Reimplement optional-addresses (LP: #1880029) #339
Conversation
optional-addresses is generating invalid configuration for systemd-networkd. The option OptionalAddresses doesn't really exist. It doesn't emit any configuration for Network Manager. This changes reimplement optional-addresses using systemd's "RequiredFamilyForOnline" and NetworkManager's "may-fail". It keeps all the old options, for backwards compatibility, as noops, as they were before in practice, and introduce 3 new options: "ipv4", "ipv6" and "none". On systemd, RequiredFamilyForOnline defaults to "any", meaning that any interface that gets an IP will be enough to make the system online. Netplan will emit configuration for systemd only when the value of optional-addresses is "none", meaning that nothing is optional. In this case, RequiredFamilyForOnline will have the value "both". On Network Manager, it will emit "may-fail" as true or false according to the configuration. It will still allow the user to have the old values so we will not break systems out there. A warning message will emitted is this case. It resolves LP: #1880029
|
Okay.. this is a complex beast and some functionality seems to be lacking in the backend renderers (networkd & Networkmanager), too, like checking status of DHCP4/6, IP4LL/IP6RA or static IP4/6 addresses independently of the others. Both backends can handle the combined IP4/IP6 address families, using the We should compare this re-implementation against the "network-online.target" spec (https://discourse.ubuntu.com/t/spec-definition-of-an-online-system/27838) and the internal email discussion we had in May/June 2022 ("Topic: Jammy based image failing due to systemd-networkd-wait-online changes"). I need some more time to investigate and connect all the dots... Overall, I think this needs more work, but a few things that already came up during my initial review are:
Edit: I've created a spreadsheet to compare the different input & output values: |
There was a problem hiding this comment.
A few remarks to start with:
- We should probably re-organize the internal flags/filters a little:
- "ipv4-ll" = NETPLAN_OPTIONAL_IPV4_LL
- "ipv6-ll" = NETPLAN_OPTIONAL_IPv6_LL
- "dhcp4" = NETPLAN_OPTIONAL_DHCP4
- "dhcp6" = NETPLAN_OPTIONAL_DHCP6
- "static" = NETPLAN_OPTIONAL_STATIC4 & NETPLAN_OPTIONAL_STATIC6
- "ipv6-ra" should probably be re-named to "ipv6-ll". RA doesn't really make sense IMO, as we also have "dhcp6", which is kind of related.
- "static" should activate two internal filters, for finer control: NETPLAN_OPTIONAL_STATIC4 and NETPLAN_OPTIONAL_STATIC6 (in favor of the _STATIC flag)
Input variables:
We have multiple input variables that we need to consider when making a decision about "optional-addresses". Any address defined in the YAML is non-optional by default.
- IPv4 & IPv6 LL addresses, as defined in the
link-local:setting. ([ ipv6 ]by default) - IPv4 & IPv6 static addresses, as defined in the
addresses:setting (IP address family is auto-detected). - IPv4 & IPv6 dynamic addresses, as defined in the
dhcp4:anddhcp6:(possibly in combination withaccept-ra:) settings.
Considering the optional-addresses: schema:
Depending on the input variables (address types defined in the YAML), optional-addresses can be used to "filter out" some types, if we want to have them defined, but not block on them.
Basically, we have 4 levels of filters:
- internal flags: NETPLAN_OPTIONAL_IPV4_LL, NETPLAN_OPTIONAL_IPv6_LL, NETPLAN_OPTIONAL_DHCP4, NETPLAN_OPTIONAL_DHCP6, NETPLAN_OPTIONAL_STATIC4, NETPLAN_OPTIONAL_STATIC6
- YAML flags: ipv4-ll, ipv6-ra/ll, dhcp4, dhcp6, static
- (YAML shortcuts: ipv4, ipv6)
- ipv4 == IPV4_LL + DHCP4 + STATIC4
- ipv6 == IPV6_RA/LL + DHCP6 + STATIC6
- I'm not yet sure if we should introduce those additional shortcuts, it might make things more complicated, but we can keep them here during implementation as a "reminder".
- YAML shortcut:
optional: true- activates all the filters for this interface
So, overall I think we should keep the YAML schema for optional-addresses as-is, but split up the internal flags, to enable more fine-grained control. We should then introduce some helpers:
- wants_ipv4_static(addresses, optional_addresses_flags) -> bool
- wants_ipv6_static(addresses, optional_addresses_flags) -> bool
- wants_ipv4_ll(link_local, optional_addresses_flags) -> bool
- wants_ipv6_ll(link_local, optional_addresses_flags) -> bool
- wants_ipv4_dynamic(dhcp4, optional_addresses_flags) -> bool
- wants_ipv6_dynamic(dhcp6, [accept_ra,] optional_addresses_flags) -> bool
Building upon those filters we should then try to generate the corresponding output values for RequiredForOnline=routable/yes/degraded/no / RequiredFamilyForOnline=ipv6/ipv6/both/any (networkd) and ipv4.may-fail + ipv6.may-fail (NetworkManager) wherever possible, and print a warning for the cases that cannot be covered yet, due to backend limitations.
| @@ -30,6 +30,9 @@ typedef enum { | |||
| NETPLAN_OPTIONAL_DHCP4 = 1<<2, | |||
| NETPLAN_OPTIONAL_DHCP6 = 1<<3, | |||
| NETPLAN_OPTIONAL_STATIC = 1<<4, | |||
| NETPLAN_OPTIONAL_IPV4 = 1<<5, | |||
| NETPLAN_OPTIONAL_IPV6 = 1<<6, | |||
| NETPLAN_OPTIONAL_NONE = 1<<7, | |||
There was a problem hiding this comment.
We already have the "none" case implicitly, if the bitfield == 0x0
| NETPLAN_OPTIONAL_STATIC = 1<<4, | ||
| NETPLAN_OPTIONAL_IPV4 = 1<<5, | ||
| NETPLAN_OPTIONAL_IPV6 = 1<<6, |
There was a problem hiding this comment.
IMO we shouldn't introduce new IPV4 & IPv6 flags, but rather extend "_STATIC" to "_STATIC4" and "_STATIC6". But the "static4" and "static6" filters should just be internally and should not propagate to the YAML.
The "_IPv4" filter is then just a shortcut for IPV4_LL + DHCP4 + STATIC4.
The "_IPv6" filter is then just a shortcut for IPV6_RA (should this actually be called IPV6_LL?!) + DHCP6 + STATIC6.
| if (is_optional) { | ||
| g_string_append(link, "RequiredForOnline=no\n"); | ||
| } |
There was a problem hiding this comment.
ACK. This is the easiest case, and basically a shortcut for IPV4_LL + DHCP4 + STATIC4 + IPV6_RA/LL + DHCP6 + STATIC6.
| g_string_append(link, "RequiredForOnline=no\n"); | ||
| } | ||
|
|
||
| if (def->optional_addresses & NETPLAN_OPTIONAL_NONE) { |
There was a problem hiding this comment.
| if (def->optional_addresses & NETPLAN_OPTIONAL_NONE) { | |
| if (def->optional_addresses == 0x0) { |
| * considered deprecated. See LP: #1880029 | ||
| */ | ||
| if (NETPLAN_OPTIONAL_ADDRESS_TYPES[i].flag <= NETPLAN_OPTIONAL_STATIC) | ||
| g_warning("Flag \"%s\" in optional-addresses is deprecated. Valid values are: " |
There was a problem hiding this comment.
We shouldn't deprecate the original keywords, but rather try to get them implemented in the corresponding backend renderers.
That is especially:
- Waiting LL configuration only
- This can already be achieved on networkd, by using
RequiredForOnline=degraded(instead ofroutable/yes). Can be in combination withRequiredFamilyForOnline=ipv4/ipv6. – But what happens if we want to have static or dynamic IP4 but only LL IP6?
- This can already be achieved on networkd, by using
- Waiting for static IP configuration, but not dynamic/DHCP.
Description
The Netplan's key "optional-addresses" only generates configuration for systemd-networkd. Although, the generated "OptionalAddresses" key doesn't exist so this property never worked on Netplan.
This PR re-implements the key "optional-addresses" to emit configuration for network manager, using the "may-fail" key, and for networkd, using the "RequiredFamilyForOnline" key.
Note that RequiredFamilyForOnline is actually the apposite of "optional addresses". It defaults to "any", meaning that either ipv4 or ipv6 will be enough to set the interface as online. Because of that, the only time when Netplan will generate RequiredFamilyForOnline is when the user enters "none", meaning that none of the addresses are optional, so RequiredFamilyForOnline=both will be emitted.
For Network Manager, optional-addresses never generated configuration. Now, Netplan will emit the key "may-fail" for ipv4 and/or ipv6 according to the configuration.
All the old values accepted by optional-addresses are no-ops, so if any users out there have this configuration in their YAML files, nothing will break.
These changes seem to not be a perfect fit based on our documentation, but I guess it's close 😅
Checklist
make checksuccessfully.make check-coverage).