Ticket: CM-9668
Reviewed By: daveO, roopa (patch by daveO)
Testing Done: Tested reboot/shutdown and made sure network
unconfiguration was not getting triggered
This is controlled by a variable SKIP_DOWN_AT_SYSRESET="yes"
(defaults to yes). Should probably default to 'no' for upstream.
non-persistant storage
This is a reimport of missing peices of commit
f819c3602e56 in 2.5cl ifupdown2.
commit log from 2.5cl:
Introduce a lock file in non-persistent storage
/run/network/ifstatelock to make sure the state
file in persistent storage is cleaned up correctly
ifupdown2 state file was moved to /var/tmp because /var/tmp was
tmpfs and was large enough (100MB) for the state file. But it
appears it has changed (or is not consistent) across all platforms.
We can move it under /run, but /run again size varies on various
platforms and it is too small on some platforms.
This patch:
- continues to keep the ifupdown2 state file under /var/tmp (because
it needs the space)
- ntroduces a second level /run/network/ifstatelock file that stays
on non-persistant storage and is used to delete the state file at
/boot up
Closes: CM-9573, CM-7774
Review: CCR-3623 (original review)
Tested-by: Mallikarjuna rao Uppalapati <mallik@cumulusnetworks.com>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: none
Reviewed By: trivial
Testing Done: installed, Alex tried for image creations.
apparently with some of our packages like mstpd still using init.d for a
while longer, just having the init.d/networking file causes the original
complaints about loops between services.
So I'm purging it completely.
Also clean up the comments a bit in start-networking
Ticket: CM-8790
Reviewed By: wkok,roopa
Testing Done: built, installed, rebooted
jessie's networking starts as an init.d service. Trying to force ordering
between init.d and systemd services when there are dependencies doesn't work
well (especially since the init.d/networking service is forced very early
because of the remote filesystem requirement in jesie).
Converting networking to a script run as a systemd service allows us to start
networking after switchd. The new script is /sbin/start-networking. I chose
to keep it in /sbin, rather than put it in /usr/cumulus/bin, because it's core
functionaity.
I am not removing /etc/init.d/networking, it just gets ignored unless somebody
types it manually. If somebody does that, systemctl runs through the lsb
hooks. The two lost abilities below are just ignored if passed. I'm
also preventing creating the rc.d symlinks to the init.d/networking
script to reduce future confusion.
We lose some init.d "convenience" functionality because it's not available
through systemd. What we lose are:
reload-currently-up - can still be done with ifreload --currently-up
force-reload - can still be done with ifreload -f -a
We keep start, stop, reload, restart
These include changes that were done to move ifupdown2
to use pybuild and some debian policy fixes
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7995
Reviewed By: CCR-3850
Testing Done: Tested exit code on syntax errors
This patch adds members 'errors' and 'warns' to networkinterfaces.py
to track errors and warns during parsing interfaces file.
This patch also adds --syntax-check option to ifreload
given people seem to use ifreload more than ifup these days.
$ ifreload --syntax-check -a
error: /etc/network/interfaces: iface swp1.200: unsupported keyword (roopa-attr)
$ echo $?
1
(cherry picked from commit e643a136fcf5d387ff0f9a31cb6a6af4983e1012)
Ticket: CM-7939
Reviewed By: CCR-3732
Testing Done: Tested ifreload --allow=class
this now
The ifreload classes already supported allow. This just opens up the
option in /sbin/ifupdown
example 1:
---------
auto swp1
iface swp1
allow-test swp2
iface swp2
allow-test swp3
iface swp3
/* should only act on swp2 and swp3 */
example 2:
---------
auto swp1
iface swp1
allow-test swp2
iface swp2
allow-test br1
iface br1
bridge-ports swp25 swp26
/* change bridge name and do an ifreload */
auto swp1
iface swp1
allow-test swp2
iface swp2
allow-test br2
iface br2
bridge-ports swp25 swp26
should delete br1 and create br2
(ie to allow -i option)
Ticket: CM-7066
Reviewed By: CCR-3636
Testing Done: Tested ifupdown2 -i option
Administrators can protect from sudo users executing files with -i
by changing the disable_cli_interfacesfile=1 in ifupdown2.conf
I have uploaded the patch in CCR-3636. And checked with shm and nolan
before pushing this change in 2.5.4.
The default is being changed because of the fear of breaking existing
users of -i after an upgrade to 2.5.4.
The shipping default behaviour for -i will be revisited in 3.0
timeframe.
(cherry picked from commit 5dce566a94dafc99c441e66c412d8d66a083aa5e)
Ticket: CM-7066
Reviewed By: roopa
Testing Done: unit tested and wrote new testcase in testifupdown2
Use case for ifquery where stdin used with -i breaks
because interfacesfileiobuf was not checked in addition to interfacesfilename.
Testcase like:
echo '[{"name": "swp1","auto": true,"config": {"address": "10.10.10.10/24"}}]' | ifquery -i - -t json swp1
would fail because while -i was given with stdin, the check for missing filename would produce an error.
It was also decided by consensus that the ifquery command does not need to have a check for
disable_cli_interfacesfile since a query "should" not pose a security check.
(I've also added some test cases for this in cl-tests).
(cherry picked from commit 4d37e932b43da87a9240a866be2d8b9508a9c7eb)
Ticket: CM-7066
Reviewed By: scotte,roopa,olson
Testing Done: Unit testing and regression testing
This patch does two things:
1. It moves the interfaces config file name to the ifupdown2.conf file in /etc/network/ifupdown2.
This should allow administrators to specify a config file location different from the default and allow
subsets of users to use it without giving them access to specifying their own with the -i option in ifup/ifdown.
2. It also adds a new config setting called "disable_cli_interfacesfile" used to prevent users
from specifying their own interfaces file. This defaults to "1" (even if it is not configured).
Note: this new default takes away users ability to specify an interfaces file.
This should close the vulnerability where users could specify their own interfaces file
and add arbitrary user commands.
This leaves the shell=True option in the user commands add-on module since the ifup/ifdown/ifreload/ifquery
commands already require root access to run and the interfaces config file also requires root access to modify.
1. clag_enable flag in the bonding driver
2. And clagid in clagd
Ticket: CM-4091
Reviewed By:
Testing Done: yes
1. Two new commands have been introduced in clagctl - setclagid and showclagid.
These commands will be used by ifupdown2 to set and read/check the clagid.
2. In addition a bit will be maintained per-bond in the bonding driver to
indicate if a bond is a CLAG bond.
(cherry picked from commit cb160bad45d330fe5f544d0d9a40c1c77b9b563f)
over ifup handling of upperifaces by default) + some fixes in the
reserved vlan check
Ticket: CM-3346
Reviewed By:
Testing Done: Tested ifupdown sanity.
Ticket: CM-4204
Reviewed By:
Testing Done: Tested ifreload with interfaces file in the bug
My last checkin moved the auto flag around causing the breakage
ifupdown logging from /etc/init.d/networking.
Ticket: CM-3891
Reviewed By:
Testing Done: Tested changing default networking parameters
- This provides a way to log to syslog
- if syslog is not enabled, msgs are output to stdout (in case of boot
these should be captured by bootlog in > 2.5)
Note that these values only affect logging from the
/etc/init.d/networking script and has nothing to do with ifupdown2
logging when ifupdown2 is used outside of /etc/init.d/networking
Ticket: CM-3346
Reviewed By:
Testing Done: ifupdown2 sanity
I dont see a real reason for a core file to debug ifupdown2 problems
currently. Will re-enable core file generation when i root cause the
issue.
Ticket: CM-3176
Reviewed By: trivial
Testing Done: Tested ifreload with the testcase in the bug
This broke when i recently fixed --allow-classes support for ifup/ifdown
example fixes
Ticket: CM-2911
Reviewed By: CCR-1637
Testing Done: tested ifupdown2 sanity and bash completion
The python argcomplete module that i use for ifupdown2 has a limitation
that it does not work with sudo when used in the global mode. But there is
a workaround for it online (long story short...instead of enabling the global
argparse complete ...the author recommends registering argparse complete bash
completion individually for your script). This patch does just that.
This patch also moves the udev overrides to their respective packages.
Two of them are owned by ifupdown2.
Conflicts:
rootconf/default/home/cumulus/sysroot-complete
warnings on ifupdown)
Ticket: CM-1438
Reviewed By:
Testing Done: Tested ifupdown2 sanity
Some of the above mentioned configurable items can be specified in
ifupdown2.conf
param-id). Its less prone to problems.
Ticket: CM-1438
Reviewed By:
Testing Done:
- Also add bpdufilter support
- This also gets rid of caching for mstpctl output
attributes' for backward compatibility
Ticket: CM-1438
Reviewed By:
Testing Done: Tested ifupdown sanity and new functionality
support for:
- -i <interface file>
- template lookup path and move all template handling to a separate
module template.py
- new ifupdown2 config file /etc/network/ifupdown2/ifupdown2.conf
- bridge_waitport and bridge_maxwait
- moved addons.conf to /var/lib/ifupdownaddons/
update the cache yet and that can cause problems during add
Ticket: CM-2491
Reviewed By:
Testing Done:
Still working on the cache update support during batching.
Ticket: CM-1438
Reviewed By: review pending
Testing Done: Tested ifup/ifdown
Before this patch, `ifup --with-depends <iface>` only brought up
lowerdevices. Because those were enough for iface to function.
And if ifaces above it (upperdevices) needed fixing, user could just
execute `ifup --with-depends <ifaceupper>`.
But in a recent, bond under a bridge bug in 2.0, got me thinking that
its probably better to up the upperdevices which might be impacted as
well. and this patch does just that.
The patch includes changes to make ifupdown generate dependency
information for all interfaces even if the user requested to operate
on a single interface. This is to get a full view of the interfaces file.
This might add some overhead. Should not change anything during boot.
Still looking at ways to optimize.
Ticket: CM-1438
Reviewed By:
Testing Done:
This also fixes a bug with address handling:
- If the user changed a primary address, flush all the addresses and
re-add them. Previously, if user added a new primary address, it would
ust get appended to the end of the address list as a secondary address.
Ticket: CM-1438
Reviewed By:
Testing Done:
- Moved link config to base ifupdown. I had been debating about this,
this is need to support manual and also the --no-scripts option.
- helps executing only link up/down operations if needed on an interface
- While at it, i also moved the scheduler methods to be classmethods
instead of instance methods (which again was a pending cleanup task)
Ticket: CM-1438
Reviewed By:
Testing Done: unit tested with all kinds of interfaces
some high level changes
- moved ipv4/ipv6 address handling in a single module. dhcp
into a separate module.
- new link 'up' module
- igmp fixes
- many other fixes
added a --with-depends option)
Ticket: CM-1438
Reviewed By:
Testing Done:
still debating on the default behaviour for following dependents.
for now not following dependents might be better.
When all interfaces are selected, it always follows dependents
Ticket: CM-1438
Reviewed By:
Testing Done: tested with configs involving vlan devices and bridges
- fix dependency handling which i had broken recently with my last
checkin (nat reported this one)
- In inet pluggins, dont issue ip addr get unless required (saw cpu
spike up because of CM-1889)
- and some other minor changes lying in my tree
