On Mon, Jan 3, 2022 at 8:42 AM Felix Enrique Llorente Pastora
<ellorent@redhat.com> wrote:
>
>
>
> On Tue, Dec 28, 2021 at 9:40 AM Dan Kenigsberg <danken@redhat.com> wrote:
>>
>> On Sun, Dec 19, 2021 at 11:20 AM Alona Paz <alkaplan@redhat.com> wrote:
>> >
>> >
>> >
>> > On Sun, Dec 19, 2021 at 10:42 AM Dan Kenigsberg <danken@redhat.com> wrote:
>> >>
>> >>
>> >>
>> >> On Fri, Dec 17, 2021 at 5:25 PM Felix Enrique Llorente Pastora <ellorent@redhat.com> wrote:
>> >>>
>> >>>
>> >>>
>> >>> On Fri, Dec 17, 2021 at 3:58 PM Dan Kenigsberg <danken@redhat.com> wrote:
>> >>>>
>> >>>> Thanks for sharing your plan.
>> >>>>
>> >>>> I would like to create a Linux bond of all the NICs of my machine, create a Linux bridge on top of it, and copy my original mac/IP/routing to that bridge. Can you share a policy that would let me express this desired state?
>> >>>
>> >>>
>> >>> You need to know the number of NICs, for example for three of them this would be it.
>> >>
>> >>
>> >> Thanks. Having a Python-like `0:-1` slice index to select a sublist could be even cooler.
>> >>
>> >> More importantly, I would like to be able to select all interfaces which have vlan 204 enabled on their switch port, as reported by lldp. What would the capture look like in this case?
>> >
>> >
>> > capture:
>> > vlan-204: interfaces.lldp.enabled=="true" | interfaces.lldp.neighbors.ieee-802-1-vlans.vid==204
>> >
>> > But I suspect our current implementation will fail resolving this capture since not all the neighbor entries have the "ieee-802-1-vlans" key.
>> > We can change the implementation not to fail if at least one of the entries in a list has the required path.
>> >
>> > Then, even the following capture should work-
>> >
>> > capture:
>> > vlan-204: interfaces.lldp.neighbors.ieee-802-1-vlans.vid==204
>>
>> Thanks. I find the capture language very powerful, I think I would
>> benefit from a tool that helps me build them, based on the current
>> state.
>> E.g a command line such as
>> nmstatectl show | nmpolicy testcapture
>> 'interfaces.lldp.enabled=="true" |
>> interfaces.lldp.neighbors.ieee-802-1-vlans.vid==204'
>> that would emit the value of yaml-encoded captures.
>>
>> Would something like this be possible?
>
>
> You can inspect that information at ~/.cache/nmpolicy/cache.yaml, it will dump there the captured states.
I see a few drawbacks to relying on this:
- caches are typically not visible to end users, their content and
location may change
- I need to write a full policy; I prefer to focus on a single capture string
- When I run the nmpolicyctl I create a side effect (changing the
cache). I don't want to do so when I test captures. I'm looking for a
pure test-only usage.
Right, maybe eve a nmpolicyctl filter make sense beyond testing purpose, it will allow the user to filter state, like stuff we do a knnstate filtering veth.
P.s. because we keep the cache for a long while, we need to place a
version number in it, in case we ever need to make a breaking change
in its format.
Regards,
Dan.