network-interfaces service: fix bindsTo deps for masters

Previously, netdev units for network interfaces defined in the nixos configurations would bindTo the systemd device unit of the interface if not in a container. In situations where you switch to a new nixos configration with changes to network-setup.service (like nameservers) and have stacked interfaces like vlans on a bond, it would fail to propagate restarts to the netdevs correctly resulting with broken networking. The bond would be present but no vlan interfaces rendering the machine unreachable. My fear is that the udev events fail to propagate correctly while a systemd transaction that is also restarting the triggered netdev service is running. This commit changes this behaviour so netdev services bindTo other netdev services if present and otherwise fall back to the previous behaviour. We also noticed that stacked interfaces would sometimes seemingly be stopped in the wrong order. For instance in the above example, the bond interface would be deleted before the vlan interfaces resulting in the vlan interfaces not being present when their service is being stopped. This would cause the systemd transaction to fail and thus break networking. Their postStop hooks are now allowed to fail as we have reached the desired state.
2017-02-09 23:08:48 +01:00 · 2017-02-09 23:08:48 +01:00 · 76a3c30471
commit 76a3c30471
parent f5a82e4714
1 changed files with 15 additions and 19 deletions
--- a/nixos/modules/tasks/network-interfaces-scripted.nix
+++ b/nixos/modules/tasks/network-interfaces-scripted.nix
@ -47,21 +47,17 @@ in
      let
        deviceDependency = dev:
-          if (config.boot.isContainer == false)
+          # Use systemd service if we manage device creation, else
-          then
+          # trust udev when not in a container
-            # Trust udev when not in the container
+          if (hasAttr dev cfg.bridges) ||
-            optional (dev != null) (subsystemDevice dev)
+             (hasAttr dev cfg.bonds) ||
-          else
+             (hasAttr dev cfg.macvlans) ||
-            # When in the container, check whether the interface is built from other definitions
+             (hasAttr dev cfg.sits) ||
-            if (hasAttr dev cfg.bridges) ||
+             (hasAttr dev cfg.vlans) ||
-               (hasAttr dev cfg.bonds) ||
+             (hasAttr dev cfg.vswitches) ||
-               (hasAttr dev cfg.macvlans) ||
+             (hasAttr dev cfg.wlanInterfaces)
-               (hasAttr dev cfg.sits) ||
+          then [ "${dev}-netdev.service" ]
-               (hasAttr dev cfg.vlans) ||
+          else optional (dev != null && !config.boot.isContainer) (subsystemDevice dev);
               (hasAttr dev cfg.vswitches) ||
               (hasAttr dev cfg.wlanInterfaces)
            then [ "${dev}-netdev.service" ]
            else [];
        networkLocalCommands = {
          after = [ "network-setup.service" ];
@ -198,7 +194,7 @@ in
              user "${i.virtualOwner}"
            '';
            postStop = ''
-              ip link del ${i.name}
+              ip link del ${i.name} || true
            '';
          };
@ -335,7 +331,7 @@ in
              ip link set "${n}" up
            '';
            postStop = ''
-              ip link delete "${n}"
+              ip link delete "${n}" || true
            '';
          });
@ -363,7 +359,7 @@ in
              ip link set "${n}" up
            '';
            postStop = ''
-              ip link delete "${n}"
+              ip link delete "${n}" || true
            '';
          });
@ -387,7 +383,7 @@ in
              ip link set "${n}" up
            '';
            postStop = ''
-              ip link delete "${n}"
+              ip link delete "${n}" || true
            '';
          });