Simon McVittie <smcv@debian.org> writes:

On Tue, 09 Jul 2024 at 16:21:16 +0200, Ansgar 🙀 wrote:

On Tue, 2024-07-09 at 22:44 +0900, Simon Richter wrote:

I believe NM does not have a fixed configuration format, but only a dbus >> > API.

It's perfectly fine to edit configuration files for NM manually, see
man:nm-settings-keyfile(5).

... and debian-installer already knows how to write out these files,
and has done so for more than a decade if I'm reading correctly. This is
not a recent innovation, and anyone who has installed our default desktop environment in the last few years - especially if they used wifi during installation - has been relying on this code path.

<https://salsa.debian.org/installer-team/netcfg/> is responsible
for converting the network configuration that was used temporarily in
the d-i environment into a NM configuration file if NM is installed,
or an ifupdown configuration otherwise. Writing the equivalents into /etc/systemd/network for systemd-networkd would presumably not be rocket science, it's a simple .ini-like syntax similar to the one NM uses.

We're just in the process of adding support for netplan as well:

https://salsa.debian.org/installer-team/netcfg/-/merge_requests/9

I've only seen netplan mentioned in passing in this thread so far.

It seems like it is exactly what we need as a replacemtent for ifupdown
(given that is what it's designed for AFAICT -- I've not yet tried it
out myself though) and it already supports configuring systemd-networkd,
so seems like a more sensible route than duplicating that effort in D-I.

See: https://netplan.readthedocs.io/

Cheers, Phil.
--
Philip Hands -- https://hands.com/~phil

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmaPhs8ACgkQ0EujoAEl 1cANRw/+NPrlLuff2PkmCa+CS8o5XS5/RvLJ3nKjw4znzzR+YaFZvBAA2a1kI99t tHKZP1aeH+XYBuE4f/S3ngYk2uoPWrf9VLalXo2PCzaT3Av0sn9U/IiXitXD0J2f B+alkacBtcn9k6Tc4ITlai9Q0PP/diq6dubxTy+/NZkhMa5HfT0FDKhqYQj8XxDR 9PkYTwNq/eou6GlnKyHgfsxtnxVZQJ99Za9+sxV31DesE+uLXHBYFrHYcyOZKMlg qiC6+R6ZCYFv7tq/byumY0ozODaKxBP823KLlo2oj9D1bkWNlLfGopoAZYBfcsI4 KJhK4OLi4vrBGA0WSCnd57FM6Xqj4gZa0Zb1YF3woGPytBG9NXdld15VS/AjuBfP /W2VR1V4tl9jRP/Nf8m+VfKWa9L1pKL2uH6s+xUI4mtxC5qzE//qaAL4F4l7qTbp yKdPR2aVv8e+hUg+yJHk+Lj+DXWKVNalvfAo/r+SwPpblvCUtraj13spYAbDtFTl d3LG3L++pv9+YJb3Fu7neXrP1UKTfy01QzEI19z/gnjytc1g8UcjnmMXogvE7Zf5 FEeaSNgE4XEt4YB+G7E5W742KFTUDwy/gvnHQSX86tUVqOUZiKg0bnHO7v3MPmHK l2Wr61OUu4SS960+tPfLNA7sl0FQt9WFyND7aY+y94tlcTtoMGs=t0Ab
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gatewa

On Jul 11, Philip Hands <phil@hands.com> wrote:

I've only seen netplan mentioned in passing in this thread so far.

Because I believe that Netplan is the answer to a question that nobody
asked here.

It has all the disadvantages of switching to a new configuration format,
but then it limits you to the features that it actually implements from
each backend and you have an indirection layer that must be used when interacting with the backend daemon.

--
ciao,
Marco

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCZo+iKwAKCRDLPsM64d7X gZcxAPwOpG3xnO3Bxhn6344NjrCzL3yOkVIkrxtmg2VofN8euQD/XQ81Yisetl1u l21AMfJx8EDnM4suZ+vCDX1mGfI6igk=
=yHf7
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11.07.24 09:16, Philip Hands wrote:

Simon McVittie <smcv@debian.org> writes:

On Tue, 09 Jul 2024 at 16:21:16 +0200, Ansgar 🙀 wrote:

On Tue, 2024-07-09 at 22:44 +0900, Simon Richter wrote:

I believe NM does not have a fixed configuration format, but only a dbus >>>> API.

It's perfectly fine to edit configuration files for NM manually, see
man:nm-settings-keyfile(5).

... and debian-installer already knows how to write out these files,
and has done so for more than a decade if I'm reading correctly. This is
not a recent innovation, and anyone who has installed our default desktop
environment in the last few years - especially if they used wifi during
installation - has been relying on this code path.

<https://salsa.debian.org/installer-team/netcfg/> is responsible
for converting the network configuration that was used temporarily in
the d-i environment into a NM configuration file if NM is installed,
or an ifupdown configuration otherwise. Writing the equivalents into
/etc/systemd/network for systemd-networkd would presumably not be rocket
science, it's a simple .ini-like syntax similar to the one NM uses.

We're just in the process of adding support for netplan as well:

https://salsa.debian.org/installer-team/netcfg/-/merge_requests/9

I've only seen netplan mentioned in passing in this thread so far.

It seems like it is exactly what we need as a replacemtent for ifupdown (given that is what it's designed for AFAICT -- I've not yet tried it
out myself though) and it already supports configuring systemd-networkd,
so seems like a more sensible route than duplicating that effort in D-I.

See: https://netplan.readthedocs.io/

Yes, please!
As Phil mentions, we're pretty close in getting D-I support for Netplan merged [d-i/netcfg !9].
The implementation enables Netplan+systemd-networkd for new installations, except for cases where NetworkManager is available (e.g. Desktop installations). In the latter case it would enable Netplan+NetworkManager, as it is today.

That way, we will be able to rely on the two most popular, well tested and well maintained networking daemons (systemd-networkd & NetworkManager), while also being able to use the common Netplan configuration language, controlling both (optionally!).
Everybody is still free to write their own custom sd-networkd .network or N-M .nmconnection in /etc/ or configure the daemon through corresponding D-Bus APIs or GUI/TUI applications, by just not putting any configuration for a given interface into /etc/
netplan/.

Netplan should be considered a unification layer on top of those networking daemons, which allows Debian as a project to use common language around networking, e.g. in Debian-Installer [d-i/netcfg !9], [cloud] deployments or [documentation], independent
of the chosen backend daemon (sd-networkd on Cloud & Server, NetworkManager on Desktop).

Additional benefits of Netplan:
* Already used on Debian Bookworm [cloud] images by default
* Well tested (big autopkgtest suite) and supported by a company
* Lots of knowledge, Q/A & tutorials on the internet, as its being used by millions of people since many years
* Proven track record, being the default for several Ubuntu LTS releases
* Python dependency considered optional, base installations only need the "netplan-generator" package
* Solid documentation and a stable API for libnetplan, as of [Netplan 1.0]

This would allow us to combine the best of two worlds, while leaving everybody with full flexibility for custom configurations.
In addition to that, I'd propose to keep ifupdown in maintenance mode for a transitional period (Trixie at least), to keep backwards compatibility for existing systems and give people some time in transitioning to new networking tools.

Cheers,
Lukas

PS: If you happen to be at Debconf in Korea in a few weeks, please join my [networking BoF].


[d-i/netcfg !9] https://salsa.debian.org/installer-team/netcfg/-/merge_requests/9
[cloud] https://blog.slyon.de/2023/07/10/netplan-and-systemd-networkd-on-debian-bookworm/
[documentation] https://www.debian.org/doc/manuals/debian-reference/ch05.en.html#_the_modern_network_configuration_for_cloud
[Netplan 1.0] https://blog.slyon.de/2024/04/04/netplan-v1-0-paves-the-way-to-stable-declarative-network-management/
[networking BoF] https://debconf24.debconf.org/talks/10-past-present-and-future-of-networking-in-debian/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 11.07.24 11:13, Marco d'Itri wrote:

On Jul 11, Philip Hands <phil@hands.com> wrote:

I've only seen netplan mentioned in passing in this thread so far.

Because I believe that Netplan is the answer to a question that nobody
asked here.

It has all the disadvantages of switching to a new configuration format,
but then it limits you to the features that it actually implements from
each backend and you have an indirection layer that must be used when interacting with the backend daemon.

Yes, it brings a new configuration format. So do systemd-networkd and NetworkManager.

Netplan's feature set is pretty comprehensive and certainly enough for a default installation,
see its reference: https://netplan.readthedocs.io/en/stable/netplan-yaml/

But it's not an indirection layer that MUST be used. Should the features of Netplan not be enough
for an advanced usecase, everybody is free to write configuration for the underlying backend directly.

Netplan will not interfere with that and go out of the way. Just don't write Netplan configuration
for a specific interface (or all of them) that you want to handle differently.

-- Lukas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, 11 Jul 2024 at 12:12, Lukas Märdian <slyon@debian.org> wrote:

On 11.07.24 11:13, Marco d'Itri wrote:

On Jul 11, Philip Hands <phil@hands.com> wrote:

I've only seen netplan mentioned in passing in this thread so far.

Because I believe that Netplan is the answer to a question that nobody asked here.

It has all the disadvantages of switching to a new configuration format, but then it limits you to the features that it actually implements from each backend and you have an indirection layer that must be used when interacting with the backend daemon.

Yes, it brings a new configuration format. So do systemd-networkd and NetworkManager.

Netplan's feature set is pretty comprehensive and certainly enough for a default installation,
see its reference: https://netplan.readthedocs.io/en/stable/netplan-yaml/

But it's not an indirection layer that MUST be used. Should the features of Netplan not be enough
for an advanced usecase, everybody is free to write configuration for the underlying backend directly.

Netplan will not interfere with that and go out of the way. Just don't write Netplan configuration
for a specific interface (or all of them) that you want to handle differently.

I appreciate the work you've done on Netplan and I am quite sure your
D-I MR should be merged, it looks ready to me. It's good to have this
support in the installer.

However, I do not think it should be the default. First of all, only
Ubuntu uses it, nobody else - as Simon says, we don't want the
defaults to be super-special things that nobody else uses. And then
again, not your fault in the slightest, but Canonical is known for
shifting its priorities every now and then - perfectly normal for a
for-profit company, but a bit worrying when one wants to pull all eggs
in that basket. And also for the minimal case, an additional layer of indirection and set of dependencies, when there's an alternative that
requires none of that, is not the ideal solution.

So I am quite sure that yes netplan should be supported in the
installer and your MR should be merged, but the new default for the
default, simple, wired case should be networkd, and for the
GUi/desktop case the default should continue to be NetworkManager.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 13.07.24 17:40, Luca Boccassi wrote:

On Thu, 11 Jul 2024 at 12:12, Lukas Märdian <slyon@debian.org> wrote:

On 11.07.24 11:13, Marco d'Itri wrote:

On Jul 11, Philip Hands <phil@hands.com> wrote:

I've only seen netplan mentioned in passing in this thread so far.

Because I believe that Netplan is the answer to a question that nobody
asked here.

It has all the disadvantages of switching to a new configuration format, >>> but then it limits you to the features that it actually implements from
each backend and you have an indirection layer that must be used when
interacting with the backend daemon.

Yes, it brings a new configuration format. So do systemd-networkd and NetworkManager.

Netplan's feature set is pretty comprehensive and certainly enough for a default installation,
see its reference: https://netplan.readthedocs.io/en/stable/netplan-yaml/

But it's not an indirection layer that MUST be used. Should the features of Netplan not be enough
for an advanced usecase, everybody is free to write configuration for the underlying backend directly.

Netplan will not interfere with that and go out of the way. Just don't write Netplan configuration
for a specific interface (or all of them) that you want to handle differently.

I appreciate the work you've done on Netplan and I am quite sure your
D-I MR should be merged, it looks ready to me. It's good to have this
support in the installer.

ACK. Cyril has been pretty busy with release management stuff, but we'll get there.

However, I do not think it should be the default. First of all, only
Ubuntu uses it, nobody else - as Simon says, we don't want the
defaults to be super-special things that nobody else uses. And then

Actually, I think this is an agrument FOR Netplan, not against it. Netplan is being used
by millions of users for 7+ years. Plenty of usecases have been tried and documented. It's
clearly not a "super-special thing that nodbody uses".

Whereas I'm not aware of a major Linux distro using systemd-networkd directly, Debian would be
singeling out itself. I see some of networkd's strengths with advanced users who want to dig deep
and have full control at minimal resource usage (e.g. Arch Linux). Also with lightweight container
usecases, where network config only needs minimal manipulation after deployment (if at all).

The RedHat ecosystem is all-in on NetworkManager. Debian and Ubuntu have (natually) been very close
to each other (e.g. package management) and together with its derivatives create the Debian ecosystem.
Going with Netplan by default would further harmonize the shared knowlege within our ecosystem.

again, not your fault in the slightest, but Canonical is known for
shifting its priorities every now and then - perfectly normal for a for-profit company, but a bit worrying when one wants to pull all eggs
in that basket. And also for the minimal case, an additional layer of indirection and set of dependencies, when there's an alternative that requires none of that, is not the ideal solution.

We want to have a default choice that is easy to grok for everybody. Reading through this tread and
other places, this doesn't seem to be true for sd-networkd. That's one reason why people are driving
it through Netplan instead (e.g. Debian cloud & Ubuntu). But the minimal sd-networkd solution has its
merit for sure and should be considered when optimizing producs or usecases.

As the upstream maintainer of Netplan I've been building the Netplan community over the last couple
of years, trying to help everybody getting along with their contributions. And I'm seeing continuous
growth and adoption. It's not an "all egs in one basked" situation. We've had major corporations like
"Deutsche Telekom" dropping their internal [netplanner] tool in favor of upstream Netplan, after
they've contributed a new feature that they had been lacking in Netplan. Also Microsoft contributed
to improve integration with [Azure Linux], besides plenty of individual contributors that help with
feature develpment and bug fixes for every [Netplan release]. This happens without commercial
engegemnt of Canonical.

So I am quite sure that yes netplan should be supported in the
installer and your MR should be merged, but the new default for the
default, simple, wired case should be networkd, and for the
GUi/desktop case the default should continue to be NetworkManager.

We shouldn't have too many special cases, this will only increase fragmentation. But rather strive
to have single way to tell the common user "how to do networking on Debian". With Netplan, no
differentiation between Server/Desktop/Cloud or wired/wireless would be needed.

Cheers,
Lukas


[netplanner] https://github.com/telekom/netplanner/blob/main/README.md [Azure Linux] https://github.com/canonical/netplan/pull/445
[Netplan release] https://github.com/canonical/netplan/releases

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, Jul 13, 2024 at 09:44:03PM +0200, Lukas Märdian wrote:

However, I do not think it should be the default. First of all, only
Ubuntu uses it, nobody else - as Simon says, we don't want the
defaults to be super-special things that nobody else uses. And then

Actually, I think this is an agrument FOR Netplan, not against it. Netplan is being used
by millions of users for 7+ years. Plenty of usecases have been tried and documented. It's
clearly not a "super-special thing that nodbody uses".

Whereas I'm not aware of a major Linux distro using systemd-networkd directly, Debian would be
singeling out itself. I see some of networkd's strengths with advanced users who want to dig deep
and have full control at minimal resource usage (e.g. Arch Linux). Also with lightweight container
usecases, where network config only needs minimal manipulation after deployment (if at all).

The RedHat ecosystem is all-in on NetworkManager. Debian and Ubuntu have (natually) been very close
to each other (e.g. package management) and together with its derivatives create the Debian ecosystem.

Then it looks like a chance for netplan to go the way of upstart?

--
WBR, wRAR

-----BEGIN PGP SIGNATURE-----

iQJhBAABCgBLFiEEolIP6gqGcKZh3YxVM2L3AxpJkuEFAmaTmdQtFIAAAAAAFQAP cGthLWFkZHJlc3NAZ251cGcub3Jnd3JhckBkZWJpYW4ub3JnAAoJEDNi9wMaSZLh CagP/0th5DS4imktWxm7cwZAZtjOsujCsGkDrMwK2zGSGclgJ97ql34QjRpLmyWy uyCemzLNpSBrED6PXzAU5WMT87Y8OOpoK0d0j3D/LV0oPOB2Q7JeS0NJ3nHB4afh u9CLIF8DVzIZEWwc4r4XbilWXGoUiMSVe1zQxN8ZzlX/0n3o/GrslDNekx/9/QKh iLb3CCmOcFcGIi3oe+eYU2a0C+tZADfLdSfok325gdq4fzgH/Q5LLFCGjREhxW+W 7ITU4XxozjOb1cX2PAEpZwrjJBkHtNSrYudY0hDL6JZ8rLn6gjILXEusl9z0d2T0 z9WN4g/KzhMeJlETC47egkk2mxxfp9cSlb6azZp8sDUb5KHzDFgY6nccA4h6UiAY jaZfWYuc/+vaVyktDL9+C7DjcLkP87/lv1fQrvG+zRXt+3e7Ky44N60VDi4VS+LZ UKQKbpDlyxuGj5oxAs1+g91W/uwXDJlkHR/kAnfIN3jnLGkY9lYC2AkaEZWRKRfT uHDXwEtrH8nGyV7TR+HhinDE8A9dR6s7VCzm3kFbexg1oB97dqzAkL5iCCt+vB4w gNfKkMfMN3gdiZtJfrp6rNS6KjgclaL3gqaHLAnUqr3/b9W+huBxl3kR1WyKoQDZ VVkHxKdDwbowaaMVgtXdyKMI7YSsCQDmKxnfsncojRh7xKx0
=1Q5k
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 14 Jul 2024 at 11:41, Andrey Rakhmatullin <wrar@debian.org> wrote:

On Sat, Jul 13, 2024 at 09:44:03PM +0200, Lukas Märdian wrote:

However, I do not think it should be the default. First of all, only Ubuntu uses it, nobody else - as Simon says, we don't want the
defaults to be super-special things that nobody else uses. And then

Actually, I think this is an agrument FOR Netplan, not against it. Netplan is being used
by millions of users for 7+ years. Plenty of usecases have been tried and documented. It's
clearly not a "super-special thing that nodbody uses".

Whereas I'm not aware of a major Linux distro using systemd-networkd directly, Debian would be
singeling out itself. I see some of networkd's strengths with advanced users who want to dig deep
and have full control at minimal resource usage (e.g. Arch Linux). Also with lightweight container
usecases, where network config only needs minimal manipulation after deployment (if at all).

It largely depends on the configuration and flavours, in some cases
networkd is used for headless installs, in some other cases
network-manager is used, like in Fedora. Up until some time ago SUSE
used to use wicked, but they also switched to network-manager by
default somewhat recently, and wicked is deprecated. But nobody apart
from Ubuntu uses anything but network-manager on GUI installations at
this point. Debian is actually following the rest of the ecosystem on
this for once, and that is a good thing. I am quite convinced we
should stop being outliers, there are way more interesting things to
do with our limited time. It's fine to have other less popular options available, even in the installer, but the default is something
different.

The RedHat ecosystem is all-in on NetworkManager. Debian and Ubuntu have (natually) been very close
to each other (e.g. package management) and together with its derivatives create the Debian ecosystem.

Then it looks like a chance for netplan to go the way of upstart?

Or MIR or Unity or...

It's perfectly normal and expected for companies to follow their own
strategy and do what's best to pursue it. When things are aligned with
the rest of the ecosystem, it's not a problem. But when it goes in
opposite directions, then it's quite a different story. Recently there
was also the LXD case, where after many years a CLA and a license
change were introduced last year by Canonical, creating de-facto a
split, with the community choosing to fork to Incus - I do not know
the background details, as I am not involved in the slightest, and I'm
sure there must have been some reason for those decisions, but from an outsider's perspective I'm afraid the optics were not quite good. What guarantees do we have that what happened to LXD won't happen to
netplan.io at some point in the future?

Networking is not static, it constantly changes in the kernel,
sometimes in dramatic and incompatible ways. A widely used, well
maintained stack with large amounts of contributors is fundamental for
the default choice, because we have to keep up, as the rest of the
world will not sit and wait for us.

Here's some stats from 'git shortlog --after="2021-12-31" -sn --all'.
In the last ~2.5 years, in netplan.io's github repo, there are only 2 contributors with more than 100 commits, and 2 with more than 10, and
2 of them are Canonical employees:

569 Lukas Märdian
310 Danilo Egea Gondolfo
39 Simon Chopin
38 Danilo Egêa Gondolfo
11 Robert Krátký

Same stat, for the same period, for systemd:

6650 Yu Watanabe
5415 Lennart Poettering
2884 Luca Boccassi
2772 Zbigniew Jędrzejewski-Szmek
2437 Daan De Meyer
1793 Frantisek Sumsal
1364 Mike Yuan
483 Jan Janssen
400 David Tardon
245 Franck Bui
215 dependabot[bot]
211 Antonio Alvarez Feijoo
165 Ronan Pigott
152 Dan Streetman
146 Ludwig Nussel
126 hulkoba
119 Nick Rosbrook
114 Dmitry V. Levin
107 Sam Leonard
102 Evgeny Vereshchagin
78 msizanoen
74 Richard Maw
73 Adrian Vovk
72 Maanya Goenka
63 Michal Sekletár
60 Cristian Rodríguez
49 Michal Koutný
40 Jan Macku
40 Krzesimir Nowak
37 Mariano Giménez
37 Michael Biebl
37 Topi Miettinen
36 наб
35 Susant Sahani
33 Peter Morrow
32 Benjamin Franzke
32 Christian Brauner
32 Richard Phibel
31 Christian Göttsche
29 Anita Zhang
29 Khem Raj
26 James Hilliard
25 Abderrahim Kitouni
23 Arthur Zamarin
23 Florian Schmaus
22 Bastien Nocera
22 Daniel P. Berrangé
22 James Coglan
20 Arseny Maslennikov
20 Gerd Hoffmann
20 Kamil Szczęk
20 Mike Gilbert
20 Omojola Joshua
18 Jacek Migacz
18 Jason A. Donenfeld
18 Joan Bruguera
18 Sam James
18 Vito Caputo
17 Alberto Planas
16 Christian Hesse
16 Emanuele Giuseppe Esposito
16 Martin Wilck
16 Piotr Drąg
16 Дамјан Георгиевски
15 Emil Velikov
15 Quentin Deslandes
15 Rafaël Kooi
15 Štěpán Němec
14 Ivan Shapovalov
14 Joerg Behrmann
13 Curtis Klein
13 Heinrich Schuchardt
13 Matthias Lisin
13 Thomas Blume
13 Vishal Chillara Srinivas
13 Winterhuman
13 undef
13 김인수
12 Adam Williamson
12 Benjamin Berg
12 Eli Schwartz
12 Radoslav Kolev
12 Shreenidhi Shedi
12 Sonali Srivastava
12 Vitaly Kuznetsov
12 Xiaotian Wu
11 Chen Qi
11 Daniel Braunwarth
11 David Rheinsberg
11 Eugeny Shcheglov
11 Gabríel Arthúr Pétursson
11 Kai Lueke
11 Maximilian Wilhelm
11 Peter Cai
11 Takashi Sakamoto
11 Will Fancher
11 ml
11 pyfisch
11 rhellstrom
10 Gibeom Gwon
10 Luca BRUNO
10 Peter Hutterer
10 Valentin David
10 jcg
10 Łukasz Stelmach

3 companies and one independent in the 4 digits, and too many to be
bothered to check between 10 and 999 commits.

Just to twist the knife, here's ifupdown:

34 Santiago Ruano Rincón
10 Santiago R.R

The second contributor, down to single digit, is Debian Janitor...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Luca Boccassi wrote:

Networking is not static, it constantly changes in the kernel,
sometimes in dramatic and incompatible ways.

Sorry, but no. Networking clearly is *not* changing that fast, in
software terms. Many old tools still continue to work just fine after
a decade or more.

A widely used, well maintained stack with large amounts of
contributors is fundamental for the default choice, because we have
to keep up, as the rest of the world will not sit and wait for us.

Here's some stats from 'git shortlog --after="2021-12-31" -sn --all'.
In the last ~2.5 years, in netplan.io's github repo, there are only 2 >contributors with more than 100 commits, and 2 with more than 10, and
2 of them are Canonical employees:

569 Lukas Märdian
310 Danilo Egea Gondolfo
39 Simon Chopin
38 Danilo Egêa Gondolfo
11 Robert Krátký

Same stat, for the same period, for systemd:

6650 Yu Watanabe
5415 Lennart Poettering
2884 Luca Boccassi
2772 Zbigniew Jędrzejewski-Szmek

...

3 companies and one independent in the 4 digits, and too many to be
bothered to check between 10 and 999 commits.

I understand what you're trying to say, but that's a disingenuous
comparison. systemd is a massive (some would say *too* massive)
project with fingers in many pies. How many of those people have
touched *networking* bits?

--
Steve McIntyre, Cambridge, UK. steve@einval.com Can't keep my eyes from the circling sky,
Tongue-tied & twisted, Just an earth-bound misfit, I...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Luca Boccassi <bluca@debian.org> writes:

Here's some stats from 'git shortlog --after="2021-12-31" -sn --all'.
In the last ~2.5 years, in netplan.io's github repo, there are only 2 contributors with more than 100 commits, and 2 with more than 10, and
2 of them are Canonical employees:

569 Lukas Märdian
310 Danilo Egea Gondolfo
39 Simon Chopin
38 Danilo Egêa Gondolfo
11 Robert Krátký

Same stat, for the same period, for systemd:

If you're going to make such a comparison, wouldn't it make sense to
limit it to the bits that might have some sort of relation to networkd?

I suspect this is a bit nearer to a fair comparison:

git shortlog --after="2021-12-31" -sn --all src/network/ network/
771 Yu Watanabe
107 Luca Boccassi
86 Zbigniew Jędrzejewski-Szmek
42 Lennart Poettering
32 Mike Yuan
24 Susant Sahani
18 Frantisek Sumsal
16 Daan De Meyer
13 Ronan Pigott
10 Jan Janssen
10 Michael Biebl

which looks like its in the same ballpark, and presumably still includes
quite a lot of stuff that would fall outside netplan's scope, so one
could perhaps argue should be whittled down further.

Cheers, Phil.
--
Philip Hands -- https://hands.com/~phil

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmaUIYcACgkQ0EujoAEl 1cDq0Q//SL3qRsPfuVMtCVdhbezZpkPC8odU2lvTeR5qz/BCR0BXGTWg9zqBH4iZ FohbfoMJBxhtFB6L/dYnJnMta4V82GdP7XGObp2uh4XcZ6Ri51IWaUBZhOHDIj5b OUcufvKwjy6kAyXZeZJGnv0WICvS5nK/LykbkLeunUEH4sSM2ZrnXGhEVX1/fvbQ Ghhi7LTQdaHncG2ci3NMjujpTop4Zp3uqqp7tzhImjUPRaHQLBCAaoz/8H12Y1WS sJECEkg5042jPfoIlDZdbflOPexCxgs7bAXcOdDWoiz5EmS52kvZhp85fNvuqIjb L7XY9mO1829alEu3ZvYycRbXYY28LgGPY/mPkzmCKeNh2q5X/HITtUc1E/e7Vs/9 XTZczoAbdvrd18YF+/ok8NczEhkSP/VgNv0y2X3F5qq72g3BNOA9cWTtHkjZU9t1 M0LAdzbCSXvw/U+RqpbpWHRtVf9SNkYja0lCxwbvmnSg0tca211wjrOYqsxpLuO3 u6YrupHttPd+a1QoenS24kuMS+dkJJsWT6gV8emS89TZ2YQApuVs58WooDk/QJhV m8hr0RovbnZ+Bd7hQMxNtem9BPM/D2NMYKxgl+XRqKgTsE+W+JTp0EWVgZLefMVm NIdZ5WWV3mE7bzE4DsLoFPpGbGTWVmdwUasaCHa4tFHzskxZktY=ocFi
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gatewa

On Sun, 14 Jul 2024 at 17:09:48 +0100, Steve McIntyre wrote:

Luca Boccassi wrote:

Networking is not static, it constantly changes in the kernel,
sometimes in dramatic and incompatible ways.

Sorry, but no. Networking clearly is *not* changing that fast, in
software terms. Many old tools still continue to work just fine after
a decade or more.

Yes, I think I agree with Luca's conclusion, but not so much with this argument: the parts of networking that are relevant for a default choice
that lets users get started (approximately the subset supported by d-i)
don't move that fast.

I understand what you're trying to say, but that's a disingenuous
comparison. systemd is a massive (some would say *too* massive)
project with fingers in many pies. How many of those people have
touched *networking* bits?

This is also a valid point, although there are really two contributor sets
that matter: the contributors who have actually touched networkd, and the
more general systemd contributors/maintainers who don't routinely touch networkd but would step up if necessary to handle serious issues in it,
having taken responsibility for it as part of the wider systemd project.
I assume that second set is considerably smaller than systemd's whole contributor list, but still significant in size.

I think perhaps more convincing arguments to be made in favour of
preferring to use networkd directly as a default, rather than netplan, are:

Number of components we rely on
-------------------------------

If we use networkd directly, then our default server/embedded installation
can be broken by a bug in either d-i or networkd. If we use networkd via Netplan, then our default server/embedded installation can still be broken
by a bug in d-i or networkd, but it can also be broken by a bug in netplan. That's more "accident surface" (like attack surface, but with no actual attacker, since all of this is trusted system-configuration stuff that hopefully only the sysadmin can manipulate).

This is not a criticism of the quality of Netplan, so much as a criticism
of adding an abstraction layer over something that we could equally well
use directly: a design with an abstraction layer over a backend is
still vulnerable to the backend's bugs, so the abstraction layer can only reduce overall robustness (in the best case, where the abstraction layer
is literally perfect, all it can do is match the level of robustness of
the backend).

To illustrate that point, suppose that abstraction layer A (which
works 99% of the time) uses backend B (which works 90% of the time).
If we combine the two, we can only expect the result to be
(.9*.99) ~= 89% reliable - that's worse than either A or B.

Obviously I hope that both Netplan and networkd are much better than those arbitrary numbers that I made up just now, but neither one is perfect.

Replace server/embedded with laptop/desktop and networkd with NM, and the
same idea applies. (Indeed, the same would still be true when comparing
our current direct use of ifupdown with Netplan + ifupdown.)

Dependency size and maintenance
-------------------------------

I also notice that the netplan.io package would bring GLib, Python, python3-dbus and python3-yaml into the dependencies of the base system,
among others. As an upstream and downstream maintainer of GLib, and in
practice the only upstream and downstream unmaintainer[1] of python3-dbus,
I'm not comfortable with that, both for size reasons (GLib and Python
are not small) and for quality and maintainedness reasons (python3-dbus).

GLib and Python are relatively large in both on-disk size and attack
surface, but they're essential to our desktop installations anyway,
reinventing them in parallel would be worse than reusing them, and
their maintainers have already accepted the responsibility of them
being an important system component. So those two are actually not my
main concern here, and if we had no good alternative, I'd be saying:
yes they're relatively bulky for a container/embedded use-case, but on
a typical server installation they're fine.

python3-dbus is a concern to me, though.

The design of python3-dbus (dbus-python upstream) involves a lot of type-guessing heuristics, which pre-date my involvement in it, and cannot
be fixed without significant compatibility breaks. I do not plan to make
those compatibility breaks, because if a project is willing and able
to migrate to a hypothetical incompatible dbus-python 2.x, it might as
well migrate to a different D-Bus library with a different name instead
(which it could do any time, without waiting for me).

When I accepted maintainer status on python3-dbus, I was *not* prepared
for it to be part of the base system: if a bug in python3-dbus turns
out to be critical to system function when using Netplan, I am not going
to be able to drop everything and fix it. That library is way, way down
my list of priorities, especially now. I'm sorry, but I am not willing
to be the random person in Nebraska[2] for this particular library as
a dependency of our default server/embedded installation.

(I realise that this is not consistent with what the community demands,
because the open-source community expects every maintainer to treat
every component they maintain as their top priority at all times, and we collectively have enough cognitive dissonance to continue to expect this -
but when I put it like that, I hope it's obvious that this expectation is nonsense. I'm sorry, I only have a limited amount of time and brainpower,
and every time I put security-sensitive packages like GLib and Flatpak
higher up my priority list, that necessarily pushes something else lower
down my list.)

I am not involved in libyaml, python3-yaml and other dependencies enough
to comment on whether they raise similar concerns.

Benefits vs. costs
------------------

I can see that Netplan aims to have some benefits over configuring the
backend directly: its configuration format might be nicer than networkd's
or NM's (this is a matter of opinion, I personally think networkd syntax
is fine in at least the simple cases that are relevant for a default),
and it lets a sysadmin switch between backends without explicitly
translating configuration (I'm not convinced this actually happens
frequently enough to justify the complexity, but opinions can vary).

The question for the project is whether those benefits, in total, exceed
the costs of adding this layer over the top of what we could just be
using directly (networkd or NM, or for that matter, ifupdown).

smcv

[1] as in: "python3-dbus is unmaintained, and I am the unmaintainer"
[2] https://xkcd.com/2347/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 14 Jul 2024 at 19:21, Simon McVittie <smcv@debian.org> wrote:

On Sun, 14 Jul 2024 at 17:09:48 +0100, Steve McIntyre wrote:

Luca Boccassi wrote:

Networking is not static, it constantly changes in the kernel,
sometimes in dramatic and incompatible ways.

Sorry, but no. Networking clearly is *not* changing that fast, in
software terms. Many old tools still continue to work just fine after
a decade or more.

Yes, I think I agree with Luca's conclusion, but not so much with this argument: the parts of networking that are relevant for a default choice
that lets users get started (approximately the subset supported by d-i)
don't move that fast.

Eh, ish. The kind of bugs and weirdness that regularly come through
because of what changes in the kernel paint a different picture to me,
even for the really basic stuff. Just to take two of the most recent
ones:

https://github.com/systemd/systemd/issues/33104 https://github.com/systemd/systemd/issues/29701

"laptop with ethernet port attached to a dock with another ethernet
port" and "ipv6 enabled with privacy extension" do not look like
abstruse corner cases to me, they look pretty basic. And yet...

This is not an argument against netplan of course, given it's a
configuration layer on top of networkd/network-manager. It is an
argument against ifupdown though.

And then once you start adding more complex things like bonding this
just goes out of the window. Yes the installer doesn't allow
configuring bonding (thank ****), but the default choice goes beyond
what the installer allows to configure in the installation phase.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 14 Jul 2024 at 21:26, Philip Hands <phil@hands.com> wrote:

Luca Boccassi <bluca@debian.org> writes:

Here's some stats from 'git shortlog --after="2021-12-31" -sn --all'.
In the last ~2.5 years, in netplan.io's github repo, there are only 2 contributors with more than 100 commits, and 2 with more than 10, and
2 of them are Canonical employees:

569 Lukas Märdian
310 Danilo Egea Gondolfo
39 Simon Chopin
38 Danilo Egêa Gondolfo
11 Robert Krátký

Same stat, for the same period, for systemd:

If you're going to make such a comparison, wouldn't it make sense to
limit it to the bits that might have some sort of relation to networkd?

I suspect this is a bit nearer to a fair comparison:

git shortlog --after="2021-12-31" -sn --all src/network/ network/
771 Yu Watanabe
107 Luca Boccassi
86 Zbigniew Jędrzejewski-Szmek
42 Lennart Poettering
32 Mike Yuan
24 Susant Sahani
18 Frantisek Sumsal
16 Daan De Meyer
13 Ronan Pigott
10 Jan Janssen
10 Michael Biebl

which looks like its in the same ballpark, and presumably still includes quite a lot of stuff that would fall outside netplan's scope, so one
could perhaps argue should be whittled down further.

Not at all: the way we structure systemd's repository, most of the
code that ends up in the network (or any other) binary are actually in
the shared areas. So if you really wanted to catch only the code that
ends up in the specific binaries:

$ git shortlog --after="2021-12-31" -sn --all src/network/ network/ src/libsystemd/ src/basic/ src/shared/ src/fundamental/

2858 Yu Watanabe
2195 Lennart Poettering
882 Zbigniew Jędrzejewski-Szmek
772 Luca Boccassi
724 Daan De Meyer
409 Mike Yuan
196 Frantisek Sumsal
128 Dan Streetman
87 David Tardon
76 Jan Janssen
64 Franck Bui
36 Nick Rosbrook
34 Cristian Rodríguez
31 Dmitry V. Levin
30 Adrian Vovk
25 Antonio Alvarez Feijoo
24 Susant Sahani
21 Topi Miettinen
20 msizanoen
19 Arseny Maslennikov
19 Ronan Pigott
17 Khem Raj
16 Ludwig Nussel
15 Maanya Goenka
13 Heinrich Schuchardt
12 Curtis Klein
12 Sam Leonard
11 Alberto Planas
11 David Rheinsberg
11 Florian Schmaus
11 rhellstrom
11 наб
10 Rafaël Kooi
10 jcg

and even that is not an accurate or good metric: the actual sources
that end up in a binary are not the only thing that matters in a
project. Documentation, manpages, unit tests, integration tests, CI,
build system, release tools, dev tools and more are just as important
to the health of a project, and are just as necessary (if not more) to
maintain it, and need active contributors. So the project-wide metric
is really the best metric to use for these kind of comparisons, for
these reasons, and for what Simon said too, of course.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Lukas Märdian <slyon@debian.org> (2024-07-11):

Additional benefits of Netplan:
* Already used on Debian Bookworm [cloud] images by default

Having started to toy with cloud images these last few days, and
learning about the various components in there, I'm not exactly sure
where /etc/netplan/90-default.yaml is coming from but it's 644 in at
least Debian 12 and Debian sid “nocloud” amd64 images (QCOW format), leading netplan to complain about these too-wide permissions.

I'm not sure where this file is coming from, but it'd be great to have
those permissions fixed/those warnings go away.

I'd be glad if someone could take it up from here, I've burned up all
the time I had to spend on Netplan on the short term. Thanks already!


Cheers,
--
Cyril Brulebois (kibi@debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmaUc+8ACgkQ/5FK8MKz VSAkRg//UW9h84el/v2id1d3c2EspjJQpAUMIO7naWopti2VIhKbUBQJJMYlBtPN lQ/qvsgTAP1yBtLxjWYLXyhN55QRVcGBzop+nERmdtXxw7VOHTrRj0GqszrYTxgQ +5tklg9pUtRjZ72DryrxDWTNQtTnv+r+0n1PlMoYD6x/dF238P0amOiS4KUe+gLO o5mFH6XnpJqafB1J5sXKmTDDOkR/oaWW0Rc0j72GQ4kab19XSxiDQhac9jn/IwCx Sb7iDSgEMi1E1nDnRfA6zOJRoqm/K0rYiNwLpDBt9eBaep59CQALsrBNXAq6C2o0 i8VMlDiDI/T+VdpScTupnaMA7TAm961NdOZ43ghYXbF40VnVF2+uCTy5veY/2rVe N+13w/SQruvUrKzSmBSUfwq7ZN6h2BtuNNJrTaeRpTUK4LrHzeAeu3WEiaHH5IzM c4d2zzLI926ZWEr9bjBS44YNqDcyBYSok5AyYO8T7Hz9Lq0nIPmOIV0PjV/B4qI6 8JLgA5blRut4m6uqLYaljvzeKPwQu44UgTIer+zDPITB/GNzcg5WTTdRH32bzF92 FanvHaOJTNSnx5HrzBwRKKCdWVSEd857auyhqoUBS88+JSqBTgskHypAqYVZTsub XIypl4cCywRqoNrc4R2NpgujlIDE9jGqw7CJPKgE9Eq34aZ/aM4=
=IDUz
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
*

Simon McVittie <smcv@debian.org> (2024-07-14):

On Sun, 14 Jul 2024 at 17:09:48 +0100, Steve McIntyre wrote:

Sorry, but no. Networking clearly is *not* changing that fast, in
software terms. Many old tools still continue to work just fine
after a decade or more.

Yes, I think I agree with Luca's conclusion, but not so much with this argument: the parts of networking that are relevant for a default
choice that lets users get started (approximately the subset supported
by d-i) don't move that fast.

Having finally “fixed” ifupdown support in d-i during the last cycle, unless I missed an obvious solution at the time (but then I didn't get a
lot of feedback when I asked), a simple “I'd like auto-IPv4 and IPv6 on
a WPA connection” configuration was harder to express than I thought… I ended up with the following, unconvincingly:

https://salsa.debian.org/installer-team/netcfg/-/commit/815cdfccaa5567fdf53594d47545d97c235de68e

Maybe it's just a matter of storing/splitting the configuration
differently, but at least at the time it seemed to be a limitation of
the design.

Roughly at the same time, we hit some major ifupdown regression, which
led to no networking at all after a default (automatic networking, no
firmware, everything trivial) installation, which led me to reopen
#1022843. While trying to improve the “restart” case, the much simpler “network at bootup” broke entirely, oopsy!

https://bugs.debian.org/1022843#42


This is not to put any blame on ifupdown or its maintainer(s), I just
meant to share than even “easy-peasy use cases” can be tricky with “good old tools that have been known to work reliably”: that doesn't quite
match my experience. :(


Cheers,
--
Cyril Brulebois (kibi@debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEtg6/KYRFPHDXTPR4/5FK8MKzVSAFAmaUeeAACgkQ/5FK8MKz VSCKgA//UunOtLC+0gCMPgkwPSKBTXSGUOrTq65ScWq0UJsDlQ4d1H5w72VqzAHQ KizT1WFqqMEn8DiT8FjI0JfSVoMyDdMNPRUnaQcEoZfneewbW+HNSRQHHv5D3gFT UIUpiXl/KwRPcIOZevzZQe8ZNgdIGJyKcogmuOdetg8SJlxVUxpx7d3Nf1ojbGlc X+vlRdKNb0mmakvD1Vpe+60jw5oXXsulRkVnVZXinGSURTBdb27ad8E6+vaUID1S bPq/6pRGcdvz34wV4Hb8SOsKVh0DO+74/S7lEc2VViyOaOO4yTztdrt+ui4o3CJZ EH6x5+mxMOPcOjwhAyAOilZqEONf6RNVVv8GHqxx15ZL1fG5gZ9eY3bUhyC9nzsY cncqM32AryQXtoC2FhJMGD66UCEnKQlIepfsJNFeeR6iOK9QKsxn419SXQExTSU4 q/B2sFmWx+RK9pd9NwPqFYNnw8/n3PEe0gbc2yuSYbJEJrHDBHiYdyjz7qRDK6hM LyYqmP0hP6sxtpoXSBqSs4XKm4qk2MvqMVsmDZ/6IEME1svUPmQO68GP4c9qtNCE kXXgB+jKlDhK06fz5fJ/m2DfWa0dV3h0x34+df+F9fiXu9+ZUL/d1CqlnL4I9A+l LXbR0o/LHicDqGwma/6OhnOxe//UD842UGRGfnsYrINobEKjtTI=
=2mUb
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
*

On Sun, 14 Jul 2024 at 19:21, Simon McVittie <smcv@debian.org> wrote:

Dependency size and maintenance
-------------------------------

I also notice that the netplan.io package would bring GLib, Python, python3-dbus and python3-yaml into the dependencies of the base system,
among others. As an upstream and downstream maintainer of GLib, and in practice the only upstream and downstream unmaintainer[1] of python3-dbus, I'm not comfortable with that, both for size reasons (GLib and Python
are not small) and for quality and maintainedness reasons (python3-dbus).

GLib and Python are relatively large in both on-disk size and attack
surface, but they're essential to our desktop installations anyway, reinventing them in parallel would be worse than reusing them, and
their maintainers have already accepted the responsibility of them
being an important system component. So those two are actually not my
main concern here, and if we had no good alternative, I'd be saying:
yes they're relatively bulky for a container/embedded use-case, but on
a typical server installation they're fine.

Let's put some hard numbers on the table given this is an important
detail. The following is all starting from a default debootstrapped
unstable.

With networkd only we can drop ifupdown, net changes:

REMOVING:
ifupdown

Summary:
Upgrading: 0, Installing: 0, Removing: 1, Not Upgrading: 0
Freed space: 207 kB


Using network-manager in headless mode (no GUI) brings in:

Installing:
network-manager

Installing dependencies:
ca-certificates libgudev-1.0-0 libnl-genl-3-200
libssh2-1t64
dbus libicu72 libnl-route-3-200
libteamdctl0
dbus-bin libjim0.82t64 libnm0
libusb-1.0-0
dbus-daemon libldap-2.5-0 libpam-systemd
libxml2
dbus-session-bus-common libldap-common libpcap0.8t64
modemmanager
dbus-system-bus-common libmbim-glib4 libpcsclite1
openssl
dbus-user-session libmbim-proxy
libpolkit-agent-1-0 polkitd
dns-root-data libmbim-utils libpolkit-gobject-1-0 ppp
dnsmasq-base libmm-glib0 libpsl5t64
publicsuffix
libbluetooth3 libndp0 libqmi-glib5
sgml-base
libbrotli1 libnetfilter-conntrack3 libqmi-proxy
shared-mime-info
libcurl3t64-gnutls libnfnetlink0 libqmi-utils
usb-modeswitch
libdbus-1-3 libnghttp2-14 libqrtr-glib0
usb-modeswitch-data
libduktape207 libnghttp3-9 librtmp1
wireless-regdb
libexpat1 libngtcp2-16 libsasl2-2
wpasupplicant
libglib2.0-0t64 libngtcp2-crypto-gnutls8 libsasl2-modules
xdg-user-dirs
libglib2.0-data libnl-3-200
libsasl2-modules-db xml-core

Suggested packages:
low-memory-monitor libsasl2-modules-gssapi-mit
libsasl2-modules-sql comgt debhelper
libcryptsetup12 | libsasl2-modules-gssapi-heimdal libteam-utils
wvdial
libtss2-rc0t64 libsasl2-modules-ldap iptables
wpagui
pcscd libsasl2-modules-otp sgml-base-doc
libengine-pkcs11-openssl

Summary:
Upgrading: 0, Installing: 69, Removing: 0, Not Upgrading: 0
Download size: 28.2 MB
Space needed: 110 MB / 8295 MB available


Installing netplan.io instead brings in:

Installing:
netplan.io

Installing dependencies:
ca-certificates libexpat1 libsqlite3-0
python3-gi python3-yaml
dbus libgirepository-1.0-1 libxml2
python3-markdown-it python3.12
dbus-bin libglib2.0-0t64 libyaml-0-2
python3-mdurl python3.12-minimal
dbus-daemon libglib2.0-data media-types
python3-minimal shared-mime-info
dbus-session-bus-common libicu72 netplan-generator
python3-netifaces xdg-user-dirs
dbus-system-bus-common libnetplan1 openssl
python3-netplan
gir1.2-girepository-2.0 libpython3-stdlib python3
python3-pkg-resources
gir1.2-glib-2.0 libpython3.12-minimal python3-cffi-backend
python3-pygments
libdbus-1-3 libpython3.12-stdlib python3-dbus
python3-rich

Suggested packages:
default-dbus-session-bus | wpasupplicant python3-tk
python-pygments-doc binutils
| dbus-session-bus openvswitch-switch python3-venv
ttf-bitstream-vera binfmt-support
low-memory-monitor iw python-dbus-doc
python3.12-venv
network-manager python3-doc python3-setuptools python3.12-doc

Summary:
Upgrading: 0, Installing: 42, Removing: 0, Not Upgrading: 0
Download size: 25.2 MB
Space needed: 101 MB / 8340 MB available


So we have a net gain of ~200K when using networkd, a net loss of
~110M when using network-manager, and a net loss of ~101M when using
netplan.

Furthermore, netplan pulls in a lot of python dependencies that are
not exactly recommended, as Simon said. And I think one of the reasons ifupdown2 never gained traction was because it pulled in python3,
which was considered a deal breaker for the default minimal install.
It seems to me if something other than networkd is desired,
network-manager would be the better choice.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 14.07.24 20:20, Simon McVittie wrote:

On Sun, 14 Jul 2024 at 17:09:48 +0100, Steve McIntyre wrote:

Luca Boccassi wrote:

[...]

I understand what you're trying to say, but that's a disingenuous
comparison. systemd is a massive (some would say *too* massive)
project with fingers in many pies. How many of those people have
touched *networking* bits?

This is also a valid point, although there are really two contributor sets that matter: the contributors who have actually touched networkd, and the more general systemd contributors/maintainers who don't routinely touch networkd but would step up if necessary to handle serious issues in it, having taken responsibility for it as part of the wider systemd project.
I assume that second set is considerably smaller than systemd's whole contributor list, but still significant in size.

As other stated, I think the systemd vs Netplan contributors stats are skewed. It's not an apples to apples comparison. Doing some back of the napkin maths ("cloc" commands), the systemd codebase is roughly 20x bigger in terms of LoC, compared to Netplan. – Which is totally fine, as it handles much more stuff.

I don't want people to think too much in terms of "sd-networkd VS Netplan",
but rather in terms of "sd-networkd PLUS Netplan". Contributors to Netplan naturally build up knowledge in sd-networkd (and NetworkManager), so we would actually have more minds knowledgeable about our network stack.

Furthermore, we would get all the CI, tooling and tests around systemd(-networkd),
in addition to all the CI, tooling and tests around Netplan. Just recently this combination of testing spotted an issue with link-offloading (ethtool) settings,
which would otherwise have slipped through the cracks.

It's now being worked around in Netplan, while an upstream systemd bug was filed:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071220 https://github.com/systemd/systemd/issues/33619

I think perhaps more convincing arguments to be made in favour of
preferring to use networkd directly as a default, rather than netplan, are:

Number of components we rely on
-------------------------------

If we use networkd directly, then our default server/embedded installation can be broken by a bug in either d-i or networkd. If we use networkd via Netplan, then our default server/embedded installation can still be broken
by a bug in d-i or networkd, but it can also be broken by a bug in netplan. That's more "accident surface" (like attack surface, but with no actual attacker, since all of this is trusted system-configuration stuff that hopefully only the sysadmin can manipulate).

This is not a criticism of the quality of Netplan, so much as a criticism
of adding an abstraction layer over something that we could equally well
use directly: a design with an abstraction layer over a backend is
still vulnerable to the backend's bugs, so the abstraction layer can only reduce overall robustness (in the best case, where the abstraction layer
is literally perfect, all it can do is match the level of robustness of
the backend).

To illustrate that point, suppose that abstraction layer A (which
works 99% of the time) uses backend B (which works 90% of the time).
If we combine the two, we can only expect the result to be
(.9*.99) ~= 89% reliable - that's worse than either A or B.

Obviously I hope that both Netplan and networkd are much better than those arbitrary numbers that I made up just now, but neither one is perfect.

Replace server/embedded with laptop/desktop and networkd with NM, and the same idea applies. (Indeed, the same would still be true when comparing
our current direct use of ifupdown with Netplan + ifupdown.)

This is a fair point and applies to every component that we ship as part of
the default installation. Therefore, we need to carefully consider pros and cons of each component, as we're doing right here :)

In the case of sd-networkd + Netplan it can also be flipped on its head, considereing we'll overall have more testing and more contributors knowledgeable about networking, when accepting both tools as part of the
stack (see section above).

Dependency size and maintenance
-------------------------------

I also notice that the netplan.io package would bring GLib, Python, python3-dbus and python3-yaml into the dependencies of the base system,
among others. As an upstream and downstream maintainer of GLib, and in practice the only upstream and downstream unmaintainer[1] of python3-dbus, I'm not comfortable with that, both for size reasons (GLib and Python
are not small) and for quality and maintainedness reasons (python3-dbus).

GLib and Python are relatively large in both on-disk size and attack
surface, but they're essential to our desktop installations anyway, reinventing them in parallel would be worse than reusing them, and
their maintainers have already accepted the responsibility of them
being an important system component. So those two are actually not my
main concern here, and if we had no good alternative, I'd be saying:
yes they're relatively bulky for a container/embedded use-case, but on
a typical server installation they're fine.

python3-dbus is a concern to me, though.

[...]

I am not involved in libyaml, python3-yaml and other dependencies enough
to comment on whether they raise similar concerns.

I dropped some of the python3-* concerns from the citation, as I think it's
not relevant (anymore). We've had a similar networking discussion last year where Netplan's Python dependency was brought up as a concern. That's why we split out the "netplan-generator" package. The Python dependency is only
needed for Netplan's CLI that brings convenience features and can be installed optionally.

For the default installation, we're only talking about "netplan-generator" + "libnetplan1", which does have transitive dependencies on GLib (yes), libuuid and libyaml, besides libc. So the footprint is fairly small.

Benefits vs. costs
------------------

I can see that Netplan aims to have some benefits over configuring the backend directly: its configuration format might be nicer than networkd's
or NM's (this is a matter of opinion, I personally think networkd syntax
is fine in at least the simple cases that are relevant for a default),
and it lets a sysadmin switch between backends without explicitly
translating configuration (I'm not convinced this actually happens
frequently enough to justify the complexity, but opinions can vary).

The question for the project is whether those benefits, in total, exceed
the costs of adding this layer over the top of what we could just be
using directly (networkd or NM, or for that matter, ifupdown).

I think you're lacking a very important point here. As a project we want to have a congruent answer following question:

= "How to do networking on Debian?" =

If we have to tell our users and sysadmins to do "X" on Debian server systems (using ifupdown or potentially sd-networkd), while doing "Y" on Debian desktop systems (using NetworkManager), while doing "Z" on Debian cloud systems (using Netplan), while doing something totally different on RaspberryPi (or alike) boards
that run a Debian server setup, but using WiFi as their primary network interface,
that's just a really bad user experience.

Using Debian should NOT feel like using different distros. And we really need a common way to do network configuration. With Netplan we can tell people to just use
use the "dhcp4: true" setting (for example), which will work on all Debian systems
and is automatically translated to the corresponding backend for server/desktop/cloud/embedded usecases.

All while giving sysadmins the flexibilty to fully utilize the underlying network
daemon directly, if they feel like writing native configuration for it (or don't
like Netplan).

Cheers,
Lukas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

* Lukas M�rdian <slyon@debian.org> [240715 09:36]:

I don't want people to think too much in terms of "sd-networkd VS Netplan", but rather in terms of "sd-networkd PLUS Netplan".

I'm a little confused. Much earlier in this thread it was stated that ifupdown2 was out of the running simply because it brings in python,
even though some consider it a better alternative than ifupdown-ng.
However, netplan.io also brings in python. Do I misunderstand which
package would be used to implement Netplan as being discussed here?

If we _are_ talking about netplan.io, then shouldn't we also bring
ifupdown2 back into consideration?

Confused...Marvin

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 15.07.24 16:06, Marvin Renich wrote:

* Lukas Märdian <slyon@debian.org> [240715 09:36]:

I don't want people to think too much in terms of "sd-networkd VS Netplan", >> but rather in terms of "sd-networkd PLUS Netplan".

I'm a little confused. Much earlier in this thread it was stated that ifupdown2 was out of the running simply because it brings in python,
even though some consider it a better alternative than ifupdown-ng.
However, netplan.io also brings in python. Do I misunderstand which
package would be used to implement Netplan as being discussed here?

If we _are_ talking about netplan.io, then shouldn't we also bring
ifupdown2 back into consideration?

No. We're talking about the "netplan-generator" package, which comes without any
Python dependencies. It's a part of the netplan.io source package and everything
that would be required in the default installation.

-- Lukas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 15.07.24 15:50, Luca Boccassi wrote:

On Sun, 14 Jul 2024 at 19:21, Simon McVittie <smcv@debian.org> wrote:

Dependency size and maintenance
-------------------------------

I also notice that the netplan.io package would bring GLib, Python,
python3-dbus and python3-yaml into the dependencies of the base system,
among others. As an upstream and downstream maintainer of GLib, and in
practice the only upstream and downstream unmaintainer[1] of python3-dbus, >> I'm not comfortable with that, both for size reasons (GLib and Python
are not small) and for quality and maintainedness reasons (python3-dbus).

GLib and Python are relatively large in both on-disk size and attack
surface, but they're essential to our desktop installations anyway,
reinventing them in parallel would be worse than reusing them, and
their maintainers have already accepted the responsibility of them
being an important system component. So those two are actually not my
main concern here, and if we had no good alternative, I'd be saying:
yes they're relatively bulky for a container/embedded use-case, but on
a typical server installation they're fine.

Let's put some hard numbers on the table given this is an important
detail. The following is all starting from a default debootstrapped
unstable.

With networkd only we can drop ifupdown, net changes:

REMOVING:
ifupdown

Summary:
Upgrading: 0, Installing: 0, Removing: 1, Not Upgrading: 0
Freed space: 207 kB

Using network-manager in headless mode (no GUI) brings in:

Installing:
network-manager

[...]

Summary:
Upgrading: 0, Installing: 69, Removing: 0, Not Upgrading: 0
Download size: 28.2 MB
Space needed: 110 MB / 8295 MB available

Installing netplan.io instead brings in:

Installing:
netplan.io
[...]

Summary:
Upgrading: 0, Installing: 42, Removing: 0, Not Upgrading: 0
Download size: 25.2 MB
Space needed: 101 MB / 8340 MB available

So we have a net gain of ~200K when using networkd, a net loss of
~110M when using network-manager, and a net loss of ~101M when using
netplan.

Furthermore, netplan pulls in a lot of python dependencies that are
not exactly recommended, as Simon said. And I think one of the reasons ifupdown2 never gained traction was because it pulled in python3,
which was considered a deal breaker for the default minimal install.
It seems to me if something other than networkd is desired,
network-manager would be the better choice.

As stated previously, we don't need the Netplan CLI's Python dependency.
It's nice and convenient and can be installed is Python is installed anyway.

Let's re-do the Netplan numbers:

# apt install netplan-generator
Installing:
netplan-generator

Installing dependencies:
libglib2.0-0t64 libglib2.0-data libicu72 libnetplan1 libxml2 libyaml-0-2 shared-mime-info xdg-user-dirs

Suggested packages:
low-memory-monitor network-manager | wpasupplicant openvswitch-switch iw

Summary:
Upgrading: 0, Installing: 9, Removing: 0, Not Upgrading: 0
Download size: 13.9 MB
Space needed: 59.9 MB / 22.5 GB available

The "shared-mime-info" seems to be the culprit for most of the additional
size here. Not sure if that'd be needed in the minimal setup?


And for the fun of it, let's do it once more with the minimal required set:

# apt install --no-install-recommends netplan-generator
Installing:
netplan-generator

Installing dependencies:
libglib2.0-0t64 libnetplan1 libyaml-0-2

Suggested packages:
low-memory-monitor network-manager | wpasupplicant openvswitch-switch iw

Recommended packages:
libglib2.0-data shared-mime-info xdg-user-dirs

Summary:
Upgrading: 0, Installing: 4, Removing: 0, Not Upgrading: 0
Download size: 1,728 kB
Space needed: 5,265 kB / 22.5 GB available

So yes, we have an additional overhead of ~5M, in cases where GLib is not already installed and even less on systems with NetworkManager, as we'd
share some dependencies. 5M of additional storage shouldn't be a huge issue
in today's world, IMHO. For the benefit of gaining a common way do to networking on Debian.

-- Lukas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 15 Jul 2024 at 14:36, Lukas Märdian <slyon@debian.org> wrote:

= "How to do networking on Debian?" =

If we have to tell our users and sysadmins to do "X" on Debian server systems (using ifupdown or potentially sd-networkd), while doing "Y" on Debian desktop
systems (using NetworkManager), while doing "Z" on Debian cloud systems (using
Netplan), while doing something totally different on RaspberryPi (or alike) boards
that run a Debian server setup, but using WiFi as their primary network interface,
that's just a really bad user experience.

Using Debian should NOT feel like using different distros. And we really need a
common way to do network configuration. With Netplan we can tell people to just use
use the "dhcp4: true" setting (for example), which will work on all Debian systems
and is automatically translated to the corresponding backend for server/desktop/cloud/embedded usecases.

All while giving sysadmins the flexibilty to fully utilize the underlying network
daemon directly, if they feel like writing native configuration for it (or don't
like Netplan).

Assuming that's really needed, and it's far from clear that different
use cases should really use the exact same things, using
network-manager everywhere would achieve the exact same result,
without pulling in additional dependencies, and without being tied to
the internal decisions made in Canonical that we cannot do anything to influence. Again, not your fault, but existing examples don't exactly
inspire a lot of confidence in that regard: mir, upstart, unity,
lxd...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

CgpPbiBKdWwgMTUsIDIwMjQgMTA6NDggUE0sIEx1Y2EgQm9jY2Fzc2kgPGJsdWNhQGRlYmlhbi5v cmc+IHdyb3RlOgoKPiBhbmQgd2l0aG91dCBiZWluZyB0aWVkIHRvIAoKPiB0aGUgaW50ZXJuYWwg ZGVjaXNpb25zIG1hZGUgaW4gQ2Fub25pY2FsIHRoYXQgd2UgY2Fubm90IGRvIGFueXRoaW5nIHRv IAoKPiBpbmZsdWVuY2UuCgoKQ291bGQgeW91IHBsZWFzZSBzdG9wIHRoaXMgRlVEIGNhbXBhaWdu ID8gV2UgYXJlbid0IHRhbGtpbmcgYWJvdXQgTUlSIG9yIFVuaXR5LCBidXQgYWJvdXQgYSBzbWFs bCB0b29sIHRvIGdlbmVyYXRlIHNvbWUgY29uZmlndXJhdGlvbi4gSXQgaXMgTk9UIHRoZSBzYW1l LCBhcyB3ZSBjb3VsZCBmb3JrIHN1Y2ggYSBzbWFsbChlcikgdG9vbC4gUGx1cyB3ZSBETyBoYXZl IHNvbWUgaW5mbHVlbmNlIChsb29rIHdoZW4gd2UgZGVjaWRlZCB0byBzd2l0Y2ggdG8gc3lzdGVt ZCwgQ2Fub25pY2FsIGZvbGxvd2VkLi4uIGJlY2F1c2UgdGhleSB3YW50ZWQgdG8gZm9sbG93LCB3 aGF0ZXZlciBvdXIgZGVjaXNpb24hKS4KCgpDaGVlcnMsCgoKVGhvbWFzIEdvaXJhbmQgKHppZ28p CgoK PGh0bWw+PGJvZHk+PGJyPjxkaXYgZGlyPSJsdHIiPk9uIEp1bCAxNSwgMjAyNCAxMDo0OCBQTSwg THVjYSBCb2NjYXNzaSAmbHQ7Ymx1Y2FAZGViaWFuLm9yZyZndDsgd3JvdGU6PC9kaXY+CjxkaXYg ZGlyPSJsdHIiPiZndDsgYW5kIHdpdGhvdXQgYmVpbmcgdGllZCB0byA8L2Rpdj4KPGRpdiBkaXI9 Imx0ciI+Jmd0OyB0aGUgaW50ZXJuYWwgZGVjaXNpb25zIG1hZGUgaW4gQ2Fub25pY2FsIHRoYXQg d2UgY2Fubm90IGRvIGFueXRoaW5nIHRvIDwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IGluZmx1 ZW5jZS48L2Rpdj4KPGJyPjxkaXYgZGlyPSJsdHIiPkNvdWxkIHlvdSBwbGVhc2Ugc3RvcCB0aGlz IEZVRCBjYW1wYWlnbiA/IFdlIGFyZW4mIzM5O3QgdGFsa2luZyBhYm91dCBNSVIgb3IgVW5pdHks IGJ1dCBhYm91dCBhIHNtYWxsIHRvb2wgdG8gZ2VuZXJhdGUgc29tZSBjb25maWd1cmF0aW9uLiBJ dCBpcyBOT1QgdGhlIHNhbWUsIGFzIHdlIGNvdWxkIGZvcmsgc3VjaCBhIHNtYWxsKGVyKSB0b29s LiBQbHVzIHdlIERPIGhhdmUgc29tZSBpbmZsdWVuY2UgKGxvb2sgd2hlbiB3ZSBkZWNpZGVkIHRv IHN3aXRjaCB0byBzeXN0ZW1kLCBDYW5vbmljYWwgZm9sbG93ZWQuLi4gYmVjYXVzZSB0aGV5IHdh bnRlZCB0byBmb2xsb3csIHdoYXRldmVyIG91ciBkZWNpc2lvbiEpLjwvZGl2Pgo8YnI+PGRpdiBk aXI9Imx0ciI+Q2hlZXJzLDwvZGl2Pgo8YnI+PGRpdiBkaXI9Imx0ciI+VGhvbWFzIEdvaXJhbmQg KHppZ28pPC9kaXY+Cjxicj48L2JvZHk+PC9odG1sPg==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Jul 15, 2024 at 03:47:16PM +0100, Luca Boccassi wrote:

Assuming that's really needed, and it's far from clear that different
use cases should really use the exact same things, using
network-manager everywhere would achieve the exact same result,
without pulling in additional dependencies, and without being tied to
the internal decisions made in Canonical that we cannot do anything to influence. Again, not your fault, but existing examples don't exactly
inspire a lot of confidence in that regard: mir, upstart, unity,
lxd...

You could compile a similar list of software projects that were abandoned
when Red Hat stopped funding them. Or of entirely community-backed free software projects that are moribund. I think it's prejudicial to argue that
a piece of free software should not be adopted because its development is funded by a company which, over the course of 20 years, has made strategic decisions to discontinue investments in other, unrelated projects.

Either netplan is technically sound, providing a sensible configuration language that meets the needs of Debian users and has a high-quality code
base, in which case it should not actually be a problem for Debian to
maintain it in the event that Canonical discontinues work on it; or it
isn't, and we can stop the discussion there.

BTW, of your list of previous Canonical projects above:

- upstart was discontinued because Debian made the decision to default to
systemd. Init systems are effectively a winner-take-all problem space due
to the network effects of upstream integration; any technical advantages
of upstart could not justify swimming against the current with both Debian
and Red Hat shipping systemd. So that's a situation that doesn't arise
for a technology that Debian DOES pick? :)

- mir is no longer used on the Ubuntu Desktop, but it isn't dead; it lives
on in mir-kiosk and its successor ubuntu-frame.
https://ubuntu.com/blog/the-journey-from-mir-kiosk-to-ubuntu-frame
And I don't think you're actually suggesting it would be healthy this far
along for there to be competing compositor protocols on the Linux
desktop...

- unity is no longer funded by Canonical, but it is not dead, in either its
unity 7 or unity 8 (lomiri) incarnations, but rather continues to be
maintained in both Debian and Ubuntu - to my consternation as a member of
the Ubuntu Release Team, since that increases the number of flavor images
we have to manage releases of ;)

- Canonical has not discontinued its development of lxd. I think the larger
Free Software community political questions of lxd vs incus are off-topic
here.

--
Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer https://www.debian.org/ slangasek@ubuntu.com vorlon@debian.org

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAmaVrd8ACgkQVo0w8yGy Ez1CHQ//bmgqwc3Qser2MdAwhtrcBFI7lYCOtdXuEkhrXohkL82Copu/z2CpU7sH pD5xqb4S1w6VNEOAjWUrnby5zmdu1y+Vrb03Pp5R+xoV4tLB0rpXCF0W2QFPISqh fKF7gppWbReF9EdbyqavC6PqrXrvib8/ViYliAiQd79qdl4EQsSFk706kgczSb6T cG5si+PVzANbWjkqAz7gQ6237aUl365lZU0taPEogw0DW6LaQTIWPFsHdKAPBNdd SXDI+a9XT7WoAFzuepq1t4/yrbAQyjYQqmClYE5EKkiSgOtd0UkJShCpd/LF7GNQ S3mvfntbTNG5IcR1aFEscV0PIfHqAjQkmwF634EzYzUeyNoYLWblcbjOmxK4hv7m i/RKMLwQCRLG84PBpe1CDod6bHNJQI4s6dVDGCKOJvSS5wJVYUsMGy+rgpfladh2 EoLxUiazBdcOSapcQawEiI7ZnzWHBJnVzlf1R0LN2YpythCoHEX0m2Vqpujm0O+S rxzWrfXll21leaUTvHe8STdv3C7yk5SLYeo4LVxnlwguLzQK4IEKee4v5WQC6R8R kLe8xODBOPG6F6rgmfQ/

On Tue, 16 Jul 2024 at 00:26, Steve Langasek <vorlon@debian.org> wrote:

On Mon, Jul 15, 2024 at 03:47:16PM +0100, Luca Boccassi wrote:

Assuming that's really needed, and it's far from clear that different
use cases should really use the exact same things, using
network-manager everywhere would achieve the exact same result,
without pulling in additional dependencies, and without being tied to
the internal decisions made in Canonical that we cannot do anything to influence. Again, not your fault, but existing examples don't exactly inspire a lot of confidence in that regard: mir, upstart, unity,
lxd...

You could compile a similar list of software projects that were abandoned when Red Hat stopped funding them. Or of entirely community-backed free software projects that are moribund. I think it's prejudicial to argue that a piece of free software should not be adopted because its development is funded by a company which, over the course of 20 years, has made strategic decisions to discontinue investments in other, unrelated projects.

Yes, you could compile those lists, and those items would be
problematic too. That's the point made in https://lists.debian.org/debian-devel/2024/07/msg00137.html and I
think it's spot-on.

Either netplan is technically sound, providing a sensible configuration language that meets the needs of Debian users and has a high-quality code base, in which case it should not actually be a problem for Debian to maintain it in the event that Canonical discontinues work on it; or it
isn't, and we can stop the discussion there.

Again, yes, in that case it would most definitely be a problem, as
explained in https://lists.debian.org/debian-devel/2024/07/msg00137.html
being saddled with having to maintain a discontinued product would
absolutely be an issue, which is enough to make it a less prefereable
solution, independently of whatever specific technical merits it might
or might not have. In the end all these projects largely just work, in
the sense of allowing to successfully achieve the goal of configuring
network interfaces, so in this case other individual metrics are less
important than other factors such as, how many other distributions are
using it and how resilient is maintenance against shift in priorities
of a single entity, which translates to, how many active maintainers
and from which backgrounds are working on the project.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 15 Jul 2024 15:35:32 +0200, Lukas Märdian <slyon@debian.org>
wrote:

I don't want people to think too much in terms of "sd-networkd VS Netplan", >but rather in terms of "sd-networkd PLUS Netplan". Contributors to Netplan >naturally build up knowledge in sd-networkd (and NetworkManager), so we would >actually have more minds knowledgeable about our network stack.

Other than being fully RFC 1925 6a compliant, why do we need that
layer then? And why do we need it in the installer, which is only
geared to supposed the most easy network configurations?

Greetings
Marc
--
---------------------------------------------------------------------------- Marc Haber | " Questions are the | Mailadresse im Header Rhein-Neckar, DE | Beginning of Wisdom " |
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Jul 15, 2024 at 10:26:09AM +0200, Thomas Goirand wrote:

Also, Netplan is just a configuration layer. That's a way simpler than NM or sd-networkd.

In principle, ifupdown is little more than a configuration layer as
well. It doesn't manage anything itself, it delegates everything to
external tools, either just iproute2 for static configuration, or dhcpd, wpasupplicant and other daemons for more dynamic configuration. Ifupdown
could be modified to translate its configuration to networkd, NM and so
on. Of course, if netplan is an even better configuration language then
I'd prefer that.

--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEETRt3lsA+CDGZG91CP0kN64ce+foFAmaWHRIACgkQP0kN64ce +fptYQ/+IU48rLNvyj/iqeQrMbo/Qnwppsubvb2vMZPAspVlGw2hKFL0ft/4j0GV 3BPFR6TnrrYLyZypy3PfEjIBLLAhEC9ntcR6FN51vMN73w/deQ9IK09At2tPn9Wu eSGHZqICSsgaPyJTK+eNY+JA4AGpWVS3de9jsQHEJSdlxl5NX9858YICqeurXGpG cYrtq1JjDLYR8az880FnnNR5RxSNk11q9LYtrAjkX108yZzR3sNwU1TrL74IujD+ HRCbpJES+zTRTsE9ksc3NfgfcuLt5L93+NQbOF9XeUMQqYf3m1ErL/NVJqPIqMgo 6WWXm/eGmuAuRO7vjr3zT5ET+6V30s/TimMRET+jRvcZZdVrDUn299Be7TfOSU0D 73+aZZ7SyjHh6/kOY5Wmdcl+XkFFRPM8PVR2erS12kNy+lxnMAoDWYEoXHvEKEnB jop0fvk9eqvbwJehXb+yL7n0Yzhc/pPiekew6ZZtzP8aiSJeXbB55iUn48mhcbG5 eZIyFKFzA6IP2f6x1akRXfTlZqBRDqtSKSblxW1BXtgMQNkuxb/Q24rINChUl8lI +4oBFe/LtvNSKbDa5SN2nDVfHi8rNQbXL7yhy4RJcUeZnTG1rMR6vHmTQaWwuBXi XEe0qozwTVftuysFqfvrcFI6FglicL5yp6LewYARiy+HAx3LmAI=
=CDoZ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

CgpPbiBKdWwgMTYsIDIwMjQgNDo1NSBQTSwgTHVrYXMgTcOkcmRpYW4gPHNseW9uQGRlYmlhbi5v cmc+IHdyb3RlOgoKPiBOZXRwbGFuIGlzIGludGVncmF0ZWQgd2l0aCBbY2xvdWQtaW5pdF0gInYy IiBuZXR3b3JrIGNvbmZpZ3VyYXRpb24gYW5kIHRoZSAiY2xvdWQtY29uZmlnIiAKCj4gaXMgYWRv cHRlZCBieSBtYW55IG1ham9yIHB1YmxpYyBjbG91ZCBwcm92aWRlcnMgKEFXUywgR0NFLCBBenVy ZSwgLi4uKSBhcyBhIGRlcGxveW1lbnQgCgo+IG1ldGhvZCwgd2hpY2ggbWFrZXMgaXQgYSB3ZWxs LWtub3duIGZvcm1hdC4gU2ltaWxhcmx5IGRlZmF1bHQgY29uZmlndXJhdGlvbiBmb3IgCgo+IFtk ZWJpYW4tY2xvdWRdIGlzIHByb3ZpZGVkIHZpYSBOZXRwbGFuLiBJdCBpcyBhbHJlYWR5IHN1cHBv cnRlZCBpbiBbQ2FsYW1hcmVzXSBmb3Igb3VyIAoKPiBsaXZlLWltYWdlcyBhbmQgYXMgb2YgcmVj ZW50bHkgbGFuZGVkIGluIFtkZWJpYW4taW5zdGFsbGVyXSBhcyB3ZWxsLiAKCgpJdCdkIGJlIHZl cnkgbmljZSBpZiBpdCBjb3VsZCBhbHNvIHN1cHBvcnQgYSBiZ3AtdG8tdGhlLWhvc3Qgc2V0dXAg bmF0aXZlbHkgYXMgd2VsbC4gTWF5YmUgSSBjYW4gY2F0Y2ggeW91IGluIEJ1c2FuIHRvIGV4cGxh aW4gdGhhdCB1c2UgY2FzZT8KCgpDaGVlcnMsCgoKVGhvbWFzIEdvaXJhbmQgKHppZ28pCgoK PGh0bWw+PGJvZHk+PGJyPjxkaXYgZGlyPSJsdHIiPk9uIEp1bCAxNiwgMjAyNCA0OjU1IFBNLCBM dWthcyBNw6RyZGlhbiAmbHQ7c2x5b25AZGViaWFuLm9yZyZndDsgd3JvdGU6PC9kaXY+CjxkaXYg ZGlyPSJsdHIiPiZndDsgTmV0cGxhbiBpcyBpbnRlZ3JhdGVkIHdpdGggW2Nsb3VkLWluaXRdICZx dW90O3YyJnF1b3Q7IG5ldHdvcmsgY29uZmlndXJhdGlvbiBhbmQgdGhlICZxdW90O2Nsb3VkLWNv bmZpZyZxdW90OyA8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OyBpcyBhZG9wdGVkIGJ5IG1hbnkg bWFqb3IgcHVibGljIGNsb3VkIHByb3ZpZGVycyAoQVdTLCBHQ0UsIEF6dXJlLCAuLi4pIGFzIGEg ZGVwbG95bWVudCA8L2Rpdj4KPGRpdiBkaXI9Imx0ciI+Jmd0OyBtZXRob2QsIHdoaWNoIG1ha2Vz IGl0IGEgd2VsbC1rbm93biBmb3JtYXQuIFNpbWlsYXJseSBkZWZhdWx0IGNvbmZpZ3VyYXRpb24g Zm9yIDwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IFtkZWJpYW4tY2xvdWRdIGlzIHByb3ZpZGVk IHZpYSBOZXRwbGFuLiBJdCBpcyBhbHJlYWR5IHN1cHBvcnRlZCBpbiBbQ2FsYW1hcmVzXSBmb3Ig b3VyIDwvZGl2Pgo8ZGl2IGRpcj0ibHRyIj4mZ3Q7IGxpdmUtaW1hZ2VzIGFuZCBhcyBvZiByZWNl bnRseSBsYW5kZWQgaW4gW2RlYmlhbi1pbnN0YWxsZXJdIGFzIHdlbGwuIDwvZGl2Pgo8YnI+PGRp diBkaXI9Imx0ciI+SXQmIzM5O2QgYmUgdmVyeSBuaWNlIGlmIGl0IGNvdWxkIGFsc28gc3VwcG9y dCBhIGJncC10by10aGUtaG9zdCBzZXR1cCBuYXRpdmVseSBhcyB3ZWxsLiBNYXliZSBJIGNhbiBj YXRjaCB5b3UgaW4gQnVzYW4gdG8gZXhwbGFpbiB0aGF0IHVzZSBjYXNlPzwvZGl2Pgo8YnI+PGRp diBkaXI9Imx0ciI+Q2hlZXJzLDwvZGl2Pgo8YnI+PGRpdiBkaXI9Imx0ciI+VGhvbWFzIEdvaXJh bmQgKHppZ28pPC9kaXY+Cjxicj48L2JvZHk+PC9odG1sPg==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16.07.24 08:00, Marc Haber wrote:

On Mon, 15 Jul 2024 15:35:32 +0200, Lukas Märdian <slyon@debian.org>
wrote:

I don't want people to think too much in terms of "sd-networkd VS Netplan", >> but rather in terms of "sd-networkd PLUS Netplan". Contributors to Netplan >> naturally build up knowledge in sd-networkd (and NetworkManager), so we would
actually have more minds knowledgeable about our network stack.

Other than being fully RFC 1925 6a compliant, why do we need that
layer then? And why do we need it in the installer, which is only
geared to supposed the most easy network configurations?

Haha, nice one (RFC 1925)!

Sure, if it would be just "sd-networkd PLUS Netplan", i.e. one layer on top of another layer, it wouldn't make any sense and could be reduced to subjective preference of the corresponding config format.

But it's not just this.
Netplan's beauty starts to shine when we're talking about the full picture:

* Netplan PLUS sd-networkd (server/cloud/container)
* Netplan PLUS NetworkManager(desktop/laptop)
* Netplan PLUS wpa_supplicant (server/embedded, using sd-networkd on WiFi)
* Netplan PLUS Open vSwitch (cloud/HPC)

So instead of having multiple different ways of configuring networking on Debian
systems, we should be telling one coherent story. In the end we want to have a compelling answer to this question:

= "How to do networking on Debian?" =

Using Debian should NOT feel like using different distros. We want a common way to
do network configuration. With Netplan we can tell people to use the "dhcp4: true"
setting (for example), which will work on all Debian systems and is automatically
translated to the corresponding backend for server/desktop/cloud/embedded usecases.

All while giving sysadmins the flexibility to fully utilize the underlying network
daemon directly, to optimize their special case.


= Why in the installer(s)? =

The same argument applies for having it in the installer(s. Supporting a common network-configuration format across our installers, instead of multiple different
"special cases" sounds like a more feasible and maintainable solution. Yes, we already
have special cases in the installers today, but we should strive to reduce them over
time, instead of adding more.

Netplan is integrated with [cloud-init] "v2" network configuration and the "cloud-config"
is adopted by many major public cloud providers (AWS, GCE, Azure, ...) as a deployment
method, which makes it a well-known format. Similarly default configuration for [debian-cloud] is provided via Netplan. It is already supported in [Calamares] for our
live-images and as of recently landed in [debian-installer] as well.

So we should have all the technical pieces in place for a streamlined installation and
network configuration story across Debian!

Cheers,
Lukas


[Calamares] https://github.com/calamares/calamares/pull/2284
[debian-installer] https://salsa.debian.org/installer-team/netcfg/-/merge_requests/9
[cloud-init] https://docs.cloud-init.io/en/latest/reference/network-config-format-v2.html
[debian-cloud] https://salsa.debian.org/cloud-team/debian-cloud-images/-/tree/master/config_space/sid/files/etc/netplan

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am Di, Jul 16, 2024 at 10:54:47 +0200 schrieb Lukas Märdian:

* Netplan PLUS NetworkManager(desktop/laptop)

All my desktops have only LAN and are working very well with ifupdown
since the beginning.
My Laptops are mostly in a LAN either. So NM is onlay needed for the rare
cases I’m in a WLAN.

* Netplan PLUS wpa_supplicant (server/embedded, using sd-networkd on WiFi)

None of my servers are using WLAN. They all work very well with ifupdown including bonding/vlans.

The only times I didn’t get a working network with ifupdown are a)
missing firmware and b) the installer doesn’t support VLAN/Bonding.
And I don’t think Netplan will help here.

Using Debian should NOT feel like using different distros. We want

Sorry, I call this bullshit. I’m using Debian exactly because it feels different like other distros. There wouldn’t be a need for Debian if not.

ifupdown *is* one of the reasons I’m using Debian. I’m not interested in editing yaml files to configure the network.

Stephan

--
| If your life was a horse, you'd have to shoot it. |

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16/7/24 10:54, Lukas Märdian wrote:

[snip]

But it's not just this.
Netplan's beauty starts to shine when we're talking about the full
picture:

* Netplan PLUS sd-networkd (server/cloud/container)
* Netplan PLUS NetworkManager(desktop/laptop)
* Netplan PLUS wpa_supplicant (server/embedded, using sd-networkd on
WiFi)
* Netplan PLUS Open vSwitch (cloud/HPC)

So instead of having multiple different ways of configuring networking
on Debian
systems, we should be telling one coherent story. In the end we want
to have a
compelling answer to this question:

[snip]

Out of curiosity+ignorance: how does Netplan detect the environment? How reliably?


I personally disfavour Netplan and other related tools (but open to be convinced on technical merits)



Thanks,

    JL

--
Parkinson's Law: Work expands to fill the time alloted to it.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, Jul 16, 2024 at 11:24:54AM +0200, Stephan Seitz wrote:

Am Di, Jul 16, 2024 at 10:54:47 +0200 schrieb Lukas Märdian:

Using Debian should NOT feel like using different distros. We want

Sorry, I call this bullshit. I’m using Debian exactly because it feels different like other distros. There wouldn’t be a need for Debian if not.

I'm pretty certain you misunderstood Lukas here. He wasn't saying that
using Debian should feel just like using any other Linux distribution,
but rather that there should be a similar feel to Debian regardless of
the context you're using it in (desktop, server, cloud, etc.).

--
Colin Watson (he/him) [cjwatson@debian.org]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16.07.24 11:24, Jose Luis Tallon wrote:

On 16/7/24 10:54, Lukas Märdian wrote:

[snip]

But it's not just this.
Netplan's beauty starts to shine when we're talking about the full picture: >>
* Netplan PLUS sd-networkd (server/cloud/container)
* Netplan PLUS NetworkManager(desktop/laptop)
* Netplan PLUS wpa_supplicant (server/embedded, using sd-networkd on WiFi) >> * Netplan PLUS Open vSwitch (cloud/HPC)

So instead of having multiple different ways of configuring networking on Debian
systems, we should be telling one coherent story. In the end we want to have a
compelling answer to this question:

[snip]

Out of curiosity+ignorance: how does Netplan detect the environment? How reliably?

It doesn't, it is all part of the explicit, declarative Netplan configuration. So the
sysadmin or installer makes that decision. E.g. in the case of [debian-installer] or
[calamares], we're checking if the "network-manager" package is installed in the
target system and install an additional Netplan config file in that case.

/etc/netplan/01-network-manager-all.yaml:

network:
version: 2
renderer: NetworkManager

This file controls Netplan's [default renderer] on a global level and is the most common
case. But different "renderer" settings can also be applied to individual interfaces; as
we learned in this thread before, using multiple network daemons (i.e. backend renderers)
at the same time comes with its very own challenges. Still, it works and can be useful in
certain edge cases.

In other cases, where only one backend option is supported in Netplan, e.g. for setting up
SR-IOV devices, certain Open vSwitch configurations or wireless configurations on
sd-networkd, it will pick the corresponding renderer implicitly (e.g. wpa_supplicant, ovsdb).

I personally disfavour Netplan and other related tools (but open to be convinced on technical merits)

Netplan isn't very common in the Debian world, yet, at least that was my impression from
DebConf 2023. Still, it's already part of our stack and I'd like to invite you to play
around with it, to learn more about its technical abilities. E.g. using one of our official
Bookworm cloud images in a local VM:

https://blog.slyon.de/2023/07/10/netplan-and-systemd-networkd-on-debian-bookworm/

Cheers,
Lukas

[debian-installer] https://salsa.debian.org/installer-team/netcfg/-/merge_requests/9/diffs#ba5cc2a898d2537d7b6ec1de1ec1b70a6477c2a4_53_75
[calamares] https://github.com/calamares/calamares/pull/2284/files#diff-5960a6e192d1804ed3e3b84905264cff37275564879d6d87d0668369b495c21bR150
[default renderer] https://netplan.readthedocs.io/en/latest/examples/#how-to-use-networkmanager-as-a-renderer
[reference] https://netplan.readthedocs.io/en/stable/netplan-yaml/#properties-for-all-device-types

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16.07.24 11:06, thomas@goirand.fr wrote:

On Jul 16, 2024 4:55 PM, Lukas Märdian <slyon@debian.org> wrote:

Netplan is integrated with [cloud-init] "v2" network configuration and the "cloud-config"
is adopted by many major public cloud providers (AWS, GCE, Azure, ...) as a deployment
method, which makes it a well-known format. Similarly default configuration for
[debian-cloud] is provided via Netplan. It is already supported in [Calamares] for our
live-images and as of recently landed in [debian-installer] as well.

It'd be very nice if it could also support a bgp-to-the-host setup natively as well. Maybe I can catch you in Busan to explain that use case?

Sure! I'm always interested in supporting new, useful scenarios.
And we're also accepting PRs [upstream] ;-)

This bgp-to-the-host case sounds like it needs some explanation :), so feel free to join my
[networking BoF] in Busan, or catch me afterwards for an extended chat.

-- Lukas

[upstream] https://github.com/canonical/netplan/pulls
[networking BoF] https://debconf24.debconf.org/talks/10-past-present-and-future-of-networking-in-debian/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16.07.24 11:24, Stephan Seitz wrote:

Am Di, Jul 16, 2024 at 10:54:47 +0200 schrieb Lukas Märdian:

* Netplan PLUS NetworkManager(desktop/laptop)

All my desktops have only LAN and are working very well with ifupdown since the beginning.
My Laptops are mostly in a LAN either. So NM is onlay needed for the rare cases I’m in a WLAN.

Today, if you install a desktop environment that comes with NetworkManager, debian-installer will
already opt to configure N-M for you (instead of /etc/network/interfaces). ifupdown is still
installed and can be used, as you apparently do.

With Netplan+sd-networkd (+wpa_supplicant) you would even gain another minimal option that supports
the rare WLAN cases. But it sounds like you prefer using ifupdown, which is totally fine, see below.

* Netplan PLUS wpa_supplicant (server/embedded, using sd-networkd on WiFi)

None of my servers are using WLAN. They all work very well with ifupdown including bonding/vlans.

This might not be your usecase, but I regularly see setups of "embedded boards", like Raspberry Pi,
that use a server image but have the WiFi adapter as their primary network interface.

The only times I didn’t get a working network with ifupdown are a) missing firmware and b) the installer doesn’t support VLAN/Bonding.
And I don’t think Netplan will help here.

Netplan supports VLAN & Bonding, but debian-installer deliberately writes a very basic configuration
only (DHCP or static IP), leaving more advanced setups to the sysadmin, AFAIK. Maybe this is something
to be discussed with the d-i team?

Using Debian should NOT feel like using different distros. We want

Sorry, I call this bullshit. I’m using Debian exactly because it feels different like other distros. There wouldn’t be a need for Debian if not.

As Colin stated, what I said is that Debian should have a congruent networking story in itself,
independent of the context you're using it in (desktop, server, cloud, etc.). I'm sorry if that wasn't clear.

ifupdown *is* one of the reasons I’m using Debian. I’m not interested in editing yaml files to configure the network.

Using ifupdown is totally fine! I'm not suggesting for it to go away. I even think it should continue
to be part of the default installation (in Trixie at least), for backwards compatibility and to give
sysadmins a choice of when and if they want to transition to new tooling. Given the maintenance burden
discussed in other parts of this thread, it remains to be decided if this should be handled by
ifupdown-ng or ifupdown itself. But the current maintainers (Santiago, Daniel, ...) are probably in the
best position to decide about such combined "ifupdown*" efforts.

People that prefer using ifupdown could then just not touch /etc/netplan, or even "rm /etc/netplan/*.yaml"
and continue using /etc/network/interfaces as usual.

-- Lukas

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Stephan Seitz <stse+debian@rootsland.net> writes:

Am Di, Jul 16, 2024 at 10:54:47 +0200 schrieb Lukas Märdian:

...

Using Debian should NOT feel like using different distros. We want

Sorry, I call this bullshit. I’m using Debian exactly because it feels different like other distros. There wouldn’t be a need for Debian if not.

You seem to have read that almost exactly backwards.

What Lukas was saying was that Debian on an embedded machine should feel
like Debian on a cloud instance, and like Debian on a mobile phone ...

If the manual has to say "If you're using this flavour of Debian, you're probably using that flavour of underlying network stack, which means you
need this command to do X" then it starts to feel like each scenario is
as different as e.g. RedHat vs. Arch.

The default way to do things should be something where the manual can
just describe the one thing, and it'll work everywhere, so that one can
feel at home in any Debian install.

Of course, if you know you personally only ever need/want ifupdown you
can cheerfully ignore the default, whatever it is.

I suspect having something that's agnostic about the underlying
implementation as our default would be rather better for the non-systemd options that people care about, so if you want to keep on using ifupdown
into the future, then having netplan as our default configuration layer
would at least ensure that people would run tests against netplan's use
of ifupdown, which I suspect is going to be more testing than would
happen if networkd was the default.

Also, networkd doesn't support non-Linux and non-systemd systems AFAIK,
so there are definitely going to be more caveats in the documentation,
and Debian's going to feel that much less universal, if we settle on
networkd as the default for this.

Cheers, Phil.
--
Philip Hands -- https://hands.com/~phil

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmaWVcwACgkQ0EujoAEl 1cAxmQ/+LhkRYeXzN2wMy7Pmx8sjO2DmyPzTPYWi8Ipt4XZL9zBaKWvxdrUQuPZP uJ4Jesi8r19UdjFYTZbV9Z1QwUpdliyNviB+4LKCluBx19l6DMBhZjlz8DGQ0C0z mWDAaXShixoWIcZGCeCdmSsJ0YFC7m4Kb7sfje68EyY4s+8cbWPpoyw41UXwfshk tpuGGIUAHbCbmee77/Pmgx0wGSGZEfz9FGL5TAUvP5ANW8r7WC0XCmgG1KDSwJ6f 1SaLj2alz7mUT2YJ/h9G0AHY4dKeSpOmKsZpEojn68rbPLp3D6KkDuICxrc9h+VK U4LnSr0Z/BAeTbnchSuP6Qc4ua6Ewfa85dwH+j7RynJpGCQhhZ8DgGxmYQ7eIBNM ksxFnZRpUtreav9lYUJdq7kObzRWaAHRzIjonxpGb3q3Q6/bCK4YFEaO4s3JbQvW gIyvV25J0tfpKrz6N8vL/pexfkx5KvN601RvkB33ob3+B95kqYFNVTohVEo/iLjN 31ko6gfo9bmd2S/7Q4wiqCS4FU7GwnfrsW13IkKEajgNoAo0dlRNrXA75gDSVhmV WIa+nbW8xWkRLIdYaLRHBRm0QZduN0b5K5A1Bza6ZO1CQ2rT6XDqTfpMyPs+nFkL HxIpwQK4ASeqUjrp3HQSmE2xTwisO8V4DQZDAA0tfadWaqgB9n0=mI21
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gatewa

Am Di, Jul 16, 2024 at 13:14:44 +0200 schrieb Lukas Märdian:

On 16.07.24 11:24, Stephan Seitz wrote:

None of my servers are using WLAN. They all work very well with
ifupdown including bonding/vlans.

This might not be your usecase, but I regularly see setups of "embedded >boards", like Raspberry Pi, that use a server image but have the WiFi
adapter as their primary network interface.

Ah, okay, yes, this is a server case as well.

Sorry, I call this bullshit. I’m using Debian exactly because it feels >>different like other distros. There wouldn’t be a need for Debian if
not.

As Colin stated, what I said is that Debian should have a congruent >networking story in itself, independent of the context you're using it
in (desktop, server, cloud, etc.).

Ah, sorry, I really misunderstood it.

But I’m not sure I agree.

Desktop, server, cloud are different flavours with different software and different user interfaces.
I wouldn’t expect to have a desktop environment on a server, so I would
have a different UI on server and desktop. And while I don’t care which syntax form the configuration files are if I configure thinks via GUI, it
is different when I only have a CLI.

So I wouldn’t have a problem if different flavours would have different defaults how things like network are to be configured. These flavours
will probably have different users as target as well.

Many greetings,

Stephan

--
| If your life was a horse, you'd have to shoot it. |

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Tue, 16 Jul 2024 13:13:16 +0200, Philip Hands wrote:

I suspect having something that's agnostic about the underlying implementation as our default would be rather better for the non-systemd options that people care about, …
Also, networkd doesn't support non-Linux and non-systemd systems AFAIK,

AFAICS, the netplan packages (netplan.io, netplan-generator) currently
have a hard dependency on systemd.

Cheers,
gregor

--
.''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org
: :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06
`. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe
`- BOFH excuse #453: Spider infestation in warm case parts

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

gregor herrmann <gregoa@debian.org> writes:

On Tue, 16 Jul 2024 13:13:16 +0200, Philip Hands wrote:

I suspect having something that's agnostic about the underlying
implementation as our default would be rather better for the non-systemd
options that people care about, …
Also, networkd doesn't support non-Linux and non-systemd systems AFAIK,

AFAICS, the netplan packages (netplan.io, netplan-generator) currently
have a hard dependency on systemd.

Ah, so it does -- OK, so it seems I'd somewhat misunderstood where it
currently sits in this spectrum -- thanks for pointing that out :-)

Cheers, Phil.
--
Philip Hands -- https://hands.com/~phil

--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3/FBWs4yJ/zyBwfW0EujoAEl1cAFAmaWcpoACgkQ0EujoAEl 1cBF8hAArgIraRWnqLidTOhTJSIKUeUH6ykYjkOOw5nKIy4j/Jd7A4W915zZ+dry texBabahXZEwByTp8RpWf/U4FGVoJH87dOQNf5gFpoErif3+JcIEaFvd9ZeT00JB ul+YRFvTowlTrKcftSs1ch64ZrlyPFRMik/WlUa5PLL+GLeq1+F3F/PFum2eQfrk K7NuBDfJp5Y5q/5mDbNCz/SHlaIrc8n4mLnr/ZVmp4j8l0p0wx89+xHV9pwbmmiZ A8VNYR7bSGk3PRk61/4A41StZAoVHhhz8QTUOH7BiGGWOiluK/6lYqyo/794d32Y 4iNyYqLbxOVBJAQTy73RybB2FQcqKssVVp97ZAexiaFOjHZsw1etf72kM097z6Te k1i/KPidqi03cE/QlBYUQIqI8Nk8a1hzDZGYjP806MOZNSvSnQ6OS7JjIPWeNLYA tYE8Fa9zJiO4V3XA9SyL2q98HIq4hN7jt5LDkT6UeTvemnE0LdZGweC+x5hw482J x05SlnelMeZZakraGBJQ6xhzIHFJNbYldfY2jA2j3OvPX34/AkQ4a7shmCa0uLH4 54bXPVVrkRZiZpjf8mZ+fCVXK32oxnT12Ut148HOsmUbWNLab2WZu3EMO1Xidt5V peYn22RDoZzJw/0db5oiV8FxfOMz/YeUyc+BM+bN849/Ji14DQA=Xovr
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gatewa

On 16.07.24 15:05, gregor herrmann wrote:

On Tue, 16 Jul 2024 13:13:16 +0200, Philip Hands wrote:

I suspect having something that's agnostic about the underlying
implementation as our default would be rather better for the non-systemd
options that people care about, …
Also, networkd doesn't support non-Linux and non-systemd systems AFAIK,

AFAICS, the netplan packages (netplan.io, netplan-generator) currently
have a hard dependency on systemd.

That's true.
Netplan functions as a [systemd-generator] at its core, so it will have the same limitations as sd-networkd. So ifupdown[-ng] would still be needed as a fallback for the non-systemd ports.

Not saying this isn't something that couldn't be changed.. but it would be
some bigger effort. In theory the "/usr/libexec/netplan/generate" binary could be called independently of systemd and produce NetworkManager configuration, for example. But looking at the Netplan backends (NM, networkd, OVS), non of them is built for non-linux architectures. So dependencies would need to be worked out first.

-- Lukas

[systemd-generator] https://www.freedesktop.org/software/systemd/man/latest/systemd.generator.html

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

* Lukas M�rdian <slyon@debian.org> [240715 10:33]:

No. We're talking about the "netplan-generator" package, which comes without any
Python dependencies. It's a part of the netplan.io source package and everything
that would be required in the default installation.

Thanks. I've filed wishlist Bug#1076445 asking for better package descriptions.

...Marvin

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Tue, 2024-07-16 at 15:23 +0200, Lukas Märdian wrote:

On 16.07.24 15:05, gregor herrmann wrote:

On Tue, 16 Jul 2024 13:13:16 +0200, Philip Hands wrote:

I suspect having something that's agnostic about the underlying implementation as our default would be rather better for the non-systemd options that people care about, …
Also, networkd doesn't support non-Linux and non-systemd systems AFAIK,

If you want to explore alternatives, one can just start systemd-
networkd under sysvinit as well. I'm not sure how well that is
supported, but it worked when I tried for entertainment.

AFAICS, the netplan packages (netplan.io, netplan-generator) currently
have a hard dependency on systemd.

That's true.
Netplan functions as a [systemd-generator] at its core, so it will have the same limitations as sd-networkd. So ifupdown[-ng] would still be needed as a fallback for the non-systemd ports.

Uhh, how does it generate .network units for systemd-networkd then?
Note the paragraph stating

+---
| Note: generators must not write to other locations or otherwise
| make changes to system state.
+---[ man:systemd.generator(7) ]

from the man page you linked to. And none of /run/systemd/generator{,.late,.early} seem like places to place
.network or .netdev units?

(And I wouldn't be surprised if systemd would start enforcing that,
just like they enabled a system-wide `ProtectSystem=` in initrd by
default which prevents writing to `/usr`.)

Ansgar

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, Jul 15, 2024 at 02:57:21AM +0200, Cyril Brulebois wrote:

Lukas Märdian <slyon@debian.org> (2024-07-11):

Additional benefits of Netplan:
* Already used on Debian Bookworm [cloud] images by default

Having started to toy with cloud images these last few days, and
learning about the various components in there, I'm not exactly sure
where /etc/netplan/90-default.yaml is coming from but it's 644 in at
least Debian 12 and Debian sid “nocloud” amd64 images (QCOW format), leading netplan to complain about these too-wide permissions.

I'm not sure where this file is coming from, but it'd be great to have
those permissions fixed/those warnings go away.

I'd be glad if someone could take it up from here, I've burned up all
the time I had to spend on Netplan on the short term. Thanks already!

I think that may be a cloud image specific issue. Will look deeper...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------G40y70Jhxvhl7wvTPUpG7A6h
Content-Type: multipart/alternative;
boundary="------------rtpLjQmFkMoEDC2nN1PA20J3"

--------------rtpLjQmFkMoEDC2nN1PA20J3
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

T24gMTYuMDcuMjQgMTg6MzcsIEFuc2dhciDwn5mAIHdyb3RlOg0KPiBmcm9tIHRoZSBtYW4g cGFnZSB5b3UgbGlua2VkIHRvLiBBbmQgbm9uZSBvZg0KPiAvcnVuL3N5c3RlbWQvZ2VuZXJh dG9yeywubGF0ZSwuZWFybHl9IHNlZW0gbGlrZSBwbGFjZXMgdG8gcGxhY2UNCj4gLm5ldHdv cmsgb3IgLm5ldGRldiB1bml0cz8NCg0KVG8gdGhlIGV4dGVudCB0aGF0IE5ldHBsYW4ncyBz ZC1uZXR3b3JrZCBnZW5lcmF0b3IgZG9lcyBub3QgcHJvZHVjZSANCnN5c3RlbWQgdW5pdHMs IGl0IHNob3VsZG4ndCBiZSBbdHJlYXRlZCBhc10gYSBnZW5lcmF0b3IgaW4gdGhlIGZpcnN0 IA0KcGxhY2UuIEl0IG9ubHkgbmVlZHMgdG8gcnVuIGJlZm9yZSBzZC1uZXR3b3JrZCBhbmQg d3JpdGUgaXRzIHN0dWZmIHRvIA0KL3J1bi9zeXN0ZW1kL25ldHdvcmsuDQoNCklmIGl0IGFs c28gcHJvZHVjZXMgc3lzdGVtZCB1bml0cyB0aGVuICp0aGF0KiBwYXJ0IG9mIGl0cyBqb2Ig aXMgY292ZXJlZCANCmJ5IHRoZSBzeXN0ZW1kLmdlbmVyYXRvciBtYW5wYWdlOyBpZiBub3Qs IHRoZW4gaXQgZG9lc24ndCBldmVuIG5lZWQgdG8gDQpiZSBhIGdlbmVyYXRvciDigJQgaXQg b25seSBuZWVkcyB0byBydW4gYmVmb3JlIHNkLW5ldHdvcmtkLCB3aGljaCBpcyBlYXN5IA0K ZW5vdWdoIHRvIHNldCB1cCAoYWRkIGEgZHJvcC1pbiB1bml0IHdpdGggRXhlY1N0YXJ0UHJl PSBzdGFuemEpLg0KDQotLSANCi0tIHJlZ2FyZHMNCi0tIA0KLS0gTWF0dGhpYXMgVXJsaWNo cw0KDQo=
--------------rtpLjQmFkMoEDC2nN1PA20J3
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">On 16.07.24 18:37, Ansgar 🙀 wrote:<br>
</div>
<blockquote type="cite"
cite="mid:eb310e2edf435ab1912b95f7915643735ce15969.camel@43-1.org">
<pre>from the man page you linked to. And none of /run/systemd/generator{,.late,.early} seem like places to place
.network or .netdev units?</pre>
</blockquote>
<p>To the extent that Netplan's sd-networkd generator does not
produce systemd units, it shouldn't be [treated as] a generator in
the first place. It only needs to run before sd-networkd and write
its stuff to /run/systemd/network.</p>
<p>If it also produces systemd units then *that* part of its job is
covered by the systemd.generator manpage; if not, then it doesn't
even need to be a generator — it only needs to run before
sd-networkd, which is easy enough to set up (add a drop-in unit
with ExecStartPre= stanza).<br>
</p>
<pre class="moz-signature" cols="72">--
-- regards
--
-- Matthias Urlichs</pre>
</body>
</html>

--------------rtpLjQmFkMoEDC2nN1PA20J3--

--------------G40y70Jhxvhl7wvTPUpG7A6h--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEr9eXgvO67AILKKGfcs+OXiW0wpMFAmaXai4FAwAAAAAACgkQcs+OXiW0wpPQ fA//RBCQrDK14t/jM8Sgl2JMGKALWeNXVpsFG/I+D9j6fxE3b0+RM7lubFaamjU5H1z93gWpH56G 5C6ssEGxeA4dDKYReMnvIMDkBLHaU4XfhP9biWEwY4/ruYnsiaN0lMZZ5J/LWr9BTmZ7L9zp9UIN euHH1BN96IdG5jLBey+yaMfXk9pf+51Cd0gWCMx+UjHyELwEPN/aTgPUtsjAIsINJ0NiInwt7aSc r1+HZGJ4+9VB2OVh7Fh1buOypBfwegy3PYYHCcKwsYE7Th26o/bJVKRXBIej/H4gya5dJNb7bpz+ fdjjru4eDJ6jtZ1cMjg5q38a7xOip1cTWeJcik3rJL9w3vlan8lg35Id3EkzNx9vdCHCmn7M24d5 3Wwec8m7pc3T8pF56rXWXxyfFs51ResIS+ADay0VfdY/lQCo5Mo7LBqiSqQ6BkQfQJUDI07ABauF L+PtlU48f8b3l5/nsJ6+aXrY4bQ3v5A4rl3OrFXrTXBFuHlxKyz+UfzcOdXWHYAHS9xCcqIOBM8f 5Fi8pZNX7wM18aRRfQ6SCqX6/9CmfkP3FzgMq6uiDyFp79SaavsNkQ0HxJnOK3mgbllrO1JBZg2K IsTO/yexWq+qpnE373/EGvXqCUiVa0raVdYOcb5B1ABuFLd8YXfwYEFi26emfcbvZBJIT6djDYee AYc=
=UcgB
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05

Pulling in all experiences with d-i from the last years I wonder how complicated it was to have it running with sysv-init ifupdown(2?) using default selections to pull in  dbus, systemd and netplan dependencies?
There are still systems for example rPi zero where I gained more usability using init in combination with ifupdown.
But the main advantage of d-i especially on "experimental" hw such as new mobile machines still is to rescue things if something goes wrong with its minimal set of dependencies.
On the other hand having cloud init support would mean the path to "frozen" images that could be used directly on targeted hw would mean less overhead.

<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<span dir="ltr" style="margin-top:0; margin-bottom:0;">Pulling in all experiences with d-i from the last years I wonder how complicated it was to have it running with sysv-init ifupdown(2?) using default selections to pull in&nbsp; dbus, systemd and
netplan dependencies?</span>
<br><span dir="ltr" style="margin-top:0; margin-bottom:0;">There are still systems for example rPi zero where I gained more usability using init in combination with ifupdown.</span>
<br><span dir="ltr" style="margin-top:0; margin-bottom:0;">But the main advantage of d-i especially on "experimental" hw such as new mobile machines still is to rescue things if something goes wrong with its minimal set of dependencies.</span>
<br><span dir="ltr" style="margin-top:0; margin-bottom:0;">On the other hand having cloud init support would mean the path to "frozen" images that could be used directly on targeted hw would mean less overhead.</span>
<br>
</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)