Nikhil [Mon, 23 May 2016 16:06:10 +0000 (09:06 -0700)]
addons: bridge: Fix for ifquery -c bridge pvid error to a valid config
Ticket: CM-8623
Reviewed By: Roopa Prabhu, Julien Fortin
Testing Done: yes, using the below mentioned config.
This patch fixes 'ifquery -c' error, bridge pvid error, which is an
unrelated error for the following valid config.
This patch also removes 'bridge-pvid', if configured, from 'bridge-vids' set.
In the below example, 510 is removed from the set bridge-vids 510-550.
The new bridge-vids set is 511-550.
auto swp1
iface swp1 inet6 dhcp
address 14.0.0.5/30
down ip addr flush dev swp1
auto Bridge1
iface Bridge1
address 0.0.0.0/0
down ip addr flush dev Bridge1
bridge-vlan-aware yes
bridge-ports swp1
bridge-pvid 510
bridge-vids 510-550
bridge-stp on
mstpctl-portnetwork swp1=yes
ifreload always deletes and adds back a host IP address
if that address is specified without a "/" and without a "netmask" config.
The problem is fixed so that _inet_address_convert_to_cidr() handles a missing
"/" and a missing "netmask" config. The host addresses is no longer added to a
list of addresses we will del/add. The patch was simply to add a case for the
missing "/" and a missing "netmask".
ifupdown2.TestMakoJson test was failing because the json values werent trimmed
Because of a trailing whitespace, a list of iface had an empty value, ifupdown2
was throwing an exception.
If called with close_fds=True the subprocess module will try to close every fd
from 3 to MAXFD before executing the specified command. This is done in Python
not even with a C-implementation which truly affecting performances.
This patch aims to better handle the file descriptor used by ifupdown2. Either
by closing them after use or by setting the close-on-exec flag for the file
descriptor, which causes the file descriptor to be automatically
(and atomically) closed when any of the exec-family functions succeed.
With the actual patch all tests are passing, I can't think of any future issue
but if any a possible future modification might be to use the parameter
'preexec_fn', which allows us to set function which will be executed in the
child process before executing the command line. We can always manually close
any remaining open file descriptors with something like:
>>> os.listdir('/proc/self/fd/')
['0', '1', '2', ‘3’, etc..]
>>> for fd in os.listdir('/proc/self/fd/')
>>> if int(fd) > 2:
>>> os.close(fd)
This patch is also totally re-organising the use of subprocesses. By removing
all subprocess code redundancy.
Roopa Prabhu [Sat, 14 May 2016 05:44:50 +0000 (22:44 -0700)]
addons: vrf: vrf_slave: up vrf dev only when all interfaces are being
brought up
Ticket: CM-10954, CM-10953
Reviewed By: julien
Testing Done: ran ifupdown2 smoke and vrf ifup/ifdown testing
- vrf master if not around is brought up when the first slave is brought up
by design (because we want the slaves to be
enslaved to a vrf master before addresses are configured).
and master is not brought up by first because interfaces
are brought up down to top in the dependency tree.
- This patch makes sure a slave brings up a vrf master only
when all interfaces are specified. When an individual interface
is brought up, skip master bring up and throw an error.
- Since the addon modules also need to use the ALL and WITH_DEPENDS
flags, this patch moves them to the existing global ifupdownflags
class
- vrf module uses the ifupdownflags.ALL flag to not bring up the master
when only the slave is being brought up
example:
ifup <vrf> # brings up the vrf device
ifup <vrf> --with-depends # brings up the vrf dev and
# its slaves
ifup <vrf_slave> # if vrf master is not around,
# an error is thrown
ifup <vrf_slave> --with-depends # will still not bring up the vrf master
ifdown <vrf> # deletes vrf dev and flushes the
# addresses on vrf slaves
ifup <vrf> # brings up vrf dev and does not
# up the adresses on the slaves
ifup <vrf> --with-depends # will bring up vrf and reapply config
# on slaves (including addresses)
Roopa Prabhu [Tue, 10 May 2016 01:48:52 +0000 (18:48 -0700)]
addons: address: force reapply addresses during dhcp to static trasition
Ticket: CM-10857
Reviewed By: julien, nikhil
Testing Done: Tested moving from a dhcp to static addr method for eth0
before the patch:
- when moving from dhcp to static address method, after releasing the dhcp
address, it takes a few seconds for the dhcp address to go away. When we
query addresses to configure, there is a chance that we may end up
getting the dhcp address for a few seconds. Which is ok until when the
static address to be configured is same as the dhcp address.
In which case we end up not configuring the static address because we
think it is already configured (per the running list).
After this patch:
- when moving from dhcp to static address method, we always re-apply the
address config avoiding the chance of not configuring an address due to a
dhcp address sticking around.
Roopa Prabhu [Mon, 9 May 2016 20:50:56 +0000 (13:50 -0700)]
addons: address: fix call to dhclient is_running
Ticket: CM-10857
Reviewed By: julien, nikhil
Testing Done: Tested moving from a static to dhcp addr method for eth0
the check to see if dhclient is running on an interface was failing.
which caused the following problem:
- interface when moved from dhcp to static addr_method was
not killing the existing dhcp process
- and a subsequent move from static to dhcp addr_method quit starting
dhcp because a dhclient process was already running
- but the original dhcp ip was already removed because of the
static address config which leaves eth0 in a weird state
After this patch:
- move from dhcp to static addr_method will release any
existing dhcp leases on an interface
- a subsequent move from static to dhcp will request a new
dhcp lease
Roopa Prabhu [Sun, 8 May 2016 02:32:23 +0000 (19:32 -0700)]
addons: mstpctl: call disable_ipv6 only if mstpctl_ports is specified
Ticket:
Reviewed By: trivial
Testing Done: tested sanity and bridge bringup and reload
bridge module already disables ipv6 on ports when bridge-ports is
specified. Making this change because i saw redundant calls to
disable_ipv6 on bridge ports by modules bridge and mstpctl
when bridge-ports is specified. It is slowing down ifreload
Roopa Prabhu [Sun, 8 May 2016 01:27:05 +0000 (18:27 -0700)]
ifupdownmain: fix error check when an iface is removed but still exists as a dependency
Ticket: CM-8095
Reviewed By: julien, nikhil
Testing Done: Tested ifupdown2 sanity and unclean removal of interfaces from the
interfaces file
example: for the below interfaces file,
{noformat}
auto bond2
iface bond2 inet static
address 100.0.0.2/16
bond-slaves swp3 swp4
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports swp1 swp2 bond2
bridge-vids 12 505
bridge-stp on
auto swp1
iface swp1
mtu 9000
{noformat}
when iface sections for bond2 and swp1 are removed from the interfaces file
but left as dependents of bridge, on an ifreload:
prior to this patch:
===================
- ifreload would throw a warning for both bond2 and swp1
warning: bond2: misconfig ? removed but still exists as a dependency of
['bridge']
warning: swp1: misconfig ? removed but still exists as a dependency of
['bridge']
after the patch:
================
- ifreload will now correctly throw a warning only for bond2
warning: bond2: misconfig ? removed but still exists as a dependency of
['bridge']
Roopa Prabhu [Thu, 5 May 2016 22:49:41 +0000 (15:49 -0700)]
addons: address: reset mtu to default for physical interfaces which are
not bond slaves
Ticket: CM-9449
Reviewed By: julien
Testing Done: Tested resetting mtu on physical interfaces to default
default mtu is already present in address.json policy file. This patch
continues to take a cautious and conservative approach to
reset mtu of only physical interfaces if different from default mtu
and mtu is not given by the user. bond slaves get their mtu from
the bond when bond has a configured mtu. so this patch only
resets mtu on physical interfaces which are not bond slaves.
new ifupdown2.conf variable to adjust logical devices MTU
Ticket: CM-8736
Reviewed By: Roopa
Testing Done: Smoke tests + the ones from the ticket
By default ifupdown2 will adjust logical devices MTU
based on the physical interface they are running on top of.
set this flag to 0 to disable this behaviour
adjust_logical_dev_mtu=1
ifquery: support for --with-defaults in the base output
Ticket: CM-7840
Reviewed By: julien, nikhil
Testing Done: Tested ifquery with and without --with-defaults option
commit "6e16e5ae90f2" introduced --with-defaults for ifquery --check
output. But the base ifquery --with-defaults should also include
the default policy attributes we support. This patch adds infrastructure
to query default attributes --with-defaults in base ifquery output.
addons/vlan.py checks if a builtin interface's VLAN ID is within the
switchd reserved VLAN range. This stops a user configuring any port-
local VLANs within that range, despite it being a valid configuration
in both a hardware and kernel sense.
This commit removes the check for builtin interfaces only. The check
of the bridge-vids list for a vlan-aware bridge still resides and
correctly operates in addons/bridge.py.
This patch adds a new argument '--with-defaults' to 'ifquery'
when 'ifquery --with-defaults' is executed, running states of all interface
attributes are compared against respective configured attributes from
/etc/network/interfaces file, if configured. Otherwise, compared against
default attributes from policy file
This patch also: (1) fixes ifquery check failure for bridge-* stp attributes.
(2) removes vrf-default-route and vrf-cgroup attributes from ifupdown2 policy
and just have the vrf-helper attribute
addons: vrf: fix check in vrf map initialization when no running vrfs present
Ticket: CM-10178
Review: trivial
Testing: tested with failing testcase in the CM
This patch fixes a check in vrf map initialization code which did
not account for running vrfs correctly. This caused the case where
there were no running vrfs but stale map file to fail.
This patch adds a new argument '--with-defaults' to 'ifquery'
when 'ifquery --with-defaults' is executed, running states of all interface
attributes are compared against respective configured attributes from
/etc/network/interfaces file, if configured. Otherwise, compared against
default attributes from policy file
addons: vrf: fix check in vrf map initialization when no running vrfs present
Ticket: CM-10178
Review: trivial
Testing: tested with failing testcase in the CM
This patch fixes a check in vrf map initialization code which did
not account for running vrfs correctly. This caused the case where
there were no running vrfs but stale map file to fail.
ifupdownaddons: mstpctlutil: fixing 'UnboundLocalError: local variable referenced before assignment'. Also, now catching subprocess.CalledProcessError exception and general Exception.
This can be used to execute third party scripts.
One such script /var/lib/ifupdown2/hooks/get_reserved_vlan_range.sh
if exists is used by the vlan module to get the reserved
vlan range on the system.
Ticket: CM-10329 and others
Reviewed By: julien, nikhil
Testing Done: Tested vrf sanity and negative cases
- This patch also fixes duplicate rule additions (every reload
was causing ip rules to be added)
- This patch also adds support for vrf_helper which is commented
out due to some problems.
addons: address: disable reseting of mtu based on default mtu
Ticket: CM-10471
Reviewed By:
Testing Done: Tested with failing config in CM-10471
Recent commit "84f33af6e1f53d ("address.py: default value for mtu when
mtu attribute is removed") CM-9449" enabled setting of device mtu to default
mtu if mtu is not given in the interfaces file.
logical devices like bridges and vlan devices rely on mtu
from their lower devices. ie mtu travels from
lower devices to upper devices. For bonds mtu travels from
upper to lower devices. running mtu depends on upper and
lower device mtu. With all this implicit mtu
config by the kernel in play, it becomes almost impossible
to compare running mtu with the default mtu.
This commit disables this resetting of mtu based on default mtu.
Scott Emery [Thu, 14 Apr 2016 23:03:06 +0000 (16:03 -0700)]
ifupdown2: Allow lacp parameters to be set on 802.3ad bonds
Ticket: CM-10437
Reviewed By: CCR-4480
Testing Done: Created a bond and made sure it's lacp_rate could be set fast or
slow wioth or without specifying the mode.
The current code assumes that for a bond to be in 802.3ad mode the "bond-mode"
parameter has to be specified in the list of bond attributes being set. Only
then will ifupdown2 allow the lacp_rate and lacp_bypass attributes to be set.
But since we have changed the default mode to be 802.3ad, the mode attribute no
longer needs to be specified for a bond to be in 802.3ad mode.
So, instead of doing a check for the configuration attributes to determine the
mode, the linkinfo cache is checked. And the cache is refreshed, just in case
the mode attribute has been specified and just previously been set. The order in
which the attributes are set is fixed for bonds, and the mode is always set
prior to the lacp_rate and lacp_bypass attributes.
Also, while testing this I noticed another assumption about the default value of
an attribute: min_links. A warning is displayed when min_links is not specified
or set to 0, and the mode is set to 802.3ad. Well, now that the default for
min_links is 1 it doesn't have to be specified, even if the mode is set to
802.3ad. So ifupdown2 checks the current state of min_links if it is not
specified as one of the attibutes. If it is 0, either by being specified as an
attribute or not being specified but having that value, and the mode is set to
802.3ad, a warning is displayed.
And there was this other little problem where if a bond already existed in the
linkcache it wouldn't be refreshed, even if the refresh=True parameter was
specified in the _bond_linkinfo_fill function.
This gets rid of some ugly previous flag handling which was
passed through modules. This creates a global instance of
flags that all addon modules and helper modules can use.
Ticket: CM-10292, CM-10282
Reviewed By: dsa, nikhil, julien
Testing Done: Tested dhcp config on an vrf slave
- Add support for policy module_globals variable
"vrf-exec-cmd-prefix". It is read into per module
self.vrf_exec_cmd_prefix variable
- If self.vrf_exec_cmd_prefix is present and interface is a
vrf slave, use ifupdown2 will call such command in vrf
context using:
"%s %s %s" %(<vrf-exec-cmd-prefix>, <vrfname>, <cmd>)
- This also fixes calling of dhcp refresh when a dhcp slave is
removed from a vrf
ifupdownaddons: iproute2: when you invalidate the cache, make sure the cache flag is reset
Ticket: CM-10302
Reviewed By: julien
Testing Done: Tested ifdown of an interface and make sure the addresses
are deleted
cache_invalidate can be called when an interface gets deleted
or on any other deletion event (this is because we dont really
know, what other things have been implicitly deleted by the kernel).
on ifdown, the cache can get invalidated. But if we dont
reset the cache flag, the fill cache functions can still think
the cache is valid and can return None for any queries.
This was happening to address queries, which resulted in
leaving behind configured addresses. because ifdown
thought that there were no running addresses on the interface.
ifupdownmain: check upperfaceobj role before printing the warning
Ticket: found during other testing
Reviewed By: trivial
Testing Done: Tested ifreload with dependency errors and dependencies
with upperiface being a master and also vlan device
This patch avoids false positives when set role is called twice
for an interface which is a vrf slave but also has a vlan device on
top of it.
This patch is a git revert of commit 934c4c49c0e77289e7d56349c44d14ca2c307621.
In addition to that, order of _addr_filter() function call arguments are
changed to match the function definition.
This patch fixes inappropriate ifquery fails.
This patch also include a review comment update for addressvirtual.py
[CCR-4310], ticket: [CM-8658] Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
ifupdownmain: bridgevlan: dont squash vlan iface_types with ifaces of
the same name
Ticket: CM-10051
Reviewed By: julien, nikhil
Testing Done: tested that bridge vlan attributes get applied correctly + ran ssim test testifupdown2.py
This was introduced by a patch that squashed multiple iface objects
into a single object.
That led to the below interfaces getting squashed into one. Which is not
the right thing to do:
{noformat}
auto Newbr.325
iface Newbr.325
address 24.0.0.22/30
address 3101:abc:bcad:1::3/64
auto Newbr.325
vlan Newbr.325
bridge-igmp-querier-src 194.31.10.45
{noformat}
The 'vlan Newbr.325' ifaceobject needs to be kept separately and it is
of type BRIDGE_VLAN. so, this patch just makes sure these interfaces are
kept separately in the squash function.
ifupdownaddons: iproute2: add optional refresh flag to addr get api
Ticket:
Reviewed By: trivial
Testing Done: tested address gets with refresh flag + ran ssim test testifupdown2.py
- also fixes refresh flag handling in cache _addr_fill function
- this api can be used to get addresses from the cache by first
refreshing the cache. So the caller gets fresh running addresses.
(its not used right now but came up during the need to re-apply
addresses for ipv6 vrf slaves since their addresses may disappear)
default addr fix for vrf check is deleting lo addrs accidentally
info: rtnetlink: setting link lo up
info: executing ip addr del ::1/128 dev lo
info: executing ip addr del 127.0.0.1/8 dev lo
info: eth0: running ops ...
Without this patch a bridge port could enslave itself to the bridge
when it finds that the bridge is around. This is a required feature
for vlan filtering bridge because vlan filtering bridge port attributes
are specified under the bridge port and the bridge port needs the power
to enslave to the bridge and apply bridge port attrs.
For the non-vlan filtering bridge, a few bridge port combinations are
not allowed by default (eg, mixing different vlans under the same bridge).
The bridge has the understanding of which ports are allowed. so only it
should have the power to enslave bridge ports. This patch enforces that
power. With this patch the sequence of deleting and enslaving bridge
ports is done at the bridge with deletes followed by adds.
example verbose snippent from ifreload output:
ip -force -batch - [link set dev swp49s0 nomaster
link set dev swp49s1 nomaster
link set dev swp49s0.300 master Oldbr
addr flush dev swp49s0.300
link set dev sidelink.300 master Oldbr
addr flush dev sidelink.300
link set dev swp49s1.300 master Oldbr
addr flush dev swp49s1.300
link set dev swp4 master Oldbr
addr flush dev swp4]
Ticket: CM-10188, CM-10061
Reviewed By: dsa, nikhil, julien
Testing Done: Tested static routes with vrf names for tables
This patch does the following:
- if a single vrf device is present in the config,
builds the vrf map by reading vrf interfaces from the kernel (with
existing link cache. Builds a shadow vrf only attribute cache)
- reads existing table map and adjusts it if required
- main change is the iproute2 map file on disk is updated
immediately on vrf creation, so that static routes used along with the
vrf slaves can use the vrf name for the table. This also helps dhclient dns
hook script which may use mgmt table name directly.
- cleans up default routes on down
This patch fixes a few things:
- kill existing ssh clients on enslavement change for mgmt vrf (original patch by NikhilG)
- bring vrf master up first during vrf slave enslavement if
master does not exist. This was originally done only for
vrf dhcp slaves. With this patch we do it for all vrf slaves.
needed for static routes on vrf slaves (CM-10188).
- cleanup: reorganize code and a few cleanups and corner case handling
Roopa Prabhu [Wed, 30 Mar 2016 18:54:58 +0000 (11:54 -0700)]
ifupdownmain: redo shared dependent checks
Ticket: CM-10027
Reviewed By: julien, nikhil
Testing Done: Tested with an interfaces file with shared dependents
In the process of fixing this saw a few more issues with link kind
handing. Its better to separate kind from interface private flags
like bond slave and bridge port. this patch cleans up all that handling.
Example errors:
error: misconfig..? swp5.2 vrfslave is enslaved to multiple interfaces
['vrf1012', 'br2']
error: misconfig..? swp5.2 bridgeport is enslaved to multiple
interfaces ['vrf1012', 'br2']
This patch fixes inappropriate ifquery fails.
This patch also include a review comment update for addressvirtual.py
[CCR-4310], ticket: [CM-8658] Signed-off-by: Nikhil <nikhil@cumulusnetworks.com>
projects / mirror_ifupdown2.git / log