1. 03 Jul, 2022 1 commit
  2. 30 Jun, 2022 11 commits
  3. 29 Jun, 2022 1 commit
    • Thomas Haller's avatar
      all: make "ipv6.addr-gen-mode" configurable by global default · e6a33c04
      Thomas Haller authored
      It can be useful to choose a different "ipv6.addr-gen-mode". And it can be
      useful to override the default for a set of profiles.
      
      For example, in cloud or in a data center, stable-privacy might not be
      the best choice. Add a mechanism to override the default via global defaults
      in NetworkManager.conf:
      
        # /etc/NetworkManager/conf.d/90-ipv6-addr-gen-mode-override.conf
        [connection-90-ipv6-addr-gen-mode-override]
        match-device=type:ethernet
        ipv6.addr-gen-mode=0
      
      "ipv6.addr-gen-mode" is a special property, because its default depends on
      the component that configures the profile.
      
      - when read from disk (keyfile and ifcfg-rh), a missing addr-gen-mode
        key means to default to "eui64".
      - when configured via D-Bus, a missing addr-gen-mode property means to
        default to "stable-privacy".
      - libnm's ip6-config::addr-gen-mode property defaults to
        "stable-privacy".
      - when some tool creates a profile, they either can explicitly
        set the mode, or they get the default of the underlying mechanisms
        above.
      
        - nm-initrd-generator explicitly sets "eui64" for profiles it creates.
        - nmcli doesn' explicitly set it, but inherits the default form
          libnm's ip6-config::addr-gen-mode.
        - when NM creates a auto-default-connection for ethernet ("Wired connection 1"),
          it inherits the default from libnm's ip6-config::addr-gen-mode.
      
      Global connection defaults only take effect when the per-profile
      value is set to a special default/unset value. To account for the
      different cases above, we add two such special values: "default" and
      "default-or-eui64". That's something we didn't do before, but it seams
      useful and easy to understand.
      
      Also, this neatly expresses the current behaviors we already have. E.g.
      if you don't specify the "addr-gen-mode" in a keyfile, "default-or-eui64"
      is a pretty clear thing.
      
      Note that usually we cannot change default values, in particular not for
      libnm's properties. That is because we don't serialize the default
      values to D-Bus/keyfile, so if we change the default, we change
      behavior. Here we change from "stable-privacy" to "default" and
      from "eui64" to "default-or-eui64". That means, the user only experiences
      a change in behavior, if they have a ".conf" file that overrides the default.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1743161
      https://bugzilla.redhat.com/show_bug.cgi?id=2082682
      
      See-also: https://github.com/coreos/fedora-coreos-tracker/issues/907
      
      !1213
      e6a33c04
  4. 27 Jun, 2022 27 commits