NM was requiring that bond slaves have either no IP config or an
explicit "none"/"disabled" config. But the system scripts just ignore
any IP config that is present on a slave, so change NM to do that too
(but warn about it).
https://bugzilla.redhat.com/show_bug.cgi?id=838907
When the last character of the PSK was a backslash and the whole PSK was
enclosed in single quotes, the unquoting/unescaping code mistakenly took
trailing \' as an escaped quote and thus changed \ to '.
See also 79757f10f3 (that introduced the code).
Single quotes ensure we don't break initscripts (bash processing) when the
string contains special characters. Special handling is necessary for single
quotes characters. They have to be escaped and the whole string has to be
prepended with '$' character so that bash is happy.
This change also filters out CR and LF characters as they break WPA_PSK
variable and could pose security issues.
"InfiniBand" has a capital "B". Fix that everywhere it's being used as
a human-readable string.
In particular, the RH initscripts recognize "TYPE=infiniband" and
"TYPE=InfiniBand", but not "TYPE=Infiniband", which is what we were
writing before.
Add some testcases checking for DEVICE/PHYSDEV/VLAN_ID variations,
and read/write the new VLAN_ID tag, which we can use in
combination with the 'parent' property to determine the interface
name if no interface name/DEVICE is given.
For bonding-master:
TYPE=bond
BONDING_MASTER=yes
DEVICE=<NAME>
BONDING_OPTS="..."
For bonding-slaves:
MASTER=<NAME>
v2: Resolved test failures after feedback from Jirka.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
add write_vlan_setting() and modify test-ifcfg-rh.c to test it.
Signed-off-by: Weiping Pan <wpan@redhat.com>
(updates by dcbw for changes made to original patch series)
The example of ifcfg-vlan is as followed:
VLAN=yes
TYPE=Vlan
DEVICE=vlan43 or "DEVICE=eth9.43"
PHYSDEV=eth9
REORDER_HDR=0
VLAN_FLAGS=GVRP,LOOSE_BINDING
VLAN_INGRESS_PRIORITY_MAP=0:1,2:5
VLAN_EGRESS_PRIORITY_MAP=12:3,14:7
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.43.149
NETMASK=255.255.255.0
And we try to make it compitable with the format used by initscripts,
and there is no need to change anything in ifcfg-eth9.
Signed-off-by: Weiping Pan <wpan@redhat.com>
(dcbw: complete VLAN testcase)
Removes all bonding options properties and adds a "options" dict to hold
them all. Accessible via accessor functions. ifcfg interface is
unchanged.
Signed-off-by: Thomas Graf <tgraf@redhat.com>
When connection was changed with the editor from WPA to WEP, KEY_MGMT was
not cleared. This resulted in infinite loop of ifcfg plugin under some
circumstances ("Available to all users" unchecked, I think).
The re-read connection was regarded as WPA and thus it differed from the
stored one.
IPV6_FAILURE_FATAL is now read and defaults to TRUE for ifcfg files
even if IPv6 is turned off. That means that if we write a connection
for which NM_SETTING_IP6_CONFIG_MAY_FAIL is FALSE but IPv6 is disabled,
ifcfg-rh won't write out IPV6_FAILURE_FATAL (because IPv6 is disabled
so why bother writing out IPv6-related settings) but on re-read it will
treat the absence of IPV6_FAILURE_FATAL as TRUE/yes. This leads to
a mismatch between the connection that was written out (which will
have NM_SETTING_IP6_CONFIG_MAY_FAIL=FALSE and no IPV6_FAILURE_FATAL)
and the re-read connection (which will have
NM_SETTING_IP6_CONFIG_MAY_FAIL=TRUE since a missing IPV6_FAILURE_FATAL
is treated as NM_SETTING_IP6_CONFIG_MAY_FAIL=TRUE).
These are distinct from old-school LEAP (ie, Network EAP) in that
they are standard Dynamic WEP with LEAP as an EAP method and use
open-system authentication. Old LEAP uses the non-standard LEAP
authentication algorithm. The config for each is different and thus
we need to make sure we handle both cases.
Timestamps are no longer written to the connection file itself, but
are kept in a lookaside file in /var to allow for read-only or
stateless /etc and to ease system administration and deployment.
Some adjustments need to be made to read and write secret flags, and
to ensure that connections that don't have system-owned secrets are
still parsed as expected. testcases for 802.1x connections to come
shortly.
