Unable to set bridge_portpriority with networkd

Bug #1668347 reported by Ryan Harper on 2017-02-27
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
Medium
Dimitri John Ledkov
Xenial
Undecided
Unassigned
Zesty
Medium
Dimitri John Ledkov

Bug Description

[Impact]

 * Netplan uses systemd-netword provider to configure all sorts of networking settings
 * However, unlike ifupdown, released versions of systemd do not support setting bridgeport priority, aka
`brctl setportprio <bridge> <port> <priority>`
 * This prevents full migration from ifupdown to netplan/systemd-networkd for projects like MAAS that do need to configure equal cost; yet differential priority bridge ports.
 * This is proposal to cherrypick this functionality which essentially accepts one more key in the .network units; and send those values via netlink.

[Test Case]

 * networkd-test.py is executed as part of autopkgtests that configures a bridge, and sets various valid bridge port priorities and verifies from sysfs that those were correctly set by systemd.

 * Alternativey create a bridge .link unit, and specify .network unit for a bridge port and use Priority=4 setting in the [Bridge] section in the said unit to modify bridge port priority.

[Regression Potential]

 * This is an upstream cherrypick of functionality that will be included in 234 release. However, since MAAS and netplan target stable releases, I would like to cherrypick this functionality all the way back to xenial. This almost a feature, rather than a bugfix, but it is so small and accompanied by regression testsuite that it is almost a tiny bugfix.

[Other Info]

 * Original request to support this feature.

1. root@ubuntu:/run/systemd/network# lsb_release -rd
Description: Ubuntu Zesty Zapus (development branch)
Release: 17.04

2. root@ubuntu:/run/systemd/network# apt-cache policy systemd
systemd:
  Installed: 232-18ubuntu1
  Candidate: 232-18ubuntu1
  Version table:
 *** 232-18ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu zesty/main amd64 Packages
        100 /var/lib/dpkg/status

3. Using a networkd config like this:

# cat 10-netplan-eth1.network
[Match]
MACAddress=52:54:00:12:34:02
Name=eth1

[Network]
Bridge=br0
LinkLocalAddressing=no
IPv6AcceptRA=no

[Bridge]
Cost=50
Priority=28

% cat /sys/class/net/br0/brif/eth1/priority
28

4. % cat /sys/class/net/br0/brif/eth1/priority
32

When using ifupdown and /etc/network/interfaces to configure a bridge
users are able to specify a bridge port priority:

auto br0
iface br0 inet static
  address 192.168.1.1
  bridge_ports eth1 eth2
  bridge_portprio eth1 28
  bridge_portprio eth2 14

Which results in the bridge hook scripts running:

brctl setportprio br0 eth1 28

which is visible via:

/sys/class/net/br0/brif/eth2/priority

Note, networkd does not mention PortPriority under netdev Bridge section,
however, PathCost is mentioned. It appears networkd is missing an implementation.

ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: systemd 232-18ubuntu1
ProcVersionSignature: Ubuntu 4.10.0-8.10-generic 4.10.0-rc8
Uname: Linux 4.10.0-8-generic x86_64
ApportVersion: 2.20.4-0ubuntu2
Architecture: amd64
Date: Mon Feb 27 17:11:32 2017
Lsusb: Error: command ['lsusb'] failed with exit code 1:
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.10.0-8-generic root=UUID=900c1e3f-f682-4455-949c-ebdbf60ac6f5 ro console=ttyS0
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: 1.10.1-1ubuntu1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-zesty
dmi.modalias: dmi:bvnSeaBIOS:bvr1.10.1-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-zesty:cvnQEMU:ct1:cvrpc-i440fx-zesty:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-zesty
dmi.sys.vendor: QEMU

CVE References

Ryan Harper (raharper) wrote :
Changed in systemd (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Dimitri John Ledkov (xnox)
milestone: none → ubuntu-17.03
Changed in systemd (Ubuntu):
status: Confirmed → In Progress
Dimitri John Ledkov (xnox) wrote :

Upstream pull request:
https://github.com/systemd/systemd/pull/5545

Sample packages with patch applied for zesty:
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2541

How to use:
Similar to bridge port cost, one can set [Bridge] Priority= setting in the .network file for a given ether device, e.g.:

/etc/systemd/network/10-ens3.network
[Match]
Name=ens3

[Bridge]
Priority=33

description: updated

Hello Ryan, or anyone else affected,

Accepted systemd into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/232-21ubuntu3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in systemd (Ubuntu Zesty):
status: In Progress → Fix Committed
tags: added: verification-needed
Dimitri John Ledkov (xnox) wrote :

test_bridge_init (__main__.BridgeTest) ... ok
test_bridge_port_priority (__main__.BridgeTest) ... ok
test_bridge_port_priority_set_zero (__main__.BridgeTest)
It should be possible to set the bridge port priority to 0 ... ok

Passed on all architectures.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 232-21ubuntu3

---------------
systemd (232-21ubuntu3) zesty; urgency=medium

  [ Martin Pitt ]
  * resolved: Disable DNSSEC by default on stretch and zesty.
    Both Debian stretch and Ubuntu zesty are close to releasing, switch to
    DNSSEC=off by default for those. Users can still turn it back on with
    DNSSEC=allow-downgrade (or even "yes"). (LP: #1682499)

  [ Michael Biebl ]
  * journal: fix up syslog facility when forwarding native messages.
    Native journal messages (_TRANSPORT=journal) typically don't have a
    syslog facility attached to it. As a result when forwarding the
    messages to syslog they ended up with facility 0 (LOG_KERN).
    Apply syslog_fixup_facility() so we use LOG_USER instead. (Closes: #837893)
    (LP: #1682484)

  [ Dimitri John Ledkov ]
  * networkd: cherry-pick support for setting bridge port's priority.
    This is a useful feature/bugfix to improve feature parity of networkd with
    ifupdown. This matches netplan's expectations to be able to set bridge port's
    priorities via networked. This featue is to be used by netplan/MAAS/OpenStack.
    (LP: #1668347)
  * TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd.
    (LP: #1672542)
  * udev.postinst: preserve virtio interfaces names on upgrades, on s390x.
    New udev generates stable interface names on s390x kvm instances, however, upon
    upgrades existing ethX names should be preserved to prevent breaking networking
    and software configurations. (Closes: #860246) (LP: #1682437)

 -- Dimitri John Ledkov <email address hidden> Thu, 13 Apr 2017 18:10:33 +0100

Changed in systemd (Ubuntu Zesty):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for systemd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 232-21ubuntu3

---------------
systemd (232-21ubuntu3) zesty; urgency=medium

  [ Martin Pitt ]
  * resolved: Disable DNSSEC by default on stretch and zesty.
    Both Debian stretch and Ubuntu zesty are close to releasing, switch to
    DNSSEC=off by default for those. Users can still turn it back on with
    DNSSEC=allow-downgrade (or even "yes"). (LP: #1682499)

  [ Michael Biebl ]
  * journal: fix up syslog facility when forwarding native messages.
    Native journal messages (_TRANSPORT=journal) typically don't have a
    syslog facility attached to it. As a result when forwarding the
    messages to syslog they ended up with facility 0 (LOG_KERN).
    Apply syslog_fixup_facility() so we use LOG_USER instead. (Closes: #837893)
    (LP: #1682484)

  [ Dimitri John Ledkov ]
  * networkd: cherry-pick support for setting bridge port's priority.
    This is a useful feature/bugfix to improve feature parity of networkd with
    ifupdown. This matches netplan's expectations to be able to set bridge port's
    priorities via networked. This featue is to be used by netplan/MAAS/OpenStack.
    (LP: #1668347)
  * TEST-12: cherry-pick upstream fix for compat with new netcat-openbsd.
    (LP: #1672542)
  * udev.postinst: preserve virtio interfaces names on upgrades, on s390x.
    New udev generates stable interface names on s390x kvm instances, however, upon
    upgrades existing ethX names should be preserved to prevent breaking networking
    and software configurations. (Closes: #860246) (LP: #1682437)

 -- Dimitri John Ledkov <email address hidden> Thu, 13 Apr 2017 18:10:33 +0100

Changed in systemd (Ubuntu):
status: Fix Committed → Fix Released
Changed in systemd (Ubuntu Xenial):
milestone: none → ubuntu-16.04.3
Changed in systemd (Ubuntu Yakkety):
status: New → In Progress
Łukasz Zemczak (sil2100) wrote :

For the future, please include more analysis of the regression potential. Remember: regression potential means you look at the code changes and think of any possible places where regressions can appear, even if they're really unlikely.

Hello Ryan, or anyone else affected,

Accepted systemd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu18 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in systemd (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed verification-needed-xenial
removed: verification-done
Dimitri John Ledkov (xnox) wrote :

With systemd 229-4ubuntu17, attempting to set Bridge Por priority results in:

Jul 12 10:28:13 systemd-sru-test systemd-networkd[1805]: [/etc/systemd/network/port1.network:6] Unknown lvalue 'Priority' in section 'Bridge'

And priority in sysfs is 32.

Upgrading to 229-4ubuntu18, restarting networkd results in no such error, and the sysfs priority is updated correctly to 28 value, matching the units I configured.

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Adam Conrad (adconrad) wrote :

Hello Ryan, or anyone else affected,

Accepted systemd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/229-4ubuntu19 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed verification-needed-xenial
removed: verification-done verification-done-xenial
Dimitri John Ledkov (xnox) wrote :

Starting with systemd 229-4ubuntu17.
Observed:
Jul 19 13:25:17 key-giraffe systemd-networkd[467]: [/etc/systemd/network/port1.network:6] Unknown lvalue 'Priority' in section 'Bridge'

Upgraded to systemd 229-4ubuntu19

Observed
/sys/class/net/port1/brport# cat priority
28

tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 229-4ubuntu19

---------------
systemd (229-4ubuntu19) xenial; urgency=medium

  * debian/extra/units/systemd-resolved.service.d/resolvconf.conf: partially
    revert, by removing ExecStart|StopPost lines, as these are not needed on
    xenial and generate warnings in the journal. (LP: #1704677)

systemd (229-4ubuntu18) xenial; urgency=medium

  * debian/extra/units/systemd-resolved.service.d/resolvconf.conf: if resolved
    is going to be started, make sure this blocks network-online.target.
    (LP: #1673860)
  * networkd: cherry-pick support for setting bridge port's priority
    (LP: #1668347)
  * Cherrypick upstream commit to enable system use kernel maximum limit for
    RLIMIT_NOFILE isntead of hard-coded (low) limit of 65536. (LP: #1686361)
  * Cherrypick upstream patch for platform predictable interface names.
    (LP: #1686784)
  * resolved: fix null pointer dereference crash (LP: #1621396)
  * Cherrypick core/timer downgrade message about random time addition
    (LP: #1692136)
  * SECURITY UPDATE: Out-of-bounds write in systemd-resolved (LP: #1695546)
    - CVE-2017-9445
  * Cherry-pick subset of patches to introduce infinity value in logind.conf
    for UserTasksMax (LP: #1651518)

 -- Dimitri John Ledkov <email address hidden> Mon, 17 Jul 2017 17:00:42 +0100

Changed in systemd (Ubuntu Xenial):
status: Fix Committed → Fix Released
no longer affects: systemd (Ubuntu Yakkety)
Ryan Harper (raharper) wrote :

This bug was filed to address *port* priority, not the bridge priority. As mentioned, systemd (networkd) lacks a per-port priority setting;

it should mirror path-cost which takes an interface and value, then the interfaces have a [Bridge] section which has the value.

After some testing, the systemd component does support a Priority= value
under the bridge port .network file and applies that.

Currently netplan does not accept port-priority

Something like:

bridges:
  br0:
    params:
      port-priority:
         eth1: 14
         eth2: 28

And then further, once netplan has support for this syntax (which is almost
identical to path-cost)
Then cloud-init.net.netplan renderer will need an update to support
generating netplan yaml with
the correct structure.

On Wed, Nov 29, 2017 at 9:52 AM, Ryan Harper <email address hidden>
wrote:

> This bug was filed to address *port* priority, not the bridge priority.
> As mentioned, systemd (networkd) lacks a per-port priority setting;
>
> it should mirror path-cost which takes an interface and value, then the
> interfaces have a [Bridge] section which has the value.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1668347
>
> Title:
> Unable to set bridge_portpriority with networkd
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/
> 1668347/+subscriptions
>

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers