release: Include a default .link file for network interfaces

This change adds a default network configuration .link file that `systemd-udev` will use when configuring new interfaces. It contains the default list of policies that are used when naming interfaces, as well as the policy by which the MAC address should be set. Bottlerocket packages its own version of this file rather than the default from systemd for a few reasons. 1) Bottlerocket does not create/use a udev hwdb (we disable the option in systemd compile flags), so we remove this option from the NamePolicy list, 2) CNI plugins can be confused when MAC addresses change for virtual interfaces, so Bottlerocket sets the default MACAddress Policy to "none" which directs systemd not to attempt to manage the MAC. Hardware usually has a MAC, and veth devices used by CNI generally get a MAC generated by the plugin. Additional information about the MAC address issue: systemd/systemd#3374 (comment) flatcar/Flatcar#278 flatcar/init#33
zmrow · Mar 3, 2022 · 5c079f6 · 5c079f6
1 parent e33c28d
commit 5c079f6
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/packages/release/80-release.link b/packages/release/80-release.link
@@ -0,0 +1,11 @@
+[Match]
+OriginalName=*
+
+[Link]
+# Bottlerocket disables hwdb so don't include "database" in NamePolicy
+NamePolicy=keep kernel onboard slot path
+AlternativeNamesPolicy=onboard slot path
+
+# Applying a MAC address policy can confuse CNI plugins, which do
+# not expect addresses to change for devices like veth pairs.
+MACAddressPolicy=none
diff --git a/packages/release/release.spec b/packages/release/release.spec
@@ -60,6 +60,9 @@ Source1080: runtime.slice
 # Drop-in units to override defaults
 Source1100: systemd-tmpfiles-setup-service-debug.conf
 
+# systemd-udevd default link
+Source1200: 80-release.link
+
 BuildArch: noarch
 Requires: %{_cross_os}acpid
 Requires: %{_cross_os}audit
@@ -114,6 +117,9 @@ install -p -m 0644 %{S:97} %{buildroot}%{_cross_sysctldir}/80-release.conf
 install -d %{buildroot}%{_cross_libdir}/systemd/system.conf.d
 install -p -m 0644 %{S:98} %{buildroot}%{_cross_libdir}/systemd/system.conf.d/80-release.conf
 
+install -d %{buildroot}%{_cross_libdir}/systemd/network
+install -p -m 0644 %{S:1200} %{buildroot}%{_cross_libdir}/systemd/network/80-release.link
+
 install -d %{buildroot}%{_cross_tmpfilesdir}
 install -p -m 0644 %{S:99} %{buildroot}%{_cross_tmpfilesdir}/release.conf
 
@@ -172,6 +178,7 @@ ln -s preconfigured.target %{buildroot}%{_cross_unitdir}/default.target
 %dir %{_cross_libdir}/repart.d
 %{_cross_libdir}/repart.d/80-local.conf
 %{_cross_libdir}/systemd/system.conf.d/80-release.conf
+%{_cross_libdir}/systemd/network/80-release.link
 %{_cross_unitdir}/configured.target
 %{_cross_unitdir}/preconfigured.target
 %{_cross_unitdir}/multi-user.target