Roopa Prabhu [Fri, 9 Oct 2015 23:32:02 +0000 (16:32 -0700)]
change address on bridge and slave to an info message instead of a warn
Ticket: CM-6106
Reviewed By: CCR-3637
Testing Done: Tested address under a bridge
We had shipped example files with addresses under bridges and slaves
in 2.5.3. With the warning introduced in 2.5.4, we will start emitting
warnings for existing customer files. And I have recently
learnt that users are relying on warnings to detect errors.
With this commit I am changing the warn to an info message
to avoid breaking existing users. We can change it back to a warn in
3.0.
changed:
"warning: interface bridge is enslaved or a vlan aware bridge and cannot
have an IP Address"
to:
"info: bridge: ignoring ip address. Interface is enslaved or a vlan
aware bridge and cannot have an IP Address"
Roopa Prabhu [Fri, 9 Oct 2015 22:14:56 +0000 (15:14 -0700)]
Fix the return value for auto interface checks
Ticket: CM-7851
Reviewed By: CCR-3639
Testing Done: Tested a combination of auto and non-auto interfaces.
This fixes a regression introduced in 2.5.4 where ifreload was
picking up non-auto interfaces
This also fixes a minor issue with blacklisting interfaces introduced by
("450c679249b546dbc2cd97d81b49e011fec948bd remove blacklisted interfaces
only if they are upperifaces (ie root of the tree") when an interface
has multiple auto and non-auto stanzas (A rare case, but it was an easy
fix and around the same area).
example, the fix will now blacklist an interface only if all of its stanzas are
blacklisted. In the below example, swp4 is not blacklisted if user
specified auto because one of the iface stanzas is auto.
would fail because while -i was given with stdin, the check for missing filename would produce an error.
It was also decided by consensus that the ifquery command does not need to have a check for
disable_cli_interfacesfile since a query "should" not pose a security check.
(I've also added some test cases for this in cl-tests).
Roopa Prabhu [Fri, 2 Oct 2015 20:18:03 +0000 (13:18 -0700)]
remove blacklisted interfaces only if they are upperifaces (ie root of
the tree)
Ticket: CM-7765
Reviewed By: CCR-3621
Testing Done: tested interface dependencies with auto and non-auto
interfaces
This commit fixes a change in behaviour introduced by "460906d0552d" ("skip adding
filtered or blacklisted interfaces in the dependency graph") that
skipped non-auto (or blacklisted) interfaces.
Turns out we have files out there that do have non-auto
dependents. This patch makes sure blacklisted interfaces who are
dependents of other interfaces are always picked up.
ifupdown2 state file was moved to /var/tmp because /var/tmp was tmpfs
and was large enough (100MB) for the state file. But it appears it has
changed (or is not consistent) across all platforms. We can move it
under /run, but /run again size varies on various platforms and it is
too small on some platforms.
This patch:
- continues to keep the ifupdown2 state file under /var/tmp (because it
needs the space)
- ntroduces a second level /run/network/ifstatelock file that stays on
non-persistant storage and is used to delete the state file at /boot up
Fix mstp settings ordering issues when bridge stp is toggled on and off
(when mstp settings are specified under the port)
Ticket: CM-6626
Reviewed By: CCR-3599
Testing Done: Tested the problem case mentioned in the bug (Plan to
re-work the fix a bit for 2.5.5)
problem:
mstp parameters can be specified under the port or under the bridge
When they are specified under the bridge, there should be no problem
(When you process the bridge, all things on the bridge port are set in
order)
When they are specified under the port:
we check if the bridge is up, if yes, and stp is already configured,
we process mstpctl settings
This check today only checks running stp_state
We should also check the user configured stp state for the bridge
Note that the problem exists only if the bridge and ports are
already up and user executes ifup again and when we need to re-evaluate
the bridge port settings
solution:
When the bridge port is being checked for mstp settings, not only
check running stp state, but also check user specified stp state and
correct bridge stp state before proceeding with mstp configuration
Few things to note with this patch:
- If user changed stp state on bridge to 'on', and did `ifup
<bridge_port>'`,
though the user has not ifup'ed the bridge yet, the bridge stp state
will be applied (very few people will run into this and practically this
should not be a problem atall. But from correctness POV it is
a voilation. ).
- To avoid this, the other solution would have been to let the bridge
port code be as is, but handle this during bringing up the bridge,
but, this can confuse the user, because when processing the
bridge_port, you will still throw warnings even if the port stp config
is later reapplied when the bridge comes up
- note that the patch only handles the case when stp state is not on and
somebody turned it on. For the case where stp state was on and somebody
turned it off, this patch wont throw warnings for the mstpctl config. But
it will not cause any issues because once stp is off things will be ok
everywhere. I want to keep any changes here out of this patch. I will
document this in the bug...and see if i can handle this in 2.5.5
This patch separates the json encoders for iface objects with and
without status (ifaceJsonEncoder and ifaceJsonEncoderWithStatus) so
that they dont interfere with each other.
ifquery --check non-json output displays 'pass' and 'fail' for
each attribute on the same line (see below). This output is not json
friendly. For json, include status in 'config_status' a dictionary
whose keys are similar to the 'config' dictionary but values are status
for the corresponding keys in the 'config' dictionary (see example below)
When vxrd is not enabled in /etc/default/vxrd, the 'service vxrd status'
command returns 0, causing the vxlan-remoteip to be not applied even
though it should have. Fix is to change to checking pidfile of vxrd.
ifupdown2 changes for vxlan anycast_ip, head-end fdb entries, protodown
Ticket: CM-7087
Reviewed By: CCR-3379
Testing Done: unit testing with clag_vxlan_clos_spec/cfg.py
On clag pairing, clagd changes local address of vxlan device to anycast ip.
If user does ifreload now, ifupdown2 will overwrite local address with
individual ip contained in /etc/netwrok/interfaces. vxlan.py caches
anycast_ip configuration so that ifquery -c can skip it from flagging error
and ifreload skip overwriting vxlan device's local ip.
vxrd provisions head-end replication endpoints by adding bridge fdb entries.
If /etc/network/interfaces doesn't have remote-ip attribute, then on ifreload
ifupdown2 will delete all vxrd provisioned entries. ifupdown will check for
presence of vxrd service and skip add/delete bridge fdb entries for
head-end replication
On ifreload vxlan device are put in proto-down even if they are up and running.
Check for operstate and put it in proto-down only if operstate transitions from
down to up.
With recent change to ifupdown2 to create dummy devices (CM-3525), pre-up
sequence has been inadvertently changed to invoke clag before vxlan. This
causes protodown of vxlan device by clag addon to happen before vxlan device
gets added. Revert the pre-up order to have vxlan pre-up before clag's.
This is modification to gospos loopback module. It solves the same
purpose ie using linux dummy device like a loopback device but there were
objections on calling it loopback so i have renamed it to link and i have changed it
into a generic module that can do any 'ip link'. Can be extended for
link args in the future.
below example creates a loopy device
$ifquery loopy
auto loopy
iface loopy
link-type dummy
Sam Tannous [Fri, 21 Aug 2015 03:12:26 +0000 (23:12 -0400)]
ifupdown2 ethtool does not handle link-* settings on enslaved ports
Ticket: CM-7128
Reviewed By: Trivial
Testing Done: unit tested on Ken's machine
The ifupdown2 ethtool addon module fails to set/check
the link-speed on bridge ports.
I removed excessive ifaceLinkKind checking since CM-6619
(03642a9a) added BRIDGE_PORT and BOND_SLAVE. This is ok
since we now check to see if ports have defaults (only swp do)
before showing or changing settings).
Sam Tannous [Fri, 21 Aug 2015 02:59:44 +0000 (22:59 -0400)]
add param in ifupdown2.conf to prevent fupdown2 users from specify interface config file on the CLI
Ticket: CM-7066
Reviewed By: scotte,roopa,olson
Testing Done: Unit testing and regression testing
This patch does two things:
1. It moves the interfaces config file name to the ifupdown2.conf file in /etc/network/ifupdown2.
This should allow administrators to specify a config file location different from the default and allow
subsets of users to use it without giving them access to specifying their own with the -i option in ifup/ifdown.
2. It also adds a new config setting called "disable_cli_interfacesfile" used to prevent users
from specifying their own interfaces file. This defaults to "1" (even if it is not configured).
Note: this new default takes away users ability to specify an interfaces file.
This should close the vulnerability where users could specify their own interfaces file
and add arbitrary user commands.
This leaves the shell=True option in the user commands add-on module since the ifup/ifdown/ifreload/ifquery
commands already require root access to run and the interfaces config file also requires root access to modify.
Currently, ifupdown implicitly configures pvid on a bridge port
in case user doesn't configure it. There is no way to configure
a bridge port to not accept untagged packets. The new option
allows user to do that without changing the current default
behavior.
The "ip batch command to add a bridge port and flush the dev" command with 1k netdevices was taking 1.4G of memory. With 2k netdevices batch, this command was causing a OOM condition. To avoid this, commit the batch after 250 ports. Ideally we have to look at the internal batch implementation to see if there is an underlying issue.
Sam Tannous [Thu, 30 Jul 2015 15:15:17 +0000 (11:15 -0400)]
Document --exclude option a little better for ifupdown2
Ticket: CM-6587
Reviewed By: roopa
Testing Done: checked man paged
If we do an ifdown on all ports and try to exclude a bond or bridge port.
But we also have an iface defined for swp1 or swp4
(even if these are empty).
The lower interfaces will not be excluded. So if we
do an "ifdown -a -X bridge", swp ports in the bridge or bond
will go down effectively bringing a bond or bridge down.
This patch simply adds some documentation to the man pages.
ifupdown2 never follows dependents if the user has given an
interface list (unless explicitly requested with --with-depends
option which is available with some options).
Sam Tannous [Thu, 23 Jul 2015 19:43:45 +0000 (15:43 -0400)]
ifupdown2 patch to properly remove address-virtual mac addresses
Ticket: CM-6702
Reviewed By: roopa
Testing Done: unit and smoke tested with ifupdown2 suite
When address-virtual mac adddress is modified, removed from an SVI, or the SVI is removed,
the permanent mac address is not removed.
This patch addresses all three cases but creating a global statemanager instance
and removing address-virtual FDB entries that were previously configured.
CM-6815 : ip link set syntax for svcnode has been changed. Absence of svcnode
will retain the existing values. svcnode 0.0.0.0 is needed to wipe out service
node addresses in vxlan device. Modified ifupdown2 to use svcnode 0.0.0.0 to
clean up service node address.
CM-6816: "bridge-clan-aware no" is not handled in query-check and hence ifquery
on bridge interface with "bridge-vlan-aware no" fails. Modified bridge's
query-check to take care of this.
CM-6817: With default ageing value (300), if query -c <vxlan device> was
failing. Set ageing to 300 if not specified and compare it with running config.
Dont up a vlan aware bridge during upper iface bringup (optimization)
Ticket: CM-6619
Reviewed By: CCR-3191
Testing Done: Tested upperiface bringup for bridge and vlan devices
'up' on bridge was always done to add the newly created port to the bridge
in cases where the bridge is not part of the interfaces being brought
up. But This will try to re-apply bridge port attributes on all bridge
ports and that can take a while when there are large number of bridge
ports. This patch currently avoids the bridge up for only the vlan
aware bridge case.
and allows users to modify this file. Users can then leave out these
bond attributes in their configs to save typing and space.
It also changes the ifenslave and ifenslaveutil module to bond and
bondutil, respectively to be consistent with other modules
(and also because customers think of "bond" interfaces not
"ifenslave" interfaces.)
For example, the default file installed looks like the following:
{
"README": "This file is user generated and modifiable.",
"bond": {
"defaults": {
"bond-mode": "802.3ad",
"bond-miimon": "100",
"bond-use-carrier": "1",
"bond-lacp-rate": "0",
"bond-min-links": "1",
"bond-xmic-hash-policy": "layer3+4"
}
}
}
Please enter the commit message for your changes. Lines starting
Sam Tannous [Thu, 9 Jul 2015 17:40:00 +0000 (13:40 -0400)]
ifupdown2 ethtool add-on module should not get unnecessary running configs for performance reasons
Ticket: CM-6630
Reviewed By: roopa
Testing Done: unit tested
We still run ethtool on most interfaces even if we don't have defaults to use.
The last bug I fixed (CM-6557) should have also fixed that (even if it was specific to
ifquery).
We now check if there is a configured attribute and if there is a default
value. If we do not have both, we continue without calling ethtool to get the running value.
ifupdown2 creates overrides vxrd's config when either (or both) the vxrd-src-ip and vxrd-svcnode-ip appear under the loopback interface's configuration.
Example
address 12.0.0.4/32
vxrd-src-ip 12.0.0.4
vxrd-svcnode-ip 99.99.99.9
Sam Tannous [Thu, 2 Jul 2015 21:14:24 +0000 (17:14 -0400)]
Running ifquery --running -a will truncate the pvid number to a single digit
Ticket: CM-6284
Reviewed By: roopa
Testing Done: unit tested change
Running ifquery --running -a will truncate the pvid number to a single digit for the bridge.
This patch appendis the entire pvid instead of only the first character.
Sam Tannous [Thu, 2 Jul 2015 19:59:34 +0000 (15:59 -0400)]
ifquery --running should not show link attributes on logical interfaces
Ticket: CM-6557
Reviewed By: roopa, gospo
Testing Done: unit tested
ifquery should not show link attributes for interfaces we do not have defaults for.
Although somewhat useful, we don't want people saving the bond link attributes
to try to use then in a config
Sam Tannous [Tue, 30 Jun 2015 17:47:08 +0000 (13:47 -0400)]
ifreload causes unnecessary dhcp restart for eth0
Ticket: CM-5730
Reviewed By: roopa
Testing Done: tested change on Sean and Jason's lab setup
The dhcp restart on all interfaces using dhcp causes a reconnection
for NTP and in addition, a recent addition of rack management packages
(CM-5782) added ntp and a exit-hook script that also interrupted NTP
for a second time. This patch will check for dhclient running (IPv4 and IPv6)
and not restart dhcp if it's already running.
Sam Tannous [Wed, 24 Jun 2015 15:39:56 +0000 (11:39 -0400)]
ifupdown2 should not allow IP address command under vlan aware bridge stanza
Ticket: CM-6106
Reviewed By: roopa,scotte
Testing Done: ran ifupdown2 regression suite and hand tested
This patch prevents IP address assignment under vlan aware bridges.
This prevents some confusion because a bridge subinterface is required
for layer 3 termination.
Roopa Prabhu [Mon, 22 Jun 2015 00:37:27 +0000 (17:37 -0700)]
skip adding filtered or blacklisted interfaces in the dependency graph
Ticket:
Reviewed By: CCR-3043
Testing Done:
This was resulting in lower interfaces not being brought up at boot
when their upper-ifaces were not-marked auto. And this was because
the dependency graph continued to have the non-auto upper interfaces
and the whole tree was ignored by the scheduler.
This fix eliminates filtered interfaces from the dependency graph
to simplify the scheduler and also to avoid scheduler picking up
non-auto (or non-class interfaces).
testcase (Without this patch swp1 was skipped at boot)
iface swp1.100
Sam Tannous [Sat, 20 Jun 2015 01:27:49 +0000 (21:27 -0400)]
Eliminate confusing and unnecessary ethtool calls
Ticket: CM-6275
Reviewed By: roopa,dustin
Testing Done: Unit tested and ran complete ifupdown2 test suite
There are unnecessary calls to the ethtool module that cause some error messages to be printed.
We currently don't check ifaceobj.link_kind at the start
so this check was added.
If someone creates a new interface without setting link_kind, we still printed error message.
This patch adds a check at the start of ethtool.
This patch also removes the global link defaults (used by ifupdown2/ethtool)
created when update-ports is called. The defaults are created for each swp port
so we don't have defaults (and therefore will not attempt to set) for interfaces
like eth0, loopbacks, dummys, vxlans, or any other non swp interface.
Ticket: CM-3715
Reviewed By: CCR-3065
Testing Done: unit testing
Changes to proto down vxlan devices to avoid packet loops or duplicates before
clagd checks consistency and installs egress acl rules. When vxlan device is
brought up, check for presence of peer link and proto-down the device if peer
link exists.
- get_dependent_ifacenames is used to eliminate order dependency in specifying
peer link and vxlan configuration in /etc/network/interfaces.
- A separate script clagVxlanProtoDown is used to protodown vxlan devices if
peer link is configured separately (ifup peerlink) and vxlan devices are
already functional in the system.
Sam Tannous [Wed, 17 Jun 2015 00:58:15 +0000 (20:58 -0400)]
Enhance globbing in ifupdown2 to support breakout cables
Ticket: CM-5365
Reviewed By: roopa,dwalton
Testing Done: Ran regression suite and hand tested.
This patch extends the globbing support in ifupdown2
to handle two levels of square brackets so that breakout
cables can be handled (e.g. swp[2-7]s[0-3]). Also modified
the user's guide and the man pages.
Sam Tannous [Tue, 16 Jun 2015 21:15:57 +0000 (17:15 -0400)]
vxlan error 'str' object has no attribute 'append'
Ticket: CM-6329
Reviewed By: roopa
Testing Done: unit testing with vxlan configs
A bug iproute2.py creates an unnecessary warning
about appending the ageing value to a string.
This patch removes the append and simply sets the ageing value.
Sam Tannous [Wed, 20 May 2015 14:15:39 +0000 (10:15 -0400)]
Document exclude (-X) option in ifreload
Ticket: CM-5419
Reviewed By: Trivial
Testing Done: built ifupdown2 deb and tested on switch
This patch adds man page mention of undocumented (but working)
option to exclude interfaces from a reload (-X option)
(cherry picked from commit 0358905782a4c0290a967d6f730fdcb27f2af3d9)
Sam Tannous [Sun, 10 May 2015 19:42:47 +0000 (15:42 -0400)]
Add default link parameter support for ethtool module
Ticket: CM-5254
Reviewed By: roopa
Testing Done: tested master and 2.5_br images with testifupdown2 suite and hand tested
This patch creates a json defaults file upon bootup
(which can be overridden by customer configs in /etc)
which the ethtool module in ifupdown2 will consult
when "link-x" configs are removed in order to restore
them to the initial settings used by the switch.
(cherry picked from commit 8388664f5a5a85f2a813cafbf40ac92d7b86f4bf)
Sam Tannous [Thu, 5 Mar 2015 17:54:55 +0000 (12:54 -0500)]
Added ifupdown2 support for vxlan-ageing config
Ticket: CM-5105
Reviewed By: roopa
Testing Done: tested configs before and after change
We needed a configuration option to add vxlan-ageing to
ifupdown2 configs. This patch adds the option to change
the vxlan-ageing timer currently set with "ip link"
commands.
(cherry picked from commit 9832462c365bd2b900b98f5675d407d1b11c4a95)
bonding driver:
- renamed bond lacp-bypass-use-priority config option to
lacp-bypass-all-active with the default value of 0
- ignore clag role when lacp-bypass-all-active is enabled
- added info logging of lacp bypass state changes
iproute2:
- renamed bond lacp-bypass-use-priority config option
ifupdown:
- renamed bond lacp-bypass-use-priority config option
- added default value handling for lacp bypass attributes
switchd:
- macs learned on individual slaves are now sync to kernel with
the bond's ifindex. This eliminates flooding when cpu is
communicating to the host where the bond is in lacp bypass
- fixed bond forwarding state propagation to individual slaves in
bypass
Ticket: CM-5832
Reviewed By: CCR-2875
Testing Done: Tested with test case in the bug and other orders
kernel(upstream and us) does not seem to honor the vidinfo flags
during the deletes. Hence, this reordering becomes necessary.
tested with the example in the bug and also some other examples.
code wise this combines two existing methods but leaves the two existing methods
around for future use. Will remove them if they become completely
unnecessary.
Dont down an interface during ifreload just because the number of iface
sections for that interface changed
Ticket: CM-5841
Reviewed By:
Testing Done: tested ifreload with new iface section
<email_notes>
problem stmt:
if the user adds a new section for an existing interface, I mark the
interface for down.
Basically the below:
if len(newifaceobjlist) != len(lastifaceobjlist):
ifacedownlist.append(ifname)
continue
You rarely need to add a new section to the interfaces file. It is not
recommended even by the user guide.
sankaran was trying to add a new address. Which he could have added to
the same iface section.
But, looking at his trivial example, i am thinking of not marking an
interface for down if the user merely tried to add a new section to an
existing interface
</email_notes>
Jonathan Toppins [Tue, 21 Apr 2015 21:07:46 +0000 (14:07 -0700)]
ifupdown2: fixup maintainer scripts
Ticket: CM-5764
Reviewed By: TBA
Testing Done: of course none ;) Will update when I have some time to test
fupdown2's postinst and postrm scripts do not conform to Debian's policy
for maintainer scripts [1]. Specific non-conformance follows:
* fixed maintainer scripts so they only use /bin/sh as other shells are
non-essential packages and may not exist on the system
* fixed maintainer scripts so only actions specified by $1 are performed
per run of the script
* fixed maintainer scripts to only support specific values for $1, and
will otherwise exit with error
* included at the bottom of the postrm script the "#DEBHELPER#" tag as
during package building debianhelper will inject extra code at this
location
add new ifupdown2.conf option ifreload_down_changed to control ifreload
ifdown behaviour.
Ticket: CM-5819
Reviewed By: CCR-2846
Testing Done: tested ifreload evo test case
ifreload_down_changed is 0 by default which will make
sure ifreload will not execute down on changed interfaces
but only on deleted interfaces making it non-disruptive.
some notes from CCR:
ifreload was designed to be an optimization for 'service networking
restart' or 'ifdown -a + ifup -a'.
essentially it is a combination of 'ifdown + ifup' with some smarts in
which interfaces it will execute ifdown on.
By default it does the below:
ifdown all interfaces that were deleted from the interfaces file
ifdown all interfaces that were changed from the last time they were
ifup'ed
ifup -a (execute ifup on all interfaces marked auto)
Did not realize people will use ifreload as much as they do today. Also,
they may execute it on a production box when changes are made. ifdown on a production box can be
disruptive because if the ifdown which is part of the ifreload.
To have a non-disruptive option to ifreload, 2.5 added a new option -c
that only executed 'ifup' on all interfaces. Thus reloading all auto +
any other interfaces that were once brought up on the box (essentially
all interfaces present in the saved state file). This by default did not
do anything to the interfaces that got deleted from the file. But had an
ifupdown2.conf toggle to do so.
Looking at the evo use case, they do want to use a single command that
modifies, adds, deletes with
minimum disruption. we can achieve maybe what they want with multiple
commands (But there is also a case of a bug in the build evo is running
which makes it not so easy ).
This patch fixes the bug and also tries to change the default ifreload
behaviour controllable via a variable in ifupdown2.conf.
when ifreload_down_changed=0 in ifupdown2.conf, ifreload will only
ifdown interfaces that were deleted
from the file but not the ones that changed. subsequent ifup as part of
ifreload on the interfaces
that changed will apply the delta. And ifreload_down_changed default
value is '0'.
WIth the patch, ifreload by default will do the below (going back to the
previous default is just a toggle in the ifupdown.conf file):
ifdown all interfaces that were deleted from the interfaces file
ifup -a (execute ifup on all interfaces marked auto)
It sounds like a big change of behaviour for a hotfix release, but
essentially the patch just moves a few things around. And the change in
behaviour is so subtle that it is not very visible.
It just makes it non-disruptive.
(cherry picked from commit 2f7977834d4912a69159d27e54ba201f58a321d8)
Sam Tannous [Fri, 24 Apr 2015 00:19:22 +0000 (20:19 -0400)]
ifupdown2 loses interfaces on second down of swp port
Ticket: CM-5693
Reviewed By: roopa
Testing Done: tested bridge and bonds with interfaces with configs
Both bridge and mstpctl modules set priv_flags on interfaces
that have configs (like link-speed) even when used as bridge-ports.
And this collision causes statemanager.ifaceobj_sync() to never get called
because ifaceobj.priv_flags is 1 (we return immediately):
The fix was to create a new iface module_flags array to carry module info.
Jonathan Toppins [Mon, 20 Apr 2015 20:41:05 +0000 (13:41 -0700)]
ifupdown2: fixup maintainer scripts to not crash on files not existing
Ticket: CM-5735
Reviewed By: no one
Testing Done: lots of repo upgrade testing by John B.
This partially reverts commit 8959e8e4ec93487228733b17ef2b220ed47c1260 ("Fix
bash completion for sudo users (mostly cosmetic)") in the sections where
the Debian maintainer scripts were modified.
In addition fixed up the Debian maintainer scripts to prevent a
potential upgrade failure, discussion follows:
The Cause For the upgrade Failure
=================================
Commit 8959e8e4ec93487228733b17ef2b220ed47c1260 introduced changes to
ifupdown2's package maintainer scripts to override some files provided
by the bridge-utils and udev packages as they conflict with ifupdown2.
The change to ifupdown2's postrm script is currently causing the script
to exit with a failure code if the following files do not exist on the
box:
/etc/udev/rules.d/80-networking.rules
/etc/udev/rules.d/60-bridge-network-interface.rules
The reason for this is in how the script is written.
Since the postrm script is configured to exit on the first command
failure, the "set -e" on line 3, the commands on lines 20 and 22 will
fail if the files being looked for do not exist, causing the script to
exit with a non-zero exit code. Causing apt to fail the upgrade.
The solution requires having the newer version of the ifupdown2 package
provide a preinst script that gets run before the older package's postrm
script is run[1,2]. This gives us the opportunity to quietly fix the
problem. We also fix the postrm script in newer versions of the package
so it cannot bomb out in this way.
Replaced vxlan-peernodeip attribute with vxlan-remoteip. Updated
the vxlan and iproute2 modules to configure head end replication
using bridge fdb commands.
Dont follow dependents during down of interfaces as part of ifreload
Ticket: CM-5571
Reviewed By:
Testing Done: tested ifreload with example in the bug
ifdown of the bridge svi was following the lowerdev and downing the
bridge. kernel implicitly deletes all svi's on bridge down.
ifup of the bridge usually handles it, but a change done in 2.5.1
was causing it not to. Thinking about this some more, its safe
to not follow dependents on down during a ifreload. This patch does
just that.
MTU settings are defaulted 1500 when interface is ifdowned.
This has the effect of changing the MTU on the interface and any subinterfaces to
1500. And if these subinterfaces are in a bridge, the bridge will pick the MIN MTU
so the bridge keeps this MTU even after the interface is brought back up. The sub
interface does not change to a higher value then 1500 (kernel VLAN driver only
moves the MTU is the decreasing direction.
1. Earlier various clag components where using link admin state for enforcing
proto_down. With the introduction of a seperate proto_down state this is no
longer needed. Now on clag bond "proto_down" the bond and its slaves are
explicitly placed in a proto_down state. This carrier downs the slaves and
oper-downs the clag-bond. Change has been done in clagd, clag-monit script and
bonding driver.
2. Earlier misc tricks where needed in ifupdown2 to prevent slave state changes
for clag bond outside of clagd. These tricks are no longer needed and have been
reverted to keep ifupdown2 handling simple/consistent. This change basically
reverts #6985e1a376b538fbfa2346ef657427ae7e8f117a.
Roopa Prabhu [Tue, 10 Feb 2015 19:17:00 +0000 (11:17 -0800)]
Check for zero address on bridge ports before enslaving it to the bridge
Ticket: CM-4859, CM-4382
Reviewed By:
Testing Done: Tested with config which included bond bridge ports with
zero address on the bond.
The bridge driver rejects the port add with -EINVAL.
A bond with no slaves is one usecase where the bond interface
has a zero hw address and is rejected by the bridge.
EINVAL currently is very confusing.
This patch checks for a valid ether add before enslaving the port to the
bridge.
anuradhak [Mon, 2 Feb 2015 17:54:53 +0000 (09:54 -0800)]
Move clag_enable setting to ifupdown2 ifenslave.
Ticket: CM-4802
Reviewed By:
Testing Done: yes
1. clag_enable needs to be set before slaves are added to the bond. Otherwise
bonding driver will bring the slaves up independent of clagd.
2. also added post_down clagd addon to cleanup the clag-id on ifdown.
1. For clag bonds the slaves are kept down under various conditions (when clagd
is holding the bond in an errDisabled state). ifupdown2 should not set the slave
states for clag bonds.
2. Bonding driver sets the slave states on enslave and release (also for
non-clag bonds) so ifupdown2 doesn't need to set the slave state.
On tunnel delete, tunnel termination object in BCM sdk is not cleaned properly.
As a result, mpls_entry in the hardware is left around even though software has
deleted the tunnel. This prevents subsequent dynamic creation of the same tunnel
and also mac learning, as mpls_entry points to invalid SVP with no CML setting
to do hardware learning.
Also, changes in ifupdown2 to make "vxlan-learning on" as default, so that
user/script doesn't have to explicitly turn on the learning.