Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate GitLab and NixOS runners from iptables to nftables #384

Closed
emmacasolin opened this issue Jun 14, 2022 · 1 comment
Closed

Migrate GitLab and NixOS runners from iptables to nftables #384

emmacasolin opened this issue Jun 14, 2022 · 1 comment
Labels
development Standard development r&d:polykey:core activity 4 End to End Networking behind Consumer NAT Devices

Comments

@emmacasolin
Copy link
Contributor

Specification

Once the GitLab runner supports nftables we should migrate our iptables usage over to nftables. There are many reasons for doing this, including:

  • iptables is becoming obsolete and is being replaced with nftables
  • nftables is more customisable and has more options than iptables
  • iptables uses a lock (xtables.lock) that is not restricted to individual namespaces (we've had problems with this in the past) - nftables doesn't use thisover xtables.lock so this can be removed

We already have nftables equivalents of the commands we're using in our NAT utils. They can be found here in our wiki: https://github.com/MatrixAI/js-polykey/wiki/nat-traversal#nat-traversal-testing

Additional context

Tasks

  1. Change GitLab runner image from iptables-legacy to nftables
  2. Change NAT utils to use nft commands instead of iptables commands
  3. Remove xtables.lock temp fixes from GitLab runner
  4. Update the describeIf and testIf usage in the NAT tests to check for the existance of the nft command rather than the iptables command
@emmacasolin emmacasolin added the development Standard development label Jun 14, 2022
@emmacasolin emmacasolin mentioned this issue Jun 14, 2022
Merged
11 tasks
@CMCDragonkai
Copy link
Member

CMCDragonkai commented Aug 13, 2024
edited
Loading

@brynblack

The runner right now has changed to using github: https://github.com/MatrixAI/Orchestrator/blob/3efc19346792e4510a0a7de89c84837251c6a127/flake.nix#L28-L59.

This https://github.com/MatrixAI/gitlab-runner-docker has now been archived. And I'll delete gitlab-runner-nix as it's not relevant yet.

Furthermore - I believe we stopped doing NAT testing inside a single-repo because it was too flaky and difficult, but instead this will now be done as part of https://github.com/MatrixAI/Polykey-Simulation... but again I think that may all be rolled into the Orchestrator/Mainnet/Testnet work. MatrixAI/Polykey-CLI#37 (comment)

In that case, this issue is no longer relevant, as no iptables/nftables is involved in single-repo testing anymore.

@CMCDragonkai CMCDragonkai closed this as not planned Won't fix, can't repro, duplicate, stale Aug 13, 2024
@CMCDragonkai CMCDragonkai added the r&d:polykey:core activity 4 End to End Networking behind Consumer NAT Devices label Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
development Standard development r&d:polykey:core activity 4 End to End Networking behind Consumer NAT Devices
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CMCDragonkai @emmacasolin