Julien Fortin [Wed, 18 Mar 2020 03:17:18 +0000 (04:17 +0100)]
addons: mstpctl: check mstpctl-stp and bridge-stp and fix bridge cache update
When an stp is enabled on an existing bridge mstpctl attributes are not always
configured by ifreload. This is due to a timing issue (cache) and some issue in
the mstpctl addon.
- Cache: when changing an existing bridge (done via netlink) we wait for the
kernel ack but we don't update our current cache with the new bridge attributes
This is bad because it means that the bridge cache data are stale until we
receive the notification from the kernel.
- Mstp addon: mstpctl-stp was deprecated in favor of bridge-stp, but in some
place, the mstpctl.py code checks for mstpctl-stp but not for bridge-stp. This
commit fixes the area related to this issue but this should be revisited in
a later commit
seems like when updating a method, it's associated dry-run method wasn't
updated accordingly. Maybe there is a way to programmatically check that
I will look into it.
warning: bridge: skipping port X invalid ether addr
warning: interface not recognized - please check interface configuration
Won't show on dry-run anymore
Log info for commands executed with utils.exec_command() weren't prefixed with
DRY-RUN.
Julien Fortin [Wed, 4 Mar 2020 15:16:30 +0000 (16:16 +0100)]
Merge branch 'master' into master-next
* master:
addons: ethtool: add support for "ethtool_ignore_errors" policy
LinkUtils: mac_str_to_int: fix string to int conversion
addons: dhcp: if mgmt vrf context exec dhclient in default vrf
Sven Auhagen [Mon, 3 Feb 2020 13:23:44 +0000 (14:23 +0100)]
This patch fixes the XFRM addon for ifupdown2 version 2.
The nlpacket for XFRM had a bug, I also changed iproute2 to add
the XFRM interface to the local cache after creation.
Since XFRM has no IFLA_LINKINFO I made the argument optional.
Otherwise no further operation will be done like adding an IP.
I also removed an unecessary variable in the addon.
Signed-off-by: Sven Auhagen <sven.auhagen@voleatech,de>
Julien Fortin [Tue, 21 Jan 2020 08:20:41 +0000 (09:20 +0100)]
addons: ethtool: add support for "ethtool_ignore_errors" policy
The goal of this policy is to ignore ethtool related errors, this is
useful for specific scenario like VMs.
This policy is off by default. To turn it on simply set:
ifupdownmain: detect interfaces no longer configured but pick up by regexes
This patch will detect interfaces that were removed from /etc/network/interfaces
but still got pick up by a regex (i.e. bridge-port vni*) and manually remove
those interfaces from internal data-structures (i.e. dependency graph).
The bridge-ports-condone-regex option can be used to tell ifupdown2 to let
some bridge member ports alone and do not remove them on ifreload runs.
This might come in handy when running a KVM (or any other virtualization
system) host with a bridged network setup.
Before this option, ifupdown2 would either complain about not existing
member ports when setting up the bridge (if all VM interfaces were to
be specified in /etc/network/interfaces) or remove any VM interface
from a bridge if it was not specified in /e/n/i.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com> Co-authored-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Julien Fortin [Wed, 29 May 2019 06:16:05 +0000 (14:16 +0800)]
policymanager: merge module policy instead of overriding duplicates
When module policies are split up in seperate files ifupdown2 doesn't merge
them together but simply overrides duplicates. This pathc fixes the issue
and merge the related policies together.
Fix error message on ifquery when sysctl bridge-stp-user-space
This fix this kind of error:
error: bond0: cmd '/sbin/sysctl net.bridge.bridge-stp-user-space' failed: returned 255 (sysctl: cannot stat /proc/sys/net/bridge/bridge-stp-user-space: No such file or directory
)
error: fwpr103p0: cmd '/sbin/sysctl net.bridge.bridge-stp-user-space' failed: returned 255 (sysctl: cannot stat /proc/sys/net/bridge/bridge-stp-user-space: No such file or directory
)
addons: batman_adv: Add support to set B.A.T.M.A.N. advanced routing_algo
Add a new attribute for B.A.T.M.A.N. advanced interfaces to control the
B.A.T.M.A.N. advanced routing algorithm to be used when setting up new
interfaces. As the routing algorithm must be set before an interface is
created, it needs special handling and can't be implemented as a common
attribute. D'oh.
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic> Tested-by: Annika Wickert <aw@awlnx.space>
Julien Fortin [Fri, 22 Mar 2019 07:35:18 +0000 (15:35 +0800)]
addons: bridge: down: when ifreload_down_changed=1: purge bridge and upper devices cache
On ifreload (down ops) we need to purge the cache entry of the bridge and its upper devices
to avoid stale values in our cache.
ifup this config, then remove bridge-vids 20, ifreload: since the bridge is removed because
of ifreload_down_changed=1, we need torecreate the vlan bridge.10 and it's configuration, the
cache is stale. We need to clear it to remove the ip 10.10.10.10/32.
Quentin Young [Tue, 19 Mar 2019 17:26:45 +0000 (17:26 +0000)]
addons: addressvirtual: vrrp: protodown new macvlans
New VRRP macvlan devices should be set into protodown when first
created, to prevent ND traffic and other automatically generated kernel
traffic from being transmitted on the interface and causing downstream
MAC moves.
Julien Fortin [Thu, 31 Jan 2019 07:22:09 +0000 (15:22 +0800)]
.gitignore: pycharm remote execution update
To work on ifupdown2 i'm using Pycharm on macOS. ifupdown2 runs in a
debian VM. To use Pycharm remote execution capabilities, we need several
symlinks (one per command). Git needs to ignore those symlinks :)
Julien Fortin [Wed, 27 Feb 2019 21:40:55 +0000 (22:40 +0100)]
addons: addressvirtual: vrrp: remove macvlan device when all ipvX addrs are removed
For each VRRP configuration we create 2 macvlans (ip4 and ip6), if the ip4
is removed from the config we need to remove the associated macvlan (same
for ip6).
Testing Done: remove all ip4 (or ip6) from vrr attribute line
Julien Fortin [Tue, 26 Feb 2019 23:11:36 +0000 (00:11 +0100)]
addons: bridge: add new policy vxlan_bridge_igmp_snooping_enable_port_mcrouter
if igmp snooping is enabled on a vxlan bridge and if the
vxlan_bridge_igmp_snooping_enable_port_mcrouter is turned on, ifupdown2
will automatically enable multicast router on the vxlan brport unless
this attribute was provided by the user. The policy is enabled by default.
The policy can be disabled as follow:
{
"bridge": {
"module_globals": {
"vxlan_bridge_igmp_snooping_enable_port_mcrouter": "no"
}
}
}
auto br0
iface br0
bridge-ports vx42
bridge-mcsnoop yes
auto vx42
iface vx42
vxlan-id 42
$ ifreload -ad
will show that the config is applied