Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

containers: deny networkmanager from managing the ve-* and vb-* NICs #31888

Closed
wants to merge 1 commit into from
Closed

containers: deny networkmanager from managing the ve-* and vb-* NICs #31888

wants to merge 1 commit into from

Conversation

basvandijk
Copy link
Member

Motivation for this change

Without this, when you've enabled networkmanager and start a nixos-container the container will briefly have its specified IP address but then networkmanager starts managing it causing the IP address to be dropped.

Things done

I've had networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; applied to my local configuration for a while and it solves the problem.

  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@andir
Copy link
Member

andir commented Nov 21, 2017

Wouldn't this better suited for /etc/udev/rules.d/85-nm-unmanaged.rules? You can mark devices as NM_UNMANAGED using udev rules.

@basvandijk
Copy link
Member Author

Using udev rules would have the advantage that nework-manager doesn't have to be restarted when you change networking.networkmanager.unmanaged.

Shouldn't networking.networkmanager.unmanaged be implemented using udev rules instead of putting unmanaged-devices=... in NetworkManager.conf?

@basvandijk
Copy link
Member Author

I force-pushed a change to handle this via udev rules.

When this gets merged I will also cherry-pick this bugfix on release-17.09.

@andir
Copy link
Member

andir commented Nov 21, 2017

Would it make sense to check for network manager before adding those rules? It probably doesn't matter much in this small change.

@basvandijk
containers: deny networkmanager from managing the ve-* and vb-* NICs
deac325 
Without this, when you've enabled networkmanager and start a
nixos-container the container will briefly have its specified IP
address but then networkmanager starts managing it causing the IP
address to be dropped.
@basvandijk
Copy link
Member Author

@andir that makes a lot of sense. I force pushed a fix. Thanks for the review.

@basvandijk
Copy link
Member Author

Any chance this can be merged? I would also like to cherry-pick this on release-17.09 because this fixes a bug.

@rycee
Copy link
Member

rycee commented Dec 12, 2017

Since there were no further comments, and it work fine as far as I can tell, I've rebased this to master in 5572de7. Many thanks!

@rycee rycee closed this Dec 12, 2017
@rycee
Copy link
Member

rycee commented Dec 12, 2017

Heh, literally the second after merging I realized that the pattern v[e,b]-* should be v[eb]-*. The latter pattern would also match the unlikely interface name v,-foo. I fixed this in 5eb4a83.

@basvandijk Maybe it is fine to leave this in master for a few days until cherry-picking to stable?

rycee added a commit that referenced this pull request Dec 12, 2017
@rycee
nixos containers: remove stray , from pattern
5eb4a83 
See #31888.
@basvandijk
Copy link
Member Author

@rycee thanks for spotting my error and fixing it. I'll wait a week before cherry-picking this on stable.

rycee added a commit that referenced this pull request Dec 19, 2017
@rycee
nixos containers: remove stray , from pattern
0bb77b8 
See #31888.

(cherry picked from commit 5eb4a83)
@rycee
Copy link
Member

rycee commented Dec 19, 2017

I just rebased the two commits to 17.09. Have been running 17.09 with them applied since merging to master and they work just fine 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@orivej orivej orivej approved these changes

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@basvandijk @andir @rycee @orivej @GrahamcOfBorg