This commit adds support for configuring GRE/IPIP/SIT tunnel interfaces as know
from previous versions of ifupdown. Currently only configuration checks for GRE
and SIT tunnels are implemented.
A tunnel interface configuration could look like this:
auto gre42
iface gre42 inet tunnel
mode gre
local 198.51.100.1
endpoint 203.0.113.2
#
# optional tunnel attributes
ttl 64
mtu 1400
tunnel-physdev eth0
#
address 192.0.2.42/31
address 2001:db8:d0c:23::42/64
auto he-ipv6
iface he-ipv6 inet tunnel
mode sit
endpoint 203.0.113.6
local 198.51.100.66
#
# optional tunnel attributes
ttl 255
mtu 1466
tunnel-physdev vrf_external
#
address 2001:db8:666::2/64
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
* Add addon module for B.A.T.M.A.N. advanced interface configuration.
This commit adds support for configuring B.A.T.M.A.N. advanced interfaces
with ifupdown2. B.A.T.M.A.N. advanced is a protocol to build Layer2 based
mesh networks with. It's supported in the Linux kernel and thus available
in many Linux environments.
A configuration could look like this
auto bat0
iface bat0
batman-ifaces eth1 eth2.23
batman-ifaces-ignore-regex .*_nodes
batman-hop-penalty 23
#
address 192.0.2.42/24
where »bat0« would be the local connection to the mesh network.
The interfaces »eth1« and »eth2.23« would be used by the B.A.T.M.A.N. adv.
protocol to communicate to other member of the mesh network.
Any interfaces matching the »ifaces-ignore-regex« will be gently ignored
by ifquery and ifreload as there might be some tunnels or interfaces
added to the mesh network by other means which should not be removed by
any subsequent ifreload run.
The »hop-penalty» parameter set the penalty of this node within the mesh
network.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
* addons: batman_adv: replacing rtnetlink by netlink api call and iproute2 instantiation fix
These changes are due to modifications we introduced in debian-prep2.
We no longer use the rtnetlink_api but a new one "netlink" build on top of python-nlmanager.
* Reflect upstream change where flags are stored.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Ticket:
Reviewed By: Roopa
Testing Done:
Support executing of ifupdown style scripts by default (1). Note that by default
python addon modules override scripts with the same name.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11043
Reviewed By: roopa
Testing Done: used the config mentioned in bug
This patch adds a delay before starting IPv6 dhclient to
make sure the configured interface/link in up.
Also, ifdown on a IPv6 interface, this patch makes sure
that the link in up before dhcp release. Dhcp release is
done using a default lease file.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
ifupdown2 can invoke scripts under /etc/network/if-*.d/*
in the required order with the required environment variables.
This patch includes fixes to execute these scripts.
The following attributes in /etc/network/ifupdown2/ifupdown.conf
can influence the execution behaviour of python-addon modules
and /etc/network/if-*.d/*
<ifupdown.conf>
addon_syntax_check=0
addon_scripts_support=1
addon_python_modules_support=1
</ifupdown.conf>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
ifupdown2 can invoke scripts under /etc/network/if-*.d/*
in the required order with the required environment variables.
This patch includes fixes to execute these scripts.
The following attributes in /etc/network/ifupdown2/ifupdown.conf
can influence the execution behaviour of python-addon modules
and /etc/network/if-*.d/*
<ifupdown.conf>
addon_syntax_check=0
addon_scripts_support=1
addon_python_modules_support=1
</ifupdown.conf>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8736
Reviewed By: Roopa
Testing Done: Smoke tests + the ones from the ticket
By default ifupdown2 will adjust logical devices MTU
based on the physical interface they are running on top of.
set this flag to 0 to disable this behaviour
adjust_logical_dev_mtu=1
Ticket:
Reviewed By: CCR-4268
Testing Done: Tested squashing of interfaces with multiple iface stanzas
This is controlled by ifaceobj_squash config variable in
/etc/network/ifupdown2/ifupdown2.conf.
With ifaceobj_squash=1, ifquery and all commands will
output squashed interfaces.
$cat /etc/network/interfaces
auto swp3
iface swp3
mtu 9000
auto swp3
iface swp3 inet static
address 10.0.17.3/24
auto swp3
iface swp3 inet static
address 10.0.18.3/24
address 2000:1000:1000:1000:3::5/128
$ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto swp3
iface swp3
mtu 9000
address 10.0.17.3/24
address 10.0.18.3/24
address 2000:1000:1000:1000:3::5/128
When and why do we need this ?
- If we preserve multiple ifaceobjects for the same iface,
it gets tricky in some cases to set default policy
values because the addon module run methods are called
on each ifaceobject.
- Each ifaceobject belonging to the same interface
is treated as a separate interface. It is difficult
to remember things accross addon module run methods
- we have a few hacks in place which we would like to
get rid of
Why not turn it on by default ?
- still debating about it. Dont want to break existing
scripts with change of output. Will get some feedback before
I switch the default to squash.
This patch adds initial support for vrf in ifupdown2.
Example interfaces file section:
auto swp1.100
iface swp1.100
vrf blue
auto blue
iface blue
vrf-table 10
iproute2 vrf map is generated under:
/etc/iproute2/rt_tables.d/ifupdown2.vrf_map
this patch also adds prelimnary support for 'vrf-table auto'.
But this needs more work.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7917
Reviewed By: CCR-3845
Testing Done: Tested address config reloading/purging with multiple
iface stanzas
We have had enough cases with address purging with multiple interfaces,
so turning this on by default
(cherry picked from commit de57cf0ce90c15df37fc25589947bbaeadcadd3b)
Ticket: CM-7917
Reviewed By: CCR-3845
Testing Done: Tested changing address and ifreloading on multiple iface stanzas
In presence of multiple iface stanzas, current ifupdown2 does not purge
existing addresses.
Because each ifaceobject processing looks at only its stanzas and it is
afraid that it may purge running addresses that does not belong to
itself. Historically multiple iface stanzas are processed individually
than squashing them as a single interface. Squashing iface stanzas into
a single iface stanza has been a problem in the past and also does not
work well with iface stanzas that are supported by ifupdown (I dont have
a specific problem example right now...but)
This patch processes all address attributes when processing the first iface
object (or iface stanza). Unsure if this can be a surprise to existing
users. It should not but cant say sometimes people have weird things in
their pre-up/post-up commands. Hence this is controlled by a ifupdown2.conf
variable addr_config_squash=0 set to off by default. still debating if this
can be on by default.
When addr_config_squash=0 and existing addresses are not purged a
warning is displayed:
"warning: swp1: interface has multiple iface stanzas skip purging
existing addresses"
(cherry picked from commit 7aaa75674547392f2abb8273b18671f0795b3eaf)
(ie to allow -i option)
Ticket: CM-7066
Reviewed By: CCR-3636
Testing Done: Tested ifupdown2 -i option
Administrators can protect from sudo users executing files with -i
by changing the disable_cli_interfacesfile=1 in ifupdown2.conf
I have uploaded the patch in CCR-3636. And checked with shm and nolan
before pushing this change in 2.5.4.
The default is being changed because of the fear of breaking existing
users of -i after an upgrade to 2.5.4.
The shipping default behaviour for -i will be revisited in 3.0
timeframe.
(cherry picked from commit 5dce566a94dafc99c441e66c412d8d66a083aa5e)
Ticket: CM-7464
Reviewed By: CCR-3507
Testing Done: Tested ifquery check sanity
ifquery --check non-json output displays 'pass' and 'fail' for
each attribute on the same line (see below). This output is not json
friendly. For json, include status in 'config_status' a dictionary
whose keys are similar to the 'config' dictionary but values are status
for the corresponding keys in the 'config' dictionary (see example below)
auto bond4
iface bond4 inet static
[pass]
bond-mode 802.3ad [pass]
bond-miimon 100 [pass]
bond-use-carrier 1 [pass]
bond-lacp-rate 1 [pass]
bond-min-links 1 [pass]
bond-xmit-hash-policy layer3+4 [pass]
bond-slaves swp3 swp4 [pass]
[
{
"name": "bond4",
"addr_method": "static",
"addr_family": "inet",
"auto": true,
"config": {
"bond-use-carrier": "1",
"bond-miimon": "100",
"bond-lacp-rate": "1",
"bond-min-links": "1",
"bond-slaves": "swp3 swp4",
"bond-mode": "802.3ad",
"bond-xmit-hash-policy": "layer3+4"
},
"config_status": {
"bond-use-carrier": "pass",
"bond-miimon": "pass",
"bond-lacp-rate": "pass",
"bond-min-links": "pass",
"bond-slaves": "pass",
"bond-mode": "pass",
"bond-xmit-hash-policy": "pass"
},
"status": "pass"
}
]
Ticket: CM-7313
Reviewed By: trivial
Testing Done: tested in active-active vxlan scale testbed
With recent change to ifupdown2 to create dummy devices (CM-3525), pre-up
sequence has been inadvertently changed to invoke clag before vxlan. This
causes protodown of vxlan device by clag addon to happen before vxlan device
gets added. Revert the pre-up order to have vxlan pre-up before clag's.
Ticket: CM-3525
Reviewed By: CCR-3326
Testing Done: Tested creating dummy devices using ifupdown2
This is modification to gospos loopback module. It solves the same
purpose ie using linux dummy device like a loopback device but there were
objections on calling it loopback so i have renamed it to link and i have changed it
into a generic module that can do any 'ip link'. Can be extended for
link args in the future.
below example creates a loopy device
$ifquery loopy
auto loopy
iface loopy
link-type dummy
$ifup loopy
$ifquery -c loopy
auto loopy
iface loopy [pass]
link-type dummy [pass]
(cherry picked from commit 1151420408a53c106d29183a1e0da5562c8b03a3)
Ticket: CM-7066
Reviewed By: scotte,roopa,olson
Testing Done: Unit testing and regression testing
This patch does two things:
1. It moves the interfaces config file name to the ifupdown2.conf file in /etc/network/ifupdown2.
This should allow administrators to specify a config file location different from the default and allow
subsets of users to use it without giving them access to specifying their own with the -i option in ifup/ifdown.
2. It also adds a new config setting called "disable_cli_interfacesfile" used to prevent users
from specifying their own interfaces file. This defaults to "1" (even if it is not configured).
Note: this new default takes away users ability to specify an interfaces file.
This should close the vulnerability where users could specify their own interfaces file
and add arbitrary user commands.
This leaves the shell=True option in the user commands add-on module since the ifup/ifdown/ifreload/ifquery
commands already require root access to run and the interfaces config file also requires root access to modify.
Ticket: CM-6723
Reviewed By: roopa
Testing Done: unit tested and testifupdown2 test suite
This patch installs bond interface defaults in
/etc/network/ifupdown2/policy.d/bond_defaults.json
and allows users to modify this file. Users can then leave out these
bond attributes in their configs to save typing and space.
It also changes the ifenslave and ifenslaveutil module to bond and
bondutil, respectively to be consistent with other modules
(and also because customers think of "bond" interfaces not
"ifenslave" interfaces.)
For example, the default file installed looks like the following:
{
"README": "This file is user generated and modifiable.",
"bond": {
"defaults": {
"bond-mode": "802.3ad",
"bond-miimon": "100",
"bond-use-carrier": "1",
"bond-lacp-rate": "0",
"bond-min-links": "1",
"bond-xmic-hash-policy": "layer3+4"
}
}
}
Please enter the commit message for your changes. Lines starting
Ticket: CM-6358
Reviewed By: roopa
Testing Done: Yes
ifupdown2 creates overrides vxrd's config when either (or both) the vxrd-src-ip and vxrd-svcnode-ip appear under the loopback interface's configuration.
Example
address 12.0.0.4/32
vxrd-src-ip 12.0.0.4
vxrd-svcnode-ip 99.99.99.9
Ticket: CM-3715
Reviewed By: CCR-3065
Testing Done: unit testing
Changes to proto down vxlan devices to avoid packet loops or duplicates before
clagd checks consistency and installs egress acl rules. When vxlan device is
brought up, check for presence of peer link and proto-down the device if peer
link exists.
- get_dependent_ifacenames is used to eliminate order dependency in specifying
peer link and vxlan configuration in /etc/network/interfaces.
- A separate script clagVxlanProtoDown is used to protodown vxlan devices if
peer link is configured separately (ifup peerlink) and vxlan devices are
already functional in the system.
Ticket: CM-5254
Reviewed By: roopa
Testing Done: tested master and 2.5_br images with testifupdown2 suite and hand tested
This patch creates a json defaults file upon bootup
(which can be overridden by customer configs in /etc)
which the ethtool module in ifupdown2 will consult
when "link-x" configs are removed in order to restore
them to the initial settings used by the switch.
(cherry picked from commit 8388664f5a5a85f2a813cafbf40ac92d7b86f4bf)
Conflicts:
packages/cl-utilities/usrlib/update-ports
(cherry picked from commit 21c9c10ab2fccaf60be9accb337e82541d497cc4)
ifdown behaviour.
Ticket: CM-5819
Reviewed By: CCR-2846
Testing Done: tested ifreload evo test case
ifreload_down_changed is 0 by default which will make
sure ifreload will not execute down on changed interfaces
but only on deleted interfaces making it non-disruptive.
some notes from CCR:
ifreload was designed to be an optimization for 'service networking
restart' or 'ifdown -a + ifup -a'.
essentially it is a combination of 'ifdown + ifup' with some smarts in
which interfaces it will execute ifdown on.
By default it does the below:
ifdown all interfaces that were deleted from the interfaces file
ifdown all interfaces that were changed from the last time they were
ifup'ed
ifup -a (execute ifup on all interfaces marked auto)
Did not realize people will use ifreload as much as they do today. Also,
they may execute it on a production box when changes are made. ifdown on a production box can be
disruptive because if the ifdown which is part of the ifreload.
To have a non-disruptive option to ifreload, 2.5 added a new option -c
that only executed 'ifup' on all interfaces. Thus reloading all auto +
any other interfaces that were once brought up on the box (essentially
all interfaces present in the saved state file). This by default did not
do anything to the interfaces that got deleted from the file. But had an
ifupdown2.conf toggle to do so.
Looking at the evo use case, they do want to use a single command that
modifies, adds, deletes with
minimum disruption. we can achieve maybe what they want with multiple
commands (But there is also a case of a bug in the build evo is running
which makes it not so easy ).
This patch fixes the bug and also tries to change the default ifreload
behaviour controllable via a variable in ifupdown2.conf.
when ifreload_down_changed=0 in ifupdown2.conf, ifreload will only
ifdown interfaces that were deleted
from the file but not the ones that changed. subsequent ifup as part of
ifreload on the interfaces
that changed will apply the delta. And ifreload_down_changed default
value is '0'.
WIth the patch, ifreload by default will do the below (going back to the
previous default is just a toggle in the ifupdown.conf file):
ifdown all interfaces that were deleted from the interfaces file
ifup -a (execute ifup on all interfaces marked auto)
It sounds like a big change of behaviour for a hotfix release, but
essentially the patch just moves a few things around. And the change in
behaviour is so subtle that it is not very visible.
It just makes it non-disruptive.
(cherry picked from commit 2f7977834d4912a69159d27e54ba201f58a321d8)
Ticket: CM-4802
Reviewed By:
Testing Done: yes
1. clag_enable needs to be set before slaves are added to the bond. Otherwise
bonding driver will bring the slaves up independent of clagd.
2. also added post_down clagd addon to cleanup the clag-id on ifdown.
Ticket: CM-3346
Reviewed By:
Testing Done: Tested ifupdown2 sanity
- moved 'admin up' delays that we introduced recently to be
configurable via two ifupdown2.conf attributes
# Let link master (bridges, bonds) own the link state of slaves
link_master_slave=1
# Delay admin state change till the end
delay_admin_state_change=0
- reduced some redundant traversal of dependency trees
- fixed a few bugs in query check
addons file
Ticket: CM-4423
Reviewed By:
Testing Done: tested ifupdown2 in the presence and absence of clagd
This is a hack to get around an ifupdown2 limitation.
The real fix should come as part of CM-3782
(cherry picked from commit 6fb63d6cdcb660063cf5d07ff28f49c34a306371)
addons file
Ticket: CM-4423
Reviewed By:
Testing Done: tested ifupdown2 in the presence and absence of clagd
This is a hack to get around an ifupdown2 limitation.
The real fix should come as part of CM-3782
Ticket: CM-3525
Reviewed By: CCR-2035
Testing Done: ifup/ifdown, service networking restart, reboot
Need for this change noticed in review.
(cherry picked from commit 231e2cf74b0f55b65f76d315d04f3a9c8279f51b)
