[20.03] nixos/network-interfaces: Assert that bridges can get an address via DHCP #84221
Conversation
ofborg
bot
added
6.topic: nixos
|
+1 for more deprecation on |
worldofpeace
added
the
1.severity: blocker
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/go-no-go-meeting-nixos-20-03-markhor/6495/19 |
|
@erictapen Thanks for illustrating how to test this in the OP. |
There was a problem hiding this comment.
I built the config that was supposed to fail in the OP:
networking = {
bridges.br0 = {
interfaces = [ "enp2s0" "enp3s0" ];
};
interfaces = {
br0.useDHCP = true;
enp2s0.useDHCP = false;
enp3s0.useDHCP = false;
};
};and got this assertion error:
error:
Failed assertions:
- br0 is a bridge, while `networking.useDHCP` is enabled.
Dhcpcd doesn't give IPv4 addresses to bridges by default anymore, so you have
to set `networking.useDHCP = false` and then whitelist every
interface you need DHCP on with `networking.interfaces.<name?>.useDHCP = true`.
(use '--show-trace' to show detailed location information)
I built the config that should fail and it is currently building 👍
erictapen
force-pushed
the
dhcpcd-error-on-bridges
branch
from
dd25395 to
bc23885
Compare
|
cc @samueldr maybe |
|
Should the assertion maybe be |
erictapen
force-pushed
the
dhcpcd-error-on-bridges
branch
from
bc23885 to
a78a5ee
Compare
|
@lheckemann Yeah I think that makes sense. I rewrote the code a few times and missed this case when I didn't fully understood the problem. I just changed the assertion to |
|
@erictapen It looks like the indentation is a little skewed. Could you fix that? |
Assert that the user doesn't have a bridge configured while networking.useDHCP is true. Due to new behaviour of dhcpcd [0], this would result in the bridge not getting an address via DHCP, regardless of wether it has networking.interfaces.<name?>.useDHCP set or not. [0] https://roy.marples.name/archives/dhcpcd-discuss/0002621.html
erictapen
force-pushed
the
dhcpcd-error-on-bridges
branch
from
a78a5ee to
54ad186
Compare
|
@worldofpeace Right, I really need to get my tabs under control… It now looks like this: |
|
Yay! I'm very happy this went through. Thanks for all the reviews! |
|
(Extremely late) I am sure the change is required, and good in the end, but it was extremely confusing to me. I'm not a networking person. I hate networking, the further away I can be from networking the better I am. So to my surprise I have this thick assertion failing and telling me I should change a value to something I haven't set, and pick my interfaces where I want this to happen manually? The error message was far from being easy to action upon, and I had to find the commit, read the PR to get a better understanding of what to do. This scares me a bit about being locked out of my machine. The default, setting DHCP for all interfaces, is much more comforting for someone that does not grok at all networking options. Considering the mentions of "deprecating Is there no way to get the default implicit behaviour of dhcpcd for interfaces, while requiring bridges and other "not-interfaces" to be configured? |
|
Oh, it looks like I understood things wrong anyway. I do not want If I didn't that means that this assertion broke what was already working. EDIT: and it looks like that, yes, this assertion is completely breaking my setup that was entirely working. DHCP was not involved with my bridge, and I'm fine with it not being involved with my bridge, but I can't simply say "DHCP all the things" and move along as I could before. So I was pushed into enabling an option I didn't want by the confusing phrasing and context around the assertion. |
|
When I wrote this code I didn't have in mind, that there may be bridges in networks without a DHCP server. So I agree the error message could have addressed that use case better. Still I think this assertion makes things better.
I agree that it would be nice to have a "DHCP all the things" NixOS option, but only if it would work on eval time. This is not possible atm, as we never know wether Edit: @worldofpeace I just noticed that this commit wasn't forwardported to |
|
@erictapen make the new PR, it should have gone through master anyway, even if the intent was to make sure it was going in 20.03 in time for the release. |
|
If we ever get anywhere with networkd-as-default, maybe it would make sense to ship a network definition that matches on |
Motivation for this change
#82295 already warns users of
20.03in the release notes about howdhcpcdchanged its implicit behaviour regarding bridge interfaces. This PR proposes an assertion that blocks users from running into some unexpected network change.This change is primarily thought to be applied before the
20.03release, as then probably quite a lot of people will run into this problem. This is why I target therelease-20.03branch here. When merged, this should be still cherry-picked onmaster.To illustrate the problem once again: This configuration will result in a bridge without an IPv4 address:
While this one works as expected:
This is because
networking.useDHCP = falsecauses an explicit listing of enabled interfaces in the dhcpcd config, whilenetworking.useDHCP = truemade dhcpcd implicitly discover the interfaces (which fails now).Things done
Throw an error if
networking.useDHCPis enabled and a bridge interface is defined.sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)