we should leave the mtu on lo to the default mtu
if user has not requested to change it. lo has
a larger mtu because it does not really depend on a
physical mtu.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-12084
Reviewed By: julien, nikhil
Testing Done: Tested ifreload/ifup/ifdown --allow=<class>
vrf slave brings up the master if master is not up yet.
Today this is done only when ALL (auto) option is set
just as an optimization. because you dont want to bring
up the master in cases where user just wants to
bring up the vrf slave. eg ifup -v eth0.
This does not work so well, when user uses
--allow classes to bring up vrf master and slaves
together (eg mgmt vrf).
This patch removes the ALL check when bringing
up master and replaces it with an ALL or
CLASS check. ie make sure vrf master belongs to the
same class as you when CLASS is specified.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-11804
Reviewed By: julien, nikhil
Testing Done: Tested with failing config in the bug
This patch makes sure macvlan devices are ignored by ifquery -ra
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8610
Reviewed By: Roopa, Nikhil G
Testing Done:
It used to be a silent exception, but not anymore because we catch it and log
accordingly (error) and flag the ifaceobj so that ifupdown2 returns 1.
$ cat /etc/network/interfaces
auto tap0
iface tap0
mtu 9000
address 172.17.28.0/31
$ ifreload -a
$ echo "address 2002:17:27:17/120" >> /etc/network/interfaces
$ ifreload -a
$ echo $?
0
$ # applying this patch
$ ifreload -a
error: tap0: cmd 'ip -force -batch - [addr add 172.17.28.0/31 dev tap0
addr add 2002:17:27:17/120 dev tap0
]' failed: returned 1 (RTNETLINK answers: File exists
Command failed -:1
Error: an inet prefix is expected rather than "2002:17:27:17/120".
)
$ echo $?
1
$
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11274
Reviewed By: Roopa, Nikhil
Testing Done: ifupdown2 smoke, vxlan_aa smoke
The mstpctl addon and mstpctlutils file now contains a unified way to access
cached data (from mstpctl showportdetails json).
Some numbers:
- Without the patch ifreload -a on a scale vxlan config (1k vxlan) we used
to execute 5098 subcommands.
- With the patch "only" ~3000 (it should be 2k but clag ip link set protodown
needs to be move to netlink).
for ifquery -r -a: 11052 calls before patch, 1031 after.
This should improve time execution as well as CPU usage.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-12201
Reviewed By: Roopa
Testing Done:
The syntax: netmask <number> is ifupdown legacy support
We want to deprecate it so we don't want to officially support it.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-12151
Reviewed By: julien, nikhil
Testing Done: Tested bridge vid errors with multiple iface stanzas for
ports
This patch just uses the HAS_SIBLINGS and OLDEST_SIBLINGS
flags on an iface to make sure we flag the error
on the last interface ie oldest of the siblings. all interfaces
with multiple iface objects have HAS_SIBLINGS set and the last iface
has OLDEST_SIBLINGS set.
The other way to fix this for the user would be to set ifaceobj_squash=1
in /etc/network/ifupdown2/ifupdown2.conf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
unaware
Ticket: CM-12070
Reviewed By: julien, nikhil
Testing Done: Tested with config in the bug
The bug also talks about removing the vlans during this
transition. If the vlans are removed from the interfaces file,
ifupdown2 will delete them on an ifreload. In any case, once moved to
vlan unaware bridge settings, kernel and switchd
don't look at vlans any more.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: None
Reviewed By: Daniel Walton
Testing Done:
This commit was need to keep nclu and ifupdown2 consistent.
The naming were differing and we decided to keep nclu version.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-8101
Reviewed By: CCR-4949
Testing Done: smoke tests + ran ifup -a -s on every interface configuration file from GSS cl-supports collection
This commit is introducing ~20 keywords. The value of the different attributes
will be check against raw values and <keywords>:
'<mac>'
'<text>'
'<ipv4>'
'<ipv6>'
'<auto>': "auto"
'<ipaddr>': ipv4/6 with preflix len
'<number>'
'<interface>'
'<ipv4-vrf-text>': equivalent to: <ipv4> "vrf" <text>
'<number-ipv4-list>': example: "100=172.16.100.1 101=172.16.101.1"
'<interface-list>': example: "swp1 swp2 swp3"
'<ipv4/prefixlen>'
'<ipv6/prefixlen>'
'<ipaddr/prefixlen>'
'<number-range-list>': example: "2000 2200-3000"
'<interface-range-list>': example: "swp1=100 swp2=100" ('validrange' : ['0', '65535'])
'<mac-ipaddr/prefixlen-list>'
'<number-interface-list>': example: "4 swp1 swp2"
'<interface-yes-no-list>': example: "swp1=yes swp2=no"
'<interface-yes-no-0-1-list>'
'<interface-yes-no-auto-list>'
It's possible to combine a keyword with a range from validrange. example:
validrange: 10-50
validvals: <intrface-range-list>
value: swp1=21 swp2=42 ...
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-12036
Reviewed By: roopa
Testing Done: used same config from bug
This patch avoids printing port attributes under
vlan-AWARE-bridge on 'ifquer -ra'.
This patch also avoids printing following attributes
on 'ifquer -ra' if not defined:
mstpctl-maxhops
mstpctl-portpathcost
mstpctl-treeportcost
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-11803
Reviewed By: dsa, scotte, wkok, nikhil, julien
Testing Done: tested config of address-virtual lines on vrf slaves
This patch does the following:
- addressvirtual: enslaves macvlans created on vrf slaves
to the vrf master
- vrf: when looking for stale slaves on vrf master, skip
macvlan devices. This code does basic checking right now
and can be improved to include more cases.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-11998
Reviewed By: roopa
Testing Done: used same config given in bug descreption
When we try to unconditionally remove 'pvid' from 'vids' set,
we run into KeyError if 'vids' set doesn't contain 'pvid'
Example configuration:
auto swp9
iface swp9
mstpctl-portautoedge no
auto frontnet
iface frontnet
bridge-vlan-aware yes
bridge-ports swp9
bridge-vids 10
bridge-stp on
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-8629
Reviewed By: roopa, julien
Testing Done: used same config given in bug description
This patch avoids vlan aware bridge over-writing it's port's
config with default values
Example configuration:
auto swp9
iface swp9
mstpctl-portautoedge no
auto frontnet
iface frontnet
bridge-vlan-aware yes
bridge-ports swp9
bridge-vids 10
bridge-stp on
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-8596, CM-5118
Reviewed By: roopa, julien
Testing Done: used same config mentioned in bug
Previously, only first configured gateway is set as default route.
This patch sets all the configured gateways as default routes.
This patch also removes default route on ifup
after removing 'gateway' from the interface
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-11811
Reviewed By: roopa, julien
Testing Done: used same configuration from ticket
For a VLAN aware bridge, if 'bridge-pvid' is not configured,
auto bridge
iface bridge
bridge-ports swp7 swp8
bridge-vids 1-200
bridge-vlan-aware yes
'1' is would be running pvid and [2-200] would be running vids.
While doing _query_check() we compare configred versus running
vids excluding running 'pvid'. Configured vids here is [1-200]
and running is [2-200], but instead of excluding running 'pvid'
we used to exclued configured 'pvid' which is None in this case.
Comparison used to fail because of this.
This patch excludes running 'pvid' instead of configured 'pvid'
during _query_check()
This patch also fixes 'ifquery -c' error for bridge-pvid if
configured under a port of vlan aware bridge
This patch also avoids printing 'bridge-pvid' on 'ifquery -c'
if bridge-pvid is not configured under vlan aware bridge port
sample configuration:
auto swp4
iface swp4
auto swp7
iface swp7
bridge-pvid 2
auto swp8
iface swp8
bridge-pvid 2
auto bridge
iface bridge
bridge-ports swp4 swp7 swp8
bridge-vids 1-200
bridge-pvid 20
bridge-vlan-aware yes
sample output:
root@dell-s3000-02:~# ifquery -c -a
auto swp4
iface swp4 [pass]
bridge-pvid 20 [pass]
auto swp7
iface swp7 [pass]
bridge-pvid 2 [pass]
auto swp8
iface swp8 [pass]
bridge-pvid 2 [pass]
auto bridge
iface bridge [pass]
bridge-vlan-aware yes [pass]
bridge-ports swp8 swp7 swp4 [pass]
bridge-pvid 20
bridge-vids 1-200 []
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-11043
Reviewed By: roopa
Testing Done: used the config mentioned in bug
This patch adds a delay before starting IPv6 dhclient to
make sure the configured interface/link in up.
Also, ifdown on a IPv6 interface, this patch makes sure
that the link in up before dhcp release. Dhcp release is
done using a default lease file.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-11811
Reviewed By: roopa, julien
Testing Done: used same configuration from ticket
For a VLAN aware bridge, if 'bridge-pvid' is not configured,
auto bridge
iface bridge
bridge-ports swp7 swp8
bridge-vids 1-200
bridge-vlan-aware yes
'1' is would be running pvid and [2-200] would be running vids.
While doing _query_check() we compare configred versus running
vids excluding running 'pvid'. Configured vids here is [1-200]
and running is [2-200], but instead of excluding running 'pvid'
we used to exclued configured 'pvid' which is None in this case.
Comparison used to fail because of this.
This patch excludes running 'pvid' instead of configured 'pvid'
during _query_check()
This patch also fixes 'ifquery -c' error for bridge-pvid if
configured under a port of vlan aware bridge
sample configuration:
auto swp4
iface swp4
auto swp7
iface swp7
bridge-pvid 2
auto swp8
iface swp8
bridge-pvid 2
auto bridge
iface bridge
bridge-ports swp4 swp7 swp8
bridge-vids 1-200
bridge-pvid 20
bridge-vlan-aware yes
sample output:
root@dell-s3000-02:~# ifquery -c -a
auto swp4
iface swp4 [pass]
bridge-pvid 20 [pass]
auto swp7
iface swp7 [pass]
bridge-pvid 2 [pass]
auto swp8
iface swp8 [pass]
bridge-pvid 2 [pass]
auto bridge
iface bridge [pass]
bridge-vlan-aware yes [pass]
bridge-ports swp8 swp7 swp4 [pass]
bridge-pvid 20
bridge-vids 1-200 []
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
This reverts commit cfc51ed18b.
this commit seems to have broken usercmds. reverting it until it is
fixed.
Closes: CM-11856
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-11517
Reviewed By: julien, nikhil, jtoppins
Testing Done: ethtool sanity test
ethtool module should really care only about
physical interfaces. so, this patch makes ethtool
module ignore all logical interfaces, ie interfaces
with link_kind set.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: None
Reviewed By: Roopa
Testing Done: with a dummy script I printed the value passed by ifupdown
After the changes I did the same with ifupdown2 and checksd if the values
matched correctly.
This issue was reported on the github repository.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11745
Reviewed By: Roopa, Nikhil G
Testing Done: configuration provided in the bug
User was attempting to configure a traditional bridge under a VRF with VRR.
When issuing ifreload -a, the configuration failed to apply with an error.
Applying an address-virtual keyword to an interface with upper interfaces
or parent interfaces was not allowed. But now we are allowing the use of
this keyword only for vrf slaves.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: None
Reviewed By: Roopa, Daniel
Testing Done: This is not affecting ifupdown2 yet
the validvals attribute is only used by ifedit
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11624
Reviewed By: roopa, julien
Testing Done: using configuration mentioned in the bug
This patch fixes 'ifquery -c' failure for 'bridge-pvid' on
all bridge ports.
The following format of '/sbin/bridge -c vlan show' output was not handled properly
by iproute2
port vlan ids
swp1 600
700-710
711 PVID Egress Untagged
712-900
iproute2 was parsing the '/sbin/bridge -c vlan show' output with the assumption that
pvid line '711 PVID Egress Untagged' appears before all the vland ids.
Something like this:
port vlan ids
swp1 711 PVID Egress Untagged
600
700-710
712-900
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-11718
Reviewed By: CCR-4931
Testing Done: Tested complete regression suite on hardnode in 3.0.
This patch fixes a problem in the ethtool addon module where a single iface stanza was
configured for a link-speed (1G) other then the default (10G). The link-speed config is then
removed or commented out but the link-speed is not restored to its default value (10G) because of
incorrect logic.
Ticket: CM-11195
Reviewed By: roopa, julien
Testing Done: used the configuration mentioned in bug description
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
running values for bridge-portmcrouter, bridge-portmcfl, and bridge-portprios
were accessed using invalid keys.
Ticket: CM-11392
Reviewed By: roopa, dsa, julien
Testing Done: multiple vrf devices on dell-s3000-02
Now that the l3mdev FIB rule is in the CL3.1 kernel tree,
ifupdown2 no longer needs to manage FIB rules for VRF devices.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-11511
Reviewed By: CCR-4890
Testing Done: Used "address-virtual" keyword to create VRR interface with IPv6
address. Checked sysctl and dad failures.
In a VRR setup, both switches are programmed with the same IPv6 address and that
address is active on both switches. This causes the IPv6 duplicate address
detection to kick in and diable the use of one of the address on one of the
switches. This patch causes duplicate address detection to be disabled on VRR
interfaces by setting the net.ipv6.conf.<ifname>.accept_dad and
net.ipv6.conf.<ifname>.dad_transmits sysctl's to 0. The only IPv6 addresses
which are defined on these interfaces are the virtual addresses and the link
local address (which is unused). No other operational IPv6 addresses should ever
be assigned to these interfaces. Instead, operational IPv6 addresses should be
assigned to the "base", or lower, interface of the VRR interface.
Ticket: CM-11485
Reviewed By: Roopa
Testing Done: config from the github issue
First reported here https://github.com/CumulusNetworks/ifupdown2/issues/10
ifquery just like ifupdown should try to get the vlan-id from the iface name
if vlan-id attr is not specified.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11080
Reviewed By: roopa, dsa, dave olson, daniel, julien
Testing Done: yes, with mgmt VRF configured
This patch parses '/usr/bin/pstree -Aps <pid>' output to find
the pid of current ssh session, and send 'sudo ifreload -a'
to background before killing itself.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-8623
Reviewed By: Roopa Prabhu, Julien Fortin
Testing Done: yes, using the below mentioned config.
This patch fixes 'ifquery -c' error, bridge pvid error, which is an
unrelated error for the following valid config.
This patch also removes 'bridge-pvid', if configured, from 'bridge-vids' set.
In the below example, 510 is removed from the set bridge-vids 510-550.
The new bridge-vids set is 511-550.
auto swp1
iface swp1 inet6 dhcp
address 14.0.0.5/30
down ip addr flush dev swp1
auto Bridge1
iface Bridge1
address 0.0.0.0/0
down ip addr flush dev Bridge1
bridge-vlan-aware yes
bridge-ports swp1
bridge-pvid 510
bridge-vids 510-550
bridge-stp on
mstpctl-portnetwork swp1=yes
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-8561
Reviewed By: kanna, julien
Testing Done: Tested on amd64 switch
ifreload always deletes and adds back a host IP address
if that address is specified without a "/" and without a "netmask" config.
The problem is fixed so that _inet_address_convert_to_cidr() handles a missing
"/" and a missing "netmask" config. The host addresses is no longer added to a
list of addresses we will del/add. The patch was simply to add a case for the
missing "/" and a missing "netmask".
Ticket: None
Reviewed By: CCR-4692
Testing Done: smoke + scale tests
If called with close_fds=True the subprocess module will try to close every fd
from 3 to MAXFD before executing the specified command. This is done in Python
not even with a C-implementation which truly affecting performances.
This patch aims to better handle the file descriptor used by ifupdown2. Either
by closing them after use or by setting the close-on-exec flag for the file
descriptor, which causes the file descriptor to be automatically
(and atomically) closed when any of the exec-family functions succeed.
With the actual patch all tests are passing, I can't think of any future issue
but if any a possible future modification might be to use the parameter
'preexec_fn', which allows us to set function which will be executed in the
child process before executing the command line. We can always manually close
any remaining open file descriptors with something like:
>>> os.listdir('/proc/self/fd/')
['0', '1', '2', ‘3’, etc..]
>>> for fd in os.listdir('/proc/self/fd/')
>>> if int(fd) > 2:
>>> os.close(fd)
This patch is also totally re-organising the use of subprocesses. By removing
all subprocess code redundancy.
