Hacker News new | ask | show | jobs
by amluto 950 days ago
Hopefully netplan sucks less by then?

Seriously, current versions are barely usable, and I don’t think I’m doing anything particularly hard. Want to verify your config before committing to it? Nope. Want to delete a vlan? Not happening without bypassing netplan. Want to bring up a vlan on an interface with a long name (which is the default on a fresh Ubuntu install with a NIC in a PCIe slot)? Netplan will accept the configuration, but it won’t work, and you’ll have to do quite a bit of digging to find out why your vlan doesn’t exist as far as the kernel is concerned.

The latter one is nasty if you upgrade Ubuntu on a system where the management interface is on a vlan.
5 comments
nik736 950 days ago
You can verify your config with netplan-try. This works fairly well for me with the timeout feature. Additionally you could write a bash script that basically replaces the netplan config to the old state when the machine is no longer able to ping (or similar).

There is a -state parameter for netplan apply which allows deleting VLANs, which has worked for me every time so far. What's the exact issue?

I never ran into your last issue, so I can't comment on that.

link
amluto 950 days ago
Huh, nifty, sort of.

But I think this whole model is wrong. For as long as I'm aware, every serious network config system (at least Cisco IOS and everything that came after) has it right: there is a live configuration and a saved configuration. You can edit the live configuration, and you can commit to the saved configuration.

So with netplan try, you edit the configuration, hope you don't crash or otherwise reboot, run netplan try, and hope it succeeds in rolling back on failure. That's a lot of hoping. With old IOS, you would just not do 'write memory' until you get the configuration right.

Similarly, netplan apply -state relies on the user to do some horrible manual shuffling of configuration. An IOS-like solution would make this automatic.

In the context of netplan, this could be quite straightforward. Instead of just /etc/netplan, there would be:

/etc/netplan: The configuration to be loaded at boot.

/var/run/netplan-live: The configuration that was most recently applied. NOTHING EXCEPT THE NETPLAN TOOLING EDITS THIS.

/tmp/whatever (or any other path): configuration that the administrator wants to test.

To use it, the admin could stage their configuration anywhere they want and netplan apply it. Then netplan commit would commit the running configuration to /etc/netplan. -state is automatic: it's in /var/run/netplan-live.

re: the last issue, one of my servers has a NIC with a name like eno12345np1. On that physical link is a vlan with tag 1234. This gives a name like "eno12345np1.1234". That plus the trailing NULL is 17 bytes, which is too long. Now this isn't strictly netplan's fault (although eno12345np1 really is excessive IMO), but the fact that netplan can't intelligently handle this or at least notice when I do netplan apply is fairly sad.

link
goalieca 950 days ago
Netplan has oversimplified things to cater only to the simplest of topologies. The schema seems unable to capture the richness and modularity of actual networking technologies.
link
linsomniac 950 days ago
If by "only the simplest of topologies" you mean: 4 physical interfaces, bonded with active/backup failover and mii-monitoring, and 20 VLANs, turning off IPv6 on my public interface...

Honestly, I really like netplan, been using it for all my systems for ~5 years now.

link
smivan 950 days ago
What sort of topologies are you attempting?

I was able to set up fiber link aggregation with triple NICs and a custom VLAN and MTU with no issues. It supports bridges and child interfaces just fine.

Can you share your details?

link
Avamander 950 days ago
I've achieved more reliable and reproducible complex setups with netplan than any hodgepodge of ifupdown scripts has ever done for me. Which topologies does it not work for?
link
nik736 950 days ago
Examples?
link
mike_d 950 days ago
Linux allows you to bind a subnet of addresses to an interface so that an application can listen on them. The netplan syntax is poorly thought out and overloads the CIDR notation to specify both the IP and netmask, so it is impossible to specify more than a single address.

I use this functionality in production for high availability configurations and effectively have to have a cron job to use 'ip' directly to fix things up.

link
ainar-g 950 days ago
I was hoping that Canonical has higher standards when it comes to server software, as opposed to something like Snapcraft, but reading this makes me think that maybe they both were developed by the same team.
link
loloquwowndueo 950 days ago
They were not developed by the same team.

Source : I’m a former Canonical employee.

link
freedomben 950 days ago
Snapcraft is very much a thing on Ubuntu Server as well. It will "remind" you of that often when interfacing with apt
link
hotpotamus 950 days ago
> Want to verify your config before committing to it?

I really like "netplan try" actually. Maybe not exactly the same thing, but it has saved me once or twice.

link
Thaxll 950 days ago
Good luck configuring wifi without netplan. Netplan is ok.
link
vetinari 950 days ago
Trivially with NetworkManager, which is there anyway.
link
Izkata 950 days ago
In my new laptop setup script:

  nmcli device wifi connect "$WIFI_NETWORK" password "$WIFI_PASSWORD" name "$WIFI_NETWORK"
link
ta1243 950 days ago
Why would my VMs or my hardware have wifi?

My laptop sure, but I have network manager on a gui for that. My netplan config on my laptop is literally

  # Let NetworkManager manage all devices on this system
  network:
    version: 2
    renderer: NetworkManager
link
averageRoyalty 950 days ago
What's wrong with wpa_supplicant.conf and ifup?
link