Ticket: CM-11195
Reviewed By: roopa, julien
Testing Done: used the configuration mentioned in bug description
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
running values for bridge-portmcrouter, bridge-portmcfl, and bridge-portprios
were accessed using invalid keys.
Ticket: CM-11392
Reviewed By: roopa, dsa, julien
Testing Done: multiple vrf devices on dell-s3000-02
Now that the l3mdev FIB rule is in the CL3.1 kernel tree,
ifupdown2 no longer needs to manage FIB rules for VRF devices.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-11511
Reviewed By: CCR-4890
Testing Done: Used "address-virtual" keyword to create VRR interface with IPv6
address. Checked sysctl and dad failures.
In a VRR setup, both switches are programmed with the same IPv6 address and that
address is active on both switches. This causes the IPv6 duplicate address
detection to kick in and diable the use of one of the address on one of the
switches. This patch causes duplicate address detection to be disabled on VRR
interfaces by setting the net.ipv6.conf.<ifname>.accept_dad and
net.ipv6.conf.<ifname>.dad_transmits sysctl's to 0. The only IPv6 addresses
which are defined on these interfaces are the virtual addresses and the link
local address (which is unused). No other operational IPv6 addresses should ever
be assigned to these interfaces. Instead, operational IPv6 addresses should be
assigned to the "base", or lower, interface of the VRR interface.
Ticket: CM-11485
Reviewed By: Roopa
Testing Done: config from the github issue
First reported here https://github.com/CumulusNetworks/ifupdown2/issues/10
ifquery just like ifupdown should try to get the vlan-id from the iface name
if vlan-id attr is not specified.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11080
Reviewed By: roopa, dsa, dave olson, daniel, julien
Testing Done: yes, with mgmt VRF configured
This patch parses '/usr/bin/pstree -Aps <pid>' output to find
the pid of current ssh session, and send 'sudo ifreload -a'
to background before killing itself.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-8623
Reviewed By: Roopa Prabhu, Julien Fortin
Testing Done: yes, using the below mentioned config.
This patch fixes 'ifquery -c' error, bridge pvid error, which is an
unrelated error for the following valid config.
This patch also removes 'bridge-pvid', if configured, from 'bridge-vids' set.
In the below example, 510 is removed from the set bridge-vids 510-550.
The new bridge-vids set is 511-550.
auto swp1
iface swp1 inet6 dhcp
address 14.0.0.5/30
down ip addr flush dev swp1
auto Bridge1
iface Bridge1
address 0.0.0.0/0
down ip addr flush dev Bridge1
bridge-vlan-aware yes
bridge-ports swp1
bridge-pvid 510
bridge-vids 510-550
bridge-stp on
mstpctl-portnetwork swp1=yes
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-8561
Reviewed By: kanna, julien
Testing Done: Tested on amd64 switch
ifreload always deletes and adds back a host IP address
if that address is specified without a "/" and without a "netmask" config.
The problem is fixed so that _inet_address_convert_to_cidr() handles a missing
"/" and a missing "netmask" config. The host addresses is no longer added to a
list of addresses we will del/add. The patch was simply to add a case for the
missing "/" and a missing "netmask".
Ticket: None
Reviewed By: CCR-4692
Testing Done: smoke + scale tests
If called with close_fds=True the subprocess module will try to close every fd
from 3 to MAXFD before executing the specified command. This is done in Python
not even with a C-implementation which truly affecting performances.
This patch aims to better handle the file descriptor used by ifupdown2. Either
by closing them after use or by setting the close-on-exec flag for the file
descriptor, which causes the file descriptor to be automatically
(and atomically) closed when any of the exec-family functions succeed.
With the actual patch all tests are passing, I can't think of any future issue
but if any a possible future modification might be to use the parameter
'preexec_fn', which allows us to set function which will be executed in the
child process before executing the command line. We can always manually close
any remaining open file descriptors with something like:
>>> os.listdir('/proc/self/fd/')
['0', '1', '2', ‘3’, etc..]
>>> for fd in os.listdir('/proc/self/fd/')
>>> if int(fd) > 2:
>>> os.close(fd)
This patch is also totally re-organising the use of subprocesses. By removing
all subprocess code redundancy.
Ticket: CM-7678
Reviewed By: Roopa Prabhu
Testing Done: yes, with vlan aware/unaware bridge on dell-s3000-02
This patch enables bpdu filter and bpdu guard enabled for vxland device under
the bridge if these two attributes are unconfigured
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
brought up
Ticket: CM-11016
Reviewed By: julien, nikhil
Testing Done: tested with config in the CM bug
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
brought up
Ticket: CM-10954, CM-10953
Reviewed By: julien
Testing Done: ran ifupdown2 smoke and vrf ifup/ifdown testing
- vrf master if not around is brought up when the first slave is brought up
by design (because we want the slaves to be
enslaved to a vrf master before addresses are configured).
and master is not brought up by first because interfaces
are brought up down to top in the dependency tree.
- This patch makes sure a slave brings up a vrf master only
when all interfaces are specified. When an individual interface
is brought up, skip master bring up and throw an error.
- Since the addon modules also need to use the ALL and WITH_DEPENDS
flags, this patch moves them to the existing global ifupdownflags
class
- vrf module uses the ifupdownflags.ALL flag to not bring up the master
when only the slave is being brought up
example:
ifup <vrf> # brings up the vrf device
ifup <vrf> --with-depends # brings up the vrf dev and
# its slaves
ifup <vrf_slave> # if vrf master is not around,
# an error is thrown
ifup <vrf_slave> --with-depends # will still not bring up the vrf master
ifdown <vrf> # deletes vrf dev and flushes the
# addresses on vrf slaves
ifup <vrf> # brings up vrf dev and does not
# up the adresses on the slaves
ifup <vrf> --with-depends # will bring up vrf and reapply config
# on slaves (including addresses)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10857
Reviewed By: julien, nikhil
Testing Done: Tested moving from a dhcp to static addr method for eth0
before the patch:
- when moving from dhcp to static address method, after releasing the dhcp
address, it takes a few seconds for the dhcp address to go away. When we
query addresses to configure, there is a chance that we may end up
getting the dhcp address for a few seconds. Which is ok until when the
static address to be configured is same as the dhcp address.
In which case we end up not configuring the static address because we
think it is already configured (per the running list).
After this patch:
- when moving from dhcp to static address method, we always re-apply the
address config avoiding the chance of not configuring an address due to a
dhcp address sticking around.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10857
Reviewed By: julien, nikhil
Testing Done: Tested moving from a static to dhcp addr method for eth0
the check to see if dhclient is running on an interface was failing.
which caused the following problem:
- interface when moved from dhcp to static addr_method was
not killing the existing dhcp process
- and a subsequent move from static to dhcp addr_method quit starting
dhcp because a dhclient process was already running
- but the original dhcp ip was already removed because of the
static address config which leaves eth0 in a weird state
After this patch:
- move from dhcp to static addr_method will release any
existing dhcp leases on an interface
- a subsequent move from static to dhcp will request a new
dhcp lease
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By:
Testing Done: ran l2 smoke
usage of mstpctl-ports will now give you a warning:
warning: attribute mstpctl-ports is deprecated. use bridge-ports instead.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By: trivial
Testing Done: tested sanity and bridge bringup and reload
bridge module already disables ipv6 on ports when bridge-ports is
specified. Making this change because i saw redundant calls to
disable_ipv6 on bridge ports by modules bridge and mstpctl
when bridge-ports is specified. It is slowing down ifreload
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
not bond slaves
Ticket: CM-9449
Reviewed By: julien
Testing Done: Tested resetting mtu on physical interfaces to default
default mtu is already present in address.json policy file. This patch
continues to take a cautious and conservative approach to
reset mtu of only physical interfaces if different from default mtu
and mtu is not given by the user. bond slaves get their mtu from
the bond when bond has a configured mtu. so this patch only
resets mtu on physical interfaces which are not bond slaves.
{noformat}
$cat /var/lib/ifupdown2/policy.d/address.json
{
"address": {
"defaults": { "mtu": "1500" }
}
}
{noformat}
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8736
Reviewed By: Roopa
Testing Done: Smoke tests + the ones from the ticket
By default ifupdown2 will adjust logical devices MTU
based on the physical interface they are running on top of.
set this flag to 0 to disable this behaviour
adjust_logical_dev_mtu=1
Ticket: CM-10569
Reviewed By: julien, nikhil
Testing Done: Tested ifquery -c as non root user
unlike ifup/ifdown/ifreload, ifquery can be called by a
non-root user. so make sure we dont write the root owned
vrf map file during ifquery
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By: dsa, nikhil, julien
Testing Done: Tested with system reserved table names
example: err msg:
$ifquery default
auto default
iface default
vrf-table auto
error: default: cannot use system reserved ['253', '0', '254',
'255'] table names
This patch makes all tables in /etc/iproute2/rt_tables reserved
$cat /etc/iproute2/rt_tables
255 local
254 main
253 default
0 unspec
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, with different configurations for physical & logical devices
This patch adds 'ifquery --with-defaults' to print the policy default
values for unconfigured attributes.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10281
Reviewed By: Roopa Prabhu
Testing Done: Tested with the configuration mentioned in the bug id
Due to bug CM-10188, defualt route via gateway is not installed in time.
It needs 2 sec delay, and fix to CM-10188 shall rectify this issue.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-7840
Reviewed By: julien, nikhil
Testing Done: Tested ifquery with and without --with-defaults option
commit "6e16e5ae90f2" introduced --with-defaults for ifquery --check
output. But the base ifquery --with-defaults should also include
the default policy attributes we support. This patch adds infrastructure
to query default attributes --with-defaults in base ifquery output.
example:
{noformat}
$ifquery br0
auto br0
iface br0 inet static
bridge-ports swp1 swp2
$ifquery br0 --with-defaults
auto br0
iface br0 inet static
bridge-ports swp1 swp2
bridge-stp yes
{noformat}
Ticket: CM-10465
Reviewed By: julien, nikhil
Testing Done: Tested creating more than 64 vrf devices
example config:
{noformat}
%for v in range(1, 66):
auto vrf${v}
iface vrf${v}
vrf-table auto
%endfor
{noformat}
also, since vrf module already does a link up on vrf dev, remove
link up of vrf dev from ifupdownmain scheduler callback
Ticket: CM-10387
Reviewed By: roopa, wkok
Testing Done: slaffer
addons/vlan.py checks if a builtin interface's VLAN ID is within the
switchd reserved VLAN range. This stops a user configuring any port-
local VLANs within that range, despite it being a valid configuration
in both a hardware and kernel sense.
This commit removes the check for builtin interfaces only. The check
of the bridge-vids list for a vlan-aware bridge still resides and
correctly operates in addons/bridge.py.
Ticket:
Reviewed By: dsa
Testing Done: tested boot with vrf devs and checking vrf-helper args
Call it with the 'boot' arg at boot:
/usr/lib/vrf/vrf-helper create blue 1002 boot
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
This patch adds a new argument '--with-defaults' to 'ifquery'
when 'ifquery --with-defaults' is executed, running states of all interface
attributes are compared against respective configured attributes from
/etc/network/interfaces file, if configured. Otherwise, compared against
default attributes from policy file
This patch also: (1) fixes ifquery check failure for bridge-* stp attributes.
(2) removes vrf-default-route and vrf-cgroup attributes from ifupdown2 policy
and just have the vrf-helper attribute
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10178
Review: trivial
Testing: tested with failing testcase in the CM
This patch fixes a check in vrf map initialization code which did
not account for running vrfs correctly. This caused the case where
there were no running vrfs but stale map file to fail.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
addons,ifupdown,sbin: adding ifquery --with-defaults option
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
This patch adds a new argument '--with-defaults' to 'ifquery'
when 'ifquery --with-defaults' is executed, running states of all interface
attributes are compared against respective configured attributes from
/etc/network/interfaces file, if configured. Otherwise, compared against
default attributes from policy file
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
