Ticket: CM-9266
Reviewed-by: trivial
Testing-done:
For now disable old LACP bypass options so that ifreload does
not give errors, as the corresponding sysfs nodes do not exist in
the latest 4.1.y kernel.
Ticket:
Reviewed By: trivial
Testing Done: built, installed
Don't want to leave incorrect confusing references behind.
Instead of having the networking script depend on switchd, since
ifupdown2 is upstream, I'll add the reverse dependency to the
switchd.service.
Added Documentation line
Ticket: CM-8725
Reviewed By: roopa
Testing Done: tested with user's config on amd64 platform
When setting mstpctl params from user given fdelay and maxage,
ifreload and ifup is setting maxage before fdelay.
Since there is a check for (Bridge Foward Delay - 1 second) >= Bridge Max Age
fdelay must be set before maxage because the fdelay is a default value.
Ticket: none
Reviewed By: trivial
Testing Done: installed, Alex tried for image creations.
apparently with some of our packages like mstpd still using init.d for a
while longer, just having the init.d/networking file causes the original
complaints about loops between services.
So I'm purging it completely.
Also clean up the comments a bit in start-networking
Ticket: CM-9182
Reviewed By: Trivial
Testing Done: ifup'd bond when bonding module was not yet loaded.
The bond support in ifupdown2 would check to see if the bonding module is
loaded when creating a bond. If it was not it would load the driver and return.
The correct operation is to load the driver and then continue to create the
bond.
Ticket: CM-9078
Reviewed By: Trivial
Testing Done: bond ifdown/ifup on s6000
This needs to be replaced with protodown of clag bond slaves
pre-enslave (TBD; coming soon).
Ticket: None
Reviewed By: CCR-4058
Testing Done: ifup'd interface with both dhcp-wait: "no" and dhcp-wait: "yes"
and not specified at all.
A previous patch implemented the nowait option for DHCP. This patch changes the
name of the option to "dhcp-wait" and makes the default, if nothing is specified
in the policy files, to be "yes", which means dhclient will be called without
the "-nw" option, causing it to wait for up to a minute for a response from the
DHCP server before continuing.
The format of the JSON in the policy file for this option was also changed so
that it conforms to the other ifupdown2 policy options. This format is now:
{
"dhcp": {
"defaults": { "dhcp-wait": "no" }
}
}
Also, the documented argument values are "yes" and "no". Any other values, will
be interpreted as "yes".
A subsequent patch in cl-basefiles will be made to include this fragment in
/var/lib/ifupdown2/policy.d/dhcp.json so that Cumulus Linux will default to
not waiting for DHCP to complete.
Ticket: None
Reviewed By: CCR-4058
Testing Done: ifup'd interface with both nowait=0 and nowait=1 and not specified
at all.
The Mellanox platform, as well as some others probably, has two management
interfaces: eth0 and eth1. The customer may plug a cable into either one of
these interfaces, and very rarely both of them. If only one cable is plugged in
and we don't know which one, then /etc/network/interfaces must be configured
by default to automatically bring up both interfaces using DHCP. But when an
interface does not have link, it stalls the boot process for 60 seconds while
dhclient times out.
This patch changes the default dhclient behavior to not wait for DHCP to
complete, by using the "-nw" option when calling dhclient. This means that
dhclient will immediately return and DHCP will complete in the background.
A module attribute has been added for the DHCP addon called "nowait", which
defaults to 1. If this attribute is set to 0, then dhclient will revert to its
previous behavior and delay up to a minute while DHCP completes. This attribute
can be specified in a policy file, e.g. /etc/network/ifupdown2/policy.d/dhcp.json,
with contents such as:
{
"dhcp" :
{
"nowait" : 0
}
}
Change policy manager default policy file location:
from /var/lib/ifupdownaddons/policy.d to
/var/lib/ifupdown2/policy.d
This aligns well with the user policy file location:
/etc/network/ifupdown2/policy.d/
Fixes 59dad2ca80("debian: sync debian files with from upstream debian repo")
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This patch adds initial support for vrf in ifupdown2.
Example interfaces file section:
auto swp1.100
iface swp1.100
vrf blue
auto blue
iface blue
vrf-table 10
iproute2 vrf map is generated under:
/etc/iproute2/rt_tables.d/ifupdown2.vrf_map
this patch also adds prelimnary support for 'vrf-table auto'.
But this needs more work.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8790
Reviewed By: wkok,roopa
Testing Done: built, installed, rebooted
jessie's networking starts as an init.d service. Trying to force ordering
between init.d and systemd services when there are dependencies doesn't work
well (especially since the init.d/networking service is forced very early
because of the remote filesystem requirement in jesie).
Converting networking to a script run as a systemd service allows us to start
networking after switchd. The new script is /sbin/start-networking. I chose
to keep it in /sbin, rather than put it in /usr/cumulus/bin, because it's core
functionaity.
I am not removing /etc/init.d/networking, it just gets ignored unless somebody
types it manually. If somebody does that, systemctl runs through the lsb
hooks. The two lost abilities below are just ignored if passed. I'm
also preventing creating the rc.d symlinks to the init.d/networking
script to reduce future confusion.
We lose some init.d "convenience" functionality because it's not available
through systemd. What we lose are:
reload-currently-up - can still be done with ifreload --currently-up
force-reload - can still be done with ifreload -f -a
We keep start, stop, reload, restart
before this commit, an error in reading a sourced file would
result in an error. This commit converts it to a warning and continue
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This patch temporarily removes systemd networking service
script. This enables ifupdown2 native init script to run.
systemd networking init script will be re-enabled in the
future after we test and claim that it works.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
These include changes that were done to move ifupdown2
to use pybuild and some debian policy fixes
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Add back missing ifupdown/ifupdownconfig.py.
fixes a cherry-pick error.
Fixes 0582f185ed ("ifupdown2: address: squash addr config and process
them on the youngest sibling")
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7756
Reviewed By: roopa
Testing Done: built powerpc and tested ifupdown2 as well as new tests
Once mstpctl-portbpdufilter or mstpctl-bpduguard is enabled for
an interface, removing the configuration in /etc/network/interfaces
does not toggle the mstpctl state back to no.
The root cause of this problem is that "ifreload" does not check default settings for MSTP configuration
for bridge ports and use a default when that setting is removed from the configuration.
This patch adds a check in the existing loop on attribute values.
If there is no configured value, we check to see if a default exists.
self._modinfo['attrs'][attrname]['default'] exists.
If it exists and it is different then the currently running value
we reset the attribute to its default. This is what a customer would expect if
they removed a configured value.
(also added test in cl-tests to check this functionality)
(cherry picked from commit 63d0f7082d44fedabe002aebbb658751dc655a46)
Ticket: CM-8330
Reviewed By: balki
Testing Done: Tested with interfaces file in the bug
(cherry picked from commit 14570e6d442d1c9a3742f1dd989f7af673e3cc7f)
Ticket: CM-7917
Reviewed By: CCR-3845
Testing Done: Tested address config reloading/purging with multiple
iface stanzas
We have had enough cases with address purging with multiple interfaces,
so turning this on by default
(cherry picked from commit de57cf0ce90c15df37fc25589947bbaeadcadd3b)
Ticket: CM-7995
Reviewed By: CCR-3850
Testing Done: Tested exit code on syntax errors
This patch adds members 'errors' and 'warns' to networkinterfaces.py
to track errors and warns during parsing interfaces file.
This patch also adds --syntax-check option to ifreload
given people seem to use ifreload more than ifup these days.
$ ifreload --syntax-check -a
error: /etc/network/interfaces: iface swp1.200: unsupported keyword (roopa-attr)
$ echo $?
1
(cherry picked from commit e643a136fcf5d387ff0f9a31cb6a6af4983e1012)
Ticket:
Reviewed By:
Testing Done: Tested ifquery --check with bridge-pvid
bridge-pvid and bridge-vids on a bridge does
not correspond directly to a running config
on the bridge. They correspond to default
values for the bridge ports. And they are
already checked against running config of the
bridge port and reported against a bridge port.
So, This patch ignores these attributes under the bridge.
Uses '2' for ignore today. XXX: '2' will be
mapped to a defined value in subsequent patches.
Before:
auto bridge
iface bridge
[fail]
bridge-vlan-aware yes [pass]
bridge-ports swp3 swp4 [pass]
bridge-pvid notfound [fail]
After:
auto bridge
iface bridge
[pass]
bridge-vlan-aware yes [pass]
bridge-ports swp3 swp4 [pass]
bridge-pvid 20
(cherry picked from commit 29e70abbf7920cf94c3ebd738dd757c2ca27b35c)
Ticket: CM-7917
Reviewed By: CCR-3845
Testing Done: Tested changing address and ifreloading on multiple iface stanzas
In presence of multiple iface stanzas, current ifupdown2 does not purge
existing addresses.
Because each ifaceobject processing looks at only its stanzas and it is
afraid that it may purge running addresses that does not belong to
itself. Historically multiple iface stanzas are processed individually
than squashing them as a single interface. Squashing iface stanzas into
a single iface stanza has been a problem in the past and also does not
work well with iface stanzas that are supported by ifupdown (I dont have
a specific problem example right now...but)
This patch processes all address attributes when processing the first iface
object (or iface stanza). Unsure if this can be a surprise to existing
users. It should not but cant say sometimes people have weird things in
their pre-up/post-up commands. Hence this is controlled by a ifupdown2.conf
variable addr_config_squash=0 set to off by default. still debating if this
can be on by default.
When addr_config_squash=0 and existing addresses are not purged a
warning is displayed:
"warning: swp1: interface has multiple iface stanzas skip purging
existing addresses"
(cherry picked from commit 7aaa75674547392f2abb8273b18671f0795b3eaf)
Ticket:
Reviewed By: CCR-3804
Testing Done: Tested regex parsing failures
This is mostly a cosmetic fix. we were failing with weird/unclear errors
on unable to parse regex expressions correctly.
This patch mainly adds the interface name to the message and plus adds
an info message showing the actual regex being used in searches.
example config:
{noformat}
auto br-roopa
iface br-roopa
bridge-vlan-aware yes
bridge-ports regex '(\\Aswp3\\Z|\\Aswp4\\Z)'
bridge-pvid 20
{noformat}
before the patch:
warning: br-roopa: error getting dependent interfaces (unbalanced
parenthesis)
after the patch (not pretty but easier to debug)
info: br-roopa: evaluating port expr '['regex', "'(", 'Aswp3', 'Z|',
'Aswp4', "Z)'"]'
warning: br-roopa: error getting dependent interfaces (br-roopa: error
searching regex ''(' in swp38 (unbalanced parenthesis))
(cherry picked from commit bcca6f753a25494666d53f1f2f3c855ffa41d7f0)
This reverts commit bbd11771f5571c67c8f110c2b464817ce31155b9.
This introduced an error where if the config has old bridge driver
and configures port attributes on the bridge, the attributes are reset
to defaults after they are configured by the bridge settings.
(cherry picked from commit 651d1980de02fb108975900ed007087d9a79934c)
Ticket: CM-8143
Reviewed By: scotte, roopa
Testing Done: ssim and powerpc
This was first seen as a side issue with switchd terminating and not restarting (filed as CM-8109).
When ifreload -a is issued, all of the vrr interfaces were bounced, even though there were not any
configuration changes.
In keeping with the philosphy of making ifreload non-disruptive, this patch no longer
disrupts vrrs if the existing config has not changed.
Ticket: CM-8248
Reviewed By: Trivial
Testing Done: None
Fix for
On bootup and during service network restart these warning messages are thrown out.
root@cel-ken-01:/var/log# service networking restart
[....] Reconfiguring network interfaces...warning: global name 'get_mod_subattr' is not defined
warning: global name 'get_mod_subattr' is not defined
warning: global name 'get_mod_subattr' is not defined
warning messages in ifupdown2
Ticket: CM-7756
Reviewed By: roopa
Testing Done: Tested ssim and powerpc images
Once mstpctl-portbpdufilter or mstpctl-bpduguard is enabled for
an interface, removing the configuration in /etc/network/interfaces
does not toggle the mstpctl state back to no.
The root cause of this problem is that "ifreload" does not check default settings for MSTP configuration
for bridge ports and use a default when that setting is removed from the configuration.
This patch adds a check in the existing loop on attribute values.
If there is no configured value, we check to see if a default exists.
self._modinfo['attrs'][attrname]['default'] exists.
If it exists and it is different then the currently running value
we reset the attribute to its default. This is what a customer would expect if
they removed a configured value.
Ticket: CM-7939
Reviewed By: CCR-3732
Testing Done: Tested ifreload --allow=class
this now
The ifreload classes already supported allow. This just opens up the
option in /sbin/ifupdown
example 1:
---------
auto swp1
iface swp1
allow-test swp2
iface swp2
allow-test swp3
iface swp3
/* should only act on swp2 and swp3 */
example 2:
---------
auto swp1
iface swp1
allow-test swp2
iface swp2
allow-test br1
iface br1
bridge-ports swp25 swp26
/* change bridge name and do an ifreload */
auto swp1
iface swp1
allow-test swp2
iface swp2
allow-test br2
iface br2
bridge-ports swp25 swp26
should delete br1 and create br2
Ticket: CM-6626
Reviewed By: CCR-3768
Testing Done: Tested with testcase specified in bug
There was an earlier implementation for this for 2.5.4 (CCR-3599 a quick
fix for 2.5.4). This patch re-implements the fix.
This patch essentially handles stp set before and after the port is
processed. It replaces the below commit with the patch in this review
{noformat}
commit 3af351f0a005236e747913bb499c6165e3ec43a4
Author: Roopa Prabhu <roopa@cumulusnetworks.com>
Date: Tue Sep 29 10:12:07 2015 -0700
Fix mstp settings ordering issues when bridge stp is toggled on and
off
(when mstp settings are specified under the port)
Ticket: CM-6626
Reviewed By: CCR-3599
Testing Done: Tested the problem case mentioned in the bug (Plan to
re-work the fix a bit for 2.5.5)
{noformat}
Example:
{noformat}
auto host1
iface host1
mtu 9000
bond-slaves glob swp[25-26]
bond-mode 802.3ad
bond-miimon 100
bond-use-carrier 1
bond-lacp-rate 1
bond-min-links 1
bond-xmit-hash-policy layer3+4
clag-id 1
mstpctl-portadminedge yes
mstpctl-bpduguard yes
auto bridge
iface bridge
mtu 9000
bridge-vlan-aware yes
bridge-ports peerlink host1
bridge-stp on
bridge-vids 1000-3000
bridge-pvid 1
info log stmts:
--------------------
info: host1: ignoring mstpctl-portadminedge config (stp on bridge bridge
is not on yet)
info: host1: ignoring mstpctl-bpduguard config (stp on bridge bridge is
not on yet)
<snip>
info: bridge: processing bridge config for port host1
info: bridge: processing mstp config for port host1
info: executing /sbin/mstpctl showportdetail bridge host1
admin-edge-port
info: executing /sbin/mstpctl setportadminedge bridge host1 yes
info: executing /sbin/mstpctl showportdetail bridge host1
bpdu-guard-port
info: executing /sbin/mstpctl setbpduguard bridge host1 yes
{noformat}
Ticket: CM-8161
Reviewed By: Roopa
Testing Done:
With vlan-aware bridge, when replacing a port's pvid, the kernel leaves
the port in the original pvid and relies on user space to explicitly
delete the port from that vlan if it is no longer a member of that.
ifupdown does that correctly in ifup and ifreload cases, but missed
removing the port from the default pvid during system reboot. This
patch fixes that by removing the PERFMODE check specifically for pvid
that causes ifupdown to skip checking running config on reboot which
leads to the bug.
(cherry picked from commit 0461a3f3cc82691cd32b9f6dbefaacf7b23eaeea)
listed interface that had a blacklisted parent
Ticket: CM-7851
Reviewed By: CCR-3664
Testing Done: Tested with auto/non-auto dependent and non-dependent interfaces
example config from sam:
iface swp3.100
auto swp3
iface swp3
iface swp3
address 66.66.66.66/24
Ticket: CM-6740
Reviewed By: roopa
Testing Done: tested multiple ifreloads with various test cases
In the case of duplicate iface stanzas where one of the stanzas sets
the link attributes, ifupdown2 was confused because the absence
of link attributes forced it to reset them to default values
(when they existed).
This patch tracks link changes and prevents resetting to defaults
only if there are no explicit settings configured. Furthermore,
only the last interface processed (from the duplicates) will take
care of resetting to defaults.
Ticket: CM-6106
Reviewed By: CCR-3637
Testing Done: Tested address under a bridge
We had shipped example files with addresses under bridges and slaves
in 2.5.3. With the warning introduced in 2.5.4, we will start emitting
warnings for existing customer files. And I have recently
learnt that users are relying on warnings to detect errors.
With this commit I am changing the warn to an info message
to avoid breaking existing users. We can change it back to a warn in
3.0.
changed:
"warning: interface bridge is enslaved or a vlan aware bridge and cannot
have an IP Address"
to:
"info: bridge: ignoring ip address. Interface is enslaved or a vlan
aware bridge and cannot have an IP Address"
(cherry picked from commit ecb20279e3d3c123537b9e6fddea4590c63a5013)
(ie to allow -i option)
Ticket: CM-7066
Reviewed By: CCR-3636
Testing Done: Tested ifupdown2 -i option
Administrators can protect from sudo users executing files with -i
by changing the disable_cli_interfacesfile=1 in ifupdown2.conf
I have uploaded the patch in CCR-3636. And checked with shm and nolan
before pushing this change in 2.5.4.
The default is being changed because of the fear of breaking existing
users of -i after an upgrade to 2.5.4.
The shipping default behaviour for -i will be revisited in 3.0
timeframe.
(cherry picked from commit 5dce566a94dafc99c441e66c412d8d66a083aa5e)
Ticket: CM-7851
Reviewed By: CCR-3639
Testing Done: Tested a combination of auto and non-auto interfaces.
This fixes a regression introduced in 2.5.4 where ifreload was
picking up non-auto interfaces
This also fixes a minor issue with blacklisting interfaces introduced by
("450c679249b546dbc2cd97d81b49e011fec948bd remove blacklisted interfaces
only if they are upperifaces (ie root of the tree") when an interface
has multiple auto and non-auto stanzas (A rare case, but it was an easy
fix and around the same area).
example, the fix will now blacklist an interface only if all of its stanzas are
blacklisted. In the below example, swp4 is not blacklisted if user
specified auto because one of the iface stanzas is auto.
auto swp4
iface swp4
iface swp4
address 10.0.14.2/24
(cherry picked from commit ad6d4567fdf9413c804a348c1712d8706934264a)
