diff --git a/Dockerfile.validate b/Dockerfile.validate index 0e76f40..547f5b2 100644 --- a/Dockerfile.validate +++ b/Dockerfile.validate @@ -6,7 +6,6 @@ FROM metalstack/frr:${FRR_VERSION}-${OS_NAME}-${OS_VERSION} AS frr-artifacts FROM ${OS_NAME}:${OS_VERSION} ENV FRR_FILES="frr.conf.firewall frr.conf.machine" \ - INTERFACES_FILES="interfaces.firewall" \ TESTDATA_DIR="./internal/netconf/testdata" WORKDIR /tmp @@ -17,7 +16,6 @@ RUN apt-get update --quiet \ --yes \ --no-install-recommends \ --quiet \ - ifupdown2 \ ./frr_*.deb \ ./frr-pythontools_*.deb \ ./libyang*.deb diff --git a/go.mod b/go.mod index 7cca99f..c8f6521 100644 --- a/go.mod +++ b/go.mod @@ -4,14 +4,15 @@ go 1.14 require ( github.com/coreos/go-systemd/v22 v22.1.0 + github.com/google/go-cmp v0.5.1 github.com/metal-stack/v v1.0.2 github.com/pelletier/go-toml v1.8.0 // indirect github.com/rakyll/statik v0.1.7 - github.com/spf13/afero v1.2.2 // indirect + github.com/spf13/afero v1.3.2 // indirect github.com/spf13/cobra v1.0.0 github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/viper v1.7.0 github.com/stretchr/testify v1.6.1 go.uber.org/zap v1.15.0 - gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c + gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 ) diff --git a/go.sum b/go.sum index 11e552b..98e7b95 100644 --- a/go.sum +++ b/go.sum @@ -69,7 +69,10 @@ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -116,6 +119,7 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -152,6 +156,7 @@ github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= @@ -182,8 +187,8 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= -github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc= -github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/afero v1.3.2 h1:GDarE4TJQI52kYSbSAmLiId1Elfj+xgSDqrUZxFhxlU= +github.com/spf13/afero v1.3.2/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.0.0 h1:6m/oheQuQ13N9ks4hubMG6BnvwOeaJrqSPLahSnczz8= @@ -235,6 +240,7 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90Pveol golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -322,6 +328,8 @@ golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc h1:NCy3Ohtk6Iny5V/reW2Ktypo4zIpWBdRJ1uFMjBxdg8= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -362,8 +370,8 @@ gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c h1:grhR+C34yXImVGp7EzNk+DTIk+323eIUWOmEevy6bDo= -gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ= +gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/netconf/configurator.go b/internal/netconf/configurator.go index c1cdc55..c987419 100644 --- a/internal/netconf/configurator.go +++ b/internal/netconf/configurator.go @@ -27,8 +27,13 @@ const ( Machine // SystemdUnitPath is the path where systemd units will be generated. SystemdUnitPath = "/etc/systemd/system/" - // SystemdNetworkPath is the path where systemd-networkd expects its configuration files. - SystemdNetworkPath = "/etc/systemd/network" +) + +var ( + // systemdNetworkPath is the path where systemd-networkd expects its configuration files. + systemdNetworkPath = "/etc/systemd/network" + // tmpPath is the path where temporary files are stored for validation before they are moved to their intended place. + tmpPath = "/etc/metal/networker/" ) type ( @@ -190,17 +195,11 @@ func (configurator FirewallConfigurator) getUnits() []unitConfiguration { } func applyCommonConfiguration(kind BareMetalType, kb KnowledgeBase) { - src := mustTmpFile("interfaces_") - applier := NewIfacesConfigApplier(kind, kb, src) - - if kind == Machine { - applyAndCleanUp(applier, TplMachineIfaces, src, SystemdNetworkPath+"/0-lo.network", FileModeSystemd) - } else { - applyAndCleanUp(applier, TplFirewallIfaces, src, "/etc/network/interfaces", FileModeDefault) - } + a := NewIfacesApplier(kind, kb) + a.Apply() - src = mustTmpFile("hosts_") - applier = NewHostsApplier(kb, src) + src := mustTmpFile("hosts_") + applier := NewHostsApplier(kb, src) applyAndCleanUp(applier, TplHosts, src, "/etc/hosts", FileModeDefault) src = mustTmpFile("hostname_") @@ -216,22 +215,6 @@ func applyCommonConfiguration(kind BareMetalType, kb KnowledgeBase) { } applyAndCleanUp(applier, tpl, src, "/etc/frr/frr.conf", FileModeDefault) - - offset := 1 - - for i, nic := range kb.Nics { - prefix := fmt.Sprintf("lan%d_link_", i) - src = mustTmpFile(prefix) - applier = NewSystemdLinkApplier(kind, kb.Machineuuid, i, nic, src) - dest := fmt.Sprintf("%s/%d0-lan%d.link", SystemdNetworkPath, i+offset, i) - applyAndCleanUp(applier, tplSystemdLink, src, dest, FileModeSystemd) - - prefix = fmt.Sprintf("lan%d_network_", i) - src = mustTmpFile(prefix) - applier = NewSystemdNetworkApplier(kb.Machineuuid, i, src) - dest = fmt.Sprintf("%s/%d0-lan%d.network", SystemdNetworkPath, i+offset, i) - applyAndCleanUp(applier, tplSystemdNetwork, src, dest, FileModeSystemd) - } } func applyAndCleanUp(applier net.Applier, tpl, src, dest string, mode os.FileMode) { @@ -259,7 +242,7 @@ func mustEnableUnit(unit string) { } func mustApply(applier net.Applier, tpl, src, dest string) { - t := template.Must(template.New(TplFirewallIfaces).Parse(tpl)) + t := template.Must(template.New(src).Parse(tpl)) err := applier.Apply(*t, src, dest, false) if err != nil { @@ -268,7 +251,7 @@ func mustApply(applier net.Applier, tpl, src, dest string) { } func mustTmpFile(prefix string) string { - f, err := ioutil.TempFile("/etc/metal/networker/", prefix) + f, err := ioutil.TempFile(tmpPath, prefix) if err != nil { log.Panic(err) } diff --git a/internal/netconf/frr_test.go b/internal/netconf/frr_test.go index 4f4f5ab..0e5625d 100644 --- a/internal/netconf/frr_test.go +++ b/internal/netconf/frr_test.go @@ -1,29 +1,48 @@ package netconf import ( + "bytes" + "io/ioutil" "testing" "github.com/stretchr/testify/assert" ) -func TestCompileFrrConf(t *testing.T) { - tests := []FileRenderInfo{ +func TestFrrConfigApplier(t *testing.T) { + assert := assert.New(t) + tests := []struct { + input string + expectedOutput string + configuratorType BareMetalType + tpl string + }{ { input: "testdata/firewall.yaml", expectedOutput: "testdata/frr.conf.firewall", configuratorType: Firewall, tpl: TplFirewallFRR, - newApplierFunc: NewFrrConfigApplier, }, { input: "testdata/machine.yaml", expectedOutput: "testdata/frr.conf.machine", configuratorType: Machine, tpl: TplMachineFRR, - newApplierFunc: NewFrrConfigApplier, }, } - renderFilesAndVerifyExpectations(t, tests) + for _, t := range tests { + expected, err := ioutil.ReadFile(t.expectedOutput) + assert.NoError(err) + + kb := NewKnowledgeBase(t.input) + assert.NoError(err) + a := NewFrrConfigApplier(t.configuratorType, kb, "") + b := bytes.Buffer{} + + tpl := mustParseTpl(t.tpl) + err = a.Render(&b, *tpl) + assert.NoError(err) + assert.Equal(string(expected), b.String()) + } } func TestFRRValidator_Validate(t *testing.T) { diff --git a/internal/netconf/interfaces.go b/internal/netconf/interfaces.go index 240cd4e..12725bd 100644 --- a/internal/netconf/interfaces.go +++ b/internal/netconf/interfaces.go @@ -2,92 +2,118 @@ package netconf import ( "fmt" - - "github.com/metal-stack/metal-networker/pkg/net" - - "github.com/metal-stack/metal-networker/pkg/exec" -) - -const ( - // TplFirewallIfaces defines the name of the template to render interfaces configuration for firewalls. - TplFirewallIfaces = "interfaces.firewall.tpl" - // TplMachineIfaces defines the name of the template to render interfaces configuration for machines. - TplMachineIfaces = "lo.network.machine.tpl" + "io" + "text/template" ) type ( - // CommonIfacesData contains attributes required to render common network interfaces configuration of a bare metal + // IfacesData contains attributes required to render network interfaces configuration of a bare metal // server. - CommonIfacesData struct { - Comment string - Loopback Loopback - } - - // MachineIfacesData contains attributes required to render network interfaces configuration of a bare metal - // server that functions as 'machine'. - MachineIfacesData struct { - CommonIfacesData - } - - // FirewallIfacesData contains attributes required to render network interfaces configuration of a bare metal - // server that functions as 'firewall'. - FirewallIfacesData struct { - CommonIfacesData - Bridge Bridge - EVPNInterfaces []EVPNIface + IfacesData struct { + Comment string + Loopback Loopback + EVPNIfaces []EVPNIface } - // IfacesValidator defines the base type of an interfaces validator. - IfacesValidator struct { - path string - } // SystemdNetworkdValidator defines the base type of an systemd-networkd validator. SystemdNetworkdValidator struct { path string } ) -// NewIfacesConfigApplier constructs a new instance of this type. -func NewIfacesConfigApplier(kind BareMetalType, kb KnowledgeBase, tmpFile string) net.Applier { - var data interface{} - var validator net.Validator +// IfacesApplier applies interfaces configuration. +type IfacesApplier struct { + kind BareMetalType + kb KnowledgeBase + data IfacesData +} - common := CommonIfacesData{ +// NewIfacesApplier constructs a new instance of this type. +func NewIfacesApplier(kind BareMetalType, kb KnowledgeBase) IfacesApplier { + d := IfacesData{ Comment: versionHeader(kb.Machineuuid), } switch kind { case Firewall: - common.Loopback.Comment = fmt.Sprintf("networkid: %s", kb.getUnderlayNetwork().Networkid) - common.Loopback.IPs = kb.getUnderlayNetwork().Ips - f := FirewallIfacesData{} - f.CommonIfacesData = common - f.Bridge.Ports = getBridgePorts(kb) - f.Bridge.Vids = getBridgeVLANIDs(kb) - f.EVPNInterfaces = getEVPNInterfaces(kb) - data = f - validator = IfacesValidator{path: tmpFile} + underlay := kb.getUnderlayNetwork() + d.Loopback.Comment = fmt.Sprintf("# networkid: %s", underlay.Networkid) + d.Loopback.IPs = underlay.Ips + d.EVPNIfaces = getEVPNIfaces(kb) case Machine: private := kb.getPrivateNetwork() - common.Loopback.Comment = fmt.Sprintf("networkid: %s", private.Networkid) + d.Loopback.Comment = fmt.Sprintf("# networkid: %s", private.Networkid) // Ensure that the ips of the private network are the first ips at the loopback interface. // The first lo IP is used within network communication and other systems depend on seeing the first private ip. - common.Loopback.IPs = append(private.Ips, kb.CollectIPs(Public)...) - data = MachineIfacesData{ - CommonIfacesData: common, - } - validator = SystemdNetworkdValidator{path: tmpFile} + d.Loopback.IPs = append(private.Ips, kb.CollectIPs(Public)...) default: log.Fatalf("unknown configuratorType of configurator: %v", kind) } - return net.NewNetworkApplier(data, validator, nil) + return IfacesApplier{kind: kind, kb: kb, data: d} +} + +// Render renders the network interfaces to the given writer using the given template. +func (a *IfacesApplier) Render(w io.Writer, tpl template.Template) error { + return tpl.Execute(w, a.data) +} + +// Apply applies the interface configuration with systemd-networkd. +func (a *IfacesApplier) Apply() { + uuid := a.kb.Machineuuid + evpnIfaces := a.data.EVPNIfaces + + // /etc/systemd/network/00 loopback + src := mustTmpFile("lo_network_") + applier := NewSystemdNetworkdApplier(src, a.data) + dest := fmt.Sprintf("%s/00-lo.network", systemdNetworkPath) + applyAndCleanUp(applier, tplSystemdNetworkLo, src, dest, FileModeSystemd) + + // /etc/systemd/network/1x* lan interfaces + offset := 10 + for i, nic := range a.kb.Nics { + prefix := fmt.Sprintf("lan%d_link_", i) + src := mustTmpFile(prefix) + applier := NewSystemdLinkApplier(a.kind, uuid, i, nic, src, evpnIfaces) + dest := fmt.Sprintf("%s/%d-lan%d.link", systemdNetworkPath, offset+i, i) + applyAndCleanUp(applier, tplSystemdLinkLan, src, dest, FileModeSystemd) + + prefix = fmt.Sprintf("lan%d_network_", i) + src = mustTmpFile(prefix) + applier = NewSystemdLinkApplier(a.kind, uuid, i, nic, src, evpnIfaces) + dest = fmt.Sprintf("%s/%d-lan%d.network", systemdNetworkPath, offset+i, i) + applyAndCleanUp(applier, tplSystemdNetworkLan, src, dest, FileModeSystemd) + } + + if a.kind == Machine { + return + } + + // /etc/systemd/network/20 bridge interface + applyNetdevAndNetwork(20, 20, "bridge", "", a.data) + + // /etc/systemd/network/3x* triplet of interfaces for a tenant: vrf, svi, vxlan + offset = 30 + for i, tenant := range a.data.EVPNIfaces { + suffix := fmt.Sprintf("-%d", tenant.VRF.ID) + applyNetdevAndNetwork(offset, offset+i, "vrf", suffix, tenant) + applyNetdevAndNetwork(offset, offset+i, "svi", suffix, tenant) + applyNetdevAndNetwork(offset, offset+i, "vxlan", suffix, tenant) + } } -// Validate network interfaces configuration. Assumes ifupdown2 is available. -func (v IfacesValidator) Validate() error { - log.Infof("running 'ifup --syntax-check --all --interfaces %s to validate changes.'", v.path) - return exec.NewVerboseCmd("ifup", "--syntax-check", "--all", "--interfaces", v.path).Run() +func applyNetdevAndNetwork(si, di int, prefix, suffix string, data interface{}) { + src := mustTmpFile(prefix + "_netdev_") + applier := NewSystemdNetworkdApplier(src, data) + dest := fmt.Sprintf("%s/%d-%s%s.netdev", systemdNetworkPath, di, prefix, suffix) + tpl := fmt.Sprintf("networkd/%d-%s.netdev.tpl", si, prefix) + applyAndCleanUp(applier, tpl, src, dest, FileModeSystemd) + + src = mustTmpFile(prefix + "_network_") + applier = NewSystemdNetworkdApplier(src, data) + dest = fmt.Sprintf("%s/%d-%s%s.network", systemdNetworkPath, di, prefix, suffix) + tpl = fmt.Sprintf("networkd/%d-%s.network.tpl", si, prefix) + applyAndCleanUp(applier, tpl, src, dest, FileModeSystemd) } // Validate network interfaces configuration done with systemd-networkd. Assumes systemd-networkd is installed. @@ -96,59 +122,28 @@ func (v SystemdNetworkdValidator) Validate() error { return nil } -func getEVPNInterfaces(kb KnowledgeBase) []EVPNIface { +func getEVPNIfaces(kb KnowledgeBase) []EVPNIface { var result []EVPNIface - for _, n := range kb.Networks { + vrfTableOffset := 1000 + for i, n := range kb.Networks { if n.Underlay { continue } e := EVPNIface{} - e.SVI.Comment = fmt.Sprintf("svi (networkid: %s)", n.Networkid) - e.SVI.VlanID = n.Vlan + e.Comment = versionHeader(kb.Machineuuid) + e.SVI.Comment = fmt.Sprintf("# svi (networkid: %s)", n.Networkid) + e.SVI.VLANID = n.Vlan e.SVI.Addresses = n.Ips - e.VXLAN.Comment = fmt.Sprintf("vxlan (networkid: %s)", n.Networkid) + e.VXLAN.Comment = fmt.Sprintf("# vxlan (networkid: %s)", n.Networkid) e.VXLAN.ID = n.Vrf e.VXLAN.TunnelIP = kb.getUnderlayNetwork().Ips[0] - e.VRF.Comment = fmt.Sprintf("vrf (networkid: %s)", n.Networkid) + e.VRF.Comment = fmt.Sprintf("# vrf (networkid: %s)", n.Networkid) e.VRF.ID = n.Vrf + e.VRF.Table = vrfTableOffset + i result = append(result, e) } return result } - -func getBridgeVLANIDs(kb KnowledgeBase) string { - result := "" - networks := kb.GetNetworks(Private, Public) - - for _, n := range networks { - if result == "" { - result = fmt.Sprintf("%d", n.Vlan) - } else { - result = fmt.Sprintf("%s %d", result, n.Vlan) - } - } - - return result -} - -func getBridgePorts(kb KnowledgeBase) string { - result := "" - networks := kb.GetNetworks(Private, Public) - - for _, n := range networks { - if n.Underlay { - continue - } - - if result == "" { - result = fmt.Sprintf("vni%d", n.Vrf) - } else { - result = fmt.Sprintf("%s vni%d", result, n.Vrf) - } - } - - return result -} diff --git a/internal/netconf/interfaces_test.go b/internal/netconf/interfaces_test.go index 1a7244a..e6d2be3 100644 --- a/internal/netconf/interfaces_test.go +++ b/internal/netconf/interfaces_test.go @@ -1,57 +1,95 @@ package netconf import ( - "bytes" + "fmt" "io/ioutil" + "os" + "sort" "testing" - "github.com/metal-stack/metal-networker/pkg/net" - "github.com/stretchr/testify/assert" + "github.com/google/go-cmp/cmp" ) -type FileRenderInfo struct { - input string - expectedOutput string - configuratorType BareMetalType - tpl string - newApplierFunc func(BareMetalType, KnowledgeBase, string) net.Applier -} - -func renderFilesAndVerifyExpectations(t *testing.T, tests []FileRenderInfo) { - assert := assert.New(t) - - for _, t := range tests { - expected, err := ioutil.ReadFile(t.expectedOutput) - assert.NoError(err) - - kb := NewKnowledgeBase(t.input) - assert.NoError(err) - a := t.newApplierFunc(t.configuratorType, kb, "") - b := bytes.Buffer{} - - tpl := mustParseTpl(t.tpl) - err = a.Render(&b, *tpl) - assert.NoError(err) - assert.Equal(string(expected), b.String()) - } -} - -func TestCompileInterfaces(t *testing.T) { - tests := []FileRenderInfo{ +func TestIfacesApplier(t *testing.T) { + tests := []struct { + input string + expectedOutput string + configuratorType BareMetalType + }{ { input: "testdata/firewall.yaml", - expectedOutput: "testdata/interfaces.firewall", + expectedOutput: "testdata/networkd/firewall", configuratorType: Firewall, - tpl: TplFirewallIfaces, - newApplierFunc: NewIfacesConfigApplier, }, { input: "testdata/machine.yaml", - expectedOutput: "testdata/lo.network.machine", + expectedOutput: "testdata/networkd/machine", configuratorType: Machine, - tpl: TplMachineIfaces, - newApplierFunc: NewIfacesConfigApplier, }, } - renderFilesAndVerifyExpectations(t, tests) + + tmpPath = os.TempDir() + for _, tc := range tests { + func() { + old := systemdNetworkPath + tempdir, err := ioutil.TempDir(os.TempDir(), "networkd*") + systemdNetworkPath = tempdir + if err != nil { + log.Fatal(err) + } + defer func() { + os.RemoveAll(systemdNetworkPath) + systemdNetworkPath = old + }() + kb := NewKnowledgeBase(tc.input) + a := NewIfacesApplier(tc.configuratorType, kb) + a.Apply() + if equal, s := equalDirs(systemdNetworkPath, tc.expectedOutput); !equal { + t.Error(s) + } + }() + } +} + +func equalDirs(dir1, dir2 string) (bool, string) { + files1 := list(dir1) + files2 := list(dir2) + if !cmp.Equal(files1, files2) { + return false, fmt.Sprintf("list of files is different: %v", cmp.Diff(files1, files2)) + } + + for _, f := range files1 { + f1, err := ioutil.ReadFile(fmt.Sprintf("%s/%s", dir1, f)) + if err != nil { + panic(err) + } + f2, err := ioutil.ReadFile(fmt.Sprintf("%s/%s", dir2, f)) + if err != nil { + panic(err) + } + s1 := string(f1) + s2 := string(f2) + if !cmp.Equal(s1, s2) { + return false, fmt.Sprintf("file %s differs: %v", f, cmp.Diff(s1, s2)) + } + } + return true, "" +} + +func list(dir string) []string { + f, err := os.Open(dir) + if err != nil { + panic(err) + } + finfos, err := f.Readdir(-1) + f.Close() + if err != nil { + panic(err) + } + files := []string{} + for _, file := range finfos { + files = append(files, file.Name()) + } + sort.Strings(files) + return files } diff --git a/internal/netconf/netobjects.go b/internal/netconf/netobjects.go index 019876d..ab9d664 100644 --- a/internal/netconf/netobjects.go +++ b/internal/netconf/netobjects.go @@ -28,6 +28,7 @@ type ( // VRF represents data required to render VRF information into frr.conf. VRF struct { Identity + Table int VNI int ImportVRFNames []string IPPrefixLists []IPPrefixList @@ -50,7 +51,7 @@ type ( // SVI represents a switched virtual interface. SVI struct { - VlanID int + VLANID int Comment string Addresses []string } @@ -63,9 +64,10 @@ type ( // EVPNIface represents the information required to render EVPN interfaces configuration. EVPNIface struct { - VRF VRF - SVI SVI - VXLAN VXLAN + Comment string + VRF VRF + SVI SVI + VXLAN VXLAN } // Bridge represents a network bridge. diff --git a/internal/netconf/systemd.go b/internal/netconf/systemd.go index 1d33836..8b09c97 100644 --- a/internal/netconf/systemd.go +++ b/internal/netconf/systemd.go @@ -5,10 +5,12 @@ import ( ) const ( - // tplSystemdLink defines the name of the template to render system.link file. - tplSystemdLink = "systemd.link.tpl" - // tplSystemdNetwork defines the name of the template to render system.network file. - tplSystemdNetwork = "systemd.network.tpl" + // tplSystemdLinkLan defines the name of the template to render system.link file. + tplSystemdLinkLan = "networkd/10-lan.link.tpl" + + tplSystemdNetworkLo = "networkd/00-lo.network.tpl" + // tplSystemdNetworkLan defines the name of the template to render system.network file. + tplSystemdNetworkLan = "networkd/10-lan.network.tpl" // mtuFirewall defines the value for MTU specific to the needs of a firewall. VXLAN requires higher MTU. mtuFirewall = 9216 // mtuMachine defines the value for MTU specific to the needs of a machine. @@ -22,16 +24,12 @@ type ( Index int } - // SystemdNetworkData contains attributes required to render systemd.network files. - SystemdNetworkData struct { - SystemdCommonData - } - // SystemdLinkData contains attributes required to render systemd.link files. SystemdLinkData struct { SystemdCommonData - MAC string - MTU int + MAC string + MTU int + EVPNIfaces []EVPNIface } // SystemdValidator validates systemd.network and system.link files. @@ -40,9 +38,8 @@ type ( } ) -// NewSystemdNetworkApplier creates a new Applier to configure systemd.network. -func NewSystemdNetworkApplier(uuid string, nicIndex int, tmpFile string) net.Applier { - data := SystemdNetworkData{SystemdCommonData{Comment: versionHeader(uuid), Index: nicIndex}} +// NewSystemdNetworkdApplier creates a new Applier to configure systemd.network. +func NewSystemdNetworkdApplier(tmpFile string, data interface{}) net.Applier { validator := SystemdValidator{tmpFile} return net.NewNetworkApplier(data, validator, nil) @@ -50,7 +47,7 @@ func NewSystemdNetworkApplier(uuid string, nicIndex int, tmpFile string) net.App // NewSystemdLinkApplier creates a new Applier to configure systemd.link. func NewSystemdLinkApplier(kind BareMetalType, machineUUID string, nicIndex int, nic NIC, - tmpFile string) net.Applier { + tmpFile string, evpnIfaces []EVPNIface) net.Applier { var mtu int switch kind { @@ -67,8 +64,9 @@ func NewSystemdLinkApplier(kind BareMetalType, machineUUID string, nicIndex int, Comment: versionHeader(machineUUID), Index: nicIndex, }, - MTU: mtu, - MAC: nic.Mac, + MTU: mtu, + MAC: nic.Mac, + EVPNIfaces: evpnIfaces, } validator := SystemdValidator{tmpFile} diff --git a/internal/netconf/systemd_test.go b/internal/netconf/systemd_test.go deleted file mode 100644 index bb8c178..0000000 --- a/internal/netconf/systemd_test.go +++ /dev/null @@ -1,101 +0,0 @@ -package netconf - -import ( - "bytes" - "io/ioutil" - "testing" - "text/template" - - "github.com/metal-stack/metal-networker/pkg/net" - "github.com/stretchr/testify/assert" -) - -func TestNewSystemdLinkConfig(t *testing.T) { - assert := assert.New(t) - - tests := []struct { - expectedOutput string - configuratorType BareMetalType - tpl string - nicIndex int - machineUUID string - }{ - {expectedOutput: "testdata/lan0.machine.link", - configuratorType: Machine, - tpl: tplSystemdLink, - machineUUID: "e0ab02d2-27cd-5a5e-8efc-080ba80cf258", - nicIndex: 0}, - {expectedOutput: "testdata/lan1.machine.link", - configuratorType: Machine, - tpl: tplSystemdLink, - machineUUID: "e0ab02d2-27cd-5a5e-8efc-080ba80cf258", - nicIndex: 1}, - {expectedOutput: "testdata/lan0.firewall.link", - configuratorType: Firewall, - tpl: tplSystemdLink, - machineUUID: "e0ab02d2-27cd-5a5e-8efc-080ba80cf258", - nicIndex: 0}, - {expectedOutput: "testdata/lan1.firewall.link", - configuratorType: Firewall, - tpl: tplSystemdLink, - machineUUID: "e0ab02d2-27cd-5a5e-8efc-080ba80cf258", - nicIndex: 1}, - } - - for _, t := range tests { - expected, err := ioutil.ReadFile(t.expectedOutput) - assert.NoError(err) - - nic := NewKnowledgeBase("testdata/firewall.yaml").Nics[t.nicIndex] - assert.NoError(err) - a := NewSystemdLinkApplier(t.configuratorType, t.machineUUID, t.nicIndex, nic, "") - b := bytes.Buffer{} - - tpl := mustParseTpl(t.tpl) - err = a.Render(&b, *tpl) - assert.NoError(err) - assert.Equal(string(expected), b.String()) - } -} - -func TestNewSystemdNetworkConfig(t *testing.T) { - assert := assert.New(t) - - tests := []struct { - expectedOutput string - configuratorType BareMetalType - tpl string - nicIndex int - machineUUID string - configFunc func(machineUUID string, nicIndex int, tmpFile string) net.Applier - }{ - {expectedOutput: "testdata/lan0.network", - configuratorType: Machine, - tpl: tplSystemdNetwork, - nicIndex: 0, - machineUUID: "e0ab02d2-27cd-5a5e-8efc-080ba80cf258", - configFunc: NewSystemdNetworkApplier}, - {expectedOutput: "testdata/lan1.network", - configuratorType: Machine, - tpl: tplSystemdNetwork, - nicIndex: 1, - machineUUID: "e0ab02d2-27cd-5a5e-8efc-080ba80cf258", - configFunc: NewSystemdNetworkApplier}, - } - - for _, t := range tests { - expected, err := ioutil.ReadFile(t.expectedOutput) - assert.NoError(err) - - assert.NoError(err) - a := t.configFunc(t.machineUUID, t.nicIndex, "") - b := bytes.Buffer{} - - s := mustReadTpl(t.tpl) - assert.NoError(err) - tpl := template.Must(template.New(t.tpl).Parse(string(s))) - err = a.Render(&b, *tpl) - assert.NoError(err) - assert.Equal(string(expected), b.String()) - } -} diff --git a/internal/netconf/testdata/interfaces.firewall b/internal/netconf/testdata/interfaces.firewall deleted file mode 100644 index 8263c62..0000000 --- a/internal/netconf/testdata/interfaces.firewall +++ /dev/null @@ -1,85 +0,0 @@ -# This file was auto generated for machine: 'e0ab02d2-27cd-5a5e-8efc-080ba80cf258' by app version . -# Do not edit. -# -# See /etc/systemd/network for additional network configuration. - -auto all - -# networkid: underlay-vagrant-lab -iface lo inet loopback - address 10.1.0.1/32 - -iface bridge - bridge-ports vni3981 vni104009 vni104010 - bridge-vids 1000 1001 1003 - bridge-vlan-aware yes - -# svi (networkid: bc830818-2df1-4904-8c40-4322296d393d) -iface vlan3981 - mtu 9000 - vlan-id 1000 - vlan-raw-device bridge - vrf vrf3981 - address 10.0.16.2/32 - -# vxlan (networkid: bc830818-2df1-4904-8c40-4322296d393d) -iface vni3981 - mtu 9000 - bridge-access 1000 - bridge-learning off - mstpctl-bpduguard yes - mstpctl-portbpdufilter yes - vxlan-id 3981 - vxlan-local-tunnelip 10.1.0.1 - -# vrf (networkid: bc830818-2df1-4904-8c40-4322296d393d) -iface vrf3981 - mtu 9000 - vrf-table auto - -# svi (networkid: internet-vagrant-lab) -iface vlan104009 - mtu 9000 - vlan-id 1001 - vlan-raw-device bridge - vrf vrf104009 - address 185.1.2.3/32 - -# vxlan (networkid: internet-vagrant-lab) -iface vni104009 - mtu 9000 - bridge-access 1001 - bridge-learning off - mstpctl-bpduguard yes - mstpctl-portbpdufilter yes - vxlan-id 104009 - vxlan-local-tunnelip 10.1.0.1 - -# vrf (networkid: internet-vagrant-lab) -iface vrf104009 - mtu 9000 - vrf-table auto - -# svi (networkid: mpls-nbg-w8101-test) -iface vlan104010 - mtu 9000 - vlan-id 1003 - vlan-raw-device bridge - vrf vrf104010 - address 100.127.129.1/32 - -# vxlan (networkid: mpls-nbg-w8101-test) -iface vni104010 - mtu 9000 - bridge-access 1003 - bridge-learning off - mstpctl-bpduguard yes - mstpctl-portbpdufilter yes - vxlan-id 104010 - vxlan-local-tunnelip 10.1.0.1 - -# vrf (networkid: mpls-nbg-w8101-test) -iface vrf104010 - mtu 9000 - vrf-table auto - diff --git a/internal/netconf/testdata/networkd/firewall/00-lo.network b/internal/netconf/testdata/networkd/firewall/00-lo.network new file mode 100644 index 0000000..4cb3725 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/00-lo.network @@ -0,0 +1,9 @@ +# networkid: underlay-vagrant-lab +[Match] +Name=lo + +[Address] +Address=127.0.0.1/8 + +[Address] +Address=10.1.0.1/32 \ No newline at end of file diff --git a/internal/netconf/testdata/lan0.firewall.link b/internal/netconf/testdata/networkd/firewall/10-lan0.link similarity index 100% rename from internal/netconf/testdata/lan0.firewall.link rename to internal/netconf/testdata/networkd/firewall/10-lan0.link diff --git a/internal/netconf/testdata/networkd/firewall/10-lan0.network b/internal/netconf/testdata/networkd/firewall/10-lan0.network new file mode 100644 index 0000000..82ebe51 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/10-lan0.network @@ -0,0 +1,9 @@ +# This file was auto generated for machine: 'e0ab02d2-27cd-5a5e-8efc-080ba80cf258' by app version . +# Do not edit. +[Match] +Name=lan0 + +[Network] +VXLAN=vni3981 +VXLAN=vni104009 +VXLAN=vni104010 \ No newline at end of file diff --git a/internal/netconf/testdata/lan1.firewall.link b/internal/netconf/testdata/networkd/firewall/11-lan1.link similarity index 100% rename from internal/netconf/testdata/lan1.firewall.link rename to internal/netconf/testdata/networkd/firewall/11-lan1.link diff --git a/internal/netconf/testdata/networkd/firewall/11-lan1.network b/internal/netconf/testdata/networkd/firewall/11-lan1.network new file mode 100644 index 0000000..1b46dc6 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/11-lan1.network @@ -0,0 +1,9 @@ +# This file was auto generated for machine: 'e0ab02d2-27cd-5a5e-8efc-080ba80cf258' by app version . +# Do not edit. +[Match] +Name=lan1 + +[Network] +VXLAN=vni3981 +VXLAN=vni104009 +VXLAN=vni104010 \ No newline at end of file diff --git a/internal/netconf/testdata/networkd/firewall/20-bridge.netdev b/internal/netconf/testdata/networkd/firewall/20-bridge.netdev new file mode 100644 index 0000000..eeca3c9 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/20-bridge.netdev @@ -0,0 +1,9 @@ +# This file was auto generated for machine: 'e0ab02d2-27cd-5a5e-8efc-080ba80cf258' by app version . +# Do not edit. +[NetDev] +Name=bridge +Kind=bridge + +[Bridge] +DefaultPVID=none +VLANFiltering=yes diff --git a/internal/netconf/testdata/networkd/firewall/20-bridge.network b/internal/netconf/testdata/networkd/firewall/20-bridge.network new file mode 100644 index 0000000..306f6da --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/20-bridge.network @@ -0,0 +1,18 @@ +# This file was auto generated for machine: 'e0ab02d2-27cd-5a5e-8efc-080ba80cf258' by app version . +# Do not edit. +[Match] +Name=bridge + +[Network] +VLAN=vlan3981 +VLAN=vlan104009 +VLAN=vlan104010 + +[BridgeVLAN] +VLAN=1000 + +[BridgeVLAN] +VLAN=1001 + +[BridgeVLAN] +VLAN=1003 \ No newline at end of file diff --git a/internal/netconf/testdata/networkd/firewall/30-svi-3981.netdev b/internal/netconf/testdata/networkd/firewall/30-svi-3981.netdev new file mode 100644 index 0000000..1c4cb0b --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/30-svi-3981.netdev @@ -0,0 +1,7 @@ +# svi (networkid: bc830818-2df1-4904-8c40-4322296d393d) +[NetDev] +Name=vlan3981 +Kind=vlan + +[VLAN] +Id=1000 diff --git a/internal/netconf/testdata/networkd/firewall/30-svi-3981.network b/internal/netconf/testdata/networkd/firewall/30-svi-3981.network new file mode 100644 index 0000000..ff73189 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/30-svi-3981.network @@ -0,0 +1,10 @@ +# svi (networkid: bc830818-2df1-4904-8c40-4322296d393d) +[Match] +Name=vlan3981 + +[Link] +MTUBytes=9000 + +[Network] +VRF=vrf3981 +Address=10.0.16.2/32 diff --git a/internal/netconf/testdata/networkd/firewall/30-vrf-3981.netdev b/internal/netconf/testdata/networkd/firewall/30-vrf-3981.netdev new file mode 100644 index 0000000..f0ef0cd --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/30-vrf-3981.netdev @@ -0,0 +1,7 @@ +# vrf (networkid: bc830818-2df1-4904-8c40-4322296d393d) +[NetDev] +Name=vrf3981 +Kind=vrf + +[VRF] +Table=1000 \ No newline at end of file diff --git a/internal/netconf/testdata/networkd/firewall/30-vrf-3981.network b/internal/netconf/testdata/networkd/firewall/30-vrf-3981.network new file mode 100644 index 0000000..05a2c16 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/30-vrf-3981.network @@ -0,0 +1,3 @@ +# vrf (networkid: bc830818-2df1-4904-8c40-4322296d393d) +[Match] +Name=vrf3981 \ No newline at end of file diff --git a/internal/netconf/testdata/networkd/firewall/30-vxlan-3981.netdev b/internal/netconf/testdata/networkd/firewall/30-vxlan-3981.netdev new file mode 100644 index 0000000..4faac86 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/30-vxlan-3981.netdev @@ -0,0 +1,11 @@ +# vxlan (networkid: bc830818-2df1-4904-8c40-4322296d393d) +[NetDev] +Name=vni3981 +Kind=vxlan + +[VXLAN] +VNI=3981 +Local=10.1.0.1 +UDPChecksum=true +MacLearning=false +DestinationPort=4789 diff --git a/internal/netconf/testdata/networkd/firewall/30-vxlan-3981.network b/internal/netconf/testdata/networkd/firewall/30-vxlan-3981.network new file mode 100644 index 0000000..0a51049 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/30-vxlan-3981.network @@ -0,0 +1,13 @@ +# vxlan (networkid: bc830818-2df1-4904-8c40-4322296d393d) +[Match] +Name=vni3981 + +[Link] +MTUBytes=9000 + +[Network] +Bridge=bridge + +[BridgeVLAN] +PVID=1000 +EgressUntagged=1000 diff --git a/internal/netconf/testdata/networkd/firewall/31-svi-104009.netdev b/internal/netconf/testdata/networkd/firewall/31-svi-104009.netdev new file mode 100644 index 0000000..0efd33a --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/31-svi-104009.netdev @@ -0,0 +1,7 @@ +# svi (networkid: internet-vagrant-lab) +[NetDev] +Name=vlan104009 +Kind=vlan + +[VLAN] +Id=1001 diff --git a/internal/netconf/testdata/networkd/firewall/31-svi-104009.network b/internal/netconf/testdata/networkd/firewall/31-svi-104009.network new file mode 100644 index 0000000..e8e16d8 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/31-svi-104009.network @@ -0,0 +1,10 @@ +# svi (networkid: internet-vagrant-lab) +[Match] +Name=vlan104009 + +[Link] +MTUBytes=9000 + +[Network] +VRF=vrf104009 +Address=185.1.2.3/32 diff --git a/internal/netconf/testdata/networkd/firewall/31-vrf-104009.netdev b/internal/netconf/testdata/networkd/firewall/31-vrf-104009.netdev new file mode 100644 index 0000000..526fe2f --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/31-vrf-104009.netdev @@ -0,0 +1,7 @@ +# vrf (networkid: internet-vagrant-lab) +[NetDev] +Name=vrf104009 +Kind=vrf + +[VRF] +Table=1001 \ No newline at end of file diff --git a/internal/netconf/testdata/networkd/firewall/31-vrf-104009.network b/internal/netconf/testdata/networkd/firewall/31-vrf-104009.network new file mode 100644 index 0000000..760c0a2 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/31-vrf-104009.network @@ -0,0 +1,3 @@ +# vrf (networkid: internet-vagrant-lab) +[Match] +Name=vrf104009 \ No newline at end of file diff --git a/internal/netconf/testdata/networkd/firewall/31-vxlan-104009.netdev b/internal/netconf/testdata/networkd/firewall/31-vxlan-104009.netdev new file mode 100644 index 0000000..43ed598 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/31-vxlan-104009.netdev @@ -0,0 +1,11 @@ +# vxlan (networkid: internet-vagrant-lab) +[NetDev] +Name=vni104009 +Kind=vxlan + +[VXLAN] +VNI=104009 +Local=10.1.0.1 +UDPChecksum=true +MacLearning=false +DestinationPort=4789 diff --git a/internal/netconf/testdata/networkd/firewall/31-vxlan-104009.network b/internal/netconf/testdata/networkd/firewall/31-vxlan-104009.network new file mode 100644 index 0000000..c30ad48 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/31-vxlan-104009.network @@ -0,0 +1,13 @@ +# vxlan (networkid: internet-vagrant-lab) +[Match] +Name=vni104009 + +[Link] +MTUBytes=9000 + +[Network] +Bridge=bridge + +[BridgeVLAN] +PVID=1001 +EgressUntagged=1001 diff --git a/internal/netconf/testdata/networkd/firewall/32-svi-104010.netdev b/internal/netconf/testdata/networkd/firewall/32-svi-104010.netdev new file mode 100644 index 0000000..3cb0906 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/32-svi-104010.netdev @@ -0,0 +1,7 @@ +# svi (networkid: mpls-nbg-w8101-test) +[NetDev] +Name=vlan104010 +Kind=vlan + +[VLAN] +Id=1003 diff --git a/internal/netconf/testdata/networkd/firewall/32-svi-104010.network b/internal/netconf/testdata/networkd/firewall/32-svi-104010.network new file mode 100644 index 0000000..11165a4 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/32-svi-104010.network @@ -0,0 +1,10 @@ +# svi (networkid: mpls-nbg-w8101-test) +[Match] +Name=vlan104010 + +[Link] +MTUBytes=9000 + +[Network] +VRF=vrf104010 +Address=100.127.129.1/32 diff --git a/internal/netconf/testdata/networkd/firewall/32-vrf-104010.netdev b/internal/netconf/testdata/networkd/firewall/32-vrf-104010.netdev new file mode 100644 index 0000000..7904186 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/32-vrf-104010.netdev @@ -0,0 +1,7 @@ +# vrf (networkid: mpls-nbg-w8101-test) +[NetDev] +Name=vrf104010 +Kind=vrf + +[VRF] +Table=1003 \ No newline at end of file diff --git a/internal/netconf/testdata/networkd/firewall/32-vrf-104010.network b/internal/netconf/testdata/networkd/firewall/32-vrf-104010.network new file mode 100644 index 0000000..ffe489c --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/32-vrf-104010.network @@ -0,0 +1,3 @@ +# vrf (networkid: mpls-nbg-w8101-test) +[Match] +Name=vrf104010 \ No newline at end of file diff --git a/internal/netconf/testdata/networkd/firewall/32-vxlan-104010.netdev b/internal/netconf/testdata/networkd/firewall/32-vxlan-104010.netdev new file mode 100644 index 0000000..55ac87b --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/32-vxlan-104010.netdev @@ -0,0 +1,11 @@ +# vxlan (networkid: mpls-nbg-w8101-test) +[NetDev] +Name=vni104010 +Kind=vxlan + +[VXLAN] +VNI=104010 +Local=10.1.0.1 +UDPChecksum=true +MacLearning=false +DestinationPort=4789 diff --git a/internal/netconf/testdata/networkd/firewall/32-vxlan-104010.network b/internal/netconf/testdata/networkd/firewall/32-vxlan-104010.network new file mode 100644 index 0000000..e28c5f7 --- /dev/null +++ b/internal/netconf/testdata/networkd/firewall/32-vxlan-104010.network @@ -0,0 +1,13 @@ +# vxlan (networkid: mpls-nbg-w8101-test) +[Match] +Name=vni104010 + +[Link] +MTUBytes=9000 + +[Network] +Bridge=bridge + +[BridgeVLAN] +PVID=1003 +EgressUntagged=1003 diff --git a/internal/netconf/testdata/lo.network.machine b/internal/netconf/testdata/networkd/machine/00-lo.network similarity index 51% rename from internal/netconf/testdata/lo.network.machine rename to internal/netconf/testdata/networkd/machine/00-lo.network index 353ec67..ec7ec41 100644 --- a/internal/netconf/testdata/lo.network.machine +++ b/internal/netconf/testdata/networkd/machine/00-lo.network @@ -1,17 +1,15 @@ -# This file was auto generated for machine: 'e0ab02d2-27cd-5a5e-8efc-080ba80cf258' by app version . -# Do not edit. -# -# See /etc/systemd/network for additional network configuration. - # networkid: bc830818-2df1-4904-8c40-4322296d393d [Match] Name=lo [Address] Address=127.0.0.1/8 + [Address] Address=10.0.17.2/32 + [Address] Address=185.1.2.3/32 + [Address] Address=100.127.129.1/32 \ No newline at end of file diff --git a/internal/netconf/testdata/lan0.machine.link b/internal/netconf/testdata/networkd/machine/10-lan0.link similarity index 100% rename from internal/netconf/testdata/lan0.machine.link rename to internal/netconf/testdata/networkd/machine/10-lan0.link diff --git a/internal/netconf/testdata/lan0.network b/internal/netconf/testdata/networkd/machine/10-lan0.network similarity index 87% rename from internal/netconf/testdata/lan0.network rename to internal/netconf/testdata/networkd/machine/10-lan0.network index 6a49215..9a23e0d 100644 --- a/internal/netconf/testdata/lan0.network +++ b/internal/netconf/testdata/networkd/machine/10-lan0.network @@ -3,5 +3,4 @@ [Match] Name=lan0 -[Network] -DHCP=ipv6 \ No newline at end of file +[Network] \ No newline at end of file diff --git a/internal/netconf/testdata/lan1.machine.link b/internal/netconf/testdata/networkd/machine/11-lan1.link similarity index 100% rename from internal/netconf/testdata/lan1.machine.link rename to internal/netconf/testdata/networkd/machine/11-lan1.link diff --git a/internal/netconf/testdata/lan1.network b/internal/netconf/testdata/networkd/machine/11-lan1.network similarity index 87% rename from internal/netconf/testdata/lan1.network rename to internal/netconf/testdata/networkd/machine/11-lan1.network index 7fa8081..73fc238 100644 --- a/internal/netconf/testdata/lan1.network +++ b/internal/netconf/testdata/networkd/machine/11-lan1.network @@ -3,5 +3,4 @@ [Match] Name=lan1 -[Network] -DHCP=ipv6 \ No newline at end of file +[Network] \ No newline at end of file diff --git a/internal/netconf/tpl/interfaces.firewall.tpl b/internal/netconf/tpl/interfaces.firewall.tpl deleted file mode 100644 index f3de856..0000000 --- a/internal/netconf/tpl/interfaces.firewall.tpl +++ /dev/null @@ -1,45 +0,0 @@ -{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.FirewallIfacesData*/ -}} -{{ .Comment }} -# -# See /etc/systemd/network for additional network configuration. - -auto all - -# {{ .Loopback.Comment }} -iface lo inet loopback -{{- range .Loopback.IPs }} - address {{ . }}/32 -{{- end }} - -iface bridge - bridge-ports {{ .Bridge.Ports }} - bridge-vids {{ .Bridge.Vids }} - bridge-vlan-aware yes - -{{ range .EVPNInterfaces -}} -# {{ .SVI.Comment }} -iface vlan{{ .VRF.ID }} - mtu 9000 - vlan-id {{ .SVI.VlanID }} - vlan-raw-device bridge - vrf vrf{{ .VRF.ID }} - {{- range .SVI.Addresses }} - address {{ . }}/32 - {{- end }} - -# {{ .VXLAN.Comment }} -iface vni{{ .VXLAN.ID }} - mtu 9000 - bridge-access {{ .SVI.VlanID }} - bridge-learning off - mstpctl-bpduguard yes - mstpctl-portbpdufilter yes - vxlan-id {{ .VXLAN.ID }} - vxlan-local-tunnelip {{ .VXLAN.TunnelIP }} - -# {{ .VRF.Comment }} -iface vrf{{ .VRF.ID }} - mtu 9000 - vrf-table auto - -{{ end }} \ No newline at end of file diff --git a/internal/netconf/tpl/lo.network.machine.tpl b/internal/netconf/tpl/lo.network.machine.tpl deleted file mode 100644 index e24a0a0..0000000 --- a/internal/netconf/tpl/lo.network.machine.tpl +++ /dev/null @@ -1,15 +0,0 @@ -{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.MachineIfacesData*/ -}} -{{ .CommonIfacesData.Comment }} -# -# See /etc/systemd/network for additional network configuration. - -# {{ .CommonIfacesData.Loopback.Comment }} -[Match] -Name=lo - -[Address] -Address=127.0.0.1/8 -{{- range .CommonIfacesData.Loopback.IPs }} -[Address] -Address={{ . }}/32 -{{- end }} \ No newline at end of file diff --git a/internal/netconf/tpl/networkd/00-lo.network.tpl b/internal/netconf/tpl/networkd/00-lo.network.tpl new file mode 100644 index 0000000..f529d9f --- /dev/null +++ b/internal/netconf/tpl/networkd/00-lo.network.tpl @@ -0,0 +1,12 @@ +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.IfacesData*/ -}} +{{ .Loopback.Comment }} +[Match] +Name=lo + +[Address] +Address=127.0.0.1/8 +{{- range .Loopback.IPs }} + +[Address] +Address={{ . }}/32 +{{- end }} \ No newline at end of file diff --git a/internal/netconf/tpl/systemd.link.tpl b/internal/netconf/tpl/networkd/10-lan.link.tpl similarity index 85% rename from internal/netconf/tpl/systemd.link.tpl rename to internal/netconf/tpl/networkd/10-lan.link.tpl index 399b155..7542ced 100644 --- a/internal/netconf/tpl/systemd.link.tpl +++ b/internal/netconf/tpl/networkd/10-lan.link.tpl @@ -1,4 +1,4 @@ -{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.SystemdLinkConfig*/ -}} +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.SystemdLinkData*/ -}} {{ .Comment }} [Match] MACAddress={{ .MAC }} diff --git a/internal/netconf/tpl/systemd.network.tpl b/internal/netconf/tpl/networkd/10-lan.network.tpl similarity index 58% rename from internal/netconf/tpl/systemd.network.tpl rename to internal/netconf/tpl/networkd/10-lan.network.tpl index 203bec6..314f145 100644 --- a/internal/netconf/tpl/systemd.network.tpl +++ b/internal/netconf/tpl/networkd/10-lan.network.tpl @@ -1,7 +1,9 @@ -{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.SystemdNetworkData*/ -}} +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.IfacesData*/ -}} {{ .Comment }} [Match] Name=lan{{ .Index }} [Network] -DHCP=ipv6 \ No newline at end of file +{{- range .EVPNIfaces }} +VXLAN=vni{{ .VXLAN.ID }} +{{- end }} \ No newline at end of file diff --git a/internal/netconf/tpl/networkd/20-bridge.netdev.tpl b/internal/netconf/tpl/networkd/20-bridge.netdev.tpl new file mode 100644 index 0000000..cfb7062 --- /dev/null +++ b/internal/netconf/tpl/networkd/20-bridge.netdev.tpl @@ -0,0 +1,9 @@ +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.IfacesData*/ -}} +{{ .Comment }} +[NetDev] +Name=bridge +Kind=bridge + +[Bridge] +DefaultPVID=none +VLANFiltering=yes diff --git a/internal/netconf/tpl/networkd/20-bridge.network.tpl b/internal/netconf/tpl/networkd/20-bridge.network.tpl new file mode 100644 index 0000000..5c8bc84 --- /dev/null +++ b/internal/netconf/tpl/networkd/20-bridge.network.tpl @@ -0,0 +1,14 @@ +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.IfacesData*/ -}} +{{ .Comment }} +[Match] +Name=bridge + +[Network] +{{- range .EVPNIfaces }} +VLAN=vlan{{ .VRF.ID }} +{{- end }} +{{- range .EVPNIfaces }} + +[BridgeVLAN] +VLAN={{ .SVI.VLANID }} +{{- end }} \ No newline at end of file diff --git a/internal/netconf/tpl/networkd/30-svi.netdev.tpl b/internal/netconf/tpl/networkd/30-svi.netdev.tpl new file mode 100644 index 0000000..2eb983a --- /dev/null +++ b/internal/netconf/tpl/networkd/30-svi.netdev.tpl @@ -0,0 +1,8 @@ +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.EVPNIface*/ -}} +{{ .SVI.Comment }} +[NetDev] +Name=vlan{{ .VRF.ID }} +Kind=vlan + +[VLAN] +Id={{ .SVI.VLANID }} diff --git a/internal/netconf/tpl/networkd/30-svi.network.tpl b/internal/netconf/tpl/networkd/30-svi.network.tpl new file mode 100644 index 0000000..1e37844 --- /dev/null +++ b/internal/netconf/tpl/networkd/30-svi.network.tpl @@ -0,0 +1,13 @@ +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.EVPNIface*/ -}} +{{ .SVI.Comment }} +[Match] +Name=vlan{{ .VRF.ID }} + +[Link] +MTUBytes=9000 + +[Network] +VRF=vrf{{ .VRF.ID }} +{{- range .SVI.Addresses }} +Address={{ . }}/32 +{{- end }} diff --git a/internal/netconf/tpl/networkd/30-vrf.netdev.tpl b/internal/netconf/tpl/networkd/30-vrf.netdev.tpl new file mode 100644 index 0000000..0743a1a --- /dev/null +++ b/internal/netconf/tpl/networkd/30-vrf.netdev.tpl @@ -0,0 +1,8 @@ +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.EVPNIface*/ -}} +{{ .VRF.Comment }} +[NetDev] +Name=vrf{{ .VRF.ID }} +Kind=vrf + +[VRF] +Table={{ .VRF.Table }} \ No newline at end of file diff --git a/internal/netconf/tpl/networkd/30-vrf.network.tpl b/internal/netconf/tpl/networkd/30-vrf.network.tpl new file mode 100644 index 0000000..f3fea0d --- /dev/null +++ b/internal/netconf/tpl/networkd/30-vrf.network.tpl @@ -0,0 +1,4 @@ +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.EVPNIface*/ -}} +{{ .VRF.Comment }} +[Match] +Name=vrf{{ .VRF.ID }} \ No newline at end of file diff --git a/internal/netconf/tpl/networkd/30-vxlan.netdev.tpl b/internal/netconf/tpl/networkd/30-vxlan.netdev.tpl new file mode 100644 index 0000000..934a3eb --- /dev/null +++ b/internal/netconf/tpl/networkd/30-vxlan.netdev.tpl @@ -0,0 +1,12 @@ +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.EVPNIface*/ -}} +{{ .VXLAN.Comment }} +[NetDev] +Name=vni{{ .VXLAN.ID }} +Kind=vxlan + +[VXLAN] +VNI={{ .VXLAN.ID }} +Local={{ .VXLAN.TunnelIP }} +UDPChecksum=true +MacLearning=false +DestinationPort=4789 diff --git a/internal/netconf/tpl/networkd/30-vxlan.network.tpl b/internal/netconf/tpl/networkd/30-vxlan.network.tpl new file mode 100644 index 0000000..ea238a7 --- /dev/null +++ b/internal/netconf/tpl/networkd/30-vxlan.network.tpl @@ -0,0 +1,14 @@ +{{- /*gotype: github.com/metal-stack/metal-networker/internal/netconf.EVPNIface*/ -}} +{{ .VXLAN.Comment }} +[Match] +Name=vni{{ .VXLAN.ID }} + +[Link] +MTUBytes=9000 + +[Network] +Bridge=bridge + +[BridgeVLAN] +PVID={{ .SVI.VLANID }} +EgressUntagged={{ .SVI.VLANID }} diff --git a/validate.sh b/validate.sh index efe485d..10aec97 100755 --- a/validate.sh +++ b/validate.sh @@ -1,9 +1,5 @@ #!/bin/bash -export OS_NAME="ubuntu" -export OS_VERSION="19.10" -export FRR_VERSION="7.2" - validate () { echo "----------------------------------------------------------------" echo "Validating sample artifacts of metal-networker with ${1}:${2} frr:${3}" @@ -17,9 +13,5 @@ validate () { . -t metal-networker } -validate "ubuntu" "19.10" "7.2" -validate "ubuntu" "19.10" "7.3" -validate "ubuntu" "20.04" "7.2" validate "ubuntu" "20.04" "7.3" -validate "debian" "10" "7.2" validate "debian" "10" "7.3" diff --git a/validate_os.sh b/validate_os.sh index edafb6e..2f902d0 100755 --- a/validate_os.sh +++ b/validate_os.sh @@ -6,8 +6,3 @@ for input in ${FRR_FILES}; do echo "/testdata/${input}" vtysh --dryrun --inputfile "/testdata/${input}" done - -for input in ${INTERFACES_FILES}; do - echo "/testdata/${input}" - test -z $(ifup --syntax-check --all -i "/testdata/${input}" 2>&1 | grep -v "syslogs:") -done