Renato Westphal [Sat, 8 Dec 2018 19:31:16 +0000 (17:31 -0200)]
lib, tests: add support for keyless YANG lists
YANG allows lists without keys for operational data, in which case
the list elements are uniquely identified using a positional index
(starting from one).
This commit does the following:
* Remove the need to implement the 'get_keys' and 'lookup_entry'
callbacks for keyless lists.
* Extend nb_oper_data_iter_list() so that it special-cases keyless
lists appropriately. Since both the CLI and the sysrepo plugin
use nb_oper_data_iterate() to fetch operational data, both these
northbound clients automatically gain the ability to understand
keyless lists without additional changes.
* Extend the confd plugin to special-case keyless lists as well. This
was a bit painful to implement given ConfD's clumsy API, but
keyless lists should work ok now.
* Update the "test_oper_data" unit test to test keyless YANG lists in
addition to regular lists.
Christian Franke [Fri, 23 Nov 2018 00:12:24 +0000 (01:12 +0100)]
fabricd: Populate NL from adjdb, not spf
We should really populate the neighbor list for the flooding
optimization from our local adjacency database and not from
a one-hop SPF.
If we use SPF, we may end up never exchanging information with
some neighbors since the bidirectional connection check for spf
fails, since LSPs did not get exchanged.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
David Lamparter [Tue, 30 Oct 2018 01:02:00 +0000 (02:02 +0100)]
build: fix reproducibility re. -fdebug-prefix-map
If CFLAGS contains something like `-fdebug-prefix-map=/build/path=.`, we
need to remove it from CONFIG_ARGS so it doesn't get baked into `show
version`. Otherwise, build becomes non-reproducible if the build path
changes. To avoid other things creeping in, let's just remove *FLAGS in
their entirety. (Not really reliable information anyway.)
With this commit, FRR build should be 100% reproducible.
Signed-off-by: David Lamparter <equinox@diac24.net>
Renato Westphal [Fri, 7 Dec 2018 17:27:34 +0000 (15:27 -0200)]
lib: fix NETCONF network-wide transactions for confd and sysrepo
ConfD and Sysrepo implement configuration transactions using a
two-phase commit protocol (prepare + abort/apply). For network-wide
transactions to work, ConfD and Sysrepo move to the second phase of
the commit protocol only after receiving the results of the first
phase from all devices involved in the transaction. If all devices
succeed in the 'prepare' phase, then all of them move to the 'apply'
phase and the transaction is committed. On the other hand, if any
device fails in the 'prepare' phase, all of them move to 'abort'
phase and the transaction is aborted.
The confd and sysrepo plugins were implementing the full
two-phase commit protocol upon receiving a request to validate
the configuration changes and allocate all resources required to
apply them (first phase). The notifications to abort or apply the
changes (second phase) were being ignored since everything was being
done in the first phase for simplicity. This wasn't a problem for
single-device transactions, but it is for transactions involving
multiple devices. Rework the code a bit to do things properly and
fix this problem.
Donald Sharp [Fri, 7 Dec 2018 14:01:59 +0000 (09:01 -0500)]
bgpd: Convert adj_out to a RB tree
The adj_out data structure is a linked list of adjacencies
1 per update group. In a large scale env where we are
not using peer groups, this list lookup starts to become
rather costly. Convert to a better data structure for this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Renato Westphal [Fri, 7 Dec 2018 12:35:16 +0000 (10:35 -0200)]
lib: implement the "show" command
The "show" command will be available in the configuration mode and
all configuration subnodes. It's used to display the section of
the candidate configuration being edited, instead of displaying
the entire candidate configuration like when "show configuration
candidate" is used. The goal is to add more convenience when editing
huge configurations.
When the transactional CLI mode is not used, the candidate
configuration and the running configuration are identical, hence in
this case we can say that the "show" command displays the section
of the running configuration being edited.
Example:
ripd(config)# show
Configuration:
!
frr version 6.1-dev
frr defaults traditional
!
interface eth0
ip rip split-horizon poisoned-reverse
ip rip authentication mode md5
ip rip authentication string supersecret
!
interface eth1
ip rip receive version 1
ip rip send version 1
!
router rip
allow-ecmp
route 10.0.1.0/24
route 10.0.2.0/24
!
end
ripd(config)#
ripd(config)#
ripd(config)# interface eth0
ripd(config-if)# show
!
interface eth0
ip rip split-horizon poisoned-reverse
ip rip authentication mode md5
ip rip authentication string supersecret
!
ripd(config-if)# exit
ripd(config)#
ripd(config)#
ripd(config)# router rip
ripd(config-router)# show
!
router rip
allow-ecmp
route 10.0.1.0/24
route 10.0.2.0/24
!
ripd(config-router)#
The "show" command only works for daemons converted to the new
northbound model. vtysh support will be implemented at a later
time as it will require some level of coordination between vtysh
and the FRR daemons.
Renato Westphal [Thu, 6 Dec 2018 22:37:05 +0000 (20:37 -0200)]
lib: add support for confirmed commits
Confirmed commits allow the user to request an automatic rollback to
the previous configuration if the commit operation is not confirmed
within a number of minutes. This is particularly useful when the user
is accessing the CLI through the network (e.g. using SSH) and any
configuration change might cause an unexpected loss of connectivity
between the user and the managed device (e.g. misconfiguration of a
routing protocol). By using a confirmed commit, the user can rest
assured the connectivity will be restored after the given timeout
expires, avoiding the need to access the router physically to fix
the problem.
When "commit confirmed TIMEOUT" is used, a new "commit" command is
expected to confirm the previous commit before the given timeout
expires. If "commit confirmed TIMEOUT" is used while there's already
a confirmed-commit in progress, the confirmed-commit timeout is
reset to the new value.
In the current implementation, if other users perform commits while
there's a confirmed-commit in progress, all commits are rolled back
when the confirmed-commit timeout expires. It's recommended to use
the "configure exclusive" configuration mode to prevent unexpected
outcomes when using confirmed commits.
When an user exits from the configuration mode while there's a
confirmed-commit in progress, the commit is automatically rolled
back and the user is notified about it. In the future we might
want to prompt the user if he or she really wants to exit from the
configuration mode when there's a pending confirmed commit.
Needless to say, confirmed commit only work for configuration
commands converted to the new northbound model. vtysh support will
be implemented at a later time.
David Lamparter [Thu, 8 Nov 2018 05:50:13 +0000 (06:50 +0100)]
vtysh: rework/straighten pager handling
- no longer try to special-case a custom terminal length; the OS has
procedures for that (SIGWINCH & TIOCGWINSZ)
- only use a pager if requested by CLI command or VTYSH_PAGER. The
behaviour with VTYSH_PAGER set should be compatible to previous
versions.
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Fri, 30 Nov 2018 20:40:39 +0000 (21:40 +0100)]
debian/tools: new init script
This separates the init script used for the system (and called in the
systemd unit file) from the script that watchfrr uses to control
daemons. Mixing these two caused the entire thing to become a rather
huge spaghetti mess.
Note that there is a behaviour change in that the new script always
starts zebra regardless of zebra_enable.
Side changes:
- Ubuntu 12.04 removed from backports since it doesn't work anyway
- zebra is always started regardless of zebra_enable. To disable FRR,
the entire init script should be disabled through policy.
- no-watchfrr operation is no longer supported by the scripts in the
Debian packages. (This is intentional.)
Signed-off-by: David Lamparter <equinox@diac24.net>
David Lamparter [Fri, 30 Nov 2018 16:56:04 +0000 (17:56 +0100)]
watchfrr: immediately try connecting after start
When we make a call to (re)start some daemon(s), we can immediately try
connecting to its VTY socket after the script completes. If the daemon
started correctly, this will always succeed since the start script only
returns after daemon startup is complete.
Among other things, this reduces the delay to "startup complete"
notification at initial watchfrr start.
Signed-off-by: David Lamparter <equinox@diac24.net>
Rafael Zalamena [Thu, 6 Dec 2018 19:26:10 +0000 (17:26 -0200)]
bgpd: don't show default value in configuration
Don't show the configuration line `rfp full-table-download off` by
default as it is not the default value, instead only show
`rfp full-table-download on` (the non-default value) when it is
configured.
This standardizes this knob to the FRR default behavior.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
We call `modprobe -n` to check if mpls modules are available to be
loaded. We do this as normal user, to only ask for root permissions
if we are actually loading the module.
This breaks if `modprobe` is in `/sbin` and normal users don't have
sbin in path.
So add `/sbin` to the search path to work around this.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
If we mount the tests into the container from the host, we also
mount any `*.pyc` files with them, which will lead to issues
as the mount is done read-only to avoid any changes to the host.
Since the tests are now integrated and we already create a writeable
copy of the FRR tree, just use the tests from the FRR tree to avoid
this issue.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Chirag Shah [Wed, 5 Dec 2018 01:08:47 +0000 (17:08 -0800)]
bgpd: set attribute change flag to evpn imported
EVPN route's attribute changes,
mark attribute change flag to imported unicast route.
A scenario where AS_PATH attribute have changed for an EVPN type-5
route, set attribute change
to imported route.
Ticket:CM-23008
Reviewed By:
Testing Done:
Validated via marking EVPN route with AS_PATH prepand.
At the receiving VTEP, ensure attribute change flag is set to
imported unicast route and bgp update sent to VTEPs subsequent
bgp peers with AS_PATH prepend update.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Wed, 5 Dec 2018 20:12:50 +0000 (15:12 -0500)]
zebra: `show ip route A.B.C.D json` would only show last route entry
The `show ip route A.B.C.D json` command was only displaying
the last route entry looked at and we would drop the data
associated with other route entries. This fixes the issue:
robot# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route
In the above show commands, when a BGP path is displayed, we do not display the
local preference if it is EBGP route. Route calculation assumes the default
local preference. But, we can change the default local preference using
configuration in FRR. In this case, user should know the default local
preference value that is being used in the route calculation. Thus, adding a
new field 'default local preferece' in the show commands where a BGP path is
displayed.
When a BGP path is displayed in the above show commands, as-path does not
include the local AS. So, user has to execute another show command to display
the local-AS. To avoid this, adding a new field local-AS to above show commands.
Chirag Shah [Mon, 3 Dec 2018 03:08:22 +0000 (19:08 -0800)]
zebra: dup addr detect clear cmd non-zero return
Clear dup address vni needs to return non-zero value
in case of command is not successful.
Ticket:CM-23122
Testing Done:
run clear command and check upon failure return code is non-zero.
root@TORS1:~# vtysh -c "clear evpn dup-addr vni 1000 ip 45.0.1.26"
% Requested IP's associated MAC 00:01:02:03:04:05 is still in duplicate
% state
root@TORS1:~# echo $?
1
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Renato Westphal [Thu, 29 Nov 2018 19:05:40 +0000 (17:05 -0200)]
ripd: remove leftovers from the old sighup handler
Commit bc1bdde2f6 removed the rip_reset() function but didn't remove
other functions that were only called by rip_reset(). Remove them
now (dead code).
Renato Westphal [Thu, 29 Nov 2018 18:46:00 +0000 (16:46 -0200)]
build: update vtysh scan list for ripd and ripngd
A few files don't have any CLI commands anymore as they were moved
to either rip_cli.c or ripng_cli.c. Update the ripd/ripngd vtysh_scan
variable to account for this.
Renato Westphal [Thu, 29 Nov 2018 15:24:26 +0000 (13:24 -0200)]
ripngd: implement the 'clear-ripng-route' YANG RPC
The "clear ipv6 ripng" command was turned into a YANG RPC so that
other northbound plugins can execute it as well. This RPC closely
matches the 'clear-rip-route' RPC from the ietf-rip module.
Renato Westphal [Thu, 29 Nov 2018 15:11:05 +0000 (13:11 -0200)]
ripngd: fix SIGHUP handling
Now that all ripngd commands were converted to the new northbound
model, the ripngd SIGHUP handler is capable of doing a full
configuration reload just by calling the vty_read_config()
function. Nothing else should be done in the SIGHUP handler.
Renato Westphal [Thu, 29 Nov 2018 13:21:13 +0000 (11:21 -0200)]
ripngd: retrofit the 'timer basic' command to the new northbound model
Trivial conversion. Use the northbound 'apply_finish()' callback
so we'll call ripng_event() only once even if we change the three
RIPng timers at the same time.
Convert the timers to uint16_t to match their representation in
the YANG model.
Renato Westphal [Thu, 29 Nov 2018 13:02:35 +0000 (11:02 -0200)]
ripngd: retrofit the 'aggregate-address' command to the new northbound model
Trivial conversion. Remove the ripng->aggregate routing table and
associated code because this variable was used only to show the
running configuration.
Renato Westphal [Thu, 29 Nov 2018 05:06:38 +0000 (03:06 -0200)]
ripngd: retrofit the 'redistribute' commands to the new northbound model
Trivial conversion. As usual, combine multiple DEFUNs into a single
DEFPY for simplicity.
As a bonus of the northbound conversion, this commit fixes the
redistribution of certain protocols into ripngd. The 'redist_type'
array used by the "redistribute" commands was terribly outdated,
which was preventing the CLI to parse correctly certain protocols
like isis and babel.