Ticket: CM-6795
Reviewed By: CCR-4270
Testing Done:
root@debian:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback
alias foo_bar
root@debian:~# ip link show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
alias foo_bar
root@debian:~# ifdown -v lo
info: loading builtin modules from /usr/share/ifupdown2/addons
info: module ethtool not loaded (module init failed: no /sbin/ethtool found)
info: module ethtool not loaded (module init failed: no /sbin/ethtool found)
info: looking for user scripts under /etc/network
info: loading scripts under /etc/network/if-pre-up.d ...
info: loading scripts under /etc/network/if-up.d ...
info: loading scripts under /etc/network/if-post-up.d ...
info: loading scripts under /etc/network/if-pre-down.d ...
info: loading scripts under /etc/network/if-down.d ...
info: loading scripts under /etc/network/if-post-down.d ...
info: lo: running ops ...
info: rtnetlink: setting link lo down
info: executing ip -o addr show dev lo
info: Executing echo "" > /sys/class/net/lo/ifalias
info: Executing /etc/network/if-down.d/avahi-autoipd
info: Executing /etc/network/if-down.d/upstart
info: Executing /etc/network/if-down.d/wpasupplicant
info: Executing /etc/network/if-post-down.d/wireless-tools
info: Executing /etc/network/if-post-down.d/avahi-daemon
info: Executing /etc/network/if-post-down.d/wpasupplicant
root@debian:~# ip link show lo
1: lo: <LOOPBACK> mtu 65536 qdisc noqueue state DOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
root@debian:~# ifup -v lo
info: loading builtin modules from /usr/share/ifupdown2/addons
info: module ethtool not loaded (module init failed: no /sbin/ethtool found)
info: module ethtool not loaded (module init failed: no /sbin/ethtool found)
info: looking for user scripts under /etc/network
info: loading scripts under /etc/network/if-pre-up.d ...
info: loading scripts under /etc/network/if-up.d ...
info: loading scripts under /etc/network/if-post-up.d ...
info: loading scripts under /etc/network/if-pre-down.d ...
info: loading scripts under /etc/network/if-down.d ...
info: loading scripts under /etc/network/if-post-down.d ...
info: processing interfaces file /etc/network/interfaces
info: lo: running ops ...
info: Executing /etc/network/if-pre-up.d/wireless-tools
info: Executing /etc/network/if-pre-up.d/wpasupplicant
info: rtnetlink: setting link lo up
info: executing ip -o addr show dev lo
info: executing ip link set dev lo alias foo_bar
info: Executing /etc/network/if-up.d/mountnfs
info: Executing /etc/network/if-up.d/avahi-autoipd
info: Executing /etc/network/if-up.d/openssh-server
info: Executing /etc/network/if-up.d/upstart
info: Executing /etc/network/if-up.d/avahi-daemon
info: Executing /etc/network/if-up.d/wpasupplicant
root@debian:~# ip link show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
alias foo_bar
Ticket:
Reviewed By: CCR-4268
Testing Done: Tested squashing of interfaces with multiple iface stanzas
This is controlled by ifaceobj_squash config variable in
/etc/network/ifupdown2/ifupdown2.conf.
With ifaceobj_squash=1, ifquery and all commands will
output squashed interfaces.
$cat /etc/network/interfaces
auto swp3
iface swp3
mtu 9000
auto swp3
iface swp3 inet static
address 10.0.17.3/24
auto swp3
iface swp3 inet static
address 10.0.18.3/24
address 2000:1000:1000:1000:3::5/128
$ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto swp3
iface swp3
mtu 9000
address 10.0.17.3/24
address 10.0.18.3/24
address 2000:1000:1000:1000:3::5/128
When and why do we need this ?
- If we preserve multiple ifaceobjects for the same iface,
it gets tricky in some cases to set default policy
values because the addon module run methods are called
on each ifaceobject.
- Each ifaceobject belonging to the same interface
is treated as a separate interface. It is difficult
to remember things accross addon module run methods
- we have a few hacks in place which we would like to
get rid of
Why not turn it on by default ?
- still debating about it. Dont want to break existing
scripts with change of output. Will get some feedback before
I switch the default to squash.
Ticket: CM-6795
Reviewed By:
Testing Done: Julien Fortin <julien@cumulusnetworks.com>
When using ifdown the value of the alias field was checked but never used. Instead this string "\'\'" was used.
change 'or' to 'and'. Its valid for one of them to be null.
This was causing vrf enslavement errors during bootup.
This was a recent regression.
Closes: CM-9757
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
We dont need to fail on saved state dependency graph generation errors.
Also dont check for shared dependents during dependency graph generation
on saved state (optimization)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9668
Reviewed By: daveO, roopa (patch by daveO)
Testing Done: Tested reboot/shutdown and made sure network
unconfiguration was not getting triggered
This is controlled by a variable SKIP_DOWN_AT_SYSRESET="yes"
(defaults to yes). Should probably default to 'no' for upstream.
Ticket: CM-9677
Reviewed By: nikhil
Testing Done: Tested with bond config file in CM-9677
This patch replaces the following attributes:
bond-ad-sys-priority with bond-ad-actor-sys-prio
bond-ad-sys-mac-addr with bond-ad-actor-system
The new attributes correspond to the new sysfs files below:
/sys/class/net/sidelink/bonding/ad_actor_sys_prio
/sys/class/net/sidelink/bonding/ad_actor_system
Old values will be accepted with a deprecated warning:
warning: attribute bond-ad-sys-priority is deprecated. Use bond-ad-actor-sys-prio instead
warning: attribute bond-ad-sys-mac-addr is deprecated. Use bond-ad-actor-system instead
Ticket: CM-8621
Reviewed By: Roopa Prabhu
Testing Done: Yes, by installing ifupdown2 deb onto cel-e1031-01
This patch makes sure ifupdown2 will not delete the address
configured through quagga when address-purge is set to no
Ticket: CM-9216
Reviewed By: roopa
Testing Done: installed, verified that even with long sleeps, no timeout
After much discussion with Roopa, Wilson, Anuradha, Mallik, and Scott,
we decided we would go back to the 2.5 behavior of not timeing out
on networking startup. See the bug for some of the discussion.
This needs clagd changes to not hang forever if clag is to be restarted.
Since this is a oneshot service, the default is to not timeout, so
simply remove the TimeoutSec variable to get the default of no timeout.
Ticket: CM-9596
Reviewed By: Roopa Prabhu
Testing Done: Yes, by installing ifupdown2 deb onto cel-e1031-01
This patch makes sure ifupdown2 will not report a NoneType error
when VRF is defined but not used
Ticket: CM-9594
Reviewed By: Roopa Prabhu
Testing Done: Yes, by installing ifupdown2 deb onto cel-e1031-01
This patch fixes the failure to execute the command
'ip link set dev eth0 nomaster' when 'eth0' is associated with any vrf
This patch also include a review comment update for CCR-4210
Ticket: CM-8729
Reviewed By: trivial
Testing Done: Tested with a config with vlan-raw-device
'ip -o -d link show' introduced a new attribute between
'vlan and id'. This makes the move to json or netlink
even more necessary.
The fixes were done for the following format:
61: vlan100@swp1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT group default \ link/ether
00:e0:ec:27:4e:b7 brd ff:ff:ff:ff:ff:ff promiscuity 0 \ vlan protocol
802.1Q id 100 <REORDER_HDR> addrgenmode eui64
Ticket: CM-8729
Reviewed By: Nikhil
Testing Done: Tested with vlan device with vlan-raw-device in interfaces
file
also reported here: https://github.com/CumulusNetworks/ifupdown2/issues/10
is_keyword was matching iface attribute 'vlan-raw-device' to the vlan
keyword and dropping it from ifaceobj config.
Ticket: CM-9595
Reviewed By:
Testing Done: tested with failing vrf config in CM-9595
due to same upperiface getting processed more than once,
there was an unnecessary refcount inc on the lowerdevice.
This patch aborts processing upperiface if already
processed and also adds a new debug function to
dump lower and uppper ifaces of all interfaces in the
file.
Ticket: CM-9541
Reviewed By: Roopa Prabhu
Testing Done: Yes, by installing ifupdown2 deb onto cel-e1031-01
This patch checks if fib rule for local table have higher pref
than vrf table, if not, it deletes fib rule for local table
with lower pref and adds fib rule for local table with
higher pref than vrf table.
This patch also avoid repeated addition of vrf rules on each ifup
non-persistant storage
This is a reimport of missing peices of commit
f819c3602e56 in 2.5cl ifupdown2.
commit log from 2.5cl:
Introduce a lock file in non-persistent storage
/run/network/ifstatelock to make sure the state
file in persistent storage is cleaned up correctly
ifupdown2 state file was moved to /var/tmp because /var/tmp was
tmpfs and was large enough (100MB) for the state file. But it
appears it has changed (or is not consistent) across all platforms.
We can move it under /run, but /run again size varies on various
platforms and it is too small on some platforms.
This patch:
- continues to keep the ifupdown2 state file under /var/tmp (because
it needs the space)
- ntroduces a second level /run/network/ifstatelock file that stays
on non-persistant storage and is used to delete the state file at
/boot up
Closes: CM-9573, CM-7774
Review: CCR-3623 (original review)
Tested-by: Mallikarjuna rao Uppalapati <mallik@cumulusnetworks.com>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9107
Reviewed By: Roopa Prabhu
Testing Done: Yes, by installing ifupdown2 deb onto cel-e1031-01
This patch adds a check to detect change in vrf config table id
compared to running table id and throw an error accordingly.
The vrf device may not be up when ifup is executed on the
slaves. This commit makes sure:
- vrf slaves dont try to enslave themselves when vrf device is
not present
- And vrf master enslaves any missing slaves during ifup of vrf master
- Also make vrf device the link master, this will make sure
the vrf device brings the vrf slave links up. This is needed to work
around the ipv6 address flush issue
Closes: CM-9493
Review: dsa, nikhil, wkok (via git send-mail)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This patch adds a new upperiface module handler get_upper_ifacenames
to get upperifaces from a addon module. This is called during building
dependency graph.
Closes: CM-9493
Review: dsa, nikhil, wkok (via git send-email)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8455
Review: CCR-4181
Testing: tested ifreload on builtin interface change
This patch handles removal of builtin interfaces (example swp*.100
below..which dont have iface sections) during a ifreload.
{noformat}
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports swp3.100 swp15.100
{noformat}
if user changes swp15.100 to another interface and does a ifreload,
before this patch swp15.100 used to be around. This patch makes sure
swp15.100 is deleted in the process
I had to do some cleanup of flags in the process. I might have added
some extra cycles to ifreload. But i dont see an easy way to handle this
case.
Ticket: CM-9494
Reviewed By: CCR-4184
Testing Done:
Also removed legacy 'fallback' options.
Now lacp bypass is enabled and disabled on a bond with:
bond-lacp-bypass-allow [0|1]
Ticket: CM-9520
Reviewed By: CCR-4152
Testing Done: verified service node configuration
Use "remote" attribute in iproute2 command to provision
service node address for service node based replication. Changes also
include allowing only one service node per vxlan device, so its user's
responsiblity to select one service node per vxlan device if there
are multiple nodes to distribute the load.
Ticket:CM-9106
Reviewed By: Roopa Prabhu and Dave Olson
Testing Done: Yes, by installing ifupdown and cumulus-tools deb on to cel-e1031-01
This patch adds per vrf default route: "ip route add table <tbid> unreachable default"
It also accepts a policy file with vrf-default-route [yes/no]
This also includes ifquery fixes for running and check.
Ticket: CM-8773
Reviewed By: CCR-4079
Testing Done:Yes, with following cofiguration
auto swp1
iface swp1
address 71.12.21.43
address 2001:620:5ca1:160::47
preferred-lifetime 30
Fix for this is, a small update in address.py method '_inet_address_convert_to_cidr'
where there is a check for different addres attributes.
Ticket: CM-6806
Reviewed By: CCR-4126
Testing Done:
Currently, when doing ifup of a bridge, the bridge is created
and ports are added to bridge before vlan_filtering is set on
the bridge. This causes extra churn on switchd which has to
configure the hardware one way and then tear it down and
reconfigure it again in the new way. For mlx, it causes even
more problems.
This patch moves the vlan_filtering setting of bridge to before
member ports are being added to the bridge, and it uses the new
iproute2 command for setting the attribute instead of through
sysfs.
Ticket: none
Reviewed By: roopa,satish
Testing Done: built, installed, verified correct location
The install file resulted in creating /etc/default/networking/ as a
directory and installing the networking.default file in it. Rename
networking.default to networking, and change the install file.
Normally dh_installinit handles all this, but since the package is
ifupdown2, and the file is networking, that doesn't happen.
Also, because we had created a directory with the name of what we want
to install as a file, we need to remove it if it exists. This addition
of a preinst file should not go upstream, and should be removed in a few
weeks when everybody has re-installed enough.
Ticket: CM-9097
Reviewed By: Trivial
Testing Done: Tested on Chris' config
In 3.0, the bridge vlan show command does not print
VLAN ranges unless you use the "-c" option.
This patch modifies the bridge vlan show call in
iproute2.py to use "-c".
Ticket: CM-9078
Reviewed By: CCR-4110
Testing Done: clag bond add/del and clag slave add/del
This change basically does the following -
1. Proto-down swpX pre-clag-bond-enslave
2. Proto-up swpX post-clag-bond-release
Setting/clearing of clag-id will result in similar proto-state changes
and those are handled by clagd.
Note:
I really wanted to keep these changes out of ifupdown2 but the
order of setting is critical i.e. protodown has to happen enslave to
prevent additional flaps/STP TCNs. Theoretically #2 can be done by clagd
but there is no easy way to do #1.
Ticket: CM-9266
Reviewed-by: trivial
Testing-done:
For now disable old LACP bypass options so that ifreload does
not give errors, as the corresponding sysfs nodes do not exist in
the latest 4.1.y kernel.
Ticket:
Reviewed By: trivial
Testing Done: built, installed
Don't want to leave incorrect confusing references behind.
Instead of having the networking script depend on switchd, since
ifupdown2 is upstream, I'll add the reverse dependency to the
switchd.service.
Added Documentation line
Ticket: CM-8725
Reviewed By: roopa
Testing Done: tested with user's config on amd64 platform
When setting mstpctl params from user given fdelay and maxage,
ifreload and ifup is setting maxage before fdelay.
Since there is a check for (Bridge Foward Delay - 1 second) >= Bridge Max Age
fdelay must be set before maxage because the fdelay is a default value.
Ticket: none
Reviewed By: trivial
Testing Done: installed, Alex tried for image creations.
apparently with some of our packages like mstpd still using init.d for a
while longer, just having the init.d/networking file causes the original
complaints about loops between services.
So I'm purging it completely.
Also clean up the comments a bit in start-networking
Ticket: CM-9182
Reviewed By: Trivial
Testing Done: ifup'd bond when bonding module was not yet loaded.
The bond support in ifupdown2 would check to see if the bonding module is
loaded when creating a bond. If it was not it would load the driver and return.
The correct operation is to load the driver and then continue to create the
bond.
Ticket: CM-9078
Reviewed By: Trivial
Testing Done: bond ifdown/ifup on s6000
This needs to be replaced with protodown of clag bond slaves
pre-enslave (TBD; coming soon).
Ticket: None
Reviewed By: CCR-4058
Testing Done: ifup'd interface with both dhcp-wait: "no" and dhcp-wait: "yes"
and not specified at all.
A previous patch implemented the nowait option for DHCP. This patch changes the
name of the option to "dhcp-wait" and makes the default, if nothing is specified
in the policy files, to be "yes", which means dhclient will be called without
the "-nw" option, causing it to wait for up to a minute for a response from the
DHCP server before continuing.
The format of the JSON in the policy file for this option was also changed so
that it conforms to the other ifupdown2 policy options. This format is now:
{
"dhcp": {
"defaults": { "dhcp-wait": "no" }
}
}
Also, the documented argument values are "yes" and "no". Any other values, will
be interpreted as "yes".
A subsequent patch in cl-basefiles will be made to include this fragment in
/var/lib/ifupdown2/policy.d/dhcp.json so that Cumulus Linux will default to
not waiting for DHCP to complete.
Ticket: None
Reviewed By: CCR-4058
Testing Done: ifup'd interface with both nowait=0 and nowait=1 and not specified
at all.
The Mellanox platform, as well as some others probably, has two management
interfaces: eth0 and eth1. The customer may plug a cable into either one of
these interfaces, and very rarely both of them. If only one cable is plugged in
and we don't know which one, then /etc/network/interfaces must be configured
by default to automatically bring up both interfaces using DHCP. But when an
interface does not have link, it stalls the boot process for 60 seconds while
dhclient times out.
This patch changes the default dhclient behavior to not wait for DHCP to
complete, by using the "-nw" option when calling dhclient. This means that
dhclient will immediately return and DHCP will complete in the background.
A module attribute has been added for the DHCP addon called "nowait", which
defaults to 1. If this attribute is set to 0, then dhclient will revert to its
previous behavior and delay up to a minute while DHCP completes. This attribute
can be specified in a policy file, e.g. /etc/network/ifupdown2/policy.d/dhcp.json,
with contents such as:
{
"dhcp" :
{
"nowait" : 0
}
}
Change policy manager default policy file location:
from /var/lib/ifupdownaddons/policy.d to
/var/lib/ifupdown2/policy.d
This aligns well with the user policy file location:
/etc/network/ifupdown2/policy.d/
Fixes 59dad2ca80("debian: sync debian files with from upstream debian repo")
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This patch adds initial support for vrf in ifupdown2.
Example interfaces file section:
auto swp1.100
iface swp1.100
vrf blue
auto blue
iface blue
vrf-table 10
iproute2 vrf map is generated under:
/etc/iproute2/rt_tables.d/ifupdown2.vrf_map
this patch also adds prelimnary support for 'vrf-table auto'.
But this needs more work.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8790
Reviewed By: wkok,roopa
Testing Done: built, installed, rebooted
jessie's networking starts as an init.d service. Trying to force ordering
between init.d and systemd services when there are dependencies doesn't work
well (especially since the init.d/networking service is forced very early
because of the remote filesystem requirement in jesie).
Converting networking to a script run as a systemd service allows us to start
networking after switchd. The new script is /sbin/start-networking. I chose
to keep it in /sbin, rather than put it in /usr/cumulus/bin, because it's core
functionaity.
I am not removing /etc/init.d/networking, it just gets ignored unless somebody
types it manually. If somebody does that, systemctl runs through the lsb
hooks. The two lost abilities below are just ignored if passed. I'm
also preventing creating the rc.d symlinks to the init.d/networking
script to reduce future confusion.
We lose some init.d "convenience" functionality because it's not available
through systemd. What we lose are:
reload-currently-up - can still be done with ifreload --currently-up
force-reload - can still be done with ifreload -f -a
We keep start, stop, reload, restart
before this commit, an error in reading a sourced file would
result in an error. This commit converts it to a warning and continue
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
