Univention Bugzilla – Bug 30816
Support of VLAN, Bonding, Bridges
Last modified: 2013-11-19 06:44:22 CET
+++ This bug was initially created as a clone of Bug #28389 +++ Die Erweiterung aus Bug #26058 für Bridges, VLAN und Bonding kann derzeit nicht per UMC konfiguriert werden.
For this extension, a more suitable data representation (Bug 30878) will be implemented.
*** Bug 29119 has been marked as a duplicate of this bug. ***
*** Bug 30883 has been marked as a duplicate of this bug. ***
(In reply to comment #3) > *** Bug 30883 has been marked as a duplicate of this bug. *** Also note the problem described in this bug.
*** Bug 30884 has been marked as a duplicate of this bug. ***
Bridge, Bond and VLAN devices can now be configured in UMC System-Setup.
*** Bug 29973 has been marked as a duplicate of this bug. ***
The MultiInput of the IP addresses has max=1 meaning that it is difficult to add addresses (no "+"-Button). Or was it meant to be "unique"? Then MultiInput seems to be the wrong widget. Also: When adding more than one IPv6 address in the MultiInput the scrollbar appears destroying the layout (at least in FF) because the "+"-Button is pushed to the next line.
(In reply to Dirk Wiesenthal from comment #8) > The MultiInput of the IP addresses has max=1 meaning that it is difficult to > add addresses (no "+"-Button). Or was it meant to be "unique"? Then > MultiInput seems to be the wrong widget. This is a limitation due to the UCR naming scheme and applies to bonds, bridges, and vlans (?). > Also: When adding more than one IPv6 address in the MultiInput the scrollbar > appears destroying the layout (at least in FF) because the "+"-Button is > pushed to the next line.
Created attachment 5352 [details] Screenshot of DHCP query The "set" button should be "default" in the DHPC query dialog.
(In reply to Alexander Kläser from comment #5) > *** Bug 30884 has been marked as a duplicate of this bug. *** After querying a DHCP address and pressing "set" (see attachment 5352 [details]), neither nameserver nor gateway are updated.
Removing an interface is not supported: Netzwerkgeräte: Ungültiger Gerätename: 'eth0.2'
interfaces/primary can be set multiple times. I think it is only sent to the backend once, but the frontend allows to specify it multiple times in the first place. I think this should be fixed (setting it somewhere unsets it on other interfaces).
If setting an IPv6 address but not setting an identifier, the following message is shown in German "Jedes IPv6 Gerät muss einen Bezeichnet haben" (typo). Plus: This message is shown after the wizard is closed. But closing should be prevented in this case.
After setting IPv6 on eth0 and reloading system setup, the IPv6 configuration does not show up in the grid. When opening eth0 only the address and the identifier is set, the prefix is not. setup/load: interfaces.eth0.ip6[0][1] === "" But ucr get interfaces/eth0/ipv6/default/prefix => 80 I also have a virtual LAN: ucr get interfaces/eth0.2/ipv6/default/prefix => 80 - may this have anything to do with it?
(In reply to Alexander Kläser from comment #4) > (In reply to comment #3) > > *** Bug 30883 has been marked as a duplicate of this bug. *** > > Also note the problem described in this bug. This was caused by a invalid regex, fixed a long time ago ;) (i also have a 1 line patch for this if needed) (In reply to Alexander Kläser from comment #9) > (In reply to Dirk Wiesenthal from comment #8) > > The MultiInput of the IP addresses has max=1 meaning that it is difficult to > > add addresses (no "+"-Button). Or was it meant to be "unique"? Then > > MultiInput seems to be the wrong widget. > > This is a limitation due to the UCR naming scheme and applies to bonds, > bridges, and vlans (?). Yes, plus Bug #32384 (In reply to Alexander Kläser from comment #10) > Created attachment 5352 [details] > Screenshot of DHCP query > > The "set" button should be "default" in the DHPC query dialog. Done (In reply to Alexander Kläser from comment #11) > (In reply to Alexander Kläser from comment #5) > > *** Bug 30884 has been marked as a duplicate of this bug. *** > > After querying a DHCP address and pressing "set" (see attachment 5352 [details] > [details]), neither nameserver nor gateway are updated. fixed, the gateway and nameserver will be updated when saving the interface. (In reply to Dirk Wiesenthal from comment #12) > Removing an interface is not supported: > > Netzwerkgeräte: Ungültiger Gerätename: 'eth0.2' Yes, only occurred when removing an VLAN device. (In reply to Dirk Wiesenthal from comment #13) > interfaces/primary can be set multiple times. I think it is only sent to the > backend once, but the frontend allows to specify it multiple times in the > first place. I think this should be fixed (setting it somewhere unsets it on > other interfaces). Oh yes, the value was not properly updated in the grid module store → multiple devices have been displayed as primary interface. (In reply to Dirk Wiesenthal from comment #14) > If setting an IPv6 address but not setting an identifier, the following > message is shown in German "Jedes IPv6 Gerät muss einen Bezeichnet haben" > (typo). 2 Typos have been fixed. > Plus: This message is shown after the wizard is closed. But closing should > be prevented in this case. Closing is now prevented. (In reply to Dirk Wiesenthal from comment #15) > After setting IPv6 on eth0 and reloading system setup, the IPv6 > configuration does not show up in the grid. When opening eth0 only the > address and the identifier is set, the prefix is not. > > setup/load: interfaces.eth0.ip6[0][1] === "" > > But ucr get interfaces/eth0/ipv6/default/prefix => 80 > I also have a virtual LAN: ucr get interfaces/eth0.2/ipv6/default/prefix => > 80 - may this have anything to do with it? fixed, was only a python bug, had nothing to do with the vlan device. QA can happen when Bug #28670 is finished.
Please make the following changes in the UMC dialog: "Virtual device ID" → "VLAN ID" "Parent device" → "Parent interface" "Name of new device" → "Name of new bridge/bonding interface" "UCR options" → "Additional interface options"
1. /var/cache/univention-system-setup/profile is created 0700, white it is not an executable script. 2. The explicit order=X UCRVs are missing to guarantee the proper dependency chain: ethX < bondY < (brZ|vlanW)+ # grep ^. /var/cache/univention-system-setup/profile | sort interfaces/bond0/ipv6/acceptRA="false" interfaces/bond0/options/0="bond-primary eth0" interfaces/bond0/options/1="bond-slaves eth0 eth1" interfaces/bond0/options/2="bond-mode 1" interfaces/bond0/options/3="miimon 100" interfaces/bond0/start="false" interfaces/br0.2/address="10.200.17.31" interfaces/br0.2/broadcast="10.200.17.255" interfaces/br0.2/ipv6/acceptRA="false" interfaces/br0.2/netmask="255.255.255.0" interfaces/br0.2/network="10.200.17.0" interfaces/br0.2/start="false" interfaces/br0/address="10.200.17.30" interfaces/br0/broadcast="10.200.17.255" interfaces/br0/ipv6/acceptRA="false" interfaces/br0/netmask="255.255.255.0" interfaces/br0/network="10.200.17.0" interfaces/br0/options/0="bridge_ports bond0" interfaces/br0/options/1="bridge_fd 0" interfaces/br0/start="false" interfaces/eth0/address="" interfaces/eth0/broadcast="" interfaces/eth0/netmask="" interfaces/eth0/network="" interfaces/eth0/start="false" interfaces/eth1/start="false" interfaces/primary="br0" # grep ^[^#] /etc/network/interfaces auto lo iface lo inet loopback auto br0 iface br0 inet static address 10.200.17.30 netmask 255.255.255.0 network 10.200.17.0 broadcast 10.200.17.255 gateway 10.200.17.1 auto br0.2 iface br0.2 inet static address 10.200.17.31 netmask 255.255.255.0 network 10.200.17.0 broadcast 10.200.17.255 auto eth0 iface eth0 inet static address 10.200.17.30 netmask 255.255.255.0 network 10.200.17.0 broadcast 10.200.17.255 Since the Bug #28670 is still mending, the output above is incorrect. 3. Bonding-interfaces should be tested for "bond-slaves" (and not "bond-primary"), see /etc/network/if-pre-up.d/ifenslave 4. Valid interface names are r"[^/ \t\n\r\f]{1,16}" except "." and ".." Patch for some issues available
(In reply to Philipp Hahn from comment #18) > # grep ^. /var/cache/univention-system-setup/profile | sort > interfaces/bond0/start="false" > interfaces/br0.2/start="false" > interfaces/br0/start="false" > interfaces/eth0/start="false" > interfaces/eth1/start="false" At least to top-level interfaces must be started (br0, br0.2). I know that I had problems with explicitly started interfaces when mixing bonding, bridging and vlans, but that might have been caused by missing the explicit order. Therefore I currently would recommend to always set start=true for any configured interface and also specify the order, so "ifup -a" does explicitly bring up all interfaces in the correct order.
(In reply to Philipp Hahn from comment #18) > 1. /var/cache/univention-system-setup/profile is created 0700, white it is > not an executable script. fixed > 2. The explicit order=X UCRVs are missing to guarantee the proper dependency > chain: ethX < bondY < (brZ|vlanW)+ … Should be fine!? On my installation all interfaces had start=true. > 3. Bonding-interfaces should be tested for "bond-slaves" (and not > "bond-primary"), see /etc/network/if-pre-up.d/ifenslave Yes, fixed. > 4. Valid interface names are r"[^/ \t\n\r\f]{1,16}" except "." and ".." Your suggestion has been implemented. > Patch for some issues available thank you ;)
(In reply to Philipp Hahn from comment #17) > Please make the following changes in the UMC dialog: > "Virtual device ID" → "VLAN ID" > "Parent device" → "Parent interface" > "Name of new device" → "Name of new bridge/bonding interface" > "UCR options" → "Additional interface options" Ok univention-system-setup (7.0.34-1)
1. The generated profile is incomplete and wrong (sorted by hand for easier reading): > interfaces/eth0/address="" > interfaces/eth0/broadcast="" > interfaces/eth0/netmask="" > interfaces/eth0/network="" Why no type, start, acceptRA, order? > interfaces/eth1/ipv6/acceptRA="false" > interfaces/eth1/start="false" Why only those two? > interfaces/bond0/ipv6/acceptRA="false" > interfaces/bond0/options/0="bond-slaves eth0 eth1" > interfaces/bond0/options/1="bond-mode 1" > interfaces/bond0/options/2="bond-primary eth0" > interfaces/bond0/options/3="miimon 100" > interfaces/bond0/start="false" Missing order > interfaces/br0/address="10.200.17.30" > interfaces/br0/broadcast="10.200.17.255" > interfaces/br0/ipv6/acceptRA="false" > interfaces/br0/netmask="255.255.255.0" > interfaces/br0/network="10.200.17.0" > interfaces/br0/options/0="bridge_ports bond0" > interfaces/br0/options/1="bridge_fd 0" > interfaces/br0/start="false" Missing order start=true must be set. > interfaces/br0.2/address="10.200.17.31" > interfaces/br0.2/broadcast="10.200.17.255" > interfaces/br0.2/ipv6/acceptRA="false" > interfaces/br0.2/netmask="255.255.255.0" > interfaces/br0.2/network="10.200.17.0" > interfaces/br0.2/start="false" Missing order start=true must be set. > interfaces/primary="" Since setting the primary interface is a global configuration, it should be best moved from the individual interface configurations to the global network page, where for example the gateway and DNS servers is configured. 2. Currently all interfaces can be removed (good). If then a bonding interface is configured, saving fails with "ethX is missing". They must currently be added manually. While doing so, they can be configured for IP, which is wrong. This must be either blocked or the interfaces should be added/cleared automatically as soon as they're used in a bond.
(In reply to Philipp Hahn from comment #22) > 1. The generated profile is incomplete and wrong (sorted by hand for easier > reading): The was due to a missing call to the method which prepares the interfaces for saving. > Since setting the primary interface is a global configuration, it should be > best moved from the individual interface configurations to the global > network page, where for example the gateway and DNS servers is configured. Done > 2. Currently all interfaces can be removed (good). If then a bonding > interface is configured, saving fails with "ethX is missing". They must > currently be added manually. While doing so, they can be configured for IP, > which is wrong. > This must be either blocked or the interfaces should be added/cleared > automatically as soon as they're used in a bond. Missing interfaces are now added. The /fallback/ variables are also removed now. univention-system-setup (7.0.41-1) * Bug #30816: rename device to interface * Bug #30816: display the primary network interface selection as ComboBox * Bug #30816: create missing bond/bridge sub interfaces automatically in the grid * Bug #30816: prepare the consistency of interfaces before writing the profile * Bug #30816: fix some little typos
The setup dialogue for bondings contains a multivalue field "UCR options". That name should be changed to "Additional bonding options". That these options are internally stored in UCR is a detail that should not be exposed to the end user, it only causes confusion.
(In reply to Moritz Muehlenhoff from comment #24) > The setup dialogue for bondings contains a multivalue field "UCR options". > That name should be changed to "Additional bonding options". > > That these options are internally stored in UCR is a detail that should not > be exposed to the end user, it only causes confusion. fixed. univention-system-setup (7.0.45-1)
Currently in appliance_mode the current IP-configuration is kept when the interfaces are restarted to not dis-connect the browser session. When VLANs, Bridges and Bonds are created, IP-addressed can and sometimes must be transferred to other interfaces, which requires the configuration to be flushed. This breaks the appliance mode. Therefore when in appliance mode, only re-configuring (existing and un-configured) ethX-interfaces should be allowed, but no creation of VLANs / Bridges / Bonds. If required by the user, they can be configured in a 2nd step after appliance mode has finished.
(In reply to Philipp Hahn from comment #26) > Currently in appliance_mode the current IP-configuration is kept when the > interfaces are restarted to not dis-connect the browser session. > When VLANs, Bridges and Bonds are created, IP-addressed can and sometimes > must be transferred to other interfaces, which requires the configuration to > be flushed. This breaks the appliance mode. > > Therefore when in appliance mode, only re-configuring (existing and > un-configured) ethX-interfaces should be allowed, but no creation of VLANs / > Bridges / Bonds. If required by the user, they can be configured in a 2nd > step after appliance mode has finished. svn44808 univention-system-setup (7.0.47-1) * Bug #30816: Remove possibility to create Bond, Bridge, VLAN interfaces in appliance mode
The following issues have been identified: 1. At least the bond blow a bridge must have "start=true" to function. AFAIK we should set "start=true" for all used interfaces, since the UMC frontend also sets "order" correctly. 2. VLANs on bridges do not word, since /etc/network/if-pre-up.d/vlan does not know how to handle "br*". Here interfaces/brX.Y/options/$Z="vlan-raw-device brX" is needed. (See "man 5 vlan-interfaces"). We should always add this, as the use can name the bridges/bonds/vlans as she likes. (*) 3. For my IP-configured bridge "br0", which also has a VLAN-2 "br0.2" on top, the type for the bridge is wrongly set to "manual". Correct is "interfaces/br0/type=address". 4. The "bond_primary" option is only valid for active-backup mode. (*) 5. VLAN-ID <= 4095, 4096 is one to many. (*) (*) patch available
Created attachment 5496 [details] Fix 2,4,5 UNTESTED
(In reply to Philipp Hahn from comment #28) > 1. At least the bond b[+e+]low a bridge must have "start=true" to function. > 2. VLANs on bridges do not wor[d→k], since /etc/network/if-pre-up.d/vlan does > 3. ... "interfaces/br0/type=[address→static]". > 5. VLAN-ID <= 4095, 4096 is one to[+o+] many. (*)
Created attachment 5498 [details] Fix 1-11, UNTESTED 6. 'dynamic' is an alias for 'dhcp', which could be still used in UCR. 7. "self.type=None" is the initial value. Simplify code. 8. IMHO 169.254. should not automatically enable DHCP. 9. Be Unicode future proof. 10. Refacture extra_options processing to common implementation. 11. German translation update
Created attachment 5499 [details] Fix 1-11v2, UNTESTED Fix German translation errors.
Created attachment 5509 [details] Proposed fix 12-18 12. Fix regular expression to allow additional '_' in names. 13. Remove unused "orgValues" from pre_save() 14. Remove broken handling for "interfaces/primary" from network, since it is already handled by util.py 15. Fix _removedDevice() to only remove settings belonging to the specific interface; it was removing ALL interfaces 16. Match regular expression only once 17. Remove obvious comment 18. Use "set() - set()" instead of "set().difference(set())"
FYI: While debugging the removal issue I noticed that univention-system-setup/umc/python/setup/network.py#Interfaces.get_ucr_diff() seems to be unused and could be removed.
Thank you, the patch has been applied with slighly changes (ucr.iterkeys() does not work ;)) Interfaces.get_ucr_diff() has been removed.
works until here…
even if i do not change anything, system setup wants to reconfigure my network Die folgenden Änderungen werden auf das System übertragen: Netzwerkgeräte: eth0.2 (Virtuelles LAN): Statisch: 10.200.7.56/24 eth0 (Ethernet): Statisch: 10.200.7.50/24 Bitte bestätigen Sie, dass diese Änderungen auf das System übertragen werden. Dies kann einige Zeit in Anspruch nehmen. (just opened the basic settings and clicked "save changes")
(In reply to Felix Botner from comment #37) > even if i do not change anything, system setup wants to reconfigure my > network > > Die folgenden Änderungen werden auf das System übertragen: > > Netzwerkgeräte: > eth0.2 (Virtuelles LAN): Statisch: 10.200.7.56/24 > eth0 (Ethernet): Statisch: 10.200.7.50/24 > > Bitte bestätigen Sie, dass diese Änderungen auf das System übertragen > werden. Dies kann einige Zeit in Anspruch nehmen. > > (just opened the basic settings and clicked "save changes") fixed, was caused by primary flag… package not built yes.
OK: Ethernet OK: Bridge OK: VLAN OK: Bonding OK: VLAN<Bridge OK: Bridge<VLAN OK: Bridge<VLAN^2<Bridge OK: Bonding<Bridge<VLAN OK: interfaces/primary, interfaces/*/{start,order} FIXED: ChangeLog → r45685 FYI: Bug #32890 css missing FYI: Bug #32995 gateway validation FYI: Bug #32815 IP validation FYI: Configuring an interface for both VLAN and native is currently not possible. TODO: univention-virtual-machine-manager-node-kvm With uvmm-node-Xen/Kvm doing the ethX/pethX shuffle, this breaks the UMC logic: It detects the renamed physical interface 'pethX' and generates a profile for that instead of the 'ethX' wich "ifup" will see before the dance is done. Therefore the uvmm-node-* packages will set a new UCRV umc/modules/setup/network=false, which should disable the full UMC network page and show a link to <http://docs.univention.de/computers-3.2.html#uvmm> instead explaining the situation. TBD: Appliance mode
First version had been implemented. Waiting for Bug #33006 that UCR variable changes.
(In reply to Florian Best from comment #40) > First version had been implemented. Waiting for Bug #33006 that UCR variable > changes. Ok, fully implemented now.
OK - adding/modifing/deleting interfaces/bond/vlan/... OK - XEN, KVM OK - Appl mode OK - changelog
Created attachment 5568 [details] Fix interface name regular expressions I can't create a bridge named "dhcppt", which is flagged as invalid. I'm required to add a trailing "0". A bridge and bonding interface can be named arbitrarily. > re = /^(?![.]{1,2}$)[^/ \t\n\r\f]{1,15}$/; /^(?![.]{1,2}$)[^/ \t\n\r\f]{1,15}$/ > re.test('') false > re.test('.') false > re.test('..') false > re.test('...') true > re.test('....................................') false > re.test('eth0') true > re.test('.eth0') true
On a VM server the TUN/TAP interfaces are not filtered out: $ umc-command -U Administrator -P univention setup/net/interfaces ... RESULT : ['vnet0', 'vnet2', 'vnet1', 'eth0', 'eth1'] # cd /sys/class/net;diff -ur -x device -x subsystem -x power -x queues -x statistics eth0/ vnet0/ | grep -v ^diff diff: eth0//brport/flush: Keine Berechtigung diff: vnet0//brport/flush: Keine Berechtigung --- eth0//addr_assign_type 2013-11-05 15:52:57.663721325 +0100 +++ vnet0//addr_assign_type 2013-11-05 15:52:57.667721381 +0100 @@ -1 +1 @@ -0 +3 --- eth0//address 2013-11-05 09:32:45.425664331 +0100 +++ vnet0//address 2013-11-05 11:10:19.032518091 +0100 @@ -1 +1 @@ -bc:ae:c5:07:cc:5c +fe:54:00:0e:2c:7a --- eth0//brport/designated_port 2013-11-05 15:15:22.824131805 +0100 +++ vnet0//brport/designated_port 2013-11-05 15:54:34.473113929 +0100 @@ -1 +1 @@ -32769 +32770 --- eth0//brport/path_cost 2013-11-05 15:15:22.824131805 +0100 +++ vnet0//brport/path_cost 2013-11-05 15:54:34.473113929 +0100 @@ -1 +1 @@ -4 +100 --- eth0//brport/port_id 2013-11-05 15:15:22.824131805 +0100 +++ vnet0//brport/port_id 2013-11-05 15:54:34.473113929 +0100 @@ -1 +1 @@ -0x8001 +0x8002 --- eth0//brport/port_no 2013-11-05 15:15:22.824131805 +0100 +++ vnet0//brport/port_no 2013-11-05 15:54:34.473113929 +0100 @@ -1 +1 @@ -0x1 +0x2 Nur in vnet0/: group. --- eth0//ifindex 2013-11-05 09:33:17.472007247 +0100 +++ vnet0//ifindex 2013-11-05 11:10:19.032518091 +0100 @@ -1 +1 @@ -2 +6 --- eth0//iflink 2013-11-05 15:52:57.663721325 +0100 +++ vnet0//iflink 2013-11-05 15:52:57.667721381 +0100 @@ -1 +1 @@ -2 +6 --- eth0//operstate 2013-11-05 15:52:57.663721325 +0100 +++ vnet0//operstate 2013-11-05 15:52:57.667721381 +0100 @@ -1 +1 @@ -up +unknown Nur in vnet0/: owner. --- eth0//speed 2013-11-05 15:52:57.663721325 +0100 +++ vnet0//speed 2013-11-05 15:52:57.667721381 +0100 @@ -1 +1 @@ -1000 +10 Nur in vnet0/: tun_flags. --- eth0//tx_queue_len 2013-11-05 15:52:57.663721325 +0100 +++ vnet0//tx_queue_len 2013-11-05 15:52:57.667721381 +0100 @@ -1 +1 @@ -1000 +500 --- eth0//uevent 2013-11-05 09:32:35.552000257 +0100 +++ vnet0//uevent 2013-11-05 11:10:19.028518034 +0100 @@ -1,2 +1,2 @@ -INTERFACE=eth0 -IFINDEX=2 +INTERFACE=vnet0 +IFINDEX=6 As tun/tap files are highly dynamic and thus not configurable through the static "/etc/network/interfaces", I would filter out those interfaces having "/sys/class/net/$IFACE/tun_flags". index 81e54a5..64075bd 100644 --- ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py +++ ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py @@ -489,8 +489,8 @@ def detect_interfaces(): # filter out lo, etc. interfaces if open(os.path.join(pathname, 'type'), 'r').read().strip() not in ('1', '2', '3', '4', '5', '6', '7', '8', '15', '19'): continue - # filter out bridge, bond devices - if any(os.path.exists(os.path.join(pathname, path)) for path in ('bridge', 'bonding')): + # filter out bridge, bond, tun/tap interfaces + if any(os.path.exists(os.path.join(pathname, path)) for path in ('bridge', 'bonding', 'tun_flags')): continue # filter out vlan devices if '.' in dirname:
UCS 3.2 has been released: http://docs.univention.de/release-notes-3.2-en.html http://docs.univention.de/release-notes-3.2-de.html If this error occurs again, please use "Clone This Bug".