nixos/frr: adapt to frr-9

[woffs]

• fix nixos/frr: staticd does not accept -f anymore in frr-9 #274286
• remove -f configfile from ExecStart
• use /etc/frr/${service}d.conf
• enable mgmtd when staticd is enabled
• don't frr-reload.py mgmtd
• remove obsolete lib.mdDoc

Description of changes

In frr-9 staticd no longer accepts -f configfile option, but uses mgmtd for configuration management. Therefore we remove -f configfile from all frr services and use the default config location /etc/frr/${service}d.conf (NixOS used this without d before) and enable mgmtd automatically, if staticd is enabled. We have to follow upstream release notes carefully if they add more daemons to the new mgmtd method (or we start mgmtd, like zebra, if any service is enabled?).

I had no leasure to read and understand mgmtd documentation thoroughly yet, sorry. I'm not sure how to handle mgmtd reload, I tried to disable reloading mgmtd for now, because frr-reload denies reloading mgmtd.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[woffs]

@GrahamcOfBorg test frr

[woffs]

@GrahamcOfBorg test frr

[woffs]

@GrahamcOfBorg test frr

[thillux]

LGTM

As NixOS currently generates frr daemon configs into store paths, which are read-only, we can keep separate daemon configs also for frr 10.0. A unified frr.conf would currently only be necessary, if writing to this file should also be supported via e.g. vtysh.

[mweinelt]

Probably needs to be rebased. lib.mdDoc was removed treewide a few days ago.

[woffs]

Probably needs to be rebased. lib.mdDoc was removed treewide a few days ago.

done

[woffs]

@GrahamcOfBorg test frr

[thillux]

Regarding mgmtd reload: mgmtd keeps track of different config versions for other daemons. It cannot be reloaded with a different config on its own. I think its ok to block/ignore this operation. frr-reload.py also does not contain mgmtd in the list of allowed daemons to reload (https://github.com/FRRouting/frr/blob/master/tools/frr-reload.py#L1999). I guess from semantics side that's correct.

[thillux]

@woffs What's your opinion regarding mgmtd?

[woffs]

@woffs What's your opinion regarding mgmtd?

If it cannot be reloaded and does not need to be reloaded, we should not reload it 😉

[woffs]

I think #274286 is somehow a security issue (configured static routes getting ignored without much noise), so it would be great this PR could be finally reviewed and merged. 😁

[github-actions]

Successfully created backport PR for release-23.11:

• [Backport release-23.11] nixos/frr: adapt to frr-9 #315750

[github-actions]

Successfully created backport PR for release-24.05:

• [Backport release-24.05] nixos/frr: adapt to frr-9 #315751