~slyon/netplan/+git/ubuntu:slyon/0100-release

Branch merges

Propose for merging

Merged into ~ubuntu-core-dev/netplan/+git/ubuntu:ubuntu/master at revision 7236ab1317fe4ed54d125fa4fe7130ab2af044ed

Łukasz Zemczak: Approve on 2020-09-04

Diff: 8854 lines (+5784/-592)

51 files modified

Makefile (+3/-2)
debian/changelog (+31/-0)
debian/control (+1/-0)
debian/libnetplan0.symbols (+7/-0)
debian/patches/series (+0/-5)
debian/tests/control (+15/-0)
dev/null (+0/-79)
doc/netplan.md (+298/-74)
examples/sriov.yaml (+14/-0)
examples/sriov_vlan.yaml (+18/-0)
examples/static.yaml (+2/-2)
netplan/cli/commands/apply.py (+91/-17)
netplan/cli/commands/try_command.py (+2/-2)
netplan/cli/ovs.py (+168/-0)
netplan/cli/sriov.py (+32/-18)
netplan/cli/utils.py (+32/-0)
netplan/configmanager.py (+32/-0)
src/generate.c (+14/-2)
src/networkd.c (+114/-32)
src/networkd.h (+2/-0)
src/nm.c (+109/-26)
src/openvswitch.c (+484/-0)
src/openvswitch.h (+24/-0)
src/parse.c (+763/-241)
src/parse.h (+56/-4)
src/sriov.c (+40/-0)
src/sriov.h (+21/-0)
src/util.c (+29/-0)
src/util.h (+6/-2)
src/validation.c (+155/-10)
src/validation.h (+3/-0)
tests/generator/base.py (+54/-0)
tests/generator/test_args.py (+18/-4)
tests/generator/test_bonds.py (+42/-0)
tests/generator/test_common.py (+194/-1)
tests/generator/test_errors.py (+69/-1)
tests/generator/test_ethernets.py (+23/-7)
tests/generator/test_ovs.py (+1021/-0)
tests/generator/test_routing.py (+145/-17)
tests/generator/test_tunnels.py (+477/-5)
tests/generator/test_wifis.py (+143/-0)
tests/integration/base.py (+6/-4)
tests/integration/ethernets.py (+38/-0)
tests/integration/ovs.py (+559/-0)
tests/integration/routing.py (+76/-21)
tests/integration/tunnels.py (+71/-0)
tests/test_configmanager.py (+21/-0)
tests/test_ovs.py (+129/-0)
tests/test_sriov.py (+55/-12)
tests/test_utils.py (+73/-0)
tests/validate_docs.sh (+4/-4)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

7236ab1... by Lukas Märdian on 2020-09-03

Update build-depends

fd0e525... by Lukas Märdian on 2020-09-03

Update symbols file

ccea403... by Lukas Märdian on 2020-09-03

Merge branch 'slyon/ovs-wireguard-100' into debian/master

42648ba... by Lukas Märdian on 2020-09-03

Merge branch 'ubuntu/master' into debian/master

9001f0a... by Lukas Märdian on 2020-09-03

New upstream version 0.100

b7d32ae... by Lukas Märdian on 2020-09-03

tests: improve tunnels integration test, to make it non-flaky

2c3853f... by Lukas Märdian on 2020-09-03

d/changelog: Update for upstream changes

5c688e3... by Alexander Sabourenkov <email address hidden> on 2020-09-03

Add wireguard support, take two. (#113)

Adds WireGuard support.

Rework of PR#82

Changes:

l2tp and dummy support split off
multiple peer support
full code coverage

Schema example:
    tunnels:
        wg0:
            mode: wireguard
     key: mNb7OIIXTdgW4khM7OFlzJ+UPs7lmcWHV7xjPgakMkQ=
     port: 123
     mark: 42
            peers:
                - keys:
                      public: rlbInAj0qV69CysWPQY7KEBnKxpYCpaWqOs/dLevdWc=
                  allowed-ips: [0.0.0.0/0, "2001:fe:ad:de:ad:be:ef:1/24"]
                  keepalive: 23
                  endpoint: 1.2.3.4:5
                - keys:
                      public: M9nt4YujIOmNrRmpIRTmYSfMdrpvE7u6WkG8FY8WjG4=
                      shared: /some/shared.key
                  allowed-ips: [10.10.10.20/24]
                  keepalive: 22
                  endpoint: 5.4.3.2:1

Commits:
* Add wireguard support.
* remove stray assertion
* properly terminate wireguard_peer_handlers
* Switch from underscores to hyphens
* test_tunnels.py: fix formatting to make the linter happy
* doc: add settings version
* validate_docs: avoid special case for 'peers' as it is actually documented
* cleanup formatting
* Rename wireguard_peer struct to NetplanWireguardPeer
* refactor process_wireguard_peer and wireguard_peers GArray
* change mini-switch to if/else, cleanup
* parse: Refactor handle_generic_addresses function, to make it reusable
* parse: fix duplicate IP4/IP6 after multiple passes
* Wireguard: no dupe IPs/Peers on multi pass parsing, fix coverage
* Wireguard: Fix FwMark= / FirewallMark= networkd setting
* WireguardPeer: rename endpoint -> peer, keep endpoint alias
* Wireguard: rename listen-port -> port
* Wireguard:doc: add example for 'sequence of mappings'
* Wireguard: combine private-key and private-key-file fields
* Wireguard: combine preshared-key & preshared-key-file -> shared-key
* WG: rename fwmark->mark
* parse: refactor ip_rule/route handlers to make use of generic guint handler
* NM: initial draft to add wireguard support
* WG: re-use 'key' property instead of 'private-key', avoid extra 'wireguard' struct
* WG:nm: keepalive, consolidate tests, coverage
* WG: initial integration test
* WG: auto-detect base64 keys vs key-files
* WG: base64 keys are now auto-detected
* WG: finalize integration test
* parse: some cleanup
* WG: re-use key/keys stanza for wireguard peer keys
* WG: big refactoring to merge peers: into routes:
* WG: cleanup & edge cases
* doc: update wireguard keys documentation with backend dependencies
* doc: fix typo in wg tunnel key
* parse: keep validating the ip family of to/from/via routes
* Revert "WG: big refactoring to merge peers: into routes:"
This reverts commit d7c2788050ba56f777e6f1e2a527f667182d1a1e.

It changes back to the "classic" wireguard.peers tunnel format:

    tunnels:
        wg0:
            mode: wireguard
     key: mNb7OIIXTdgW4khM7OFlzJ+UPs7lmcWHV7xjPgakMkQ=
            peers:
                - key: rlbInAj0qV69CysWPQY7KEBnKxpYCpaWqOs/dLevdWc=
                  allowed-ips: [0.0.0.0/0, "2001:fe:ad:de:ad:be:ef:1/24"]
                  keepalive: 23
                  endpoint: 1.2.3.4:5
                - keys:
                      public: M9nt4YujIOmNrRmpIRTmYSfMdrpvE7u6WkG8FY8WjG4=
                      shared: /some/shared.key
                  allowed-ips: [10.10.10.20/24]
                  keepalive: 22
                  endpoint: 5.4.3.2:1
* Some cleanup
* Avoid duplicate key/keys settings inside wireguard-peers
* More cleanup

Co-authored-by: Lukas Märdian <email address hidden>

ee50582... by Lukas Märdian on 2020-08-31

Implement ipv6-address-token-id key (LP: #1737976) (#161)

This allows to statically configure the IPv6 host ID (low 64 bits) when auto-generated IPv6 addressing is used (i.e. DHCPv6 stateless, SLAAC).

It introduces one new YAML key in the schema: ipv6-address-token-id.

Fixes LP: #1737976

Commits:
* Implement ipv6-address-token-id key (LP: #1737976)
* Add integration tests for ipv6-address-token-id
* networkd: update comment about stable-privacy ipv6-address-generation-mode
This is being implemented for any prefix in systemd PR#16618:
https://github.com/systemd/systemd/pull/16618
* rename ipv6-address-token from ipv6-address-token-id
* avoid unrelated whitespace changes

Co-authored-by: Łukasz Zemczak <email address hidden>

fd750e2... by Łukasz Zemczak on 2020-08-31

Openvswitch support (LP: #1728134) (#154)

Finally merge the work-in-progress OpenVSwitch support branch to master. Currently the branch should be feature-complete as per the initial specification, meaning we support:

 * OVS bridges
 * OVS bonds
 * OVS patch ports
 * Custom settings like SSL config, other-config, external-ids etc.
 * Fake VLAN bridges

This version also attempts to do smart cleanup of the configuration, removing no-longer relevant configuration on every netplan apply or system reboot.

Co-authored-by: Lukas Maerdian <email address hidden>