Ticket: None
Reviewed By: Roopa
Testing Done: This error happened when running ifquery -c -a with
auto vx-42
iface vx-42
vxlan-id 42
vxlan-local-tunnelip 27.0.0.11
mtu 1500
Ticket: CM-10329 and others
Reviewed By: julien, nikhil
Testing Done: Tested vrf sanity and negative cases
- This patch also fixes duplicate rule additions (every reload
was causing ip rules to be added)
- This patch also adds support for vrf_helper which is commented
out due to some problems.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10471
Reviewed By:
Testing Done: Tested with failing config in CM-10471
Recent commit "84f33af6e1f53d ("address.py: default value for mtu when
mtu attribute is removed") CM-9449" enabled setting of device mtu to default
mtu if mtu is not given in the interfaces file.
logical devices like bridges and vlan devices rely on mtu
from their lower devices. ie mtu travels from
lower devices to upper devices. For bonds mtu travels from
upper to lower devices. running mtu depends on upper and
lower device mtu. With all this implicit mtu
config by the kernel in play, it becomes almost impossible
to compare running mtu with the default mtu.
This commit disables this resetting of mtu based on default mtu.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10437
Reviewed By: CCR-4480
Testing Done: Created a bond and made sure it's lacp_rate could be set fast or
slow wioth or without specifying the mode.
The current code assumes that for a bond to be in 802.3ad mode the "bond-mode"
parameter has to be specified in the list of bond attributes being set. Only
then will ifupdown2 allow the lacp_rate and lacp_bypass attributes to be set.
But since we have changed the default mode to be 802.3ad, the mode attribute no
longer needs to be specified for a bond to be in 802.3ad mode.
So, instead of doing a check for the configuration attributes to determine the
mode, the linkinfo cache is checked. And the cache is refreshed, just in case
the mode attribute has been specified and just previously been set. The order in
which the attributes are set is fixed for bonds, and the mode is always set
prior to the lacp_rate and lacp_bypass attributes.
Also, while testing this I noticed another assumption about the default value of
an attribute: min_links. A warning is displayed when min_links is not specified
or set to 0, and the mode is set to 802.3ad. Well, now that the default for
min_links is 1 it doesn't have to be specified, even if the mode is set to
802.3ad. So ifupdown2 checks the current state of min_links if it is not
specified as one of the attibutes. If it is 0, either by being specified as an
attribute or not being specified but having that value, and the mode is set to
802.3ad, a warning is displayed.
And there was this other little problem where if a bond already existed in the
linkcache it wouldn't be refreshed, even if the refresh=True parameter was
specified in the _bond_linkinfo_fill function.
Ticket: cleanup
Reviewed By:
Testing Done: Tested ifupdown sanity
This gets rid of some ugly previous flag handling which was
passed through modules. This creates a global instance of
flags that all addon modules and helper modules can use.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10292, CM-10282
Reviewed By: dsa, nikhil, julien
Testing Done: Tested dhcp config on an vrf slave
- Add support for policy module_globals variable
"vrf-exec-cmd-prefix". It is read into per module
self.vrf_exec_cmd_prefix variable
- If self.vrf_exec_cmd_prefix is present and interface is a
vrf slave, use ifupdown2 will call such command in vrf
context using:
"%s %s %s" %(<vrf-exec-cmd-prefix>, <vrfname>, <cmd>)
- This also fixes calling of dhcp refresh when a dhcp slave is
removed from a vrf
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: found during other testing
Reviewed By: trivial
Testing Done: Tested ifreload with dependency errors and dependencies
with upperiface being a master and also vlan device
This patch avoids false positives when set role is called twice
for an interface which is a vrf slave but also has a vlan device on
top of it.
This reverts commit 934c4c49c0.
Ticket: CM-10175
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing ifupdown .deb file onto dell-s3000-02
default addr fix for vrf check is deleting lo addrs accidentally
info: rtnetlink: setting link lo up
info: executing ip addr del ::1/128 dev lo
info: executing ip addr del 127.0.0.1/8 dev lo
info: eth0: running ops ...
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
when it is non-vlan filtering bridge
Ticket: CM-10083
Reviewed By: nikhil, julien
Testing Done: Tested ifreload testcase with CM-10083
Without this patch a bridge port could enslave itself to the bridge
when it finds that the bridge is around. This is a required feature
for vlan filtering bridge because vlan filtering bridge port attributes
are specified under the bridge port and the bridge port needs the power
to enslave to the bridge and apply bridge port attrs.
For the non-vlan filtering bridge, a few bridge port combinations are
not allowed by default (eg, mixing different vlans under the same bridge).
The bridge has the understanding of which ports are allowed. so only it
should have the power to enslave bridge ports. This patch enforces that
power. With this patch the sequence of deleting and enslaving bridge
ports is done at the bridge with deletes followed by adds.
example verbose snippent from ifreload output:
ip -force -batch - [link set dev swp49s0 nomaster
link set dev swp49s1 nomaster
link set dev swp49s0.300 master Oldbr
addr flush dev swp49s0.300
link set dev sidelink.300 master Oldbr
addr flush dev sidelink.300
link set dev swp49s1.300 master Oldbr
addr flush dev swp49s1.300
link set dev swp4 master Oldbr
addr flush dev swp4]
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10188, CM-10061
Reviewed By: dsa, nikhil, julien
Testing Done: Tested static routes with vrf names for tables
This patch does the following:
- if a single vrf device is present in the config,
builds the vrf map by reading vrf interfaces from the kernel (with
existing link cache. Builds a shadow vrf only attribute cache)
- reads existing table map and adjusts it if required
- main change is the iproute2 map file on disk is updated
immediately on vrf creation, so that static routes used along with the
vrf slaves can use the vrf name for the table. This also helps dhclient dns
hook script which may use mgmt table name directly.
- cleans up default routes on down
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-10188, CM-9881
Reviewed By: nikhil, julien, dsa, daniel
Testing Done: Tested mgmt vrf bringup, teardown, static routes at boot
etc
This patch fixes a few things:
- kill existing ssh clients on enslavement change for mgmt vrf (original patch by NikhilG)
- bring vrf master up first during vrf slave enslavement if
master does not exist. This was originally done only for
vrf dhcp slaves. With this patch we do it for all vrf slaves.
needed for static routes on vrf slaves (CM-10188).
- cleanup: reorganize code and a few cleanups and corner case handling
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Nikhil Gajendrakumar <nikhil@cumulusnetworks.com>
Ticket: CM-10027
Reviewed By: julien, nikhil
Testing Done: Tested with an interfaces file with shared dependents
In the process of fixing this saw a few more issues with link kind
handing. Its better to separate kind from interface private flags
like bond slave and bridge port. this patch cleans up all that handling.
Example errors:
error: misconfig..? swp5.2 vrfslave is enslaved to multiple interfaces
['vrf1012', 'br2']
error: misconfig..? swp5.2 bridgeport is enslaved to multiple
interfaces ['vrf1012', 'br2']
Ticket: CM-9881
Reviewed By: Roopa Prabhu
Testing Done: yes
This patch is the second version of drop ssh sessions
changes:
added try catch around os.setsid()
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
fixes the following:
- if the vrf slave had a master but is no longer a slave
according to ifaceobj, look at running state and
undo vrf enslavement
- add support to cl-vrf service disable <vrf>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9881
Reviewed By: Roopa Prabhu
Testing Done: yes
***initial version ***
SSH clients will be closed to avoid the connection hang
when management VRF is enabled or disabled using a login through eth0
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket:
Reviewed By:
Testing Done: Tested vrf-table id with valid and invalid table ids
currently the reserved table id range is set to 1001-5000
and it comes from a policy file /var/lib/ifupdown2/policy.d/vrf.json
Ticket: CM-10005
Reviewed By:
Testing Done: Tested boot and ifreload after changes
- fix access to addr_method on an object which had no
address method defined. This was a recently introduced
regression that caused vrf enslavement to end per-matuarely.
- few fixes around vrf_table conversion between string
and integer
Ticket: CM-9995
Reviewed By: julien
Testing Done: Tested on amd64 hardnode
Right now, ifquery -r shows link speed, duplex and autoneg current running values.
This patch changes the behavior to not show link attributes unless they
differ then the defaults for that interface.
Ticket: CM-9975
Reviewed By: Roopa Prabhu
Testing Done: yes, by installing deb file onto dell-s3000-02
Avoid adding duplicate ipv6 fib rule when one is missing for IPv4
Ticket: CM-8658
Reviewed By: Roopa Prabhu, Scott Emery
Testing Done: Yes, by installing ifupdown .deb file onto cel-e1031-01
This patch includes a check for multicast bit of vrr virtual mac
address and set an error
Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Ticket: CM-9957
Reviewed By: dsa, julien, nikhil
Testing Done: Tested vrf enslave/deslave + ifreload
This patch fixes a few corner cases:
- release dhcp on all new enslavement or change of enslavement
- fix a NoneType error on ifreload when a vrf enslavement was removed
- handle a corner case with auto table ids
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9929
Reviewed By:
Testing Done: Tested vrf dhcp slave enslavement on ifreload
algo:
- when a vrf slave enslavement changes, before performing the
new master enslavement,
- check if vrf slave has dhcp configured
- if yes, release dhclient running on the vrf slave
Ticket: CM-9921
Reviewed By: trivial
Testing Done: Tested with table id auto for management vrf
I have recently added special handling for vrf slaves with dhcp.
And missed handling of vrf-table auto for such slaves.
This patch fixes auto when bringing up vrf masters for dhcp vrf
slaves
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Ticket: CM-9596
Reviewed By: Roopa Prabhu
Testing Done: Yes, by installing ifupdown2 deb onto cel-e1031-01
This patch makes sure ifupdown2 will not report a NoneType error
when VRF is defined but not used
Ticket: CM-6896
Reviewed By: CCR-4276
Testing Done:
host: sm-e1031-02
$ # > adding "hwaddress 02:01:02:03:04:08" to eth0 in /etc/network/interfaces
$ ifreload -a
$ ifup -v -a
$ ifdown -a -v
$ ifquery -c -a
$ reboot
$ # > analyze /var/log/syslog for boot error message
$ cat /var/log/syslog | grep ifupdown
I did the same process with "hwaddress ether 02:01:02:03:04:11"
also without the hwaddress statement.
Ticket: CM-9868
Reviewed By: dsa, nikhil, julien
Testing Done: tested with vrf slaves with dhcp
Problem:
since vrf slaves are brought up before master, When vrf slaves are
configured for dhcp, the dhclient hook for vrf runs before the master is
up. This was seen with management vrf.
This solution is special logic to handle vrf slaves with
dhcp in the vrf addon module.
currently only supports interface declared with dhcp and
indicated as vrf slave. as in example below (dhcp and vrf must be in the
same iface stanza):
auto eth0
iface eth0 inet dhcp
vrf mgmt
changes to vrf module:
- make vrf module methods accept the ifaceobj lookup function, which is
already passed as argument to all methods from ifupdown scheduler
- during vrf slave bringup,
- if master does not exist and slave's address_method is dhcp
- lookup master object, and bring up the vrf master
- mark this master as processed so that the next time this vrf
module sees master it knows that it is already processed
(this is covered by the vrfPrivFlags)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
This avoids 'No such file or directory' errors at bootup
when ifupdown2 is called from the init script
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
