From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <root@kvmformation3.odiso.net>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id CD6EAC88F
 for <pve-devel@lists.proxmox.com>; Sun, 17 Sep 2023 15:44:59 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id B9E19173A8
 for <pve-devel@lists.proxmox.com>; Sun, 17 Sep 2023 15:44:59 +0200 (CEST)
Received: from bastionodiso.odiso.net (bastionodiso.odiso.net
 [IPv6:2a0a:1580:2000::2d])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Sun, 17 Sep 2023 15:44:58 +0200 (CEST)
Received: from kvmformation3.odiso.net (formationkvm3.odiso.net [10.3.94.12])
 by bastionodiso.odiso.net (Postfix) with ESMTP id 0577A80FE;
 Sun, 17 Sep 2023 15:44:46 +0200 (CEST)
Received: by kvmformation3.odiso.net (Postfix, from userid 0)
 id E4C1636C8D6; Sun, 17 Sep 2023 15:44:45 +0200 (CEST)
From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Date: Sun, 17 Sep 2023 15:44:44 +0200
Message-Id: <20230917134444.3998037-1-aderumier@odiso.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.016 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 HEADER_FROM_DIFFERENT_DOMAINS 0.249 From and EnvelopeFrom 2nd level mail
 domains are different
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH pve-manager] disable systemd link macpolicy
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Sun, 17 Sep 2023 13:44:59 -0000

since debian11, systemd is changing behaviour of macadress
of bridge, but also bond, where the mac is generated randomly
instead inherit from the first slave.

We already fix that with ifupdown2, but they are still another problem:

If a bridge don't have any slaves, systemd is keeping bridge offline.

https://www.justinsteven.com/posts/2023/03/26/virtualbox-bridge-ports-none-no-carrier-debian-11/

That mean that a dhcp daemon like kea can't bind on a standalone bridge (used for s-nat for example), until a
tap interface is started.

This patch disable systemd mac policy (this don't break already fixed ifupdown2 mac),

funny but centos && fedora also disable it

https://fedoraproject.org/wiki/Changes/MAC_Address_Policy_none

https://gitlab.com/redhat/centos-stream/rpms/systemd/-/blob/c8953519504bf2e694bfbc2b02a456c1056f252e/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch#L43

before this patch
------------------
~ ip a sh dev vmbr1
vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 10

after this patch
----------------
~ ip a sh dev vmbr1
vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
---
 configs/Makefile            | 2 +-
 configs/link-macpolicy.conf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 configs/link-macpolicy.conf

diff --git a/configs/Makefile b/configs/Makefile
index fd446b5b..8ed3a581 100644
--- a/configs/Makefile
+++ b/configs/Makefile
@@ -13,6 +13,6 @@ install: country.dat vzdump.conf pve-sources.list pve-initramfs.conf pve-blackli
 	install -D -m 0644 vzdump.conf $(DESTDIR)/etc/vzdump.conf
 	install -D -m 0644 pve-initramfs.conf $(DESTDIR)/etc/initramfs-tools/conf.d/pve-initramfs.conf
 	install -D -m 0644 country.dat $(DESTDIR)/usr/share/$(PACKAGE)/country.dat
-
+	install -D -m 0644 link-macpolicy.conf $(DESTDIR)/etc/systemd/network/99-default.link.d/link-macpolicy.conf
 clean:
 	rm -f country.dat
diff --git a/configs/link-macpolicy.conf b/configs/link-macpolicy.conf
new file mode 100644
index 00000000..47ebc927
--- /dev/null
+++ b/configs/link-macpolicy.conf
@@ -0,0 +1,6 @@
+[Match]
+OriginalName=*
+
+[Link]
+MACAddressPolicy=none
+
-- 
2.39.2