default addr fix for vrf check is deleting lo addrs accidentally
info: rtnetlink: setting link lo up
info: executing ip addr del ::1/128 dev lo
info: executing ip addr del 127.0.0.1/8 dev lo
info: eth0: running ops ...
Without this patch a bridge port could enslave itself to the bridge
when it finds that the bridge is around. This is a required feature
for vlan filtering bridge because vlan filtering bridge port attributes
are specified under the bridge port and the bridge port needs the power
to enslave to the bridge and apply bridge port attrs.
For the non-vlan filtering bridge, a few bridge port combinations are
not allowed by default (eg, mixing different vlans under the same bridge).
The bridge has the understanding of which ports are allowed. so only it
should have the power to enslave bridge ports. This patch enforces that
power. With this patch the sequence of deleting and enslaving bridge
ports is done at the bridge with deletes followed by adds.
example verbose snippent from ifreload output:
ip -force -batch - [link set dev swp49s0 nomaster
link set dev swp49s1 nomaster
link set dev swp49s0.300 master Oldbr
addr flush dev swp49s0.300
link set dev sidelink.300 master Oldbr
addr flush dev sidelink.300
link set dev swp49s1.300 master Oldbr
addr flush dev swp49s1.300
link set dev swp4 master Oldbr
addr flush dev swp4]
Ticket: CM-10188, CM-10061
Reviewed By: dsa, nikhil, julien
Testing Done: Tested static routes with vrf names for tables
This patch does the following:
- if a single vrf device is present in the config,
builds the vrf map by reading vrf interfaces from the kernel (with
existing link cache. Builds a shadow vrf only attribute cache)
- reads existing table map and adjusts it if required
- main change is the iproute2 map file on disk is updated
immediately on vrf creation, so that static routes used along with the
vrf slaves can use the vrf name for the table. This also helps dhclient dns
hook script which may use mgmt table name directly.
- cleans up default routes on down
This patch fixes a few things:
- kill existing ssh clients on enslavement change for mgmt vrf (original patch by NikhilG)
- bring vrf master up first during vrf slave enslavement if
master does not exist. This was originally done only for
vrf dhcp slaves. With this patch we do it for all vrf slaves.
needed for static routes on vrf slaves (CM-10188).
- cleanup: reorganize code and a few cleanups and corner case handling
Roopa Prabhu [Wed, 30 Mar 2016 18:54:58 +0000 (11:54 -0700)]
ifupdownmain: redo shared dependent checks
Ticket: CM-10027
Reviewed By: julien, nikhil
Testing Done: Tested with an interfaces file with shared dependents
In the process of fixing this saw a few more issues with link kind
handing. Its better to separate kind from interface private flags
like bond slave and bridge port. this patch cleans up all that handling.
Example errors:
error: misconfig..? swp5.2 vrfslave is enslaved to multiple interfaces
['vrf1012', 'br2']
error: misconfig..? swp5.2 bridgeport is enslaved to multiple
interfaces ['vrf1012', 'br2']
This patch fixes inappropriate ifquery fails.
This patch also include a review comment update for addressvirtual.py
[CCR-4310], ticket: [CM-8658] Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Roopa Prabhu [Fri, 25 Mar 2016 04:59:54 +0000 (21:59 -0700)]
addons: vrf: more ordering fixes for management vrf and dhcp vrf slaves
fixes the following:
- if the vrf slave had a master but is no longer a slave
according to ifaceobj, look at running state and
undo vrf enslavement
- add support to cl-vrf service disable <vrf>
***initial version ***
SSH clients will be closed to avoid the connection hang
when management VRF is enabled or disabled using a login through eth0 Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
Roopa Prabhu [Thu, 24 Mar 2016 05:24:30 +0000 (22:24 -0700)]
scheduler: do not propagate upperiface bring up error state
Ticket: CM-10016
Reviewed By:
Testing Done: Tested with the upperiface bring up case described in
CM-10016
upperiface bringup is best effort and does not imply that the current
interface bring up has an error. It only means that the upperiface may
be in an incomplete state. Hence this patch resets scheduler error state
before returning from upperiface bringup.
Roopa Prabhu [Wed, 23 Mar 2016 07:08:34 +0000 (00:08 -0700)]
addons: vrf: multiple fixes to vrf enslavement and auto handling
Ticket: CM-10005
Reviewed By:
Testing Done: Tested boot and ifreload after changes
- fix access to addr_method on an object which had no
address method defined. This was a recently introduced
regression that caused vrf enslavement to end per-matuarely.
- few fixes around vrf_table conversion between string
and integer
Right now, ifquery -r shows link speed, duplex and autoneg current running values.
This patch changes the behavior to not show link attributes unless they
differ then the defaults for that interface.
This patch fixes a few corner cases:
- release dhcp on all new enslavement or change of enslavement
- fix a NoneType error on ifreload when a vrf enslavement was removed
- handle a corner case with auto table ids
Roopa Prabhu [Fri, 18 Mar 2016 18:27:42 +0000 (11:27 -0700)]
ifupdownmain: scheduler: propagate sched error on interfaces to upper layers
Ticket: CM-7168
Reviewed By: julien, nikhil, stannous
Testing Done: Tested with errors in interfaces file
This patch changes a few errors to warns. and propagates errors
on ifaceobjects to upperlayers.
- any exception passed to upper layers (/sbin/ifupdown) results in
exit code of 1
- It uses a global SCHED flag to flag a scheduler error (maybe there is
a better way). But traversing all the interfaces again to check status
is an overkill
algo:
- when a vrf slave enslavement changes, before performing the
new master enslavement,
- check if vrf slave has dhcp configured
- if yes, release dhclient running on the vrf slave
Roopa Prabhu [Thu, 17 Mar 2016 16:07:53 +0000 (09:07 -0700)]
addons: vrf: handle auto table ids for dhcp slaves
Ticket: CM-9921
Reviewed By: trivial
Testing Done: Tested with table id auto for management vrf
I have recently added special handling for vrf slaves with dhcp.
And missed handling of vrf-table auto for such slaves.
This patch fixes auto when bringing up vrf masters for dhcp vrf
slaves
Roopa Prabhu [Thu, 17 Mar 2016 01:38:43 +0000 (18:38 -0700)]
ifupdownmain: squash multiple iface stanzas for the same interface by
default
Ticket:
Reviewed By: CCR-4268 (previous review)
Testing Done: Tested ifup/ifdown/ifreload/ifquery of multiple iface stanzas for
same interface
This patch is an extension to previous commit 99ce689411b.
The previous commit squashes both external (ifquery) and internal
(ifup/ifdown/ifreload) representation of multiple iface stanzas into
one and it is off by default.
What we really want is internal representation to be squashed by
default. To that effect this patch introduces a new config flag
ifaceobj_squash_internal to only squash internal representation which is
used by ifup/ifdown/ifreload. ifquery forces this flag to off so that
external representations remain unsquashed and user does not see any
difference. This flag is on by default.
User can still get a squashed external representation if he sets
ifaceobj_squash=1 in ifupdown2.conf
Roopa Prabhu [Tue, 15 Mar 2016 05:38:37 +0000 (22:38 -0700)]
addons: vrf: special handling for vrf slaves configured for dhcp
Ticket: CM-9868
Reviewed By: dsa, nikhil, julien
Testing Done: tested with vrf slaves with dhcp
Problem:
since vrf slaves are brought up before master, When vrf slaves are
configured for dhcp, the dhclient hook for vrf runs before the master is
up. This was seen with management vrf.
This solution is special logic to handle vrf slaves with
dhcp in the vrf addon module.
currently only supports interface declared with dhcp and
indicated as vrf slave. as in example below (dhcp and vrf must be in the
same iface stanza):
auto eth0
iface eth0 inet dhcp
vrf mgmt
changes to vrf module:
- make vrf module methods accept the ifaceobj lookup function, which is
already passed as argument to all methods from ifupdown scheduler
- during vrf slave bringup,
- if master does not exist and slave's address_method is dhcp
- lookup master object, and bring up the vrf master
- mark this master as processed so that the next time this vrf
module sees master it knows that it is already processed
(this is covered by the vrfPrivFlags)
This commit contains:
- few logic fixes in vrf-table auto handling code
- adds a new policy manager api to read module global
attributes like the below:
"module_globals": {"vrf_table-id-start" : 1001,
"vrf_table-id-end" : 5000,
"vrf-max-count" : 64 },
"vrf-cgroup-create" : "yes" },
- Accepts following new vrf attributes from policy files
Reverting commit because this does not do the right thing and also
prints 'NoneType' errors. We should not be changing anything for
running values. The ether check is only needed for configured values.
Julien Fortin [Fri, 11 Mar 2016 19:59:56 +0000 (20:59 +0100)]
Detect and ignore the `ether` keyword in /etc/network/interface
Upstream syntax : "hwaddress ether 01:02:03:04:05:06"
Our new syntax: "hwaddress [ether] 01:02:03:04:05:06"
If the user has not configured a link attribute,
we should not be checking it against the default config.
This will only confuse users into thinking link attributes
were configured.
Modifications to the ethtool.py addon module
to check of configs exist before checking them.
root@debian:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback
alias foo_bar
root@debian:~# ip link show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
alias foo_bar
root@debian:~# ifdown -v lo
info: loading builtin modules from /usr/share/ifupdown2/addons
info: module ethtool not loaded (module init failed: no /sbin/ethtool found)
info: module ethtool not loaded (module init failed: no /sbin/ethtool found)
info: looking for user scripts under /etc/network
info: loading scripts under /etc/network/if-pre-up.d ...
info: loading scripts under /etc/network/if-up.d ...
info: loading scripts under /etc/network/if-post-up.d ...
info: loading scripts under /etc/network/if-pre-down.d ...
info: loading scripts under /etc/network/if-down.d ...
info: loading scripts under /etc/network/if-post-down.d ...
info: lo: running ops ...
info: rtnetlink: setting link lo down
info: executing ip -o addr show dev lo
info: Executing echo "" > /sys/class/net/lo/ifalias
info: Executing /etc/network/if-down.d/avahi-autoipd
info: Executing /etc/network/if-down.d/upstart
info: Executing /etc/network/if-down.d/wpasupplicant
info: Executing /etc/network/if-post-down.d/wireless-tools
info: Executing /etc/network/if-post-down.d/avahi-daemon
info: Executing /etc/network/if-post-down.d/wpasupplicant
root@debian:~# ip link show lo
1: lo: <LOOPBACK> mtu 65536 qdisc noqueue state DOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
root@debian:~# ifup -v lo
info: loading builtin modules from /usr/share/ifupdown2/addons
info: module ethtool not loaded (module init failed: no /sbin/ethtool found)
info: module ethtool not loaded (module init failed: no /sbin/ethtool found)
info: looking for user scripts under /etc/network
info: loading scripts under /etc/network/if-pre-up.d ...
info: loading scripts under /etc/network/if-up.d ...
info: loading scripts under /etc/network/if-post-up.d ...
info: loading scripts under /etc/network/if-pre-down.d ...
info: loading scripts under /etc/network/if-down.d ...
info: loading scripts under /etc/network/if-post-down.d ...
info: processing interfaces file /etc/network/interfaces
info: lo: running ops ...
info: Executing /etc/network/if-pre-up.d/wireless-tools
info: Executing /etc/network/if-pre-up.d/wpasupplicant
info: rtnetlink: setting link lo up
info: executing ip -o addr show dev lo
info: executing ip link set dev lo alias foo_bar
info: Executing /etc/network/if-up.d/mountnfs
info: Executing /etc/network/if-up.d/avahi-autoipd
info: Executing /etc/network/if-up.d/openssh-server
info: Executing /etc/network/if-up.d/upstart
info: Executing /etc/network/if-up.d/avahi-daemon
info: Executing /etc/network/if-up.d/wpasupplicant
root@debian:~# ip link show lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
alias foo_bar
Roopa Prabhu [Wed, 9 Mar 2016 04:40:02 +0000 (20:40 -0800)]
ifupdownmain: squash multiple iface stanzas for the same interface
Ticket:
Reviewed By: CCR-4268
Testing Done: Tested squashing of interfaces with multiple iface stanzas
This is controlled by ifaceobj_squash config variable in
/etc/network/ifupdown2/ifupdown2.conf.
With ifaceobj_squash=1, ifquery and all commands will
output squashed interfaces.
$cat /etc/network/interfaces
auto swp3
iface swp3
mtu 9000
auto swp3
iface swp3 inet static
address 10.0.17.3/24
auto swp3
iface swp3 inet static
address 10.0.18.3/24
address 2000:1000:1000:1000:3::5/128
$ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto swp3
iface swp3
mtu 9000
address 10.0.17.3/24
address 10.0.18.3/24
address 2000:1000:1000:1000:3::5/128
When and why do we need this ?
- If we preserve multiple ifaceobjects for the same iface,
it gets tricky in some cases to set default policy
values because the addon module run methods are called
on each ifaceobject.
- Each ifaceobject belonging to the same interface
is treated as a separate interface. It is difficult
to remember things accross addon module run methods
- we have a few hacks in place which we would like to
get rid of
Why not turn it on by default ?
- still debating about it. Dont want to break existing
scripts with change of output. Will get some feedback before
I switch the default to squash.
Roopa Prabhu [Tue, 8 Mar 2016 16:12:33 +0000 (08:12 -0800)]
ifreload: catch errors on dependency graph generation from saved state and proceed
We dont need to fail on saved state dependency graph generation errors.
Also dont check for shared dependents during dependency graph generation
on saved state (optimization)
Roopa Prabhu [Fri, 4 Mar 2016 05:29:53 +0000 (21:29 -0800)]
start-networking: bring back support for SKIP_DOWN_AT_SYSRESET in /etc/default/networking
Ticket: CM-9668
Reviewed By: daveO, roopa (patch by daveO)
Testing Done: Tested reboot/shutdown and made sure network
unconfiguration was not getting triggered
This is controlled by a variable SKIP_DOWN_AT_SYSRESET="yes"
(defaults to yes). Should probably default to 'no' for upstream.
Roopa Prabhu [Fri, 4 Mar 2016 00:39:59 +0000 (16:39 -0800)]
addons: bond: replace bond-ad-sys-priority and bond-ad-sys-mac-addr with equivalent upstream attributes
Ticket: CM-9677
Reviewed By: nikhil
Testing Done: Tested with bond config file in CM-9677
This patch replaces the following attributes:
bond-ad-sys-priority with bond-ad-actor-sys-prio
bond-ad-sys-mac-addr with bond-ad-actor-system
The new attributes correspond to the new sysfs files below:
/sys/class/net/sidelink/bonding/ad_actor_sys_prio
/sys/class/net/sidelink/bonding/ad_actor_system
Old values will be accepted with a deprecated warning:
warning: attribute bond-ad-sys-priority is deprecated. Use bond-ad-actor-sys-prio instead
warning: attribute bond-ad-sys-mac-addr is deprecated. Use bond-ad-actor-system instead
Dave Olson [Wed, 2 Mar 2016 01:07:39 +0000 (17:07 -0800)]
Don't timeout networking start
Ticket: CM-9216
Reviewed By: roopa
Testing Done: installed, verified that even with long sleeps, no timeout
After much discussion with Roopa, Wilson, Anuradha, Mallik, and Scott,
we decided we would go back to the 2.5 behavior of not timeing out
on networking startup. See the bug for some of the discussion.
This needs clagd changes to not hang forever if clag is to be restarted.
Since this is a oneshot service, the default is to not timeout, so
simply remove the TimeoutSec variable to get the default of no timeout.
Roopa Prabhu [Wed, 2 Mar 2016 06:42:44 +0000 (22:42 -0800)]
ifupdownaddons: fix parsing of vlan attributes
Ticket: CM-8729
Reviewed By: trivial
Testing Done: Tested with a config with vlan-raw-device
'ip -o -d link show' introduced a new attribute between
'vlan and id'. This makes the move to json or netlink
even more necessary.
The fixes were done for the following format:
61: vlan100@swp1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT group default \ link/ether
00:e0:ec:27:4e:b7 brd ff:ff:ff:ff:ff:ff promiscuity 0 \ vlan protocol
802.1Q id 100 <REORDER_HDR> addrgenmode eui64
Roopa Prabhu [Tue, 1 Mar 2016 06:23:24 +0000 (22:23 -0800)]
ifupdownmain: handle more than one upperifaces
Ticket: CM-9595
Reviewed By:
Testing Done: tested with failing vrf config in CM-9595
due to same upperiface getting processed more than once,
there was an unnecessary refcount inc on the lowerdevice.
This patch aborts processing upperiface if already
processed and also adds a new debug function to
dump lower and uppper ifaces of all interfaces in the
file.
Nikhil [Tue, 1 Mar 2016 01:32:23 +0000 (17:32 -0800)]
addons: vrf: Ensures fib rule for local table have higher pref than fib vrf rule
Ticket: CM-9541
Reviewed By: Roopa Prabhu
Testing Done: Yes, by installing ifupdown2 deb onto cel-e1031-01
This patch checks if fib rule for local table have higher pref
than vrf table, if not, it deletes fib rule for local table
with lower pref and adds fib rule for local table with
higher pref than vrf table.
This patch also avoid repeated addition of vrf rules on each ifup
Roopa Prabhu [Mon, 29 Feb 2016 23:31:52 +0000 (15:31 -0800)]
start-networking: introduce state lock file /run/network/ifstatelock in
non-persistant storage
This is a reimport of missing peices of commit f819c3602e56 in 2.5cl ifupdown2.
commit log from 2.5cl:
Introduce a lock file in non-persistent storage
/run/network/ifstatelock to make sure the state
file in persistent storage is cleaned up correctly
ifupdown2 state file was moved to /var/tmp because /var/tmp was
tmpfs and was large enough (100MB) for the state file. But it
appears it has changed (or is not consistent) across all platforms.
We can move it under /run, but /run again size varies on various
platforms and it is too small on some platforms.
This patch:
- continues to keep the ifupdown2 state file under /var/tmp (because
it needs the space)
- ntroduces a second level /run/network/ifstatelock file that stays
on non-persistant storage and is used to delete the state file at
/boot up
Roopa Prabhu [Fri, 26 Feb 2016 14:32:28 +0000 (06:32 -0800)]
vrf: handle slaves when vrf device is brought up
The vrf device may not be up when ifup is executed on the
slaves. This commit makes sure:
- vrf slaves dont try to enslave themselves when vrf device is
not present
- And vrf master enslaves any missing slaves during ifup of vrf master
- Also make vrf device the link master, this will make sure
the vrf device brings the vrf slave links up. This is needed to work
around the ipv6 address flush issue
Roopa Prabhu [Fri, 26 Feb 2016 07:55:27 +0000 (23:55 -0800)]
ifupdownmain: add support for getting and introducing upperiface dependencies
This patch adds a new upperiface module handler get_upper_ifacenames
to get upperifaces from a addon module. This is called during building
dependency graph.
if user changes swp15.100 to another interface and does a ifreload,
before this patch swp15.100 used to be around. This patch makes sure
swp15.100 is deleted in the process
I had to do some cleanup of flags in the process. I might have added
some extra cycles to ifreload. But i dont see an easy way to handle this
case.
Use "remote" attribute in iproute2 command to provision
service node address for service node based replication. Changes also
include allowing only one service node per vxlan device, so its user's
responsiblity to select one service node per vxlan device if there
are multiple nodes to distribute the load.
Currently, when doing ifup of a bridge, the bridge is created
and ports are added to bridge before vlan_filtering is set on
the bridge. This causes extra churn on switchd which has to
configure the hardware one way and then tear it down and
reconfigure it again in the new way. For mlx, it causes even
more problems.
This patch moves the vlan_filtering setting of bridge to before
member ports are being added to the bridge, and it uses the new
iproute2 command for setting the attribute instead of through
sysfs.
The install file resulted in creating /etc/default/networking/ as a
directory and installing the networking.default file in it. Rename
networking.default to networking, and change the install file.
Normally dh_installinit handles all this, but since the package is
ifupdown2, and the file is networking, that doesn't happen.
Also, because we had created a directory with the name of what we want
to install as a file, we need to remove it if it exists. This addition
of a preinst file should not go upstream, and should be removed in a few
weeks when everybody has re-installed enough.
In 3.0, the bridge vlan show command does not print
VLAN ranges unless you use the "-c" option.
This patch modifies the bridge vlan show call in
iproute2.py to use "-c".
Ticket: CM-9078
Reviewed By: CCR-4110
Testing Done: clag bond add/del and clag slave add/del
This change basically does the following -
1. Proto-down swpX pre-clag-bond-enslave
2. Proto-up swpX post-clag-bond-release
Setting/clearing of clag-id will result in similar proto-state changes
and those are handled by clagd.
Note:
I really wanted to keep these changes out of ifupdown2 but the
order of setting is critical i.e. protodown has to happen enslave to
prevent additional flaps/STP TCNs. Theoretically #2 can be done by clagd
but there is no easy way to do #1.
For now disable old LACP bypass options so that ifreload does
not give errors, as the corresponding sysfs nodes do not exist in
the latest 4.1.y kernel.
Dave Olson [Mon, 8 Feb 2016 20:41:41 +0000 (12:41 -0800)]
Remove /etc/init.d/networking after all - causes loops during image builds
Ticket: none
Reviewed By: trivial
Testing Done: installed, Alex tried for image creations.
apparently with some of our packages like mstpd still using init.d for a
while longer, just having the init.d/networking file causes the original
complaints about loops between services.
So I'm purging it completely.
Also clean up the comments a bit in start-networking
Scott Emery [Mon, 8 Feb 2016 20:47:08 +0000 (12:47 -0800)]
ifupdown2: After loading bonding driver, continue to create bond
Ticket: CM-9182
Reviewed By: Trivial
Testing Done: ifup'd bond when bonding module was not yet loaded.
The bond support in ifupdown2 would check to see if the bonding module is
loaded when creating a bond. If it was not it would load the driver and return.
The correct operation is to load the driver and then continue to create the
bond.
Scott Emery [Thu, 4 Feb 2016 00:38:18 +0000 (16:38 -0800)]
ifupdown2: Modify implementation of nowait option
Ticket: None
Reviewed By: CCR-4058
Testing Done: ifup'd interface with both dhcp-wait: "no" and dhcp-wait: "yes"
and not specified at all.
A previous patch implemented the nowait option for DHCP. This patch changes the
name of the option to "dhcp-wait" and makes the default, if nothing is specified
in the policy files, to be "yes", which means dhclient will be called without
the "-nw" option, causing it to wait for up to a minute for a response from the
DHCP server before continuing.
The format of the JSON in the policy file for this option was also changed so
that it conforms to the other ifupdown2 policy options. This format is now:
{
"dhcp": {
"defaults": { "dhcp-wait": "no" }
}
}
Also, the documented argument values are "yes" and "no". Any other values, will
be interpreted as "yes".
A subsequent patch in cl-basefiles will be made to include this fragment in
/var/lib/ifupdown2/policy.d/dhcp.json so that Cumulus Linux will default to
not waiting for DHCP to complete.
projects / mirror_ifupdown2.git / log