Ticket: CM-13044
Reviewed By: Roopa, Nikhil G, Daniel W,
Testing Done:
For some reason we can't simply write into a file when we want to purge the
ifalias, we have to exec a command. I wasn't able to make it work in any
other way.
add an alias to an interface, ifreload, ip link show interface
modify it, ifreload, ip link show interface
remove it, ifreload, ip link show interface
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-13967
Reviewed By: julien, nikhil
Testing Done: tested failing config in the bug
This patch fixes a cache_update problem caught during mtu updates.
Cache updates were failing silently, leaving stale cache values.
For the below config, ifupdown2 was falsely reporting an mtu error,
because the cache had a stale mtu default value
$ifquery peerlink-3 peerlink-3.4094
auto peerlink-3
iface peerlink-3
bond-slaves swp32s0 swp32s1
bond-mode 802.3ad
mtu 9202
auto peerlink-3.4094
iface peerlink-3.4094
address 27.0.0.11/32
mtu 9202
$ifreload -a
warning: peerlink-3.4094: vlan dev mtu 9202 is greater than lower realdev peerlink-3 mtu 1500
Before patch:
sequence of events:
- build cache with current system running mtu
- link set mtu 9202 on peerlink-3
- update cache for peerlink-3 to 9202 <---- cache update fails
- when processing peerlink-3.4094, query cache for lowerdev peerlink-3
mtu: this returns 1500 <--- stale cache value
- print warning
After patch:
sequence of events:
- build cache with current system running mtu
- link set mtu 9202 on peerlink-3
- update cache for peerlink-3 to 9202 <---- cache updates to 9202
- when processing peerlink-3.4094, query cache for lowerdev peerlink-3
mtu: this returns 9202
- success and proceed
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-12370
Reviewed By: Roopa, Kanna, Scott E
Testing Done:
This patch also fixes a problem where dhcp6 used to create lease file with
a trailing whitespace. dhcp6 operation were also sometimes using the wrong
pid file. I added some code in the debian.postinst script to correctly
rename these files if they exists when we install/update ifupdown2.
(cumulus-qa-infra/cl-tests/tests/smoke/testdhcp.py:Testdhcp_relay)
auto swp1
iface swp1 inet dhcp
link-speed 10000
link-duplex full
link-autoneg off
auto swp1
iface swp1 inet6 dhcp
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-6908, CM-6110, CM-13221
Reviewed By: julien, nikhil
Testing Done: added a new test in ifupdown2-tests which covers all cases
- move all mtu handling to a single function in addons/address.py
- Have an ifupdown2 default of 1500 mtu
- add a policy manager max_mtu check (we want to default cumulus max mtu
to 9216)
- special handling for bond and bridges
- print an info log abt setting mtu on bridge
- this can be enhanced in the future to look
at individual port mtu and rejecting the bridge mtu.
this operation can be expensive right now. Hence
just an info log.
- bond and vxlan dev mtu follow the rules of physical device mtu
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-12988
Reviewed By: julien, nikhil, dsa
Testing Done: tested ifup and ifdown of vrf devices with address virtual
slaves
This patch fixes up macvlan device enslavements when vrf device
or vrf slave is brought down and up. address virtual macvlan
devices on vrf slaves need to enslaved to the vrf. This
patch checks and fixes up those vrf enslavements for the following
cases:
ifdown <vrf_device> && ifup <vrf_device>
ifdown <vrf_slave> && ifup <vrf_slave>
starting state:
------------
$ip -br link show
myvrf UP 46:c6:44:db:37:60 <NOARP,MASTER,UP,LOWER_UP>
bridge.901@bridge UP 44:38:39:00:77:88 <UP,BROADCAST,MULTICAST,UP>
bridge-901-v0@bridge.901 UP 00:00:5e:00:01:81 <UP,BROADCAST,MULTICAST,UP>
$ifdown myvrf
$ip -br link show
bridge.901@bridge DOWN 44:38:39:00:77:88 <BROADCAST,MULTICAST>
bridge-901-v0@bridge.901 DOWN 00:00:5e:00:01:81 <BROADCAST,MULTICAST,M-DOWN>
before patch (macvlan device bridge-901-v0 did not come up:
----------------------------------------
$ifup myvrf
$ip -br link show
bridge.901@bridge UP 44:38:39:00:77:88 <UP,BROADCAST,MULTICAST,UP>
bridge-901-v0@bridge.901 DOWN 00:00:5e:00:01:81 <BROADCAST,MULTICAST>
myvrf UP ce:a6:e1:85:75:73 <NOARP,MASTER,UP,LOWER_UP>
after patch:
------------
$ifup myvrf
$ip -br link show
bridge.901@bridge UP 44:38:39:00:77:88 <UP,BROADCAST,MULTICAST,UP>
bridge-901-v0@bridge.901 UP 00:00:5e:00:01:81 <UP,BROADCAST,MULTICAST,UP>
myvrf UP ce:a6:e1:85:75:73 <NOARP,MASTER,UP,LOWER_UP>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By: Roopa, Nikhil G
Testing Done:
When using ifupdown2 on regular distribution (debian/ubuntu etc...) users may
not have the latest iproute2/bridge-utils version. Thus the output parsed from
the various subcommands executed by ifupdown2 might defer and cause exception
to be throwned.
We identified several cases:
/sbin/bridge -c -json vlan show
/sbin/brctl showmcqv4src bridge0
/sbin/brctl showstp bridge0
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket:
Reviewed By: Roopa, Nikhil G
Testing Done:
ifupdown2's python addons are replacing some/most of the old ifupdown shell
scripts. When addon_scripts_support is set to 1, ifupdown2 will execute every
scripts present in /etc/network/if-$ACTION.d/ if a script exists with a name
identical to an ifupdown2 addon, this script won't be executed.
Sometimes an ifupdown2 addons doesn't have the same name as the ifupdown script
it's supposed to replace. Or maybe one addon is replacing several scripts.
For example: bond.py is replacing /etc/network/if-*.d/ifenslave
Now each addon is able to provide a list of script to ignore.
[16:54:40] root:ifupdown2 # ifquery bond0
iface bond0
bond-slaves tap0 tap1
[16:54:49] root:ifupdown2 # ifreload -a -d &> /tmp/ifreload.log
[16:54:54] root:ifupdown2 # cat /tmp/ifreload.log | grep ifenslave
debug: tap1: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: tap1: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
debug: lo: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: lo: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
debug: eth0: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: eth0: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
debug: tap0: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: tap0: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
[16:54:55] root:ifupdown2 #
...
apply patch
...
[16:55:16] root:ifupdown2 # ifreload -a -d &> /tmp/ifreload.log
[16:55:18] root:ifupdown2 # cat /tmp/ifreload.log | grep ifenslave
[16:55:19] root:ifupdown2 #
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11393
Reviewed By: dsa, julien, nikhil
Testing Done: tested up and down of a vrf interface
$ifdown -v blue
..snip ..
info: executing /usr/lib/vrf/vrf-helper delete blue 1030
info: executing ip link del blue
info: executing /bin/ss -aK "dev == 54"
info: vrf: syncing table map to
/etc/iproute2/rt_tables.d/ifupdown2_vrf_map.conf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
statically configured
Ticket: CM-12277
Reviewed By: CCR-5059
Testing Done: ifreload with a VxlanClagClosConfig.py config
get_vxlan_peers gets remote ip addresses if they are statically configured
through ifupdown2 (vxlan-remoteip <address>). These are cached in
ifupdown2's link object so that they can be used in 'ip link set' (if link
exists already), 'ifquery -r' and 'ifquery -c'. ifupdown2 should ignore and
not cache these addresses if they are provisioned by vxrd. Check if vxrd is
running before caching remote ip addresses. This helps in optimizing time
taken to ifreload with 1k bridge/vxlan interfaces (vlan-aware bridge) in a
vxrd/vxsnd setup.
Signed-off-by: Balakrishnan Raman <ramanb@cumulusnetworks.com>
Ticket: CM-11274
Reviewed By: Roopa, Nikhil
Testing Done: ifupdown2 smoke, vxlan_aa smoke
The mstpctl addon and mstpctlutils file now contains a unified way to access
cached data (from mstpctl showportdetails json).
Some numbers:
- Without the patch ifreload -a on a scale vxlan config (1k vxlan) we used
to execute 5098 subcommands.
- With the patch "only" ~3000 (it should be 2k but clag ip link set protodown
needs to be move to netlink).
for ifquery -r -a: 11052 calls before patch, 1031 after.
This should improve time execution as well as CPU usage.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11773
Reviewed By: Roopa, Nikhil G
Testing Done: smoke + hand testings :
$ cat /etc/network/interfaces
auto br2
iface br2
bridge-vlan-aware yes
bridge-vids 100
bridge-pvid 1
bridge-ports swp1 swp4 swp5
bridge-stp on
$ ifreload -a -v
[...]
info: netlink: set link swp1 up
info: netlink: set link swp4 up
info: netlink: set link swp5 up
info: br2: applying mstp configuration specific to ports
info: br2: processing mstp config for port swp1
info: executing /sbin/mstpctl showportdetail br2 json
info: executing /sbin/mstpctl settreeportprio br2 swp1 0 128
info: br2: processing mstp config for port swp4
info: executing /sbin/mstpctl settreeportprio br2 swp4 0 128
info: br2: processing mstp config for port swp5
info: executing /sbin/mstpctl settreeportprio br2 swp5 0 128
info: netlink: set link br2 up
[...]
$
/sbin/mstpctl settreeportprio br2 swpX 0 128 is executed for every port.
ifupdown2 tries to set this attr to 128 (the default value). This is a
problem at scale. We shouldn't try to set this value if the running value
is already 128.
With the attached patch:
$ ifreload -a
[...]
info: netlink: set link swp1 up
info: netlink: set link swp4 up
info: netlink: set link swp5 up
info: executing /sbin/mstpctl showportdetail br2 json
info: br2: applying mstp configuration specific to ports
info: br2: processing mstp config for port swp1
info: br2: processing mstp config for port swp4
info: br2: processing mstp config for port swp5
info: netlink: set link br2 up
[...]
$
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11803
Reviewed By: dsa, scotte, wkok, nikhil, julien
Testing Done: tested config of address-virtual lines on vrf slaves
This patch does the following:
- addressvirtual: enslaves macvlans created on vrf slaves
to the vrf master
- vrf: when looking for stale slaves on vrf master, skip
macvlan devices. This code does basic checking right now
and can be improved to include more cases.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-11043
Reviewed By: roopa
Testing Done: used the config mentioned in bug
This patch adds a delay before starting IPv6 dhclient to
make sure the configured interface/link in up.
Also, ifdown on a IPv6 interface, this patch makes sure
that the link in up before dhcp release. Dhcp release is
done using a default lease file.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
commands
Ticket: CM-11274
Testing Done: julien, wkok, nikhil
It uses and goes with the the other batch variables and apis.
This one just calls the 'bridge -batch' command instead
of the 'ip -batch' command.
This can be used to batch bridge commands.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-11624
Reviewed By: roopa, julien
Testing Done: using configuration mentioned in the bug
This patch fixes 'ifquery -c' failure for 'bridge-pvid' on
all bridge ports.
The following format of '/sbin/bridge -c vlan show' output was not handled properly
by iproute2
port vlan ids
swp1 600
700-710
711 PVID Egress Untagged
712-900
iproute2 was parsing the '/sbin/bridge -c vlan show' output with the assumption that
pvid line '711 PVID Egress Untagged' appears before all the vland ids.
Something like this:
port vlan ids
swp1 711 PVID Egress Untagged
600
700-710
712-900
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: None
Reviewed By: CCR-4692
Testing Done: smoke + scale tests
If called with close_fds=True the subprocess module will try to close every fd
from 3 to MAXFD before executing the specified command. This is done in Python
not even with a C-implementation which truly affecting performances.
This patch aims to better handle the file descriptor used by ifupdown2. Either
by closing them after use or by setting the close-on-exec flag for the file
descriptor, which causes the file descriptor to be automatically
(and atomically) closed when any of the exec-family functions succeed.
With the actual patch all tests are passing, I can't think of any future issue
but if any a possible future modification might be to use the parameter
'preexec_fn', which allows us to set function which will be executed in the
child process before executing the command line. We can always manually close
any remaining open file descriptors with something like:
>>> os.listdir('/proc/self/fd/')
['0', '1', '2', ‘3’, etc..]
>>> for fd in os.listdir('/proc/self/fd/')
>>> if int(fd) > 2:
>>> os.close(fd)
This patch is also totally re-organising the use of subprocesses. By removing
all subprocess code redundancy.
Ticket: CM-7678
Reviewed By: Roopa Prabhu
Testing Done: yes, with vlan aware/unaware bridge on dell-s3000-02
This patch enables bpdu filter and bpdu guard enabled for vxland device under
the bridge if these two attributes are unconfigured
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-8736
Reviewed By: Roopa
Testing Done: Smoke tests + the ones from the ticket
By default ifupdown2 will adjust logical devices MTU
based on the physical interface they are running on top of.
set this flag to 0 to disable this behaviour
adjust_logical_dev_mtu=1
Ticket: CM-10281
Reviewed By: Roopa Prabhu
Testing Done: Tested with the configuration mentioned in the bug id
Due to bug CM-10188, defualt route via gateway is not installed in time.
It needs 2 sec delay, and fix to CM-10188 shall rectify this issue.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
This patch adds a new argument '--with-defaults' to 'ifquery'
when 'ifquery --with-defaults' is executed, running states of all interface
attributes are compared against respective configured attributes from
/etc/network/interfaces file, if configured. Otherwise, compared against
default attributes from policy file
This patch also: (1) fixes ifquery check failure for bridge-* stp attributes.
(2) removes vrf-default-route and vrf-cgroup attributes from ifupdown2 policy
and just have the vrf-helper attribute
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10437
Reviewed By: CCR-4480
Testing Done: Created a bond and made sure it's lacp_rate could be set fast or
slow wioth or without specifying the mode.
The current code assumes that for a bond to be in 802.3ad mode the "bond-mode"
parameter has to be specified in the list of bond attributes being set. Only
then will ifupdown2 allow the lacp_rate and lacp_bypass attributes to be set.
But since we have changed the default mode to be 802.3ad, the mode attribute no
longer needs to be specified for a bond to be in 802.3ad mode.
So, instead of doing a check for the configuration attributes to determine the
mode, the linkinfo cache is checked. And the cache is refreshed, just in case
the mode attribute has been specified and just previously been set. The order in
which the attributes are set is fixed for bonds, and the mode is always set
prior to the lacp_rate and lacp_bypass attributes.
Also, while testing this I noticed another assumption about the default value of
an attribute: min_links. A warning is displayed when min_links is not specified
or set to 0, and the mode is set to 802.3ad. Well, now that the default for
min_links is 1 it doesn't have to be specified, even if the mode is set to
802.3ad. So ifupdown2 checks the current state of min_links if it is not
specified as one of the attibutes. If it is 0, either by being specified as an
attribute or not being specified but having that value, and the mode is set to
802.3ad, a warning is displayed.
And there was this other little problem where if a bond already existed in the
linkcache it wouldn't be refreshed, even if the refresh=True parameter was
specified in the _bond_linkinfo_fill function.
Ticket: cleanup
Reviewed By:
Testing Done: Tested ifupdown sanity
This gets rid of some ugly previous flag handling which was
passed through modules. This creates a global instance of
flags that all addon modules and helper modules can use.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10292, CM-10282
Reviewed By: dsa, nikhil, julien
Testing Done: Tested dhcp config on an vrf slave
- Add support for policy module_globals variable
"vrf-exec-cmd-prefix". It is read into per module
self.vrf_exec_cmd_prefix variable
- If self.vrf_exec_cmd_prefix is present and interface is a
vrf slave, use ifupdown2 will call such command in vrf
context using:
"%s %s %s" %(<vrf-exec-cmd-prefix>, <vrfname>, <cmd>)
- This also fixes calling of dhcp refresh when a dhcp slave is
removed from a vrf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10302
Reviewed By: julien
Testing Done: Tested ifdown of an interface and make sure the addresses
are deleted
cache_invalidate can be called when an interface gets deleted
or on any other deletion event (this is because we dont really
know, what other things have been implicitly deleted by the kernel).
on ifdown, the cache can get invalidated. But if we dont
reset the cache flag, the fill cache functions can still think
the cache is valid and can return None for any queries.
This was happening to address queries, which resulted in
leaving behind configured addresses. because ifdown
thought that there were no running addresses on the interface.
Ticket: CM-10175
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb onto dell-s3000-02
This patch is a git revert of commit 934c4c49c0.
In addition to that, order of _addr_filter() function call arguments are
changed to match the function definition.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket:
Reviewed By: trivial
Testing Done: tested address gets with refresh flag + ran ssim test testifupdown2.py
- also fixes refresh flag handling in cache _addr_fill function
- this api can be used to get addresses from the cache by first
refreshing the cache. So the caller gets fresh running addresses.
(its not used right now but came up during the need to re-apply
addresses for ipv6 vrf slaves since their addresses may disappear)
