On a MLAG configured switch, only one vlan aware bridge is supported
The clag module need to access the full list of ifaceobjs. This is a
bit breaking the existing segmentation, not great but would otherwise
require a huge refactoring/rework.
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
When clagd anycast ip configuration changes on an existing setup, we have two issues:
- populate_dependency_info is run twice (in the ifreload case), first on the new
ifaceobjs, then on the old ifaceobjs. Thus hitting vxlan.get_dependent_ifacenames twice
where vxlan._clagd_vxlan_anycast_ip is set (the first time properly, then reset to it's
old value).
The fix: add a "old_ifaceobjs" flag to avoid resetting vxlan._clagd_vxlan_anycast_ip
- when clagd anycast ip changes, clagd also updates the vxlan's ip but there's a chance
that the ifupdown2 cache won't get the netlink notification in time before UP ops are
running on the vxlans, running on a stale cache is no bueno.
The fix: add additional checks to see if we should trust the cache of not.
Signed-off-by: Julien Fortin <jfortin@nvidia.com>
This allows syntax checking to pass for fields like vxlan-ttl/vxlan-tos
which can be a number in a range OR a string value representing a special
meaning (0-255 or "auto", for instance). Without this, you can only pass
a --syntax-check for such fields if your value is one of those literally
specified because, for instance, "64" is not "auto", "0", or "255":
invalid value "64": valid attribute values: ['0', '255']
info: exit status 1
Note that _applying_ such configuration still works, because netlink's
acceptance criteria are independent of ifupdown2's.
original commit ported to the python3 branch:
commit bffa619b11ae7aa9e567c26c255c17ac6df2c495
Author: Maximilian Wilhelm <max@rfc2324.org>
Date: Sat Jan 14 19:08:01 2017 +0100
Add option 'veth-peer-name' to veth links and ensure proper configuration.
The option »veth-peer-name« forces an veth peer link to be created with
a specific interface name. As the interface name of the "local" part of
the veth link pair already is defined by the name of the interface stanza
this option is added to, now both sides are clearly named.
As there is a bidirectional dependency of both link pairs - both cannot
exist without the other - this presents a problem when setting up all
interfaces. Depending on which interface is set up first there might be
a problem when only on dependency is specified. Therefore adding the
»veth-peer-name« option to both interface of the veth link pair ensures
that regardless of which side is configured first the peer name will be
set correctly. This intentionally creates a circular dependency which is
handled accordingly.
Fixing the config check for veth link-type while at it :)
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Seems like the regex module might be behave a little bit different in python3.
The regexes used to validate l2protocol-tunnel were returning incorrect lists:
value=lldp,stp
regex=['', 'l', 'l', 'd', 'p', '', 's', 't', 'p', '']
the patch simplifies the code by using str.translate and str.split
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
error: link_set_bridge_info_data_dry_run() takes exactly 3 arguments (4 given)
error: link_set_brport_with_info_slave_data_dry_run() got an unexpected keyword argument 'kind'
seems like when updating a method, it's associated dry-run method wasn't
updated accordingly. Maybe there is a way to programmatically check that
I will look into it.
warning: bridge: skipping port X invalid ether addr
warning: interface not recognized - please check interface configuration
Won't show on dry-run anymore
Log info for commands executed with utils.exec_command() weren't prefixed with
DRY-RUN.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
As mentioned in a previous commit:
python3 ipaddress behave differently from python2-ipaddr, this is
a serious problem for us since it breaks most of the ip addresses
code.
>>> import ipaddress
>>> ipaddress.ip_network("10.10.10.242/10", False)
IPv4Network('10.0.0.0/10')
This is a problem for us, so we need to use a custom IPNetwork object.
Our custom IPNetwork object uses ipaddress.IPAddress under the hood
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
* master-next:
argv: move --nldebug option to common_argparse to avoid exception in ifreload
debian: changelog: new 2.0.1-1 entry
argv: add new command line argument --nldebug
This commit adds the feature to change offloads for nics. Currently GRO, LRO GSO, TSO, UFO, TX and RX Offload are supported.
IPNetwork doesn't exists anymore and is replaced by ip_network. IPv?Network (4 and 6)
objects take an optional argument "strict" that defaults to True. If strict is set
and the ip address has the host bit set it will raise an exception. This is bad
for ifupdown2, so we need to replace all calls to IPNetwork and IPv?Network with
function who will set strict to False. That way we can limit the number of changes
for this patch.
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This patch will detect interfaces that were removed from /etc/network/interfaces
but still got pick up by a regex (i.e. bridge-port vni*) and manually remove
those interfaces from internal data-structures (i.e. dependency graph).
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
ifupdown2 used /var/tmp/network/ to store its state file
upstream users reported that when /var/tmp is not mounted
before network configuration ifupdown2 fails. We now let
user define which location they want to use for the state
file.
closes: #918832
Reported-by: Maximilian Wilhelm <max@sdn.clinic>
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
This is a major update coming all at once from master-next branch
master-next branch was started with --orphan option which is basically a new
branch without history.
The major changes are:
- repackaging
- cleanup the directory tree
- rewritte setup.py to allow install from deb file or pypi (pip install)
- add a Makefile to make things (like building a deb) easier
- review all debian files
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
ifupdown2 code was one level deeper because ifupdown2 initially
had ifupdown2 and ifupdown2-addons as two separate packages.
Since they were combined into one package, it makes sense to
move all combined code under the top level directory
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Testing Done: built new ifupdown package and ran testifupdown2 suite of tests
This patch prevents enslaved interfaces from having IP addresses.
(cherry picked from commit 0c00606fbc76db11557a8e946310e93a2b376aa7)
Testing Done: tested master and 2.5_br images with testifupdown2 suite and hand tested
This patch creates a json defaults file upon bootup
(which can be overridden by customer configs in /etc)
which the ethtool module in ifupdown2 will consult
when "link-x" configs are removed in order to restore
them to the initial settings used by the switch.
(cherry picked from commit 8388664f5a5a85f2a813cafbf40ac92d7b86f4bf)
Conflicts:
packages/cl-utilities/dist-packages/cumulus/portconfig.py
packages/cl-utilities/usrlib/update-ports
tests/tests/smoke/testifupdown2.py
sections for that interface changed
Testing Done: tested ifreload with new iface section
problem stmt:
if the user adds a new section for an existing interface, I mark the
interface for down.
Basically the below:
if len(newifaceobjlist) != len(lastifaceobjlist):
ifacedownlist.append(ifname)
continue
You rarely need to add a new section to the interfaces file. It is not
recommended even by the user guide.
sankaran was trying to add a new address. Which he could have added to
the same iface section.
But, looking at his trivial example, i am thinking of not marking an
interface for down if the user merely tried to add a new section to an
existing interface
(cherry picked from commit 65c62c02981cf6e2677b18c0aafcb3f2bd737b1b)
(cherry picked from commit 4453b1921fc3f8e959131cb5e1b9e79e0433cc08)
ifdown behaviour.
Testing Done: tested ifreload evo test case
ifreload_down_changed is 0 by default which will make
sure ifreload will not execute down on changed interfaces
but only on deleted interfaces making it non-disruptive.
some notes from CCR:
ifreload was designed to be an optimization for 'service networking
restart' or 'ifdown -a + ifup -a'.
essentially it is a combination of 'ifdown + ifup' with some smarts in
which interfaces it will execute ifdown on.
By default it does the below:
ifdown all interfaces that were deleted from the interfaces file
ifdown all interfaces that were changed from the last time they were
ifup'ed
ifup -a (execute ifup on all interfaces marked auto)
Did not realize people will use ifreload as much as they do today. Also,
they may execute it on a production box when changes are made. ifdown on a production box can be
disruptive because if the ifdown which is part of the ifreload.
To have a non-disruptive option to ifreload, 2.5 added a new option -c
that only executed 'ifup' on all interfaces. Thus reloading all auto +
any other interfaces that were once brought up on the box (essentially
all interfaces present in the saved state file). This by default did not
do anything to the interfaces that got deleted from the file. But had an
ifupdown2.conf toggle to do so.
Looking at the evo use case, they do want to use a single command that
modifies, adds, deletes with
minimum disruption. we can achieve maybe what they want with multiple
commands (But there is also a case of a bug in the build evo is running
which makes it not so easy ).
This patch fixes the bug and also tries to change the default ifreload
behaviour controllable via a variable in ifupdown2.conf.
when ifreload_down_changed=0 in ifupdown2.conf, ifreload will only
ifdown interfaces that were deleted
from the file but not the ones that changed. subsequent ifup as part of
ifreload on the interfaces
that changed will apply the delta. And ifreload_down_changed default
value is '0'.
WIth the patch, ifreload by default will do the below (going back to the
previous default is just a toggle in the ifupdown.conf file):
ifdown all interfaces that were deleted from the interfaces file
ifup -a (execute ifup on all interfaces marked auto)
It sounds like a big change of behaviour for a hotfix release, but
essentially the patch just moves a few things around. And the change in
behaviour is so subtle that it is not very visible.
It just makes it non-disruptive.
(cherry picked from commit 2f7977834d4912a69159d27e54ba201f58a321d8)
(cherry picked from commit 09f283009e7de62ef1d258de81c94cc86fa13323)
(cherry picked from commit 898562e0e2284ccdc201dafc62b25b928037e0c6)
Testing Done: Tested with shared slaves in bridge and bonds
(cherry picked from commit 6f990450001d367a775681a29cdce74f862f7848)
(cherry picked from commit 8d9a5107112628ee8434e227dff49a0ef09966ee)
Testing Done: tested ifreload with example in the bug
ifdown of the bridge svi was following the lowerdev and downing the
bridge. kernel implicitly deletes all svi's on bridge down.
ifup of the bridge usually handles it, but a change done in 2.5.1
was causing it not to. Thinking about this some more, its safe
to not follow dependents on down during a ifreload. This patch does
just that.
(cherry picked from commit 03f7a376aee944b4037b7b7b02a5096e9360f79e)
(cherry picked from commit aac5777ecc7d367ada0681f813fbec7f78fa80ee)
Corrected a minor error in how we handle unsupported config attributes.
Instead of
error: not enough arguments for format string
we will now print this:
warning: peerlink.4000: unsupported attribute 'clagd-foobar'
(cherry picked from commit 44c6004a33d59ee234f8ee3d5f450e158c9e5bdc)
(cherry picked from commit f2c2321301d05e88d3c9ab9c26e6d4e256c884e9)
