This commit adds support for configuring GRE/IPIP/SIT tunnel interfaces as know
from previous versions of ifupdown. Currently only configuration checks for GRE
and SIT tunnels are implemented.
A tunnel interface configuration could look like this:
auto gre42
iface gre42 inet tunnel
mode gre
local 198.51.100.1
endpoint 203.0.113.2
#
# optional tunnel attributes
ttl 64
mtu 1400
tunnel-physdev eth0
#
address 192.0.2.42/31
address 2001:db8:d0c:23::42/64
auto he-ipv6
iface he-ipv6 inet tunnel
mode sit
endpoint 203.0.113.6
local 198.51.100.66
#
# optional tunnel attributes
ttl 255
mtu 1466
tunnel-physdev vrf_external
#
address 2001:db8:666::2/64
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Add interface configuration option »vxlan-physdev« to set »dev« attribute
of VXLAN interfaces and a check for the running configuration.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
* Add addon module for B.A.T.M.A.N. advanced interface configuration.
This commit adds support for configuring B.A.T.M.A.N. advanced interfaces
with ifupdown2. B.A.T.M.A.N. advanced is a protocol to build Layer2 based
mesh networks with. It's supported in the Linux kernel and thus available
in many Linux environments.
A configuration could look like this
auto bat0
iface bat0
batman-ifaces eth1 eth2.23
batman-ifaces-ignore-regex .*_nodes
batman-hop-penalty 23
#
address 192.0.2.42/24
where »bat0« would be the local connection to the mesh network.
The interfaces »eth1« and »eth2.23« would be used by the B.A.T.M.A.N. adv.
protocol to communicate to other member of the mesh network.
Any interfaces matching the »ifaces-ignore-regex« will be gently ignored
by ifquery and ifreload as there might be some tunnels or interfaces
added to the mesh network by other means which should not be removed by
any subsequent ifreload run.
The »hop-penalty» parameter set the penalty of this node within the mesh
network.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
* addons: batman_adv: replacing rtnetlink by netlink api call and iproute2 instantiation fix
These changes are due to modifications we introduced in debian-prep2.
We no longer use the rtnetlink_api but a new one "netlink" build on top of python-nlmanager.
* Reflect upstream change where flags are stored.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Pass the same environment variables to addon scripts from /etc/network/
as are passed to user defined commands in interfaces stanzas. This is
needed for compatibility with ifupdown.
Fixes: #14
This features will allow attributes to have aliases. Our use case today is
between bond-slaves and bridge-ports, which be a little confusing.
It follows the kernel api and existing linux tools. Bonding driver calls them
slaves and to the bridge driver they are ports.
With NCLU we we would like to be more consistent. We will now also support
"bond-ports"a
Ticket: CM-12763
Reviewed By: Roopa
Testing Done:
$ ifquery -a -c
auto bond0
iface bond0 [pass]
bond-slaves swp1 [pass]
auto bond1
iface bond1 [pass]
bond-ports swp2 [pass]
root@cel-redxp-06:~# ifquery -a -r
auto bond0
iface bond0
bond-lacp-bypass-allow 0
bond-slaves swp1
bond-mode 802.3ad
bond-use-carrier 1
bond-lacp-rate 1
bond-min-links 1
bond-miimon 100
bond-xmit-hash-policy layer3+4
auto bond1
iface bond1
bond-lacp-bypass-allow 0
bond-slaves swp2
bond-mode 802.3ad
bond-use-carrier 1
bond-lacp-rate 1
bond-min-links 1
bond-miimon 100
bond-xmit-hash-policy layer3+4
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-13434
Reviewed by: julien, nikhil, daniel
Testing Done: ifreload and multiple down [yes|no] sequences under
physical and logical interfaces (ifupdown2-tests test case is pending)
This also moves the fix done for CM-4125 (inet manual handling for
logical devices) into a single place under ifupdownmain.
attribute 'link-down [yes|no]' will not work in all cases when 'inet manual'
is used. This is only to preserve the semantics of 'inet manual'.
Best use of 'link-down [yes|no]' is to use it without 'inet manual'..
they are conflicting features anyways.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This reverts commit 02e00f54bb.
reverting this commit to move it to link.py addon module.
down conflicts with usercmds.py 'down'
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-13434
Reviewed by: julien, nikhil, daniel
Testing Done: ifreload and multiple down [yes|no] sequences under
physical and logical interfaces (ifupdown2-tests test case is pending)
This also moves the fix done for CM-4125 (inet manual handling for
logical devices) into a single place under ifupdownmain.
attribute 'down [yes|no]' will not work in all cases when 'inet manual'
is used. This is only to preserve the semantics of 'inet manual'.
Best use of 'down [yes|no]' is to use it without 'inet manual'..
they are conflicting features anyways.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-8401
Reviewed By: Roopa, Julien
Testing Done: tested on all bridge mstpctl attributes.
This patch resets th following bridge attributes to defauls when
users remove settings from interface config file.
mstpctl-treeprio
mstpctl-ageing
mstpctl-fdelay
mstpctl-maxhops
mstpctl-maxage
mstpctl-txholdcount
mstpctl-forcevers
mstpctl-hello
Added an api in policy manager to get policy default value of any
module attribute.
Added a cache for bridge attributes to save some runtime
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
It was initially set in a place where only interfaces with
dependencies were processed. This patch moves it to the right
place.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This reverts commit 32e2363a69.
I pushed this commit by mistake. It was a local commit waiting to be reviewed.
Reverting it for now, might be applied later after positive review.
Ticket:
Reviewed By: Roopa, Daniel W, Nikhil G, Dave O, Scott E
Testing Done: ifupdown2 smokes
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-12713
Reviewed By: Roopa, Nikhil G
Testing Done: Test from the bug
% for i in range(1,49):
iface swp${i}
mtu 9216
link-speed 10000
link-duplex full
link-autoneg off
% endfor
auto swp1
iface swp1
% ifup -a -v # should only up swp1
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-13316
Reviewed By: Roopa, Nikhil G
Testing Done:
auto v0
iface v0
vlan-id 100
vlan-raw-device tap1
auto v1
iface v1
vlan-id 100
vlan-raw-device tap2
auto v2
iface v2
vlan-id 100
vlan-raw-device tap3
auto br0
iface br0
bridge-ports tap9 regex v.*
In this specific case, if you remove v0 then execute ifreload ifupdown2 will
barf and say that v0 still exists as a dependency of br0.
From roopa:
The problem here is that the dependency gathering should have been done after
the ifdown's. However the ifdown's need the dependency tree for built in
interfaces which could be part of globs. And this dependency tree needs to be
the current state of things so can't do the selective picking of interfaces
either. So, its a chicken and egg problem.
Ideally when one uses regex, if he is removing an interface that was matched by
a regex, he has to do a 'ifdown' manually today. 'ifdown v0' in this case.
So today we decided to change the warning message to let the user know that he
should manually down the interface that matches a regex.
This is not a permanent fix but a work-around. We don't want to introduce new
changes that may introduce false positive case for existing and working config
post 3.2:
-----------
we should consider doing the down's in two phases during ifreload
a) down everything that we are very certain was removed from the file
(to make sure regex's don't catch it).
b) build dependency tree and run through the down's once more, to
catch all glob matches for built-in interfaces
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-12370
Reviewed By: Roopa, Kanna, Scott E
Testing Done:
This patch also fixes a problem where dhcp6 used to create lease file with
a trailing whitespace. dhcp6 operation were also sometimes using the wrong
pid file. I added some code in the debian.postinst script to correctly
rename these files if they exists when we install/update ifupdown2.
(cumulus-qa-infra/cl-tests/tests/smoke/testdhcp.py:Testdhcp_relay)
auto swp1
iface swp1 inet dhcp
link-speed 10000
link-duplex full
link-autoneg off
auto swp1
iface swp1 inet6 dhcp
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11536, CM-11537
Reviewed By: julien, nikhil
Testing Done: Tested ifup, ifdown, ifquery for inerface ranges
Code already supports 'iface swp1.[2-4]'
This patch extends that support to include 'iface swp[1-3].100'.
Also fixes boundary conditions described in CM-11537. This
makes it consistent with glob syntax.
example config file with all cases:
auto swp[2-4].100
iface swp[2-4].100
auto swp5.[100-104]
iface swp5.[100-104]
auto br0
iface br0
bridge-ports glob swp[6-7].100
auto bridge.[100-104]
vlan bridge.[100-104]
bridge-igmp-querier-src 123.1.1.1
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports glob swp8-9
bridge-vids 100-104
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-13453
Reviewed By: Roopa, Nikhil G, Daniel W
Testing Done: ifupdown2-tests
We had an issue where python-nlmanager and ifupdown2's nlmanager differed
When netd starts it loads ifupdown2's addons, so it also tries to do the
imports. Since the current working directy is not /usr/share/ifupdown2 but
netd directory it won't load ifupdown2's nlmanager first but python-nlmanager
if it exists.
Here we insert/hardcode /usr/share/ifupdown2/ first in the path to make sure
we load the right nlmanager
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-12988
Reviewed By: julien, nikhil, dsa
Testing Done: tested ifup and ifdown of vrf devices with address virtual
slaves
This patch fixes up macvlan device enslavements when vrf device
or vrf slave is brought down and up. address virtual macvlan
devices on vrf slaves need to enslaved to the vrf. This
patch checks and fixes up those vrf enslavements for the following
cases:
ifdown <vrf_device> && ifup <vrf_device>
ifdown <vrf_slave> && ifup <vrf_slave>
starting state:
------------
$ip -br link show
myvrf UP 46:c6:44:db:37:60 <NOARP,MASTER,UP,LOWER_UP>
bridge.901@bridge UP 44:38:39:00:77:88 <UP,BROADCAST,MULTICAST,UP>
bridge-901-v0@bridge.901 UP 00:00:5e:00:01:81 <UP,BROADCAST,MULTICAST,UP>
$ifdown myvrf
$ip -br link show
bridge.901@bridge DOWN 44:38:39:00:77:88 <BROADCAST,MULTICAST>
bridge-901-v0@bridge.901 DOWN 00:00:5e:00:01:81 <BROADCAST,MULTICAST,M-DOWN>
before patch (macvlan device bridge-901-v0 did not come up:
----------------------------------------
$ifup myvrf
$ip -br link show
bridge.901@bridge UP 44:38:39:00:77:88 <UP,BROADCAST,MULTICAST,UP>
bridge-901-v0@bridge.901 DOWN 00:00:5e:00:01:81 <BROADCAST,MULTICAST>
myvrf UP ce:a6:e1:85:75:73 <NOARP,MASTER,UP,LOWER_UP>
after patch:
------------
$ifup myvrf
$ip -br link show
bridge.901@bridge UP 44:38:39:00:77:88 <UP,BROADCAST,MULTICAST,UP>
bridge-901-v0@bridge.901 UP 00:00:5e:00:01:81 <UP,BROADCAST,MULTICAST,UP>
myvrf UP ce:a6:e1:85:75:73 <NOARP,MASTER,UP,LOWER_UP>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By: Roopa, Nikhil G
Testing Done:
ifupdown2's python addons are replacing some/most of the old ifupdown shell
scripts. When addon_scripts_support is set to 1, ifupdown2 will execute every
scripts present in /etc/network/if-$ACTION.d/ if a script exists with a name
identical to an ifupdown2 addon, this script won't be executed.
Sometimes an ifupdown2 addons doesn't have the same name as the ifupdown script
it's supposed to replace. Or maybe one addon is replacing several scripts.
For example: bond.py is replacing /etc/network/if-*.d/ifenslave
Now each addon is able to provide a list of script to ignore.
[16:54:40] root:ifupdown2 # ifquery bond0
iface bond0
bond-slaves tap0 tap1
[16:54:49] root:ifupdown2 # ifreload -a -d &> /tmp/ifreload.log
[16:54:54] root:ifupdown2 # cat /tmp/ifreload.log | grep ifenslave
debug: tap1: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: tap1: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
debug: lo: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: lo: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
debug: eth0: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: eth0: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
debug: tap0: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: tap0: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
[16:54:55] root:ifupdown2 #
...
apply patch
...
[16:55:16] root:ifupdown2 # ifreload -a -d &> /tmp/ifreload.log
[16:55:18] root:ifupdown2 # cat /tmp/ifreload.log | grep ifenslave
[16:55:19] root:ifupdown2 #
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket:
Reviewed By: Roopa, Nikhil G
Testing Done:
ifupdown2's python addons are replacing some/most of the old ifupdown shell
scripts. When addon_scripts_support is set to 1, ifupdown2 will execute every
scripts present in /etc/network/if-$ACTION.d/ if a script exists with a name
identical to an ifupdown2 addon, this script won't be executed.
Sometimes an ifupdown2 addons doesn't have the same name as the ifupdown script
it's supposed to replace. Or maybe one addon is replacing several scripts.
For example: bond.py is replacing /etc/network/if-*.d/ifenslave
Now each addon is able to provide a list of script to ignore.
[16:54:40] root:ifupdown2 # ifquery bond0
iface bond0
bond-slaves tap0 tap1
[16:54:49] root:ifupdown2 # ifreload -a -d &> /tmp/ifreload.log
[16:54:54] root:ifupdown2 # cat /tmp/ifreload.log | grep ifenslave
debug: tap1: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: tap1: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
debug: lo: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: lo: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
debug: eth0: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: eth0: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
debug: tap0: pre-up : running script /etc/network/if-pre-up.d/ifenslave
info: executing /etc/network/if-pre-up.d/ifenslave
debug: tap0: up : running script /etc/network/if-up.d/ifenslave
info: executing /etc/network/if-up.d/ifenslave
[16:54:55] root:ifupdown2 #
...
apply patch
...
[16:55:16] root:ifupdown2 # ifreload -a -d &> /tmp/ifreload.log
[16:55:18] root:ifupdown2 # cat /tmp/ifreload.log | grep ifenslave
[16:55:19] root:ifupdown2 #
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-12843
Reviewed By: julien, nikhil
Testing Done: Tested the failing test case in the bug
The scheduler already has some checking for errors from
link_up and link_down introduced by
commit 61c4d72447 ("Suppress 'Network down' warnings when
link_master_slave feature is on").
The above fix was removed by a recent commit
707aeb7378 ("netlink ip link set up/down may silently fail, adding
try/except statements"). The scheduler does catch these errors.
so we will need to figure out why the scheduler is not catching it.
Right now this is failing an automation test. So the best fix
is to make sure the previous behaviour is restored.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-12798
Reviewed By: Roopa, Nikhil G
Testing Done:
We are seeing some issue when using IP addresses with inner values padded with
zeros. Such as: 2a01:75e0:0000:09b0::1/64
The kernel will process the ip properly but when we query the kernel again (with
iproute2 or netlink) it returns 2a01:75e0:0:09b0::1/64
Since we are doing string comparaison we are seeing failures. We are now
converting all ip address to a standard format using IPNetwork or IPAddress obj
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This patch moves ifupdownmain flag IFACE_CLASS to
ifupdownflags.CLASS. ifupdownflags.CLASS is set to true
if the user is asking for a class of interfaces.
example: ifreload --allow=mgmt
By moving it to ifupdownflags, we make it visible
to add modules.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-11804
Reviewed By: julien, nikhil
Testing Done: Tested with failing config in the bug
This patch makes sure macvlan devices are ignored by ifquery -ra
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: None
Reviewed By: Roopa, Nikhil G
Testing Done:
$ cat /etc/network/interfaces
auto eth0
iface eth0 inet dhcp
up ls -l
$
I realized that user command's output wasn't on stdout but in a pipe
This commit fixes this case, the user cmd output is now on stdout.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
