Ticket: CM-12084
Reviewed By: julien, nikhil
Testing Done: tested with --allow=mgmt class
This fixes a problem where vrf map file was getting deleted
at boot during the second invocation of ifup. This is because
the code uses PERFMODE to check it is boot..but does
not realize that this may not be the first invocation of
ifup during the boot.
This patch adds additional checks for mgmt netdev to
make sure we delete the vrf map file only the first time.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-12084
Reviewed By: julien, nikhil
Testing Done: Tested ifreload/ifup/ifdown --allow=<class>
vrf slave brings up the master if master is not up yet.
Today this is done only when ALL (auto) option is set
just as an optimization. because you dont want to bring
up the master in cases where user just wants to
bring up the vrf slave. eg ifup -v eth0.
This does not work so well, when user uses
--allow classes to bring up vrf master and slaves
together (eg mgmt vrf).
This patch removes the ALL check when bringing
up master and replaces it with an ALL or
CLASS check. ie make sure vrf master belongs to the
same class as you when CLASS is specified.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: None
Reviewed By: Daniel Walton
Testing Done:
This commit was need to keep nclu and ifupdown2 consistent.
The naming were differing and we decided to keep nclu version.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-8101
Reviewed By: CCR-4949
Testing Done: smoke tests + ran ifup -a -s on every interface configuration file from GSS cl-supports collection
This commit is introducing ~20 keywords. The value of the different attributes
will be check against raw values and <keywords>:
'<mac>'
'<text>'
'<ipv4>'
'<ipv6>'
'<auto>': "auto"
'<ipaddr>': ipv4/6 with preflix len
'<number>'
'<interface>'
'<ipv4-vrf-text>': equivalent to: <ipv4> "vrf" <text>
'<number-ipv4-list>': example: "100=172.16.100.1 101=172.16.101.1"
'<interface-list>': example: "swp1 swp2 swp3"
'<ipv4/prefixlen>'
'<ipv6/prefixlen>'
'<ipaddr/prefixlen>'
'<number-range-list>': example: "2000 2200-3000"
'<interface-range-list>': example: "swp1=100 swp2=100" ('validrange' : ['0', '65535'])
'<mac-ipaddr/prefixlen-list>'
'<number-interface-list>': example: "4 swp1 swp2"
'<interface-yes-no-list>': example: "swp1=yes swp2=no"
'<interface-yes-no-0-1-list>'
'<interface-yes-no-auto-list>'
It's possible to combine a keyword with a range from validrange. example:
validrange: 10-50
validvals: <intrface-range-list>
value: swp1=21 swp2=42 ...
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Ticket: CM-11803
Reviewed By: dsa, scotte, wkok, nikhil, julien
Testing Done: tested config of address-virtual lines on vrf slaves
This patch does the following:
- addressvirtual: enslaves macvlans created on vrf slaves
to the vrf master
- vrf: when looking for stale slaves on vrf master, skip
macvlan devices. This code does basic checking right now
and can be improved to include more cases.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-11392
Reviewed By: roopa, dsa, julien
Testing Done: multiple vrf devices on dell-s3000-02
Now that the l3mdev FIB rule is in the CL3.1 kernel tree,
ifupdown2 no longer needs to manage FIB rules for VRF devices.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-11080
Reviewed By: roopa, dsa, dave olson, daniel, julien
Testing Done: yes, with mgmt VRF configured
This patch parses '/usr/bin/pstree -Aps <pid>' output to find
the pid of current ssh session, and send 'sudo ifreload -a'
to background before killing itself.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: None
Reviewed By: CCR-4692
Testing Done: smoke + scale tests
If called with close_fds=True the subprocess module will try to close every fd
from 3 to MAXFD before executing the specified command. This is done in Python
not even with a C-implementation which truly affecting performances.
This patch aims to better handle the file descriptor used by ifupdown2. Either
by closing them after use or by setting the close-on-exec flag for the file
descriptor, which causes the file descriptor to be automatically
(and atomically) closed when any of the exec-family functions succeed.
With the actual patch all tests are passing, I can't think of any future issue
but if any a possible future modification might be to use the parameter
'preexec_fn', which allows us to set function which will be executed in the
child process before executing the command line. We can always manually close
any remaining open file descriptors with something like:
>>> os.listdir('/proc/self/fd/')
['0', '1', '2', ‘3’, etc..]
>>> for fd in os.listdir('/proc/self/fd/')
>>> if int(fd) > 2:
>>> os.close(fd)
This patch is also totally re-organising the use of subprocesses. By removing
all subprocess code redundancy.
brought up
Ticket: CM-11016
Reviewed By: julien, nikhil
Testing Done: tested with config in the CM bug
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
brought up
Ticket: CM-10954, CM-10953
Reviewed By: julien
Testing Done: ran ifupdown2 smoke and vrf ifup/ifdown testing
- vrf master if not around is brought up when the first slave is brought up
by design (because we want the slaves to be
enslaved to a vrf master before addresses are configured).
and master is not brought up by first because interfaces
are brought up down to top in the dependency tree.
- This patch makes sure a slave brings up a vrf master only
when all interfaces are specified. When an individual interface
is brought up, skip master bring up and throw an error.
- Since the addon modules also need to use the ALL and WITH_DEPENDS
flags, this patch moves them to the existing global ifupdownflags
class
- vrf module uses the ifupdownflags.ALL flag to not bring up the master
when only the slave is being brought up
example:
ifup <vrf> # brings up the vrf device
ifup <vrf> --with-depends # brings up the vrf dev and
# its slaves
ifup <vrf_slave> # if vrf master is not around,
# an error is thrown
ifup <vrf_slave> --with-depends # will still not bring up the vrf master
ifdown <vrf> # deletes vrf dev and flushes the
# addresses on vrf slaves
ifup <vrf> # brings up vrf dev and does not
# up the adresses on the slaves
ifup <vrf> --with-depends # will bring up vrf and reapply config
# on slaves (including addresses)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10569
Reviewed By: julien, nikhil
Testing Done: Tested ifquery -c as non root user
unlike ifup/ifdown/ifreload, ifquery can be called by a
non-root user. so make sure we dont write the root owned
vrf map file during ifquery
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket:
Reviewed By: dsa, nikhil, julien
Testing Done: Tested with system reserved table names
example: err msg:
$ifquery default
auto default
iface default
vrf-table auto
error: default: cannot use system reserved ['253', '0', '254',
'255'] table names
This patch makes all tables in /etc/iproute2/rt_tables reserved
$cat /etc/iproute2/rt_tables
255 local
254 main
253 default
0 unspec
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, with different configurations for physical & logical devices
This patch adds 'ifquery --with-defaults' to print the policy default
values for unconfigured attributes.
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10465
Reviewed By: julien, nikhil
Testing Done: Tested creating more than 64 vrf devices
example config:
{noformat}
%for v in range(1, 66):
auto vrf${v}
iface vrf${v}
vrf-table auto
%endfor
{noformat}
also, since vrf module already does a link up on vrf dev, remove
link up of vrf dev from ifupdownmain scheduler callback
Ticket:
Reviewed By: dsa
Testing Done: tested boot with vrf devs and checking vrf-helper args
Call it with the 'boot' arg at boot:
/usr/lib/vrf/vrf-helper create blue 1002 boot
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
This patch adds a new argument '--with-defaults' to 'ifquery'
when 'ifquery --with-defaults' is executed, running states of all interface
attributes are compared against respective configured attributes from
/etc/network/interfaces file, if configured. Otherwise, compared against
default attributes from policy file
This patch also: (1) fixes ifquery check failure for bridge-* stp attributes.
(2) removes vrf-default-route and vrf-cgroup attributes from ifupdown2 policy
and just have the vrf-helper attribute
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10178
Review: trivial
Testing: tested with failing testcase in the CM
This patch fixes a check in vrf map initialization code which did
not account for running vrfs correctly. This caused the case where
there were no running vrfs but stale map file to fail.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
addons,ifupdown,sbin: adding ifquery --with-defaults option
Ticket: CM-7840
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
This patch adds a new argument '--with-defaults' to 'ifquery'
when 'ifquery --with-defaults' is executed, running states of all interface
attributes are compared against respective configured attributes from
/etc/network/interfaces file, if configured. Otherwise, compared against
default attributes from policy file
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10178
Review: trivial
Testing: tested with failing testcase in the CM
This patch fixes a check in vrf map initialization code which did
not account for running vrfs correctly. This caused the case where
there were no running vrfs but stale map file to fail.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10329 and others
Reviewed By: julien, nikhil
Testing Done: Tested vrf sanity and negative cases
- This patch also fixes duplicate rule additions (every reload
was causing ip rules to be added)
- This patch also adds support for vrf_helper which is commented
out due to some problems.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: cleanup
Reviewed By:
Testing Done: Tested ifupdown sanity
This gets rid of some ugly previous flag handling which was
passed through modules. This creates a global instance of
flags that all addon modules and helper modules can use.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10292, CM-10282
Reviewed By: dsa, nikhil, julien
Testing Done: Tested dhcp config on an vrf slave
- Add support for policy module_globals variable
"vrf-exec-cmd-prefix". It is read into per module
self.vrf_exec_cmd_prefix variable
- If self.vrf_exec_cmd_prefix is present and interface is a
vrf slave, use ifupdown2 will call such command in vrf
context using:
"%s %s %s" %(<vrf-exec-cmd-prefix>, <vrfname>, <cmd>)
- This also fixes calling of dhcp refresh when a dhcp slave is
removed from a vrf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: found during other testing
Reviewed By: trivial
Testing Done: Tested ifreload with dependency errors and dependencies
with upperiface being a master and also vlan device
This patch avoids false positives when set role is called twice
for an interface which is a vrf slave but also has a vlan device on
top of it.
This reverts commit 934c4c49c0.
Ticket: CM-10175
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
default addr fix for vrf check is deleting lo addrs accidentally
info: rtnetlink: setting link lo up
info: executing ip addr del ::1/128 dev lo
info: executing ip addr del 127.0.0.1/8 dev lo
info: eth0: running ops ...
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-10188, CM-10061
Reviewed By: dsa, nikhil, julien
Testing Done: Tested static routes with vrf names for tables
This patch does the following:
- if a single vrf device is present in the config,
builds the vrf map by reading vrf interfaces from the kernel (with
existing link cache. Builds a shadow vrf only attribute cache)
- reads existing table map and adjusts it if required
- main change is the iproute2 map file on disk is updated
immediately on vrf creation, so that static routes used along with the
vrf slaves can use the vrf name for the table. This also helps dhclient dns
hook script which may use mgmt table name directly.
- cleans up default routes on down
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10188, CM-9881
Reviewed By: nikhil, julien, dsa, daniel
Testing Done: Tested mgmt vrf bringup, teardown, static routes at boot
etc
This patch fixes a few things:
- kill existing ssh clients on enslavement change for mgmt vrf (original patch by NikhilG)
- bring vrf master up first during vrf slave enslavement if
master does not exist. This was originally done only for
vrf dhcp slaves. With this patch we do it for all vrf slaves.
needed for static routes on vrf slaves (CM-10188).
- cleanup: reorganize code and a few cleanups and corner case handling
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Nikhil Gajendrakumar <nikhil@cumulusnetworks.com>
Ticket: CM-10027
Reviewed By: julien, nikhil
Testing Done: Tested with an interfaces file with shared dependents
In the process of fixing this saw a few more issues with link kind
handing. Its better to separate kind from interface private flags
like bond slave and bridge port. this patch cleans up all that handling.
Example errors:
error: misconfig..? swp5.2 vrfslave is enslaved to multiple interfaces
['vrf1012', 'br2']
error: misconfig..? swp5.2 bridgeport is enslaved to multiple
interfaces ['vrf1012', 'br2']
Ticket: CM-9881
Reviewed By: Roopa Prabhu
Testing Done: yes
This patch is the second version of drop ssh sessions
changes:
added try catch around os.setsid()
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
fixes the following:
- if the vrf slave had a master but is no longer a slave
according to ifaceobj, look at running state and
undo vrf enslavement
- add support to cl-vrf service disable <vrf>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9881
Reviewed By: Roopa Prabhu
Testing Done: yes
***initial version ***
SSH clients will be closed to avoid the connection hang
when management VRF is enabled or disabled using a login through eth0
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket:
Reviewed By:
Testing Done: Tested vrf-table id with valid and invalid table ids
currently the reserved table id range is set to 1001-5000
and it comes from a policy file /var/lib/ifupdown2/policy.d/vrf.json
Ticket: CM-10005
Reviewed By:
Testing Done: Tested boot and ifreload after changes
- fix access to addr_method on an object which had no
address method defined. This was a recently introduced
regression that caused vrf enslavement to end per-matuarely.
- few fixes around vrf_table conversion between string
and integer
