Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixops
base: e795b963f626
Choose a base ref
...
head repository: NixOS/nixops
compare: 6fb3e620d2fe
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Oct 28, 2018

  1. hetzner: Don't use localCommands, set interface device of default gat… 

    …eway. Should help #833.

Original localCommands patch by aszlig.
Fixups and interface device stuff from me.

Note that this new way of doing it without localCommands is backwards
incompatible with NixOS < 18.03, see:
https://nixos.org/nixos/manual/release-notes.html#sec-release-18.03-notable-changes

As described on

    https://wiki.hetzner.de/index.php/Netzkonfiguration_Debian/en#IPv4

Hetzner requires that even traffic to the local subnet goes via the gateway.

NixOps already had code for that (set in `localCommands`), but it wasn't enough:
The

    ip route replace default  via "GATEWAY_IP"  proto static

generated by `network-setup.service` in NixOS's `network-interface-scripted.nix`
fails with

    RTNETLINK answers: Network is unreachable

because all routes added so far had `via "GATEWAY_IP"`, but
the kernel didn't know how to actually reach GATEWAY_IP because
there was no static route for that IP, see.

    https://serverfault.com/questions/581159/unable-to-add-a-static-route-sioaddrt-network-is-unreachable/581162#581162

This commit adds an explicit static route to the default gateway, on the
relevant network device.

This allows us to generate the following instead:

    ip route replace GATEWAY_IP dev THE_DEVICE proto static
    ip route replace default  via "GATEWAY_IP" dev THE_DEVICE proto static

so that the kernel knows how to reach the gateway.

An example of what routes look like in `ip route` after deploying and 18.03
machine, where 1.2.3.4 is the server's IP and 1.2.3.1 is the gateway:

    default via 1.2.3.1 dev eth0                         src 1.2.3.4 metric 202
    1.2.3.0/27          dev eth0 proto kernel scope link src 1.2.3.4 metric 202
    1.2.3.1             dev eth0 proto static scope link

For IPv6, the link-local `fe80::1` is the gateway, as described on

    https://wiki.hetzner.de/index.php/Netzkonfiguration_Debian/en#IPv6

Signed-off-by: Niklas Hambüchen <mail@nh2.me>
    @nh2
    nh2 committed Oct 28, 2018
    Copy the full SHA
    bb9fe12 View commit details
    Browse the repository at this point in the history

Commits on Dec 13, 2018

  1. Merge nh2/hetzner-no-local-commands (#1032) 

    This is based on my initial (untested) patch[1] to get rid of the use of
networking.localCommands and instead uses the appropriate attributes in
networking.interfaces, networking.defaultGateway and
networking.defaultGateway6 instead. The reason why I used localCommands
in the first place was that we didn't have the necessary attributes in
NixOS at the time I was writing the implementation.

What is still missing is the migration from the old physical spec to the
new one, but we can still do that later.

The commit I'm merging here is this patch plus fixes and actual testing
by @nh2 (thank you!).

[1]: https://gist.github.com/aszlig/84e9bf4c8c2a06e77e43d64f89a5c2fc
    @aszlig
    aszlig committed Dec 13, 2018
    Copy the full SHA
    6fb3e62 View commit details
    Browse the repository at this point in the history