-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Debian networking fix #38043
Debian networking fix #38043
Conversation
Not all interfaces will have an address. Bug #38042
I wouldn't consider this a complete solution, for the reason left in the comment, but it /does/ at least help.
After looking at this a bit more closely, I believe "interface.address" was meant to be "interface.addrfam" which /does/ make sense on this line. Because of the previous notion that all interfaces will have an address, it seems a second line was created that assumed the only scenario where an iface won't have an address is when dhcp is used. Again, not an accurate assumption. I believe this /should/ handle most expected situations.
I would like to see if @jbfriedrich could look at this, since it appears he was in this code over in #33622. |
Heheh... I have no qualms thoroughly debating every line of this template! :D I see #33622 seemed to mostly focus on inet vs. inet6. I believe that should be handled by this chunk.
If that doesn't prevent two inet lines from being added, we should probably focus on these lines and not on individual lines within. I also noticed this line is commented out. I'm curious why (looking up git history on it).
|
@MTecknology No worries! I just like to bring as many voices in as I can. :] Thanks! |
I see my commit is failing on this test. https://github.com/MTecknology/salt/blob/2016.11/tests/unit/modules/debian_ip_test.py#L152 I'm not sure if the lo interface was created prior to this test running. If so, it would explain the unexpected extra line. It's also possible this was from a change in defaults (but seems less likely). I'm planning to update the test to check for both valid conditions. |
Added a check to make sure inet6 iface lines have the variables needed to prevent a render error. Also added some whitespace and jinja comment blocks to more easily identify what's going on in this file.
Tests were failing because _parse_interfaces is returning the correct data per mocked data. The assertion was expecting the iface line to have been stripped.
Commit b2fa638 added a lot of extra options. One of these lines (hwaddr) was commented out when it was added. It appears that this was a typo because documentation indicates this line /should/ show up in the interfaces file.
If I remember correctly my issue at the time was that the config generator always produced an "inet" object, and therefore the additional empty inet6 line was always generated. I didnt keep track of development in these files, just saw that a lot was backported from develop before 2016.11 was released. But i I'll be happy to apply the PR locally and see if it doesnt re-introduce the issue I had. From what I can see so far, it looks great. The sooner we can merge this, the sooner I can ditch my own version an can use stock 2016.11 again. 😃 |
@jbfriedrich I appreciate the quick response. If you wouldn't mind testing this locally so we can be sure we don't regress then I'll be happy to go ahead and get this in once @MTecknology is ready and the tests pass. Thanks so much! I really appreciate it. |
Man, I didn't expect to end up spending this much time on it. Now is probably an excellent time to mention that we can thank Suitable Technologies for sponsoring my work on this! I see that the unit tests are finally completing successfully. This is great, but I'm a bit concerned by the simplicity of the current tests. I believe they are now all excellent and valid tests, but I'd like to add two more tests that check things a bit more. I'm in the process of writing those tests now and hoping they'll be relatively easy and just copy/paste/tweak. |
@MTecknology We appreciate your hard work here! Thanks also to your employer for supporting open-source. Awesome! |
👍 Kudos for your hard work and your employer to support Salt and open-source! Seriously, I wish I was allowed to spend as much time on this as necessary at work. |
.... Nooooo!!!
I'm noticing that the |
This /should/ be possible, but will be stripped. iface bond0 inet manual slaves eth0 eth1
I'm struggling to get this unit test figured out. I did a push to share, but this is definitely gonna fail. If anyone is feeling particularly teachy today... I'm on IRC and more than eager to learn! |
Sorry, I just don't have the time to learn all of this right now.
Sorry, I just don't have the time to learn/write unit tests right now. I rolled that change back and I'm gonna offer this PR up for review. |
I can't reproduce that failed test locally and it doesn't look like it has anything to do with any of my changes. :S |
I just applied this PR to my 2016.11 version and tested it with my IPv4 and IPv6 configuration. Unfortunately it introduces the old behaviour I tried to fix in #33622. I ran the following state file
and end up with the following network configuration file:
As you can see eth1 has an inet and inet6 line, even though I only applied an IPv6 address to the interface. I will take another look at the config generator and the Jinja template later and hope I will have an epiphany. |
…ure if I want to remove it.
@jbfriedrich It's late at night and I'm no longer sane, perhaps you could sanity check this one for me? :) |
Tested. Unfortunately still the same. If I assign only an IPv6 address to the interface, I end up with an inet and inet6 line in the configuration. |
At this point, I believe the issues with the template have been resolved. I started stepping through this process start to end with pudb to track down where things go awry and I think I found it. This template expects to create individual blocks for every ethernet device, including a separate block for IPv4 and IPv6. To my knowledge, this is the correct behavior. However, because of that behavior, the template also assumes it will either create an IPv4 OR an IPv6 configuration block. This seems like a logical choice by the template designer, but the assumption is misleading... In the file So!!! I'm going to step away from this for a few hours and come back to the logic in this function. |
Yes, exactly what I found the last time. I just went and retraced my steps and compared my notes from back then. I didn't feel comfortable enough to change the logic of the _parse_settings_eth function, don't feel that confident now either 🙁 . Will take a look non-the-less as well and will be happy to take a look and test. Thanks again for spending so much time on this! |
By the logic of this file, it's impossible to ever have an IPv6 interface be used for a bond, vlan, slave, etc. type of interface. I have an idea... wish me luck! |
/Should/ it be valid to specify both ipaddr AND ipv6addr in the same state? |
@MTecknology If you change line 1224 in debian_ip.py from
to
it seems to work for my test cases. So far I am only getting correctly generated configurations. |
I've been using this configuration for testing. I really hope it's not as simple as that because I'm making a mess out of this thing. I've been testing with the following states. Feel free to prod me (MTecknology) on Freenode if you're interested!
|
I made a little mess in my local files as well, so I would like to test some more before I will say that the easy solution above works for all configurations 😄 . Thanks for the config, I will use it for testing as well. It is 2:44am here (CET/GMT+1) and I have to work tomorrow, but I will ping you in IRC after work. |
This is a bit of a refactor that may need to come with a documentation update as well. It appears our previous authors made a few assumptions for the sake of simplicity. Thankfully, they were nice enough to write the rest of the system to be flexible enough for me to wedge this in. I rewrote this so that it can handle an interface having v4-only, v6-only, or v4-and-v6 addresses assigned. It's possible some options I copied into the V6IF block are not valid inet6 options, but these can be removed as needed An IPv6 interface can have any number of IPv6 addresses attached to it, this will also need to be included.
That last commit came with dragons. However, it seems to resolve a lot of bugs that I came across while reviewing the logic. I'm worried your patch would produce errors if someone tried to set up a {bond,vlan,ppoe,slave,bride} device without having IPv4 settings set. The last commit attempts to allow a person to have any of ipv4-only / ipv6-only / ipv4-and-ipv6 addresses assigned to an interface. The "ipv6" prefixed options (ex ipv6addr/ipv6netmask) take precedence in the inet6 block, so if a v4 version of the option were encountered, the v4 option was the default overridden by the v6 option. I just realized my testing isn't including any bonded interfaces. I'll update my previous post with a better example. |
We may want to consider dropping support for [1] https://docs.saltstack.com/en/latest/ref/states/all/salt.states.network.html |
Also removed the merge between IPv4 and IPv6 which seemed to not work correctly in the first place. This removes the assumption that all IPv4 options are valid IPv6 options (this is not an accurate assumption).
I know this patch can be cleaned up by someone that knows python better than me, but I think the logic is finally correct. I attempted to remove previous assumptions and bugs without modifying functionality. To test, I used the big blob above, removed /etc/net/if, and ran a highstate (using the big blob above) which brought back the whole file. After the correct file was generated, I modified lines and added another pretend interface to the file. The subsequent highstate left my manually added interface and corrected other lines. I welcome testing by others!! :D |
@jbfriedrich How are you feeling about this one as it sits? |
@cachedout From all my tests I can say it works pretty well. I had one or two test cases where it took quite some time for the state execution to finish - but produced valid configs. But that long runtime could be due to interface timeouts in my VMs (it seems that adding vNICs after deploying sometimes get my interfaces shuffled around). I will build a new VM with all vNICs directly built-in on deployment. But I am good with it. Appreciate all the hard work @MTecknology has put into this! |
I also had issues with very long delays. They only occurred when I was trying to manage non-existent interfaces and didn't include Is there ever a situation where ifup would succeed if the interface is currently unavailable? If so, this behavior should remain. If not, then there is another bug further down the line unrelated to this PR that should be very easily addressed by doing the same as -noifupdown:True if the interface doesn't exist. If we can be sure /sys is always present, then Anyway... it's definitely outside the scope of this PR! |
I'm going to take from the comments above that this is ready to go and if there are lingering issues, we can solve them in follow-up PRs. I'll go ahead and merge this. Thanks, @MTecknology for your really hard work here and to @jbfriedrich for your quick feedback. We're really grateful! |
👍 What's it take to also push this to develop so we don't lose the changes in 2017.x.0? I imagine 2016.11 merges don't automatically make it to develop, or do they? |
It will be merged forward into develop
…On Wed, Dec 7, 2016 at 11:48 AM Michael Lustfield ***@***.***> wrote:
👍 What's it take to also push this to develop so we don't lose the
changes in 2017.x.0? I imagine 2016.11 merges don't automatically make it
to develop, or do they?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#38043 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAssoVHXfpPwhwMOleOG_c22vEcFVlqYks5rFvGDgaJpZM4LCLR->
.
|
Resolves #38042; regression introduced in 2016.11.0.