Re: Bridges and Keyfiles

[Dan Williams <dcbw redhat com>]

On Wed, 2014-03-26 at 18:25 -0500, Justin Brown wrote:
> Dan,
>
> Yep, I figured out that was the problem just an hour ago. I'm also
> going to do some work on fleshing out those Fedora wiki pages, too.
>
> One thing that I don't understand from
> https://developer.gnome.org/NetworkManager/unstable/ref-settings.html#idp7510624
> is what a "bridge-port" is. Is it an interface on a bridge? This seems

Exactly.

> like it could be a more natural configuration for this setup (possibly
> named bridge-interface if bridge-port is something different):

I think you got it right.

"Bridge interface" would typically mean the *master* like br0 or virbr0,
since this is a kernel network interface like any other.  The term
"port" is used in the kernel to refer to the other network interfaces
that you attach, which the bridge actually moves packets between.  NM
mostly follows kernel notation here.

If you run "brctl show <ifname>", whatever it says for "interfaces" is a
bridge port:

$ brctl show virbr0
bridge name     bridge id               STP enabled     interfaces
virbr0          8000.525400742c1a       yes             virbr0-nic

and anything you add/remove with "brctl addif" or "brctl delif" is a
bridge port.

If you've got suggestions on how to clarify ref-settings.html, most
certainly send them along!  Having you read it and tell us what's
confusing is most useful.

Thanks,
Dan

> [connection]
> id=vlan3
> uuid=5aa46e95-8c37-45f1-b683-8b0268818189
>
> [bridge-port]
> parent=vmbr0
>
> [vlan]
> parent=p118p1
> id=3
> interface-name=vlan3
>
> [ipv4]
> method=disabled
>
> [ipv6]
> method=ignore
>
> I haven't looked through the NM code in quite some time, but I'm
> wondering if connection->type is actually necessary. It seems like the
> connection section should only consist of identification information,
> leaving all of the configuration to other sections.
>
> Thanks,
> Justin
>
> On Wed, Mar 26, 2014 at 6:14 PM, Dan Williams <dcbw redhat com> wrote:
> > On Wed, 2014-03-26 at 15:50 -0500, Dan Williams wrote:
> > > On Tue, 2014-03-25 at 22:33 -0500, Justin Brown wrote:
> > > > Pomo,
> > > >
> > > > > address1=192.168.2.41/24,192.168.2.1
> > > >
> > > > Awesome, thanks. That works perfectly. It would be nice if the
> > > > documentation reflected that. Currently, it reads like it's an array
> > > > of three values separated by semicolons. There's no references that
> > > > the subnet should use a slash. Also, it's very unclear that the
> > > > parameter is called "address#" and that it should be numbered, let
> > > > alone singular (i.e. not addresses1).
> > >
> > > You are entirely correct, and the keyfile plugin needs much better
> > > documentation. That said, we have been trying to consistently enhance
> > > the syntax to be more natural.  It used to be
> > > "192.168.2.41;24;192.168.2.1" :)
> > >
> > > > Do you have any idea on how "master" should be specified on a vlan
> > > > interface? I still don't know how to add that interface to the bridge.
> > >
> > > master would point to the master interface of which the vlan is a
> > > port/slave, so that would be the bridge I think.
> > >
> > > parent would be the physical interface which the vlan is using, which
> > > would be p118p1.
> > >
> > > > Here's my current configs:
> > > >
> > > > [connection]
> > > > id=p118p1
> > > > uuid=8b639214-5806-4135-8e0a-d243f88e562c
> > > > type=802-3-ethernet
> > > >
> > > > [802-3-ethernet]
> > > > mac-address=bc:5f:f4:00:2a:0a
> > > >
> > > > [ipv4]
> > > > method=disabled
> > > >
> > > > [ipv6]
> > > > method=ignore
> > >
> > > Hmm, if there's no actual configuration for p118p1 then I don't think
> > > you even need to define a config for it at all.  NM should be able to
> > > handle the VLAN interface separately from the parent.
> > >
> > > > #####################
> > > >
> > > >
> > > > [connection]
> > > > # VM
> > > > id=vlan3
> > > > uuid=5aa46e95-8c37-45f1-b683-8b0268818189
> > > > type=vlan
> > > > master=8b639214-5806-4135-8e0a-d243f88e562c
> > >
> > > Hmm, the 'master' here is pointing to the p118p1 connection, so there's
> >
> > Hmm, I guess I like saying "hmm" a lot.  Anyway...
> >
> > While testing your configuration out with NM git master, I realized that
> > you also want:
> >
> > slave-type=bridge
> >
> > to ensure that the type of master that vlan3 uses is unambiguous.
> > NetworkManager also allows interface names for the 'master' property,
> > and when an interface name is used, you cannot conclusively determine
> > the type of slave that vlan3 will be.  The master interface may not be
> > created yet, and you can have the same interface name (eg "foobar") be
> > used for bridges/bonds/team/whatever, of course not at the same time.
> >
> > So slave-type is required for slave connections.
> >
> > Once I did that, your configuration (without the p118p1 connection,
> > which is not required) worked correctly for me.  The vlan3 interface was
> > created, and vmbr0 was created, and vlan3 was correctly moved to be a
> > bridge port of vmbr0.  vmbr0 was also assigned the correct IP address.
> >
> > So assuming that these changes also work for you, this shows us that:
> >
> > 1) we need much better documentation of the 'keyfile' format
> >
> > 2) we need to add some examples to
> > src/settings/plugins/keyfile/tests/keyfiles/ to show how things should
> > be done, which documentation doesn't always clarify.  I've done that
> > with your connection files here:
> >
> > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=dcbw/slave-fixes&id=c575c39ff868de698a44cb0397eff9cba50633eb
> >
> > If these changes don't work, please grab the log files and we'll drill
> > down to the problem.  It may be a problem with the specific NM snapshot
> > that's used in F20, which we may have fixed upstream already.  If so,
> > then we'll want the log files so we can pinpoint and backport the
> > necessary fix to F20.
> >
> > Thanks!
> > Dan
> >
> > > no link between the vlan3 and the bridge at all.  I think you want
> > > master=105acc55-5bbf-483f-95fe-a9d86a0284f2 here instead, which says
> > > that the master interface of this interface is the bridge.  eg it makes
> > > vlan3 a port of vmbr0.
> > >
> > > (side-note: bonding is the same; the slave sets master to the bond
> > > interface)
> > >
> > > > [vlan]
> > > > parent=p118p1
> > > > id=3
> > > > interface-name=vlan3
> > > >
> > > > [ipv4]
> > > > method=disabled
> > > >
> > > > [ipv6]
> > > > method=ignore
> > > >
> > > > ########################
> > > >
> > > > [connection]
> > > > id=vmbr0
> > > > interface-name=vmbr0
> > > > uuid=105acc55-5bbf-483f-95fe-a9d86a0284f2
> > > > type=bridge
> > > >
> > > > [bridge]
> > > > interface-name=vmbr0
> > > > stp=false
> > > >
> > > > [ipv4]
> > > > method=manual
> > > > address1=10.3.1.1/24;0.0.0.0
> > > >
> > > > [ipv6]
> > > > method=ignore
> > >
> > > The rest looks good.  If my suggestions fail for some reason, can you
> > > include /var/log/messages output so we can debug it further?
> > >
> > > Thanks!
> > > Dan
> > >
> > > > Thanks,
> > > > Justin
> > > >
> > > > On Tue, Mar 25, 2014 at 10:09 PM, poma <pomidorabelisima gmail com> wrote:
> > > > > # NetworkManager --version
> > > > > 0.9.9.1-4.git20140319.fc20
> > > > >
> > > > > Bridge Static:
> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > >
> > > > > /etc/NetworkManager/conf.d/keyfile-plugin.conf:
> > > > > [main]
> > > > > plugins=keyfile
> > > > >
> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > >
> > > > > /etc/NetworkManager/system-connections/bridge0static:
> > > > > [connection]
> > > > > id=bridge0static
> > > > > uuid=833faff7-cbbf-4567-be6c-8d215387ab8b
> > > > > interface-name=bridge0
> > > > > type=bridge
> > > > >
> > > > > [ipv6]
> > > > > method=ignore
> > > > >
> > > > > [ipv4]
> > > > > method=manual
> > > > > dns=192.168.2.1;
> > > > > address1=192.168.2.41/24,192.168.2.1
> > > > >
> > > > > [bridge]
> > > > > interface-name=bridge0
> > > > > stp=false
> > > > >
> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > >
> > > > > /etc/NetworkManager/system-connections/base0enp3s0:
> > > > > [ethernet]
> > > > > duplex=full
> > > > > mac-address=00:12:34:56:78:30
> > > > >
> > > > > [connection]
> > > > > id=base0enp3s0
> > > > > uuid=9e0fafbb-5881-41ba-ab47-98c2f0700915
> > > > > type=ethernet
> > > > > master=833faff7-cbbf-4567-be6c-8d215387ab8b
> > > > > slave-type=bridge
> > > > >
> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > > >
> > > > > $ nmcli device
> > > > > DEVICE   TYPE      STATE         CONNECTION
> > > > > bridge0  bridge    connected     bridge0static
> > > > > enp3s0   ethernet  connected     base0enp3s0
> > > > >
> > > > > $ nmcli connection
> > > > > NAME           UUID                                  TYPE
> > > > > DEVICE
> > > > > bridge0static  833faff7-cbbf-4567-be6c-8d215387ab8b  bridge
> > > > > bridge0
> > > > > base0enp3s0    9e0fafbb-5881-41ba-ab47-98c2f0700915  802-3-ethernet
> > > > > enp3s0
> > > > >
> > > > > $ brctl show
> > > > > bridge name     bridge id               STP enabled     interfaces
> > > > > bridge0         8000.001234567830       no              enp3s0
> > > > >
> > > > >
> > > > > poma
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > networkmanager-list mailing list
> > > > > networkmanager-list gnome org
> > > > > https://mail.gnome.org/mailman/listinfo/networkmanager-list
> > > > _______________________________________________
> > > > networkmanager-list mailing list
> > > > networkmanager-list gnome org
> > > > https://mail.gnome.org/mailman/listinfo/networkmanager-list
> > >
> > >
> > > _______________________________________________
> > > networkmanager-list mailing list
> > > networkmanager-list gnome org
> > > https://mail.gnome.org/mailman/listinfo/networkmanager-list