pyrox.dev / nixpkgs
lol
fork atom

network-interfaces: reload bridges on conf changes

And adopt the tests to add an interface and remove it again.

It should work when deactivating rstp, it will not work when activating
rstp for the first bridge as then the userspace daemon is not yet
available. But once one bridge is active with stp, it should work with
the reload for any further bridge.

Fixes #21745. Also see #22547.

Arnold Krille 68729958 bf284bdf

options
unified split
Changed files
+140
nixos
modules
tasks
network-interfaces-scripted.nix
release.nix
tests
containers-restart_networking.nix
+25
nixos/modules/tasks/network-interfaces-scripted.nix 
···

       
239

       
239

       
 

       
                ip link set "${i}" master "${n}"


     

       
240

       
240

       
 

       
                ip link set "${i}" up


     

       
241

       
241

       
 

       
              '')}


     

       

       
242

       
+

       
              # Save list of enslaved interfaces


     

       

       
243

       
+

       
              echo "${flip concatMapStrings v.interfaces (i: ''


     

       

       
244

       
+

       
                ${i}


     

       

       
245

       
+

       
              '')}" > /run/${n}.interfaces


     

       
242

       
246

       
 

       



     

       
243

       
247

       
 

       
              # Enable stp on the interface


     

       
244

       
248

       
 

       
              ${optionalString v.rstp ''


     
···

       
250

       
254

       
 

       
            postStop = ''


     

       
251

       
255

       
 

       
              ip link set "${n}" down || true


     

       
252

       
256

       
 

       
              ip link del "${n}" || true


     

       

       
257

       
+

       
              rm -f /run/${n}.interfaces


     

       
253

       
258

       
 

       
            '';


     

       

       
259

       
+

       
            reload = ''


     

       

       
260

       
+

       
              # Un-enslave child interfaces (old list of interfaces)


     

       

       
261

       
+

       
              for interface in `cat /run/${n}.interfaces`; do


     

       

       
262

       
+

       
                ip link set "$interface" nomaster up


     

       

       
263

       
+

       
              done


     

       

       
264

       
+

       



     

       

       
265

       
+

       
              # Enslave child interfaces (new list of interfaces)


     

       

       
266

       
+

       
              ${flip concatMapStrings v.interfaces (i: ''


     

       

       
267

       
+

       
                ip link set "${i}" master "${n}"


     

       

       
268

       
+

       
                ip link set "${i}" up


     

       

       
269

       
+

       
              '')}


     

       

       
270

       
+

       
              # Save list of enslaved interfaces


     

       

       
271

       
+

       
              echo "${flip concatMapStrings v.interfaces (i: ''


     

       

       
272

       
+

       
                ${i}


     

       

       
273

       
+

       
              '')}" > /run/${n}.interfaces


     

       

       
274

       
+

       



     

       

       
275

       
+

       
              # (Un-)set stp on the bridge


     

       

       
276

       
+

       
              echo ${if v.rstp then "2" else "0"} > /sys/class/net/${n}/bridge/stp_state


     

       

       
277

       
+

       
            '';


     

       

       
278

       
+

       
            reloadIfChanged = true;


     

       
254

       
279

       
 

       
          });


     

       
255

       
280

       
 

       



     

       
256

       
281

       
 

       
        createVswitchDevice = n: v: nameValuePair "${n}-netdev"
+1
nixos/release.nix 
···

       
228

       
228

       
 

       
  tests.containers-imperative = callTest tests/containers-imperative.nix {};


     

       
229

       
229

       
 

       
  tests.containers-extra_veth = callTest tests/containers-extra_veth.nix {};


     

       
230

       
230

       
 

       
  tests.containers-physical_interfaces = callTest tests/containers-physical_interfaces.nix {};


     

       

       
231

       
+

       
  tests.containers-restart_networking = callTest tests/containers-restart_networking.nix {};


     

       
231

       
232

       
 

       
  tests.containers-tmpfs = callTest tests/containers-tmpfs.nix {};


     

       
232

       
233

       
 

       
  tests.containers-hosts = callTest tests/containers-hosts.nix {};


     

       
233

       
234

       
 

       
  tests.containers-macvlans = callTest tests/containers-macvlans.nix {};
+114
nixos/tests/containers-restart_networking.nix 
···

       

       
1

       
+

       
# Test for NixOS' container support.


     

       

       
2

       
+

       



     

       

       
3

       
+

       
let


     

       

       
4

       
+

       
  client_base = rec {


     

       

       
5

       
+

       
    networking.firewall.enable = false;


     

       

       
6

       
+

       



     

       

       
7

       
+

       
    containers.webserver = {


     

       

       
8

       
+

       
      autoStart = true;


     

       

       
9

       
+

       
      privateNetwork = true;


     

       

       
10

       
+

       
      hostBridge = "br0";


     

       

       
11

       
+

       
      config = {


     

       

       
12

       
+

       
        networking.firewall.enable = false;


     

       

       
13

       
+

       
        networking.firewall.allowPing = true;


     

       

       
14

       
+

       
        networking.interfaces.eth0.ip4 = [


     

       

       
15

       
+

       
          { address = "192.168.1.122"; prefixLength = 24; }


     

       

       
16

       
+

       
        ];


     

       

       
17

       
+

       
      };


     

       

       
18

       
+

       
    };


     

       

       
19

       
+

       
  };


     

       

       
20

       
+

       
in import ./make-test.nix ({ pkgs, lib, ...} :


     

       

       
21

       
+

       
{


     

       

       
22

       
+

       
  name = "containers-restart_networking";


     

       

       
23

       
+

       
  meta = with pkgs.stdenv.lib.maintainers; {


     

       

       
24

       
+

       
    maintainers = [ kampfschlaefer ];


     

       

       
25

       
+

       
  };


     

       

       
26

       
+

       



     

       

       
27

       
+

       
  nodes = {


     

       

       
28

       
+

       
    client = { lib, pkgs, ... }: client_base // {


     

       

       
29

       
+

       
      virtualisation.vlans = [ 1 ];


     

       

       
30

       
+

       



     

       

       
31

       
+

       
      networking.bridges.br0 = {


     

       

       
32

       
+

       
        interfaces = [];


     

       

       
33

       
+

       
        rstp = false;


     

       

       
34

       
+

       
      };


     

       

       
35

       
+

       
      networking.interfaces = {


     

       

       
36

       
+

       
        eth1.ip4 = lib.mkOverride 0 [ ];


     

       

       
37

       
+

       
        br0.ip4 = [{ address = "192.168.1.1"; prefixLength = 24; }];


     

       

       
38

       
+

       
      };


     

       

       
39

       
+

       



     

       

       
40

       
+

       
    };


     

       

       
41

       
+

       
    client_eth1 = { lib, pkgs, ... }: client_base // {


     

       

       
42

       
+

       
      networking.bridges.br0 = {


     

       

       
43

       
+

       
        interfaces = [ "eth1" ];


     

       

       
44

       
+

       
        rstp = false;


     

       

       
45

       
+

       
      };


     

       

       
46

       
+

       
      networking.interfaces = {


     

       

       
47

       
+

       
        eth1.ip4 = lib.mkOverride 0 [ ];


     

       

       
48

       
+

       
        br0.ip4 = [{ address = "192.168.1.2"; prefixLength = 24; }];


     

       

       
49

       
+

       
      };


     

       

       
50

       
+

       
    };


     

       

       
51

       
+

       
    client_eth1_rstp = { lib, pkgs, ... }: client_base // {


     

       

       
52

       
+

       
      networking.bridges.br0 = {


     

       

       
53

       
+

       
        interfaces = [ "eth1" ];


     

       

       
54

       
+

       
        rstp = true;


     

       

       
55

       
+

       
      };


     

       

       
56

       
+

       
      networking.interfaces = {


     

       

       
57

       
+

       
        eth1.ip4 = lib.mkOverride 0 [ ];


     

       

       
58

       
+

       
        br0.ip4 = [{ address = "192.168.1.2"; prefixLength = 24; }];


     

       

       
59

       
+

       
      };


     

       

       
60

       
+

       
    };


     

       

       
61

       
+

       
  };


     

       

       
62

       
+

       



     

       

       
63

       
+

       
  testScript = {nodes, ...}: let


     

       

       
64

       
+

       
    originalSystem = nodes.client.config.system.build.toplevel;


     

       

       
65

       
+

       
    eth1_bridged = nodes.client_eth1.config.system.build.toplevel;


     

       

       
66

       
+

       
    eth1_rstp = nodes.client_eth1_rstp.config.system.build.toplevel;


     

       

       
67

       
+

       
  in ''


     

       

       
68

       
+

       
    $client->start();


     

       

       
69

       
+

       



     

       

       
70

       
+

       
    $client->waitForUnit("default.target");


     

       

       
71

       
+

       



     

       

       
72

       
+

       
    subtest "initial state", sub {


     

       

       
73

       
+

       
      $client->succeed("ping 192.168.1.122 -c 1 -n >&2");


     

       

       
74

       
+

       
      $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.1 >&2");


     

       

       
75

       
+

       



     

       

       
76

       
+

       
      $client->fail("ip l show eth1 |grep \"master br0\" >&2");


     

       

       
77

       
+

       
      $client->fail("grep eth1 /run/br0.interfaces >&2");


     

       

       
78

       
+

       
    };


     

       

       
79

       
+

       



     

       

       
80

       
+

       
    subtest "interfaces without stp", sub {


     

       

       
81

       
+

       
      $client->succeed("${eth1_bridged}/bin/switch-to-configuration test >&2");


     

       

       
82

       
+

       



     

       

       
83

       
+

       
      $client->succeed("ping 192.168.1.122 -c 1 -n >&2");


     

       

       
84

       
+

       
      $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.2 >&2");


     

       

       
85

       
+

       



     

       

       
86

       
+

       
      $client->succeed("ip l show eth1 |grep \"master br0\" >&2");


     

       

       
87

       
+

       
      $client->succeed("grep eth1 /run/br0.interfaces >&2");


     

       

       
88

       
+

       
    };


     

       

       
89

       
+

       



     

       

       
90

       
+

       
    # activating rstp needs another service, therefor the bridge will restart and the container will loose its connectivity


     

       

       
91

       
+

       
    #subtest "interfaces with rstp", sub {


     

       

       
92

       
+

       
    #  $client->succeed("${eth1_rstp}/bin/switch-to-configuration test >&2");


     

       

       
93

       
+

       
    #  $client->execute("ip -4 a >&2");


     

       

       
94

       
+

       
    #  $client->execute("ip l >&2");


     

       

       
95

       
+

       
    #


     

       

       
96

       
+

       
    #  $client->succeed("ping 192.168.1.122 -c 1 -n >&2");


     

       

       
97

       
+

       
    #  $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.2 >&2");


     

       

       
98

       
+

       
    #


     

       

       
99

       
+

       
    #  $client->succeed("ip l show eth1 |grep \"master br0\" >&2");


     

       

       
100

       
+

       
    #  $client->succeed("grep eth1 /run/br0.interfaces >&2");


     

       

       
101

       
+

       
    #};


     

       

       
102

       
+

       



     

       

       
103

       
+

       
    subtest "back to no interfaces and no stp", sub {


     

       

       
104

       
+

       
      $client->succeed("${originalSystem}/bin/switch-to-configuration test >&2");


     

       

       
105

       
+

       



     

       

       
106

       
+

       
      $client->succeed("ping 192.168.1.122 -c 1 -n >&2");


     

       

       
107

       
+

       
      $client->succeed("nixos-container run webserver -- ping -c 1 -n 192.168.1.1 >&2");


     

       

       
108

       
+

       



     

       

       
109

       
+

       
      $client->fail("ip l show eth1 |grep \"master br0\" >&2");


     

       

       
110

       
+

       
      $client->fail("grep eth1 /run/br0.interfaces >&2");


     

       

       
111

       
+

       
    };


     

       

       
112

       
+

       
  '';


     

       

       
113

       
+

       



     

       

       
114

       
+

       
})