Support configuration using MAC instead of device name #2622
Conversation
zmrow
force-pushed
the
MAC-address-identify
branch
3 times, most recently
from
3b2de95 to
a2accb3
Compare
|
^ Rebased on develop and fixup changes related to the bonding/vlan PR |
|
I have yet to look at the code, just wondering from the change description:
Does this mean sysctls won't be applied for a statically configured interface that is identified by its MAC address? |
The helper mentioned is actually an "install" helper called by |
zmrow
force-pushed
the
MAC-address-identify
branch
from
a2accb3 to
3f74783
Compare
|
^ Addresses all the comments and ensures MACs can be handled upper/lowercase, and dash/colon separated. |
zmrow
force-pushed
the
MAC-address-identify
branch
from
3f74783 to
d8a9ee4
Compare
|
^ Uses @yeazelm 's docs suggestion - thanks! |
zmrow
force-pushed
the
MAC-address-identify
branch
from
d8a9ee4 to
e3d3ace
Compare
|
^ Addresses @bcressey 's feedback! |
zmrow
force-pushed
the
MAC-address-identify
branch
from
e3d3ace to
d4d1afd
Compare
|
^ Removes the commit parsing extra fields from the lease. We're not using those fields now that we're using sysfs to determine interface name |
|
Can we drop the patch to add the MAC address to the wicked lease, if we're no longer using it? |
Related, the commit message of |
Thanks! I'll fix that up |
This change removes the `prepare-primary-interface` service and moves its functionality to the wicked helper `netdog install`.
This adds an additional type `InterfaceId`, which allows deserialization of a valid interface name as well as a valid MAC address from network configuration. Validation of the MAC happens during deserialization. The `WickedInterface` struct has been updated and a `WickedName` struct has been added to ensure that the "name" node in the serialized XML has the proper format based on the use of an interface name or MAC address.
The interface name is important to us in a few places: the wicked install helper and setting up resolv.conf using DHCP lease. Previously, interface names were the sole way to configure interfaces in net.toml. At network generation time, there isn't a reliable or safe way to map a MAC to an interface name since udev may still be in the process of renaming devices. Later in the boot process (after interfaces have been setup by wicked and have leases), when interface name is necessary we can map a MAC address to a name using sysfs. In order to support MAC addresses as identifiers for interfaces, a few changes had to be made: At network generation time, if a MAC address is used for the primary interface, we write a `primary_mac_address` file rather than a `primary_interface` file. The `primary_interface()` function in the `Interfaces` trait now returns an `InterfaceId` and the `write_primary_interface()` function determines which file to write based on the InterfaceId enum variant. A new function `primary_interface_name()` has been added that returns the primary interface name. Under the hood, it reads either the `primary_interface` or `primary_mac_address` file. If `primary_mac_address` is read, it crawls sysfs to determine the network interface name. The `write_resolv_conf` subcommand has been updated to use the `primary_interface_name()` function.
This change adds the ability to configure network interfaces using their MAC address rather than the name udev assigns. This makes things easier for situations where MAC is known, but final name is not. Currently this ability is limited to interface configuration due to a limitation with wicked, and may not be used in conjunction with bonds/vlans.
This commit adds the documentation to support the use of MAC addresses as an additional method for interface configuration.
zmrow
force-pushed
the
MAC-address-identify
branch
from
d4d1afd to
d33f9a4
Compare
|
^ Addresses @bcressey and @markusboehme 's comments. Thanks! |
Issue number:
Closes #2293
Description of changes:
This PR adds the ability for a user to use MAC address (something like
f8:75:a4:d5:32:64) instead of the interface name (eno) when configuring interfaces. The commits messages are detailed and a summary provided below.The PR adds a new type
InterfaceIdwhich is an enum holding either a name or MAC address. The newMacAddresstype validates the string given is a valid MAC address. TheInterfaceIdtype is used as the key in the main map of ID > interface config. Keeping theInterfaceNametype is significant, as it will still be used as the key for bonds/vlans once #2596 is merged, since configuring those things using MAC isn't possible/desirable.In Bottlerocket, the concept of the "primary" interface is important. We use this interface's IP when registering with kubelet, to determine DNS settings when using DHCP, and also set some default sysctls on this interface. However, at the time we are generating network config,
udevmay still be asynchronously renaming interfaces so there isn't a reliable or safe way to map a MAC to an interface name. Later in the boot process (after interfaces have been setup by wicked and have leases), when interface name is necessary we can map a MAC address to a name using sysfs (/sys/class/net/*). When using a MAC as the identifier for the primary interface, we write a new fileprimary_mac_addressto disk instead ofprimary_interface. We use these files later to determine the primary interface name. Under the hood if a MAC is used, it is correlated with sysfs to determine the interface name.One significant change this causes is that we are now setting default sysctls in the wicked "install" helper, rather than using a separate service to do this. Previously the service ran during
network-pre, at which point we cant' correlate a MAC to a name. Setting the sysctls in the helper provides a useful synchronization point where we know that our interfaces have a lease and a more stable name. This helper is called when setting up new interfaces (static and DHCP) and when DHCP leases are renewed.A simple example of using MAC, also described in the documentation:
Testing done:
For each of the tests below, I made sure
/etc/resolv.confwas properly written, current_ip existed, and eitherprimary_interfaceorprimary_mac_addresshad been written. Also verified the sysctls were set properly for the primary interface.aws-k8s-1.22node without any customization - it joins the cluster and runs pods just fine.aws-k8s-1.22node into an IPv6-enabled EKS cluster and ensure the node receives an ipv6 address (validating the IPv6 sysctlaccept_rais still working)metal-devvariant using MAC address to set up the primary interface for DHCP. Also tested using MAC address with a statically configured setup.Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.