Ticket:
Reviewed By: Roopa, Daniel W, Nikhil G, Dave O, Scott E
Testing Done: ifupdown2 smokes
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-12988
Reviewed By: julien, nikhil, dsa
Testing Done: tested ifup and ifdown of vrf devices with address virtual
slaves
This patch fixes up macvlan device enslavements when vrf device
or vrf slave is brought down and up. address virtual macvlan
devices on vrf slaves need to enslaved to the vrf. This
patch checks and fixes up those vrf enslavements for the following
cases:
ifdown <vrf_device> && ifup <vrf_device>
ifdown <vrf_slave> && ifup <vrf_slave>
starting state:
------------
$ip -br link show
myvrf UP 46:c6:44:db:37:60 <NOARP,MASTER,UP,LOWER_UP>
bridge.901@bridge UP 44:38:39:00:77:88 <UP,BROADCAST,MULTICAST,UP>
bridge-901-v0@bridge.901 UP 00:00:5e:00:01:81 <UP,BROADCAST,MULTICAST,UP>
$ifdown myvrf
$ip -br link show
bridge.901@bridge DOWN 44:38:39:00:77:88 <BROADCAST,MULTICAST>
bridge-901-v0@bridge.901 DOWN 00:00:5e:00:01:81 <BROADCAST,MULTICAST,M-DOWN>
before patch (macvlan device bridge-901-v0 did not come up:
----------------------------------------
$ifup myvrf
$ip -br link show
bridge.901@bridge UP 44:38:39:00:77:88 <UP,BROADCAST,MULTICAST,UP>
bridge-901-v0@bridge.901 DOWN 00:00:5e:00:01:81 <BROADCAST,MULTICAST>
myvrf UP ce:a6:e1:85:75:73 <NOARP,MASTER,UP,LOWER_UP>
after patch:
------------
$ifup myvrf
$ip -br link show
bridge.901@bridge UP 44:38:39:00:77:88 <UP,BROADCAST,MULTICAST,UP>
bridge-901-v0@bridge.901 UP 00:00:5e:00:01:81 <UP,BROADCAST,MULTICAST,UP>
myvrf UP ce:a6:e1:85:75:73 <NOARP,MASTER,UP,LOWER_UP>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-12753
Reviewed By: roopa, julien
Testing Done: used same config mentioned in the bug
Changed %d to %s inorder to print a string.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: None
Reviewed By:
Testing Done:
The function _create_vrf_dev is surrounded by a try/catch as follow:
try:
vrf_table = self._create_vrf_dev(ifaceobj, vrf_table)
except Exception, e:
self.log_error('%s: %s' %(ifaceobj.name, str(e)), ifaceobj)
Thus we shouldn't include the ifaceobj.name in any error message passed to
log_error(). Since this function will raise an exception by default, it will
result in something like this:
error:br0.4002: red: red: create failed (cmd 'ip link add name red type vrf table 1001' failed: returned 1 ...[snip]
error:red: red: create failed (cmd 'ip link add name red type vrf table 1002' failed: returned 1 ...[snip]
after this patch:
error: red: create failed (cmd 'ip link add name red type vrf table 1002' failed: returned 1 ... [snip]
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11393
Reviewed By: dsa, julien, nikhil
Testing Done: tested up and down of a vrf interface
$ifdown -v blue
..snip ..
info: executing /usr/lib/vrf/vrf-helper delete blue 1030
info: executing ip link del blue
info: executing /bin/ss -aK "dev == 54"
info: vrf: syncing table map to
/etc/iproute2/rt_tables.d/ifupdown2_vrf_map.conf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-12049
Reviewed By: dsa, julien, nikhil
Testing Done: tested with and without /etc/iproute2/rt_tables.d/
OS does not have /etc/iproute2/rt_tables.d, on errors just info:
$ifreload -a -v
info: unable to save iproute2 vrf to table map ([Errno 2] No such file
or directory: '/etc/iproute2/rt_tables.d/ifupdown2_vrf_map.conf')
info: cannot find /etc/iproute2/rt_tables.d. pls check if your iproute2
version supports rt_tables.d
OS has /etc/iproute2/rt_tables.d, on errors warn:
$ifreload -a
warn: unable to save iproute2 vrf to table map ([Errno 2] No such file
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-12084
Reviewed By: julien, nikhil
Testing Done: tested with --allow=mgmt class
This fixes a problem where vrf map file was getting deleted
at boot during the second invocation of ifup. This is because
the code uses PERFMODE to check it is boot..but does
not realize that this may not be the first invocation of
ifup during the boot.
This patch adds additional checks for mgmt netdev to
make sure we delete the vrf map file only the first time.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-12084
Reviewed By: julien, nikhil
Testing Done: Tested ifreload/ifup/ifdown --allow=<class>
vrf slave brings up the master if master is not up yet.
Today this is done only when ALL (auto) option is set
just as an optimization. because you dont want to bring
up the master in cases where user just wants to
bring up the vrf slave. eg ifup -v eth0.
This does not work so well, when user uses
--allow classes to bring up vrf master and slaves
together (eg mgmt vrf).
This patch removes the ALL check when bringing
up master and replaces it with an ALL or
CLASS check. ie make sure vrf master belongs to the
same class as you when CLASS is specified.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: None
Reviewed By: Daniel Walton
Testing Done:
This commit was need to keep nclu and ifupdown2 consistent.
The naming were differing and we decided to keep nclu version.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-8101
Reviewed By: CCR-4949
Testing Done: smoke tests + ran ifup -a -s on every interface configuration file from GSS cl-supports collection
This commit is introducing ~20 keywords. The value of the different attributes
will be check against raw values and <keywords>:
'<mac>'
'<text>'
'<ipv4>'
'<ipv6>'
'<auto>': "auto"
'<ipaddr>': ipv4/6 with preflix len
'<number>'
'<interface>'
'<ipv4-vrf-text>': equivalent to: <ipv4> "vrf" <text>
'<number-ipv4-list>': example: "100=172.16.100.1 101=172.16.101.1"
'<interface-list>': example: "swp1 swp2 swp3"
'<ipv4/prefixlen>'
'<ipv6/prefixlen>'
'<ipaddr/prefixlen>'
'<number-range-list>': example: "2000 2200-3000"
'<interface-range-list>': example: "swp1=100 swp2=100" ('validrange' : ['0', '65535'])
'<mac-ipaddr/prefixlen-list>'
'<number-interface-list>': example: "4 swp1 swp2"
'<interface-yes-no-list>': example: "swp1=yes swp2=no"
'<interface-yes-no-0-1-list>'
'<interface-yes-no-auto-list>'
It's possible to combine a keyword with a range from validrange. example:
validrange: 10-50
validvals: <intrface-range-list>
value: swp1=21 swp2=42 ...
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11803
Reviewed By: dsa, scotte, wkok, nikhil, julien
Testing Done: tested config of address-virtual lines on vrf slaves
This patch does the following:
- addressvirtual: enslaves macvlans created on vrf slaves
to the vrf master
- vrf: when looking for stale slaves on vrf master, skip
macvlan devices. This code does basic checking right now
and can be improved to include more cases.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-11392
Reviewed By: roopa, dsa, julien
Testing Done: multiple vrf devices on dell-s3000-02
Now that the l3mdev FIB rule is in the CL3.1 kernel tree,
ifupdown2 no longer needs to manage FIB rules for VRF devices.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-11080
Reviewed By: roopa, dsa, dave olson, daniel, julien
Testing Done: yes, with mgmt VRF configured
This patch parses '/usr/bin/pstree -Aps <pid>' output to find
the pid of current ssh session, and send 'sudo ifreload -a'
to background before killing itself.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: None
Reviewed By: CCR-4692
Testing Done: smoke + scale tests
If called with close_fds=True the subprocess module will try to close every fd
from 3 to MAXFD before executing the specified command. This is done in Python
not even with a C-implementation which truly affecting performances.
This patch aims to better handle the file descriptor used by ifupdown2. Either
by closing them after use or by setting the close-on-exec flag for the file
descriptor, which causes the file descriptor to be automatically
(and atomically) closed when any of the exec-family functions succeed.
With the actual patch all tests are passing, I can't think of any future issue
but if any a possible future modification might be to use the parameter
'preexec_fn', which allows us to set function which will be executed in the
child process before executing the command line. We can always manually close
any remaining open file descriptors with something like:
>>> os.listdir('/proc/self/fd/')
['0', '1', '2', ‘3’, etc..]
>>> for fd in os.listdir('/proc/self/fd/')
>>> if int(fd) > 2:
>>> os.close(fd)
This patch is also totally re-organising the use of subprocesses. By removing
all subprocess code redundancy.
* commit '1cf891d101dab5569129c7f9d61d60bc53b67ffd':
Staging cl3u3 version for merge to stable and release
ifupdownaddons: iproute2: warn when using keywords and better parsing vlanid in ip link show output
addons: vrf: error on no master only when ALL interfaces are being brought up
brought up
Ticket: CM-11016
Reviewed By: julien, nikhil
Testing Done: tested with config in the CM bug
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
brought up
Ticket: CM-10954, CM-10953
Reviewed By: julien
Testing Done: ran ifupdown2 smoke and vrf ifup/ifdown testing
- vrf master if not around is brought up when the first slave is brought up
by design (because we want the slaves to be
enslaved to a vrf master before addresses are configured).
and master is not brought up by first because interfaces
are brought up down to top in the dependency tree.
- This patch makes sure a slave brings up a vrf master only
when all interfaces are specified. When an individual interface
is brought up, skip master bring up and throw an error.
- Since the addon modules also need to use the ALL and WITH_DEPENDS
flags, this patch moves them to the existing global ifupdownflags
class
- vrf module uses the ifupdownflags.ALL flag to not bring up the master
when only the slave is being brought up
example:
ifup <vrf> # brings up the vrf device
ifup <vrf> --with-depends # brings up the vrf dev and
# its slaves
ifup <vrf_slave> # if vrf master is not around,
# an error is thrown
ifup <vrf_slave> --with-depends # will still not bring up the vrf master
ifdown <vrf> # deletes vrf dev and flushes the
# addresses on vrf slaves
ifup <vrf> # brings up vrf dev and does not
# up the adresses on the slaves
ifup <vrf> --with-depends # will bring up vrf and reapply config
# on slaves (including addresses)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10569
Reviewed By: julien, nikhil
Testing Done: Tested ifquery -c as non root user
unlike ifup/ifdown/ifreload, ifquery can be called by a
non-root user. so make sure we dont write the root owned
vrf map file during ifquery
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By: dsa, nikhil, julien
Testing Done: Tested with system reserved table names
example: err msg:
$ifquery default
auto default
iface default
vrf-table auto
error: default: cannot use system reserved ['253', '0', '254',
'255'] table names
This patch makes all tables in /etc/iproute2/rt_tables reserved
$cat /etc/iproute2/rt_tables
255 local
254 main
253 default
0 unspec
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, with different configurations for physical & logical devices
This patch adds 'ifquery --with-defaults' to print the policy default
values for unconfigured attributes.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10465
Reviewed By: julien, nikhil
Testing Done: Tested creating more than 64 vrf devices
example config:
{noformat}
%for v in range(1, 66):
auto vrf${v}
iface vrf${v}
vrf-table auto
%endfor
{noformat}
also, since vrf module already does a link up on vrf dev, remove
link up of vrf dev from ifupdownmain scheduler callback
Ticket:
Reviewed By: dsa
Testing Done: tested boot with vrf devs and checking vrf-helper args
Call it with the 'boot' arg at boot:
/usr/lib/vrf/vrf-helper create blue 1002 boot
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
This patch adds a new argument '--with-defaults' to 'ifquery'
when 'ifquery --with-defaults' is executed, running states of all interface
attributes are compared against respective configured attributes from
/etc/network/interfaces file, if configured. Otherwise, compared against
default attributes from policy file
This patch also: (1) fixes ifquery check failure for bridge-* stp attributes.
(2) removes vrf-default-route and vrf-cgroup attributes from ifupdown2 policy
and just have the vrf-helper attribute
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10178
Review: trivial
Testing: tested with failing testcase in the CM
This patch fixes a check in vrf map initialization code which did
not account for running vrfs correctly. This caused the case where
there were no running vrfs but stale map file to fail.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
addons,ifupdown,sbin: adding ifquery --with-defaults option
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
This patch adds a new argument '--with-defaults' to 'ifquery'
when 'ifquery --with-defaults' is executed, running states of all interface
attributes are compared against respective configured attributes from
/etc/network/interfaces file, if configured. Otherwise, compared against
default attributes from policy file
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10178
Review: trivial
Testing: tested with failing testcase in the CM
This patch fixes a check in vrf map initialization code which did
not account for running vrfs correctly. This caused the case where
there were no running vrfs but stale map file to fail.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10329 and others
Reviewed By: julien, nikhil
Testing Done: Tested vrf sanity and negative cases
- This patch also fixes duplicate rule additions (every reload
was causing ip rules to be added)
- This patch also adds support for vrf_helper which is commented
out due to some problems.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: cleanup
Reviewed By:
Testing Done: Tested ifupdown sanity
This gets rid of some ugly previous flag handling which was
passed through modules. This creates a global instance of
flags that all addon modules and helper modules can use.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
