Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

systemd: disable foreign route management #61

Merged
merged 2 commits into from
Feb 17, 2022

Conversation

pothos
Copy link
Member

@pothos pothos commented Feb 16, 2022

  • systemd: disable foreign route management

    While systemd-networkd follows the principle of a declarative network
    configuration and thus needs a way to ensure that unwanted routes or
    routing policy rules get discarded, the interfacing with procedural
    network management from CNIs like Cilium is limited, so that when the
    interface is set to "unmanaged" through a networkd unit, any routing
    policies there would also be ignored and discarded unless they would
    be defined for a new unit for a dummy network interface. This means
    the only option left is to disable the discarding of foreign rules
    globally.

    Set the default for ManageForeignRoutes and
    ManageForeignRoutingPolicyRules to "no" to ensure that we don't
    interfere with the network management of the CNIs. Users that rely on
    the setting can still enable it again but only through a drop-in
    under /etc/systemd/networkd.conf.d/ because this here is a drop-in
    already that takes precedence over the top config file.

    See Host network broken after one of the underlying interfaces of a bond goes down cilium/cilium#18706
    and Cilium routing policy rules can get lost Flatcar#620
    Replaces sys-apps/systemd: add downstream patch to disable foreign route mgmt flatcar-archive/coreos-overlay#1622

  • systemd: move files to init repo as unified location

    The systemd drop-in files should only be in one repository, and using
    init is better than baselayout for that (baselayout is also used for
    the SDK).

How to use

Together with baselayout PR

Testing done

See coreos-overlay PR

  • Changelog entries added in the respective changelog/ directory (user-facing change, bug fix, security fix, update)
    ↑ TODO in coreos-overlay

pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Feb 16, 2022
This pulls in
flatcar/init#61
and
flatcar/baselayout#22
to use a drop-in file instead of the systemd patch.
@pothos pothos requested a review from a team February 16, 2022 21:14
Copy link
Member

@krnowak krnowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

systemd/resolved.conf.d/10-disable-llmnr.conf Outdated Show resolved Hide resolved
The systemd drop-in files should only be in one repository, and using
init is better than baselayout for that (baselayout is also used for
the SDK).
While systemd-networkd follows the principle of a declarative network
configuration and thus needs a way to ensure that unwanted routes or
routing policy rules get discarded, the interfacing with procedural
network management from CNIs like Cilium is limited, so that when the
interface is set to "unmanaged" through a networkd unit, any routing
policies there would also be ignored and discarded unless they would
be defined for a new unit for a dummy network interface. This means
the only option left is to disable the discarding of foreign rules
globally.

Set the default for ManageForeignRoutes and
ManageForeignRoutingPolicyRules to "no" to ensure that we don't
interfere with the network management of the CNIs. Users that rely on
the setting can still enable it again but only through a drop-in
under /etc/systemd/networkd.conf.d/ because this here is a drop-in
already that takes precedence over the top config file.

See cilium/cilium#18706
and flatcar/Flatcar#620
Replaces flatcar-archive/coreos-overlay#1622
@pothos pothos force-pushed the kai/disable-foreign-route-mgmt branch from f059d23 to cd33898 Compare February 17, 2022 08:37
@pothos pothos merged commit f980a88 into flatcar-master Feb 17, 2022
@pothos pothos deleted the kai/disable-foreign-route-mgmt branch February 17, 2022 09:07
pothos added a commit to flatcar-archive/coreos-overlay that referenced this pull request Feb 17, 2022
This pulls in
flatcar/init#61
and
flatcar/baselayout#22
to use a drop-in file instead of the systemd patch.
jepio pushed a commit to flatcar-archive/coreos-overlay that referenced this pull request Mar 1, 2022
This pulls in
flatcar/init#61
and
flatcar/baselayout#22
to use a drop-in file instead of the systemd patch.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants