-02-22 09:11:01 +08:00
Gris Ge
1fe6c899a3 New release 2.2.25
Some checks failed
Release / linux-x64 (push) Failing after 26s
Release / macos-x64 (push) Has been cancelled
Release / macos-aarch64 (push) Has been cancelled
=== Breaking changes
 - Removed the support of deprecated `slaves` in linux bridge, ovs bridge and
   bond. Please use `ports` instead. (2657650c, 51bdb012)

=== New features
 - Support MacSec hardware offload. (1198339e)

=== Bug fixes
 - ipsec: Treat DHCPv4 off with no static address as IPv4 disabled. (4d0f0829)
 - Revert "brdige/bond: Add support of `slaves` back as deprecated". (2657650c)
 - Revert "ovs: Add support of deprecated `slaves` property in ovs bond". (51bdb012)
 - controller: Fix incorrect ports name matching when validating ports. (6dc9e880)

Signed-off-by: Gris Ge <fge@redhat.com>
v2.2.25
2024-02-22 09:03:55 +08:00
Gris Ge
4d0f0829b6 ipsec: Treat DHCPv4 off with no static address as IPv4 disabled
When user desired `dhcp: off` with no static address for IPSec interface,
nmstate will fail as verification error.

For IPSec connection, the DHCPv4 off with empty IP address should be
treated by IP disabled as we have no intention on supporting routes on
IPSec connection yet. The route should be set by IPSec daemon or to xfrm
interface.

Unit test case and integration test cases included.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-02-22 08:10:28 +08:00
Gris Ge
ec8df7160e test: Add test case for changing ipsec-interface value
Added integration test case for changing ipsec-interface value.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-02-21 19:51:50 +01:00
Gris Ge
1198339e18 Support MacSec hardware offload
Introducing `offload: off|phy|mac` for `macsec` section. For example:

```yml
interfaces:
- name: macsec0
  type: macsec
  state: up
  macsec:
    encrypt: true
    base-iface: eth1
    mka-cak: 50b71a8ef0bd5751ea76de6d6c98c03a
    mka-ckn: f2b4297d39da7330910a74abc0449feb45b5c0b9fc23df1430e1898fcf1c4550
    port: 0
    validation: strict
    send-sci: true
    offload: off
  ipv4:
    enabled: true
    dhcp: false
    address:
      - ip: 192.0.2.2
        prefix-length: 24
```

Integration test case included.

Signed-off-by: Gris Ge <fge@redhat.com>
2024-02-21 23:27:46 +08:00