All network interface now use "-netdev.service" units, even if they have underlying physical devices and were previously depending on systemd device units. This proved to be unreliable when trying to transform systems between complex configuration states without requiring a reboot and ended up in undefined states.
We need to be careful changing upstream code. This is 21.05 and will need to be redone on 24.05 or whenever we update.
I was in touch with the upstream community to verify what I'm doing and the general stance is that this part of the code base (scripted networking) is not being actively maintained any longer. My understanding of the code after some hours of
analysis together with @sysvinit seams reasonably educated to perform the changes.
Security testing
Our automated tests on the platform are passing and the manual tests we did in VMs and when migration DEV and WHQ were completely successful both on boot and online reconfigurations as well as recovering from intermediate states.
All network interface now use "-netdev.service" units, even if they have underlying physical devices and were previously depending on systemd device units. This proved to be unreliable when trying to transform systems between complex configuration states without requiring a reboot and ended up in undefined states.
Includes a backport of https://github.com/NixOS/nixpkgs/pull/240295
Re PL-132441
Security requirements
We need to be careful changing upstream code. This is 21.05 and will need to be redone on 24.05 or whenever we update. I was in touch with the upstream community to verify what I'm doing and the general stance is that this part of the code base (scripted networking) is not being actively maintained any longer. My understanding of the code after some hours of analysis together with @sysvinit seams reasonably educated to perform the changes.
Security testing
Our automated tests on the platform are passing and the manual tests we did in VMs and when migration DEV and WHQ were completely successful both on boot and online reconfigurations as well as recovering from intermediate states.