the same name
Ticket: CM-10051
Reviewed By: julien, nikhil
Testing Done: tested that bridge vlan attributes get applied correctly + ran ssim test testifupdown2.py
This was introduced by a patch that squashed multiple iface objects
into a single object.
That led to the below interfaces getting squashed into one. Which is not
the right thing to do:
{noformat}
auto Newbr.325
iface Newbr.325
address 24.0.0.22/30
address 3101:abc:bcad:1::3/64
auto Newbr.325
vlan Newbr.325
bridge-igmp-querier-src 194.31.10.45
{noformat}
The 'vlan Newbr.325' ifaceobject needs to be kept separately and it is
of type BRIDGE_VLAN. so, this patch just makes sure these interfaces are
kept separately in the squash function.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10188, CM-10061
Reviewed By: dsa, nikhil, julien
Testing Done: Tested static routes with vrf names for tables
This patch does the following:
- if a single vrf device is present in the config,
builds the vrf map by reading vrf interfaces from the kernel (with
existing link cache. Builds a shadow vrf only attribute cache)
- reads existing table map and adjusts it if required
- main change is the iproute2 map file on disk is updated
immediately on vrf creation, so that static routes used along with the
vrf slaves can use the vrf name for the table. This also helps dhclient dns
hook script which may use mgmt table name directly.
- cleans up default routes on down
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10188, CM-9881
Reviewed By: nikhil, julien, dsa, daniel
Testing Done: Tested mgmt vrf bringup, teardown, static routes at boot
etc
This patch fixes a few things:
- kill existing ssh clients on enslavement change for mgmt vrf (original patch by NikhilG)
- bring vrf master up first during vrf slave enslavement if
master does not exist. This was originally done only for
vrf dhcp slaves. With this patch we do it for all vrf slaves.
needed for static routes on vrf slaves (CM-10188).
- cleanup: reorganize code and a few cleanups and corner case handling
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Nikhil Gajendrakumar <nikhil@cumulusnetworks.com>
Ticket: CM-10027
Reviewed By: julien, nikhil
Testing Done: Tested with an interfaces file with shared dependents
In the process of fixing this saw a few more issues with link kind
handing. Its better to separate kind from interface private flags
like bond slave and bridge port. this patch cleans up all that handling.
Example errors:
error: misconfig..? swp5.2 vrfslave is enslaved to multiple interfaces
['vrf1012', 'br2']
error: misconfig..? swp5.2 bridgeport is enslaved to multiple
interfaces ['vrf1012', 'br2']
This was bringing down vrf master earlier than required
leading to ssh session hangs in case of management vrf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This was bringing down vrf master earlier than required
leading to ssh session hangs in case of management vrf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10016
Reviewed By:
Testing Done: Tested with the upperiface bring up case described in
CM-10016
upperiface bringup is best effort and does not imply that the current
interface bring up has an error. It only means that the upperiface may
be in an incomplete state. Hence this patch resets scheduler error state
before returning from upperiface bringup.
Ticket: CM-9993
Reviewed By: julien
Testing Done: Tested with interfaces file and steps described in the CM
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7168
Reviewed By: julien, nikhil, stannous
Testing Done: Tested with errors in interfaces file
This patch changes a few errors to warns. and propagates errors
on ifaceobjects to upperlayers.
- any exception passed to upper layers (/sbin/ifupdown) results in
exit code of 1
- It uses a global SCHED flag to flag a scheduler error (maybe there is
a better way). But traversing all the interfaces again to check status
is an overkill
- Changes a few errors to warns
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
default
Ticket:
Reviewed By: CCR-4268 (previous review)
Testing Done: Tested ifup/ifdown/ifreload/ifquery of multiple iface stanzas for
same interface
This patch is an extension to previous commit 99ce689411.
The previous commit squashes both external (ifquery) and internal
(ifup/ifdown/ifreload) representation of multiple iface stanzas into
one and it is off by default.
What we really want is internal representation to be squashed by
default. To that effect this patch introduces a new config flag
ifaceobj_squash_internal to only squash internal representation which is
used by ifup/ifdown/ifreload. ifquery forces this flag to off so that
external representations remain unsquashed and user does not see any
difference. This flag is on by default.
User can still get a squashed external representation if he sets
ifaceobj_squash=1 in ifupdown2.conf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By: trivial
Testing Done:
This patch adds WARNING to ifaceStatus and adds a new method
iface:set_status
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By: CCR-4268
Testing Done: Tested squashing of interfaces with multiple iface stanzas
This is controlled by ifaceobj_squash config variable in
/etc/network/ifupdown2/ifupdown2.conf.
With ifaceobj_squash=1, ifquery and all commands will
output squashed interfaces.
$cat /etc/network/interfaces
auto swp3
iface swp3
mtu 9000
auto swp3
iface swp3 inet static
address 10.0.17.3/24
auto swp3
iface swp3 inet static
address 10.0.18.3/24
address 2000:1000:1000:1000:3::5/128
$ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto swp3
iface swp3
mtu 9000
address 10.0.17.3/24
address 10.0.18.3/24
address 2000:1000:1000:1000:3::5/128
When and why do we need this ?
- If we preserve multiple ifaceobjects for the same iface,
it gets tricky in some cases to set default policy
values because the addon module run methods are called
on each ifaceobject.
- Each ifaceobject belonging to the same interface
is treated as a separate interface. It is difficult
to remember things accross addon module run methods
- we have a few hacks in place which we would like to
get rid of
Why not turn it on by default ?
- still debating about it. Dont want to break existing
scripts with change of output. Will get some feedback before
I switch the default to squash.
We dont need to fail on saved state dependency graph generation errors.
Also dont check for shared dependents during dependency graph generation
on saved state (optimization)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9677
Reviewed By: nikhil
Testing Done: Tested with bond config file in CM-9677
This patch replaces the following attributes:
bond-ad-sys-priority with bond-ad-actor-sys-prio
bond-ad-sys-mac-addr with bond-ad-actor-system
The new attributes correspond to the new sysfs files below:
/sys/class/net/sidelink/bonding/ad_actor_sys_prio
/sys/class/net/sidelink/bonding/ad_actor_system
Old values will be accepted with a deprecated warning:
warning: attribute bond-ad-sys-priority is deprecated. Use bond-ad-actor-sys-prio instead
warning: attribute bond-ad-sys-mac-addr is deprecated. Use bond-ad-actor-system instead
Ticket: CM-8729
Reviewed By: Nikhil
Testing Done: Tested with vlan device with vlan-raw-device in interfaces
file
also reported here: https://github.com/CumulusNetworks/ifupdown2/issues/10
is_keyword was matching iface attribute 'vlan-raw-device' to the vlan
keyword and dropping it from ifaceobj config.
Ticket: CM-9595
Reviewed By:
Testing Done: tested with failing vrf config in CM-9595
due to same upperiface getting processed more than once,
there was an unnecessary refcount inc on the lowerdevice.
This patch aborts processing upperiface if already
processed and also adds a new debug function to
dump lower and uppper ifaces of all interfaces in the
file.
The vrf device may not be up when ifup is executed on the
slaves. This commit makes sure:
- vrf slaves dont try to enslave themselves when vrf device is
not present
- And vrf master enslaves any missing slaves during ifup of vrf master
- Also make vrf device the link master, this will make sure
the vrf device brings the vrf slave links up. This is needed to work
around the ipv6 address flush issue
Closes: CM-9493
Review: dsa, nikhil, wkok (via git send-mail)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This patch adds a new upperiface module handler get_upper_ifacenames
to get upperifaces from a addon module. This is called during building
dependency graph.
Closes: CM-9493
Review: dsa, nikhil, wkok (via git send-email)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8455
Review: CCR-4181
Testing: tested ifreload on builtin interface change
This patch handles removal of builtin interfaces (example swp*.100
below..which dont have iface sections) during a ifreload.
{noformat}
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports swp3.100 swp15.100
{noformat}
if user changes swp15.100 to another interface and does a ifreload,
before this patch swp15.100 used to be around. This patch makes sure
swp15.100 is deleted in the process
I had to do some cleanup of flags in the process. I might have added
some extra cycles to ifreload. But i dont see an easy way to handle this
case.
Ticket: CM-9078
Reviewed By: CCR-4110
Testing Done: clag bond add/del and clag slave add/del
This change basically does the following -
1. Proto-down swpX pre-clag-bond-enslave
2. Proto-up swpX post-clag-bond-release
Setting/clearing of clag-id will result in similar proto-state changes
and those are handled by clagd.
Note:
I really wanted to keep these changes out of ifupdown2 but the
order of setting is critical i.e. protodown has to happen enslave to
prevent additional flaps/STP TCNs. Theoretically #2 can be done by clagd
but there is no easy way to do #1.
Ticket: None
Reviewed By: CCR-4058
Testing Done: ifup'd interface with both dhcp-wait: "no" and dhcp-wait: "yes"
and not specified at all.
A previous patch implemented the nowait option for DHCP. This patch changes the
name of the option to "dhcp-wait" and makes the default, if nothing is specified
in the policy files, to be "yes", which means dhclient will be called without
the "-nw" option, causing it to wait for up to a minute for a response from the
DHCP server before continuing.
The format of the JSON in the policy file for this option was also changed so
that it conforms to the other ifupdown2 policy options. This format is now:
{
"dhcp": {
"defaults": { "dhcp-wait": "no" }
}
}
Also, the documented argument values are "yes" and "no". Any other values, will
be interpreted as "yes".
A subsequent patch in cl-basefiles will be made to include this fragment in
/var/lib/ifupdown2/policy.d/dhcp.json so that Cumulus Linux will default to
not waiting for DHCP to complete.
Change policy manager default policy file location:
from /var/lib/ifupdownaddons/policy.d to
/var/lib/ifupdown2/policy.d
This aligns well with the user policy file location:
/etc/network/ifupdown2/policy.d/
Fixes 59dad2ca80("debian: sync debian files with from upstream debian repo")
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
before this commit, an error in reading a sourced file would
result in an error. This commit converts it to a warning and continue
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Add back missing ifupdown/ifupdownconfig.py.
fixes a cherry-pick error.
Fixes 0582f185ed ("ifupdown2: address: squash addr config and process
them on the youngest sibling")
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8330
Reviewed By: balki
Testing Done: Tested with interfaces file in the bug
(cherry picked from commit 14570e6d442d1c9a3742f1dd989f7af673e3cc7f)
Ticket: CM-7995
Reviewed By: CCR-3850
Testing Done: Tested exit code on syntax errors
This patch adds members 'errors' and 'warns' to networkinterfaces.py
to track errors and warns during parsing interfaces file.
This patch also adds --syntax-check option to ifreload
given people seem to use ifreload more than ifup these days.
$ ifreload --syntax-check -a
error: /etc/network/interfaces: iface swp1.200: unsupported keyword (roopa-attr)
$ echo $?
1
(cherry picked from commit e643a136fcf5d387ff0f9a31cb6a6af4983e1012)
Ticket:
Reviewed By:
Testing Done: Tested ifquery --check with bridge-pvid
bridge-pvid and bridge-vids on a bridge does
not correspond directly to a running config
on the bridge. They correspond to default
values for the bridge ports. And they are
already checked against running config of the
bridge port and reported against a bridge port.
So, This patch ignores these attributes under the bridge.
Uses '2' for ignore today. XXX: '2' will be
mapped to a defined value in subsequent patches.
Before:
auto bridge
iface bridge
[fail]
bridge-vlan-aware yes [pass]
bridge-ports swp3 swp4 [pass]
bridge-pvid notfound [fail]
After:
auto bridge
iface bridge
[pass]
bridge-vlan-aware yes [pass]
bridge-ports swp3 swp4 [pass]
bridge-pvid 20
(cherry picked from commit 29e70abbf7920cf94c3ebd738dd757c2ca27b35c)
Ticket: CM-7917
Reviewed By: CCR-3845
Testing Done: Tested changing address and ifreloading on multiple iface stanzas
In presence of multiple iface stanzas, current ifupdown2 does not purge
existing addresses.
Because each ifaceobject processing looks at only its stanzas and it is
afraid that it may purge running addresses that does not belong to
itself. Historically multiple iface stanzas are processed individually
than squashing them as a single interface. Squashing iface stanzas into
a single iface stanza has been a problem in the past and also does not
work well with iface stanzas that are supported by ifupdown (I dont have
a specific problem example right now...but)
This patch processes all address attributes when processing the first iface
object (or iface stanza). Unsure if this can be a surprise to existing
users. It should not but cant say sometimes people have weird things in
their pre-up/post-up commands. Hence this is controlled by a ifupdown2.conf
variable addr_config_squash=0 set to off by default. still debating if this
can be on by default.
When addr_config_squash=0 and existing addresses are not purged a
warning is displayed:
"warning: swp1: interface has multiple iface stanzas skip purging
existing addresses"
(cherry picked from commit 7aaa75674547392f2abb8273b18671f0795b3eaf)
listed interface that had a blacklisted parent
Ticket: CM-7851
Reviewed By: CCR-3664
Testing Done: Tested with auto/non-auto dependent and non-dependent interfaces
example config from sam:
iface swp3.100
auto swp3
iface swp3
iface swp3
address 66.66.66.66/24
Ticket: CM-6740
Reviewed By: roopa
Testing Done: tested multiple ifreloads with various test cases
In the case of duplicate iface stanzas where one of the stanzas sets
the link attributes, ifupdown2 was confused because the absence
of link attributes forced it to reset them to default values
(when they existed).
This patch tracks link changes and prevents resetting to defaults
only if there are no explicit settings configured. Furthermore,
only the last interface processed (from the duplicates) will take
care of resetting to defaults.
Ticket: CM-7851
Reviewed By: CCR-3639
Testing Done: Tested a combination of auto and non-auto interfaces.
This fixes a regression introduced in 2.5.4 where ifreload was
picking up non-auto interfaces
This also fixes a minor issue with blacklisting interfaces introduced by
("450c679249b546dbc2cd97d81b49e011fec948bd remove blacklisted interfaces
only if they are upperifaces (ie root of the tree") when an interface
has multiple auto and non-auto stanzas (A rare case, but it was an easy
fix and around the same area).
example, the fix will now blacklist an interface only if all of its stanzas are
blacklisted. In the below example, swp4 is not blacklisted if user
specified auto because one of the iface stanzas is auto.
auto swp4
iface swp4
iface swp4
address 10.0.14.2/24
(cherry picked from commit ad6d4567fdf9413c804a348c1712d8706934264a)
Ticket: CM-7066
Reviewed By: roopa
Testing Done: unit tested and wrote new testcase in testifupdown2
Use case for ifquery where stdin used with -i breaks
because interfacesfileiobuf was not checked in addition to interfacesfilename.
Testcase like:
echo '[{"name": "swp1","auto": true,"config": {"address": "10.10.10.10/24"}}]' | ifquery -i - -t json swp1
would fail because while -i was given with stdin, the check for missing filename would produce an error.
It was also decided by consensus that the ifquery command does not need to have a check for
disable_cli_interfacesfile since a query "should" not pose a security check.
(I've also added some test cases for this in cl-tests).
(cherry picked from commit 4d37e932b43da87a9240a866be2d8b9508a9c7eb)
the tree)
Ticket: CM-7765
Reviewed By: CCR-3621
Testing Done: tested interface dependencies with auto and non-auto
interfaces
This commit fixes a change in behaviour introduced by "460906d0552d" ("skip adding
filtered or blacklisted interfaces in the dependency graph") that
skipped non-auto (or blacklisted) interfaces.
Turns out we have files out there that do have non-auto
dependents. This patch makes sure blacklisted interfaces who are
dependents of other interfaces are always picked up.
to make sure the state file in persistent storage is cleaned up
correctly
Ticket: CM-7774
Reviewed By: CCR-3623
Testing Done: Tested statefile accross reboots
ifupdown2 state file was moved to /var/tmp because /var/tmp was tmpfs
and was large enough (100MB) for the state file. But it appears it has
changed (or is not consistent) across all platforms. We can move it
under /run, but /run again size varies on various platforms and it is
too small on some platforms.
This patch:
- continues to keep the ifupdown2 state file under /var/tmp (because it
needs the space)
- ntroduces a second level /run/network/ifstatelock file that stays on
non-persistant storage and is used to delete the state file at /boot up
Ticket: CM-7635
Reviewed By: CCR-3575
Testing Done: Tested failing ifquery output in json format
This patch fixes a bug introduced by 0dea0cfeeec8b342ee2e2b767daa4071ac760f31
("Add support to display status (pass, fail) in ifquery --check json
output").
This patch separates the json encoders for iface objects with and
without status (ifaceJsonEncoder and ifaceJsonEncoderWithStatus) so
that they dont interfere with each other.
Ticket: CM-7464
Reviewed By: CCR-3507
Testing Done: Tested ifquery check sanity
ifquery --check non-json output displays 'pass' and 'fail' for
each attribute on the same line (see below). This output is not json
friendly. For json, include status in 'config_status' a dictionary
whose keys are similar to the 'config' dictionary but values are status
for the corresponding keys in the 'config' dictionary (see example below)
auto bond4
iface bond4 inet static
[pass]
bond-mode 802.3ad [pass]
bond-miimon 100 [pass]
bond-use-carrier 1 [pass]
bond-lacp-rate 1 [pass]
bond-min-links 1 [pass]
bond-xmit-hash-policy layer3+4 [pass]
bond-slaves swp3 swp4 [pass]
[
{
"name": "bond4",
"addr_method": "static",
"addr_family": "inet",
"auto": true,
"config": {
"bond-use-carrier": "1",
"bond-miimon": "100",
"bond-lacp-rate": "1",
"bond-min-links": "1",
"bond-slaves": "swp3 swp4",
"bond-mode": "802.3ad",
"bond-xmit-hash-policy": "layer3+4"
},
"config_status": {
"bond-use-carrier": "pass",
"bond-miimon": "pass",
"bond-lacp-rate": "pass",
"bond-min-links": "pass",
"bond-slaves": "pass",
"bond-mode": "pass",
"bond-xmit-hash-policy": "pass"
},
"status": "pass"
}
]
Ticket: CM-7066
Reviewed By: scotte,roopa,olson
Testing Done: Unit testing and regression testing
This patch does two things:
1. It moves the interfaces config file name to the ifupdown2.conf file in /etc/network/ifupdown2.
This should allow administrators to specify a config file location different from the default and allow
subsets of users to use it without giving them access to specifying their own with the -i option in ifup/ifdown.
2. It also adds a new config setting called "disable_cli_interfacesfile" used to prevent users
from specifying their own interfaces file. This defaults to "1" (even if it is not configured).
Note: this new default takes away users ability to specify an interfaces file.
This should close the vulnerability where users could specify their own interfaces file
and add arbitrary user commands.
This leaves the shell=True option in the user commands add-on module since the ifup/ifdown/ifreload/ifquery
commands already require root access to run and the interfaces config file also requires root access to modify.
Ticket: CM-6702
Reviewed By: roopa
Testing Done: unit and smoke tested with ifupdown2 suite
When address-virtual mac adddress is modified, removed from an SVI, or the SVI is removed,
the permanent mac address is not removed.
This patch addresses all three cases but creating a global statemanager instance
and removing address-virtual FDB entries that were previously configured.
Ticket: CM-6619
Reviewed By: CCR-3191
Testing Done: Tested upperiface bringup for bridge and vlan devices
'up' on bridge was always done to add the newly created port to the bridge
in cases where the bridge is not part of the interfaces being brought
up. But This will try to re-apply bridge port attributes on all bridge
ports and that can take a while when there are large number of bridge
ports. This patch currently avoids the bridge up for only the vlan
aware bridge case.
