feat(node): setup-networking component

ic-os/components/BUILD.bazel

@@ -60,6 +60,7 @@ ignored_repo_components = [
     "hostos-scripts/generate-guestos-config/dev-generate-guestos-config.sh",
     "networking/dev-certs/canister_http_test_ca.key",
     "networking/dev-certs/root_cert_gen.sh",
+    "networking/setup-networking/test-setup-networking.sh",
 ]
 
 check_unused_components_test(
@@ -97,3 +98,16 @@ sh_test(
     data = ["ic/generate-ic-config/ic.json5.template"],
     tags = ["manual"],
 )
+
+sh_test(
+    name = "test_setup_networking",
+    srcs = ["networking/setup-networking/test-setup-networking.sh"],
+    args = [
+        "$(execpath networking/setup-networking/setup-networking.sh)",
+        "$(execpath networking/setup-networking/99-setup-netplan.yaml.template)",
+    ],
+    data = [
+        "networking/setup-networking/99-setup-netplan.yaml.template",
+        "networking/setup-networking/setup-networking.sh",
+    ],
+)

ic-os/components/hostos.bzl

@@ -77,7 +77,9 @@ component_files = {
     Label("misc/log-config/log-config.sh"): "/opt/ic/bin/log-config.sh",
 
     # networking
-    Label("networking/generate-network-config/hostos/generate-network-config.service"): "/etc/systemd/system/generate-network-config.service",
+    Label("networking/setup-networking/setup-networking-hostos.service"): "/etc/systemd/system/setup-networking.service",
+    Label("networking/setup-networking/setup-networking.sh"): "/opt/ic/bin/setup-networking.sh",
+    Label("networking/setup-networking/99-setup-netplan.yaml.template"): "/opt/ic/share/99-setup-netplan.yaml.template",
     Label("networking/fallback.conf"): "/etc/systemd/resolved.conf.d/fallback.conf",
     Label("networking/resolv.conf"): "/etc/resolv.conf",
     Label("networking/network-tweaks.conf"): "/etc/sysctl.d/network-tweaks.conf",

ic-os/components/networking/setup-networking/99-setup-netplan.yaml.template

@@ -0,0 +1,30 @@
+network:
+  version: 2
+  renderer: networkd
+  ethernets:
+    # Interfaces will be dynamically inserted here
+  bonds:
+    bond0:
+      interfaces: [{INTERFACES}]
+      parameters:
+        mode: active-backup
+        mii-monitor-interval: 5s
+        up-delay: 500ms
+        down-delay: 500ms
+      macaddress: {MAC_ADDRESS}
+      mtu: 1500
+      optional: true
+  bridges:
+    br6:
+      interfaces: [bond0]
+      addresses: [{IPV6_ADDR}]
+      routes:
+        - to: ::/0
+          via: {IPV6_GATEWAY}
+      nameservers:
+        addresses: [2606:4700:4700::1111, 2606:4700:4700::1001, 2001:4860:4860::8888, 2001:4860:4860::8844]
+      parameters:
+        forward-delay: 0
+        stp: false
+      link-local: ["ipv6"]
+      accept-ra: no

ic-os/components/networking/setup-networking/setup-networking-hostos.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Setup networking configuration for HostOS
+After=systemd-modules-load.service
+After=systemd-udev-settle.service
+Wants=systemd-udev-settle.service
+Before=network.target network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/opt/ic/bin/setup-networking.sh HostOS
+
+[Install]
+WantedBy=multi-user.target

ic-os/components/networking/setup-networking/setup-networking-setupos.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Setup networking configuration for SetupOS
+Before=setupos.service
+Before=network.target network-online.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/opt/ic/bin/setup-networking.sh SetupOS
+
+[Install]
+WantedBy=multi-user.target

ic-os/components/networking/setup-networking/setup-networking.sh

@@ -0,0 +1,138 @@
+#!/usr/bin/env bash
+
+set -o nounset
+set -o pipefail
+
+SHELL="/bin/bash"
+PATH="${PATH}:/sbin:/bin:/usr/sbin:/usr/bin"
+
+function parse_args() {
+    if [ $# -ne 1 ]; then
+        echo "Usage: $0 <SetupOS|HostOS>"
+        exit 1
+    fi
+
+    NODE_TYPE="$1"
+    if [ "$NODE_TYPE" != "SetupOS" ] && [ "$NODE_TYPE" != "HostOS" ]; then
+        echo "Invalid node type: $NODE_TYPE"
+        exit 1
+    fi
+
+    # Allow overriding config paths via environment variables
+    if [ "$NODE_TYPE" = "SetupOS" ]; then
+        CONFIG_BASE_PATH="${CONFIG_BASE_PATH:-/var/ic/config}"
+    else
+        CONFIG_BASE_PATH="${CONFIG_BASE_PATH:-/boot/config}"
+    fi
+
+    CONFIG="${CONFIG_BASE_PATH}/config.ini"
+}
+
+function read_variables() {
+    # Read limited set of keys. Be extra-careful quoting values as it could
+    # otherwise lead to executing arbitrary shell code!
+    while IFS="=" read -r key value; do
+        case "$key" in
+            "ipv6_gateway") IPV6_GATEWAY="${value}" ;;
+        esac
+    done <"${CONFIG}"
+
+    if [ -z "$IPV6_GATEWAY" ]; then
+        echo "No IPv6 gateway found in $CONFIG."
+        exit 1
+    fi
+}
+
+function generate_addresses() {
+    echo "Generating MAC and IPv6 addresses..."
+    IC_BIN_PATH="${IC_BIN_PATH:-/opt/ic/bin}"
+
+    if [ "$NODE_TYPE" = "SetupOS" ]; then
+        MAC_ADDR=$("${IC_BIN_PATH}/setupos_tool" generate-mac-address --node-type SetupOS)
+        IPV6_ADDR=$("${IC_BIN_PATH}/setupos_tool" generate-ipv6-address --node-type SetupOS)
+    else
+        MAC_ADDR=$("${IC_BIN_PATH}/hostos_tool" generate-mac-address --node-type HostOS)
+        IPV6_ADDR=$("${IC_BIN_PATH}/hostos_tool" generate-ipv6-address --node-type HostOS)
+    fi
+
+    if [ -z "$MAC_ADDR" ] || [ -z "$IPV6_ADDR" ]; then
+        echo "Failed to generate MAC or IPv6 address."
+        exit 1
+    fi
+
+    echo "Generated MAC address: $MAC_ADDR"
+    echo "Generated IPv6 address: $IPV6_ADDR"
+}
+
+function gather_interfaces_by_speed() {
+    echo "Gathering and sorting interfaces by speed..."
+
+    SYS_NET_PATH="${SYS_NET_PATH:-/sys/class/net}"
+    INTERFACES=($(find "$SYS_NET_PATH" -type l -not -lname '*virtual*' -exec basename '{}' ';'))
+    declare -A SPEED_MAP
+
+    for IFACE in "${INTERFACES[@]}"; do
+        if [ -f "$SYS_NET_PATH/$IFACE/speed" ]; then
+            SPEED=$(cat "$SYS_NET_PATH/$IFACE/speed" 2>/dev/null || echo 0)
+        else
+            SPEED=0
+            echo "Warning: Unable to determine speed for interface $IFACE, defaulting to 0." >&2
+        fi
+        SPEED_MAP["$IFACE"]=$SPEED
+    done
+
+    # Sort interfaces by speed descending
+    SORTED_INTERFACES=$(for IFACE in "${!SPEED_MAP[@]}"; do
+        echo "${SPEED_MAP[$IFACE]} $IFACE"
+    done | sort -nrk1 | awk '{print $2}')
+
+    if [ -z "$SORTED_INTERFACES" ]; then
+        echo "No interfaces found."
+        exit 1
+    fi
+
+    INTERFACE_LIST=$(echo "$SORTED_INTERFACES" | paste -sd, -)
+    echo "Interfaces sorted by speed: $INTERFACE_LIST"
+}
+
+function configure_netplan() {
+    echo "Configuring netplan..."
+    NETPLAN_TEMPLATE_PATH="${NETPLAN_TEMPLATE_PATH:-/opt/ic/share}"
+    NETPLAN_TEMPLATE="${NETPLAN_TEMPLATE_PATH}/99-setup-netplan.yaml.template"
+    NETPLAN_RUN_PATH="${NETPLAN_RUN_PATH:-/run/netplan}"
+    NETPLAN_OUTPUT="${NETPLAN_RUN_PATH}/99-setup-netplan.yaml"
+
+    mkdir -p "$NETPLAN_RUN_PATH"
+    cp "$NETPLAN_TEMPLATE" "$NETPLAN_OUTPUT"
+
+    sed -i "s|{INTERFACES}|${INTERFACE_LIST}|g" "$NETPLAN_OUTPUT"
+    sed -i "s|{MAC_ADDRESS}|${MAC_ADDR}|g" "$NETPLAN_OUTPUT"
+    sed -i "s|{IPV6_ADDR}|${IPV6_ADDR}|g" "$NETPLAN_OUTPUT"
+    sed -i "s|{IPV6_GATEWAY}|${IPV6_GATEWAY}|g" "$NETPLAN_OUTPUT"
+
+    # Dynamically add ethernets for each interface in descending speed
+    for IFACE in $SORTED_INTERFACES; do
+        sed -i "/^  ethernets:/a \ \ \ \ $IFACE:\n      mtu: 1500\n      optional: true\n      emit-lldp: true\n" "$NETPLAN_OUTPUT"
+    done
+
+    # Fix netplan configuration file permissions to silence warnings
+    chmod 0600 "$NETPLAN_OUTPUT"
+
+    echo "Netplan configuration written to $NETPLAN_OUTPUT"
+    echo "Applying netplan..."
+    netplan generate
+    netplan apply
+    echo "Network configuration applied successfully for $NODE_TYPE."
+}
+
+function main() {
+    parse_args "$@"
+    read_variables
+    generate_addresses
+    gather_interfaces_by_speed
+    configure_netplan
+}
+
+if [ "$0" = "$BASH_SOURCE" ]; then
+    main "$@"
+fi

ic-os/components/networking/setup-networking/test-setup-networking.sh

@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+if [ $# -ne 2 ]; then
+    echo "Usage: $0 <path-to-setup-networking.sh> <path-to-99-setup-netplan.yaml.template>"
+    exit 1
+fi
+
+SETUP_SCRIPT="$1"
+TEMPLATE_FILE="$2"
+
+TEST_DIR="$(mktemp -d)"
+trap 'rm -rf "$TEST_DIR"' EXIT
+
+SHELL=/bin/bash
+
+function mock_tools() {
+    export SYS_NET_PATH="${TEST_DIR}/sys/class/net"
+    mkdir -p "${SYS_NET_PATH}"
+
+    mkdir -p "${TEST_DIR}/sys/devices/mock_devices_eth0"
+    mkdir -p "${TEST_DIR}/sys/devices/mock_devices_eth1"
+    mkdir -p "${TEST_DIR}/sys/devices/mock_devices_eth2"
+
+    ln -sf "${TEST_DIR}/sys/devices/mock_devices_eth0" "${SYS_NET_PATH}/eth0"
+    ln -sf "${TEST_DIR}/sys/devices/mock_devices_eth1" "${SYS_NET_PATH}/eth1"
+    ln -sf "${TEST_DIR}/sys/devices/mock_devices_eth2" "${SYS_NET_PATH}/eth2"
+
+    # Intentionally absent eth0/speed:
+    # echo "0" >"$SYS_NET_PATH/eth0/speed"
+
+    echo "1000" >"$SYS_NET_PATH/eth1/speed"
+    echo "2500" >"$SYS_NET_PATH/eth2/speed"
+
+    mkdir -p "${TEST_DIR}/opt/ic/bin"
+    cat >"${TEST_DIR}/opt/ic/bin/setupos_tool" <<'EOF'
+#!/bin/bash
+if [ "$1" = "generate-mac-address" ]; then
+    echo "02:00:00:aa:bb:cc"
+elif [ "$1" = "generate-ipv6-address" ]; then
+    echo "2001:db8::1234"
+fi
+EOF
+    chmod +x "${TEST_DIR}/opt/ic/bin/setupos_tool"
+
+    cat >"${TEST_DIR}/netplan" <<'EOF'
+#!/bin/bash
+if [ "$1" = "generate" ] || [ "$1" = "apply" ]; then
+    exit 0
+fi
+EOF
+    chmod +x "${TEST_DIR}/netplan"
+
+    mkdir -p "${TEST_DIR}/var/ic/config"
+    cat >"${TEST_DIR}/var/ic/config/config.ini" <<'EOF'
+ipv6_gateway=fe80::2
+EOF
+
+    mkdir -p "${TEST_DIR}/run/netplan"
+}
+
+function test_gather_interfaces_by_speed() {
+    export PATH="${TEST_DIR}:${PATH}"
+    hash -r
+
+    source "$SETUP_SCRIPT"
+    gather_interfaces_by_speed
+    local EXPECTED_INTERFACES="eth2,eth1,eth0"
+    if [ "${INTERFACE_LIST}" = "${EXPECTED_INTERFACES}" ]; then
+        echo "TEST PASSED: gather_interfaces_by_speed"
+    else
+        echo "TEST FAILED: gather_interfaces_by_speed"
+        exit 1
+    fi
+}
+
+function test_netplan_config() {
+    export PATH="${TEST_DIR}:${PATH}"
+    hash -r
+
+    CONFIG_BASE_PATH="${TEST_DIR}/var/ic/config" \
+        NETPLAN_TEMPLATE_PATH="$(dirname "$TEMPLATE_FILE")" \
+        NETPLAN_RUN_PATH="${TEST_DIR}/run/netplan" \
+        IC_BIN_PATH="${TEST_DIR}/opt/ic/bin" \
+        SHELL=/bin/bash \
+        /bin/bash "$SETUP_SCRIPT" SetupOS
+
+    local OUTPUT_FILE="${TEST_DIR}/run/netplan/99-setup-netplan.yaml"
+
+    [ -f "$OUTPUT_FILE" ] || {
+        echo "Test failed: netplan output file not created"
+        exit 1
+    }
+    grep -q "macaddress: 02:00:00:aa:bb:cc" "$OUTPUT_FILE" || {
+        echo "Test failed: MAC address substitution"
+        exit 1
+    }
+    grep -q "2001:db8::1234" "$OUTPUT_FILE" || {
+        echo "Test failed: IPv6 address substitution"
+        exit 1
+    }
+    grep -q "fe80::2" "$OUTPUT_FILE" || {
+        echo "Test failed: IPv6 gateway substitution"
+        exit 1
+    }
+    grep -Eq "interfaces:\s*\[eth2,eth1,eth0\]" "$OUTPUT_FILE" || {
+        echo "Test failed: Interfaces insertion"
+        exit 1
+    }
+
+    echo "TEST PASSED: netplan_config"
+}
+
+mock_tools
+test_gather_interfaces_by_speed
+test_netplan_config
+
+echo "All tests passed."
+exit 0

ic-os/components/setupos-scripts/config.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=SetupOS config process
-Before=generate-network-config.service
+Before=setup-networking.service
 Before=setupos.service
 
 [Service]