The bridge-ports-condone-regex option can be used to tell ifupdown2 to let
some bridge member ports alone and do not remove them on ifreload runs.
This might come in handy when running a KVM (or any other virtualization
system) host with a bridged network setup.
Before this option, ifupdown2 would either complain about not existing
member ports when setting up the bridge (if all VM interfaces were to
be specified in /etc/network/interfaces) or remove any VM interface
from a bridge if it was not specified in /e/n/i.
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com> Co-authored-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Julien Fortin [Wed, 29 May 2019 06:16:05 +0000 (14:16 +0800)]
policymanager: merge module policy instead of overriding duplicates
When module policies are split up in seperate files ifupdown2 doesn't merge
them together but simply overrides duplicates. This pathc fixes the issue
and merge the related policies together.
Fix error message on ifquery when sysctl bridge-stp-user-space
This fix this kind of error:
error: bond0: cmd '/sbin/sysctl net.bridge.bridge-stp-user-space' failed: returned 255 (sysctl: cannot stat /proc/sys/net/bridge/bridge-stp-user-space: No such file or directory
)
error: fwpr103p0: cmd '/sbin/sysctl net.bridge.bridge-stp-user-space' failed: returned 255 (sysctl: cannot stat /proc/sys/net/bridge/bridge-stp-user-space: No such file or directory
)
addons: batman_adv: Add support to set B.A.T.M.A.N. advanced routing_algo
Add a new attribute for B.A.T.M.A.N. advanced interfaces to control the
B.A.T.M.A.N. advanced routing algorithm to be used when setting up new
interfaces. As the routing algorithm must be set before an interface is
created, it needs special handling and can't be implemented as a common
attribute. D'oh.
Signed-off-by: Maximilian Wilhelm <max@sdn.clinic> Tested-by: Annika Wickert <aw@awlnx.space>
Julien Fortin [Fri, 22 Mar 2019 07:35:18 +0000 (15:35 +0800)]
addons: bridge: down: when ifreload_down_changed=1: purge bridge and upper devices cache
On ifreload (down ops) we need to purge the cache entry of the bridge and its upper devices
to avoid stale values in our cache.
ifup this config, then remove bridge-vids 20, ifreload: since the bridge is removed because
of ifreload_down_changed=1, we need torecreate the vlan bridge.10 and it's configuration, the
cache is stale. We need to clear it to remove the ip 10.10.10.10/32.
Quentin Young [Tue, 19 Mar 2019 17:26:45 +0000 (17:26 +0000)]
addons: addressvirtual: vrrp: protodown new macvlans
New VRRP macvlan devices should be set into protodown when first
created, to prevent ND traffic and other automatically generated kernel
traffic from being transmitted on the interface and causing downstream
MAC moves.
Julien Fortin [Thu, 31 Jan 2019 07:22:09 +0000 (15:22 +0800)]
.gitignore: pycharm remote execution update
To work on ifupdown2 i'm using Pycharm on macOS. ifupdown2 runs in a
debian VM. To use Pycharm remote execution capabilities, we need several
symlinks (one per command). Git needs to ignore those symlinks :)
Julien Fortin [Wed, 27 Feb 2019 21:40:55 +0000 (22:40 +0100)]
addons: addressvirtual: vrrp: remove macvlan device when all ipvX addrs are removed
For each VRRP configuration we create 2 macvlans (ip4 and ip6), if the ip4
is removed from the config we need to remove the associated macvlan (same
for ip6).
Testing Done: remove all ip4 (or ip6) from vrr attribute line
Julien Fortin [Tue, 26 Feb 2019 23:11:36 +0000 (00:11 +0100)]
addons: bridge: add new policy vxlan_bridge_igmp_snooping_enable_port_mcrouter
if igmp snooping is enabled on a vxlan bridge and if the
vxlan_bridge_igmp_snooping_enable_port_mcrouter is turned on, ifupdown2
will automatically enable multicast router on the vxlan brport unless
this attribute was provided by the user. The policy is enabled by default.
The policy can be disabled as follow:
{
"bridge": {
"module_globals": {
"vxlan_bridge_igmp_snooping_enable_port_mcrouter": "no"
}
}
}
auto br0
iface br0
bridge-ports vx42
bridge-mcsnoop yes
auto vx42
iface vx42
vxlan-id 42
$ ifreload -ad
will show that the config is applied
Julien Fortin [Thu, 17 Jan 2019 03:45:35 +0000 (11:45 +0800)]
scheduler: ifupdown2 scripts: log warning on EACCES exception (Fixes #89)
ifupdown2 behaviour significantly diverges from ifupdown on debian stretch.
Original ifupdown uses run-parts which supposedly doesn't run non-executable
files in the directory. However, ifupdown2 doesn't seem to make this
distinction.
This patch will log warning EACCES exceptions (instead of log error) and exit 0
Reported-by: George Diamantopoulos <gedia> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Julien Fortin [Fri, 11 Jan 2019 04:00:39 +0000 (12:00 +0800)]
statemanager: configure state_dir via ifupdown2.conf
ifupdown2 used /var/tmp/network/ to store its state file
upstream users reported that when /var/tmp is not mounted
before network configuration ifupdown2 fails. We now let
user define which location they want to use for the state
file.
closes: #918832
Reported-by: Maximilian Wilhelm <max@sdn.clinic> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Julien Fortin [Wed, 19 Dec 2018 06:14:15 +0000 (07:14 +0100)]
addons: batman_adv: import and IO api refactoring
The new code base supports installation via pypi so we need to update the
imports statement.
It's also good practice to use the existing IO apis to read/write and execute
sub-commands, those API will do error handling and logging.
Add addon module for B.A.T.M.A.N. advanced interface configuration. #12
batman wasn't in master-next so it got removed during the last merge
this commit adds it back to master.
See PR #12
From Maximilian Wilhelm:
This commit adds support for configuring B.A.T.M.A.N. advanced interfaces
with ifupdown2. B.A.T.M.A.N. advanced is a protocol to build Layer2 based
mesh networks with. It's supported in the Linux kernel and thus available
in many Linux environments.
where »bat0« would be the local connection to the mesh network.
The interfaces »eth1« and »eth2.23« would be used by the B.A.T.M.A.N. adv.
protocol to communicate to other member of the mesh network.
Any interfaces matching the »ifaces-ignore-regex« will be gently ignored
by ifquery and ifreload as there might be some tunnels or interfaces
added to the mesh network by other means which should not be removed by
any subsequent ifreload run.
The »hop-penalty» parameter set the penalty of this node within the mesh
network.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Author: Maximilian Wilhelm <max@rfc2324.org>
During the recent merge between master and master-next the changes introduced
by PR #80 were lost. This commit adds them back with some refactoring to use
the new netlink cache.
Co-authored-by: Maximilian Wilhelm <max@sdn.clinic> Co-authored-by: Julien Fortin <julien@cumulusnetworks.com> Signed-off-by: Maximilian Wilhelm <max@sdn.clinic> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Julien Fortin [Fri, 14 Dec 2018 01:09:46 +0000 (17:09 -0800)]
debian: changelog: new entry for version 1.2.2
ifupdown2 (1.2.2) unstable; urgency=medium
* Support for new iproute2 format (bridge vlan show)
* Pypi install: local addons modules should be loaded first
* Fix: link-down yes on vrf slaves
* Fix: nlmanager: use strerror to format kernel error
* Add: new checks for existing device with vxlan attributes
* Ethtool: FEC: translate None and NotSupported values to link-fec off
-- Julien Fortin <julien@cumulusnetworks.com> Thu, 13 Dec 2018 23:42:42 -0800
Julien Fortin [Thu, 6 Dec 2018 18:56:50 +0000 (10:56 -0800)]
config: local addons modules should be loaded first
ifupdown2 can be installed via apt/dpkg or via pypi (pip), those two installation methods have
two different installation directory. Our main installation dir is /usr/share/ifupdown2. This is
also were other scripts might add their own addon.
If ifupdown2 is installed via pypi we need to make sure we are loading the script-added addon modules
Julien Fortin [Thu, 6 Dec 2018 18:40:48 +0000 (10:40 -0800)]
addons: vrf: fix link-down yes on vrf slaves
because of a typo (use of wrong object) we weren't looking at the correct
ifaceobj for LINK_DOWN lookup. In some cases we didn't honor link-down yes
on VRF slaves
auto bridge
iface bridge
bridge-vlan-aware yes
bridge-ports vx-1000 vx-1001 vx-1002 vx-1003 vx-1004 hostbond3 hostbond4
bridge-stp on
bridge-vids 1000-1004
bridge-pvid 1
auto vx-1002
iface vx-1002
vxlan-id 1002
bridge-access 1002
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
auto hostbond4
iface hostbond4
bond-slaves swp2 swp3
bond-mode 802.3ad
bond-min-links 1
bond-lacp-rate 1
mtu 9152
alias Local Node/s TORS1 and Ports swp32s2 swp32s3 <==> Remote Node/s HOSTS12 and Ports swp1 swp2
bridge-pvid 1001
auto swp3
iface swp3
link-speed 10000
link-duplex full
link-autoneg off
auto swp2
iface swp2
link-speed 10000
link-duplex full
link-autoneg off
auto vx-1004
iface vx-1004
vxlan-id 1004
bridge-access 1004
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
auto vx-1003
iface vx-1003
vxlan-id 1003
bridge-access 1003
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
auto hostbond3
iface hostbond3
bond-slaves swp5 swp6
bond-mode 802.3ad
bond-min-links 1
bond-lacp-rate 1
mtu 9152
alias Local Node/s TORS1 and Ports swp32s0 swp32s1 <==> Remote Node/s HOSTS11 and Ports swp1 swp2
bridge-pvid 1000
auto swp6
iface swp6
link-speed 10000
link-duplex full
link-autoneg off
auto swp5
iface swp5
link-speed 10000
link-duplex full
link-autoneg off
auto vx-1001
iface vx-1001
vxlan-id 1001
bridge-access 1001
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
auto vx-1000
iface vx-1000
vxlan-id 1000
bridge-access 1000
vxlan-local-tunnelip 27.0.0.15
bridge-learning off
bridge-arp-nd-suppress on
mstpctl-portbpdufilter yes
mstpctl-bpduguard yes
mtu 9152
Julien Fortin [Tue, 6 Nov 2018 00:35:37 +0000 (01:35 +0100)]
addons: ethtool: fec: only use and compare lowercase data
on --show-fec ethtool seems to return fec in uppercase while
we only advertise lowercase validvals. We should only deal
and compare lowercase values for running, config and default
Julien Fortin [Tue, 30 Oct 2018 10:31:11 +0000 (11:31 +0100)]
addons: address: new l3_intf_default_gateway_set_onlink policy closes #54
As shown in the following example, ifupdown1 sets the default route with the
onlink attribute. This patch will add this capability to ifupdown2 controlled
by a policy variable in the address module: "l3_intf_default_gateway_set_onlink"
default to on
[19:16:07] root:~ # cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto enp0s3
iface enp0s3 inet static
address 78.46.193.234/32
gateway 172.31.1.1
[19:16:19] root:~ # ifup -a -v
ifup: configuring interface enp0s3=enp0s3 (inet)
...
/bin/ip addr add 78.46.193.234/255.255.255.255 broadcast 78.46.193.234 dev enp0s3 label enp0s3
/bin/ip link set dev enp0s3 up
/bin/ip route add default via 172.31.1.1 dev enp0s3 onlink
...
[19:16:21] root:~ # ip route show
default via 172.31.1.1 dev enp0s3 onlink
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15
169.254.0.0/16 dev enp0s3 scope link metric 1000
[19:16:21] root:~ #
Julien Fortin [Mon, 29 Oct 2018 13:20:19 +0000 (14:20 +0100)]
addons: address: remplace sysctl calls with /proc/ read/write
Ticket: CM-21809
Reviewed By: Roopa
Testing Done:
<% num_vlans = 2048 %>
% for i in range(2,10):
% for j in range(2,num_vlans+2):
auto br${i}_${j}
iface br${i}_${j}
bridge-ports swp${i}.${j}
bridge-vlan-aware no
bridge-stp no
bridge-learning swp${i}.${j}=off
% endfor
% endfor
projects / mirror_ifupdown2.git / log