network: simplify network interface units to make them more reliable #1111
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
All network interface now use "-netdev.service" units, even if they have underlying physical devices and were previously depending on systemd device units. This proved to be unreliable when trying to transform systems between complex configuration states without requiring a reboot and ended up in undefined states. Includes a backport of NixOS#240295 Re PL-132441
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All network interface now use "-netdev.service" units, even if they have underlying physical devices and were previously depending on systemd device units. This proved to be unreliable when trying to transform systems between complex configuration states without requiring a reboot and ended up in undefined states.
Includes a backport of NixOS#240295
Re PL-132441
Security requirements
We need to be careful changing upstream code. This is 21.05 and will need to be redone on 24.05 or whenever we update.
I was in touch with the upstream community to verify what I'm doing and the general stance is that this part of the code base (scripted networking) is not being actively maintained any longer. My understanding of the code after some hours of
analysis together with @sysvinit seams reasonably educated to perform the changes.
Security testing
Our automated tests on the platform are passing and the manual tests we did in VMs and when migration DEV and WHQ were completely successful both on boot and online reconfigurations as well as recovering from intermediate states.