Ticket: CM-10178
Review: trivial
Testing: tested with failing testcase in the CM
This patch fixes a check in vrf map initialization code which did
not account for running vrfs correctly. This caused the case where
there were no running vrfs but stale map file to fail.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: None
Reviewed By: Roopa
Testing Done: This error happened when running ifquery -c -a with
auto vx-42
iface vx-42
vxlan-id 42
vxlan-local-tunnelip 27.0.0.11
mtu 1500
This can be used to execute third party scripts.
One such script /var/lib/ifupdown2/hooks/get_reserved_vlan_range.sh
if exists is used by the vlan module to get the reserved
vlan range on the system.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10329 and others
Reviewed By: julien, nikhil
Testing Done: Tested vrf sanity and negative cases
- This patch also fixes duplicate rule additions (every reload
was causing ip rules to be added)
- This patch also adds support for vrf_helper which is commented
out due to some problems.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10471
Reviewed By:
Testing Done: Tested with failing config in CM-10471
Recent commit "84f33af6e1f53d ("address.py: default value for mtu when
mtu attribute is removed") CM-9449" enabled setting of device mtu to default
mtu if mtu is not given in the interfaces file.
logical devices like bridges and vlan devices rely on mtu
from their lower devices. ie mtu travels from
lower devices to upper devices. For bonds mtu travels from
upper to lower devices. running mtu depends on upper and
lower device mtu. With all this implicit mtu
config by the kernel in play, it becomes almost impossible
to compare running mtu with the default mtu.
This commit disables this resetting of mtu based on default mtu.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10437
Reviewed By: CCR-4480
Testing Done: Created a bond and made sure it's lacp_rate could be set fast or
slow wioth or without specifying the mode.
The current code assumes that for a bond to be in 802.3ad mode the "bond-mode"
parameter has to be specified in the list of bond attributes being set. Only
then will ifupdown2 allow the lacp_rate and lacp_bypass attributes to be set.
But since we have changed the default mode to be 802.3ad, the mode attribute no
longer needs to be specified for a bond to be in 802.3ad mode.
So, instead of doing a check for the configuration attributes to determine the
mode, the linkinfo cache is checked. And the cache is refreshed, just in case
the mode attribute has been specified and just previously been set. The order in
which the attributes are set is fixed for bonds, and the mode is always set
prior to the lacp_rate and lacp_bypass attributes.
Also, while testing this I noticed another assumption about the default value of
an attribute: min_links. A warning is displayed when min_links is not specified
or set to 0, and the mode is set to 802.3ad. Well, now that the default for
min_links is 1 it doesn't have to be specified, even if the mode is set to
802.3ad. So ifupdown2 checks the current state of min_links if it is not
specified as one of the attibutes. If it is 0, either by being specified as an
attribute or not being specified but having that value, and the mode is set to
802.3ad, a warning is displayed.
And there was this other little problem where if a bond already existed in the
linkcache it wouldn't be refreshed, even if the refresh=True parameter was
specified in the _bond_linkinfo_fill function.
Ticket: cleanup
Reviewed By:
Testing Done: Tested ifupdown sanity
This gets rid of some ugly previous flag handling which was
passed through modules. This creates a global instance of
flags that all addon modules and helper modules can use.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10292, CM-10282
Reviewed By: dsa, nikhil, julien
Testing Done: Tested dhcp config on an vrf slave
- Add support for policy module_globals variable
"vrf-exec-cmd-prefix". It is read into per module
self.vrf_exec_cmd_prefix variable
- If self.vrf_exec_cmd_prefix is present and interface is a
vrf slave, use ifupdown2 will call such command in vrf
context using:
"%s %s %s" %(<vrf-exec-cmd-prefix>, <vrfname>, <cmd>)
- This also fixes calling of dhcp refresh when a dhcp slave is
removed from a vrf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10302
Reviewed By: julien
Testing Done: Tested ifdown of an interface and make sure the addresses
are deleted
cache_invalidate can be called when an interface gets deleted
or on any other deletion event (this is because we dont really
know, what other things have been implicitly deleted by the kernel).
on ifdown, the cache can get invalidated. But if we dont
reset the cache flag, the fill cache functions can still think
the cache is valid and can return None for any queries.
This was happening to address queries, which resulted in
leaving behind configured addresses. because ifdown
thought that there were no running addresses on the interface.
Ticket: found during other testing
Reviewed By: trivial
Testing Done: Tested ifreload with dependency errors and dependencies
with upperiface being a master and also vlan device
This patch avoids false positives when set role is called twice
for an interface which is a vrf slave but also has a vlan device on
top of it.
Ticket: CM-10175
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb onto dell-s3000-02
This patch is a git revert of commit 934c4c49c0e77289e7d56349c44d14ca2c307621.
In addition to that, order of _addr_filter() function call arguments are
changed to match the function definition.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: trivial
Reviewed By: wkok
Testing Done: Tested ifupdown2 sanity and checked log messages from rtnetlink api
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This is cherry-pick of commit 269ff43d09ca4 from cumulus2.5
the same name
Ticket: CM-10051
Reviewed By: julien, nikhil
Testing Done: tested that bridge vlan attributes get applied correctly + ran ssim test testifupdown2.py
This was introduced by a patch that squashed multiple iface objects
into a single object.
That led to the below interfaces getting squashed into one. Which is not
the right thing to do:
{noformat}
auto Newbr.325
iface Newbr.325
address 24.0.0.22/30
address 3101🔤bcad:1::3/64
auto Newbr.325
vlan Newbr.325
bridge-igmp-querier-src 194.31.10.45
{noformat}
The 'vlan Newbr.325' ifaceobject needs to be kept separately and it is
of type BRIDGE_VLAN. so, this patch just makes sure these interfaces are
kept separately in the squash function.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By: trivial
Testing Done: tested address gets with refresh flag + ran ssim test testifupdown2.py
- also fixes refresh flag handling in cache _addr_fill function
- this api can be used to get addresses from the cache by first
refreshing the cache. So the caller gets fresh running addresses.
(its not used right now but came up during the need to re-apply
addresses for ipv6 vrf slaves since their addresses may disappear)
Ticket: CM-5900
Reviewed By: CCR-2921
Testing Done: Tested 'service networking stop' during system reboot and shutdown
this is cherry-pick of cumulus-3.2.y commit ac231e966a04eb78153d9b53f0d236a149c7bba5
This reverts commit 934c4c49c0e77289e7d56349c44d14ca2c307621.
Ticket: CM-10175
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
default addr fix for vrf check is deleting lo addrs accidentally
info: rtnetlink: setting link lo up
info: executing ip addr del ::1/128 dev lo
info: executing ip addr del 127.0.0.1/8 dev lo
info: eth0: running ops ...
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
when it is non-vlan filtering bridge
Ticket: CM-10083
Reviewed By: nikhil, julien
Testing Done: Tested ifreload testcase with CM-10083
Without this patch a bridge port could enslave itself to the bridge
when it finds that the bridge is around. This is a required feature
for vlan filtering bridge because vlan filtering bridge port attributes
are specified under the bridge port and the bridge port needs the power
to enslave to the bridge and apply bridge port attrs.
For the non-vlan filtering bridge, a few bridge port combinations are
not allowed by default (eg, mixing different vlans under the same bridge).
The bridge has the understanding of which ports are allowed. so only it
should have the power to enslave bridge ports. This patch enforces that
power. With this patch the sequence of deleting and enslaving bridge
ports is done at the bridge with deletes followed by adds.
example verbose snippent from ifreload output:
ip -force -batch - [link set dev swp49s0 nomaster
link set dev swp49s1 nomaster
link set dev swp49s0.300 master Oldbr
addr flush dev swp49s0.300
link set dev sidelink.300 master Oldbr
addr flush dev sidelink.300
link set dev swp49s1.300 master Oldbr
addr flush dev swp49s1.300
link set dev swp4 master Oldbr
addr flush dev swp4]
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10188, CM-10061
Reviewed By: dsa, nikhil, julien
Testing Done: Tested static routes with vrf names for tables
This patch does the following:
- if a single vrf device is present in the config,
builds the vrf map by reading vrf interfaces from the kernel (with
existing link cache. Builds a shadow vrf only attribute cache)
- reads existing table map and adjusts it if required
- main change is the iproute2 map file on disk is updated
immediately on vrf creation, so that static routes used along with the
vrf slaves can use the vrf name for the table. This also helps dhclient dns
hook script which may use mgmt table name directly.
- cleans up default routes on down
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10188, CM-9881
Reviewed By: nikhil, julien, dsa, daniel
Testing Done: Tested mgmt vrf bringup, teardown, static routes at boot
etc
This patch fixes a few things:
- kill existing ssh clients on enslavement change for mgmt vrf (original patch by NikhilG)
- bring vrf master up first during vrf slave enslavement if
master does not exist. This was originally done only for
vrf dhcp slaves. With this patch we do it for all vrf slaves.
needed for static routes on vrf slaves (CM-10188).
- cleanup: reorganize code and a few cleanups and corner case handling
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Nikhil Gajendrakumar <nikhil@cumulusnetworks.com>
Ticket: CM-10027
Reviewed By: julien, nikhil
Testing Done: Tested with an interfaces file with shared dependents
In the process of fixing this saw a few more issues with link kind
handing. Its better to separate kind from interface private flags
like bond slave and bridge port. this patch cleans up all that handling.
Example errors:
error: misconfig..? swp5.2 vrfslave is enslaved to multiple interfaces
['vrf1012', 'br2']
error: misconfig..? swp5.2 bridgeport is enslaved to multiple
interfaces ['vrf1012', 'br2']
This was bringing down vrf master earlier than required
leading to ssh session hangs in case of management vrf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9881
Reviewed By: Roopa Prabhu
Testing Done: yes
This patch is the second version of drop ssh sessions
changes:
added try catch around os.setsid()
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
fixes the following:
- if the vrf slave had a master but is no longer a slave
according to ifaceobj, look at running state and
undo vrf enslavement
- add support to cl-vrf service disable <vrf>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This was bringing down vrf master earlier than required
leading to ssh session hangs in case of management vrf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9881
Reviewed By: Roopa Prabhu
Testing Done: yes
***initial version ***
SSH clients will be closed to avoid the connection hang
when management VRF is enabled or disabled using a login through eth0
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10016
Reviewed By:
Testing Done: Tested with the upperiface bring up case described in
CM-10016
upperiface bringup is best effort and does not imply that the current
interface bring up has an error. It only means that the upperiface may
be in an incomplete state. Hence this patch resets scheduler error state
before returning from upperiface bringup.
Ticket:
Reviewed By:
Testing Done: Tested vrf-table id with valid and invalid table ids
currently the reserved table id range is set to 1001-5000
and it comes from a policy file /var/lib/ifupdown2/policy.d/vrf.json
