Feature #2719

Web UI: advanced network configuration

Added by Giacomo Sanchietti over 5 years ago. Updated over 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-base
Target version:v6.5
Resolution: NEEDINFO:No

Description

Extend web interface to allow configuration of advanced network interfaces.

The user should be able manage:
  • Bridges
  • Bonding
  • VLAN
  • Aliases
Also extend support to new network roles:
  • orange (DMZ): only static address
  • blue (Guests): only static address

Associated revisions

Revision 84018318
Added by Giacomo Sanchietti over 5 years ago

Network helpers: handle bridges and tuns. Refs #2719

Revision 18ab2c85
Added by Giacomo Sanchietti over 5 years ago

Dashboard: show virtual interfaces. Refs #2719

Revision 447df3e7
Added by Giacomo Sanchietti over 5 years ago

NetworkAdapter UI module: generic interface types management. Refs #2719

Added support for bridge, bond, vlan and alias interface.

Revision 7c359fc2
Added by Davide Principi over 5 years ago

NetworkAdapter: default label for undefined roles. Refs #2719

Revision b2e96350
Added by Davide Principi over 5 years ago

NetworkAdapter: use TableAdapter without specifying static record type. Refs #2719

Revision 628078fa
Added by Giacomo Sanchietti over 5 years ago

NetworkAdapter: hide types on edit, return interfaces for bridges and bonds. Refs #2719

Revision d4364761
Added by Davide Principi over 5 years ago

interface-config-reset: force removal of aliases configuration. Refs #2719

Revision e4f61271
Added by Davide Principi over 5 years ago

interface-config-write: use DEVICE instead of NAME. Refs #2719

Append additional parameters to output:
- NM_CONTROLLED
- USERCTL
- ONBOOT
- SLAVE

Revision 1e5c0055
Added by Davide Principi over 5 years ago

NetworkAdapter UI module: support for virtual interfaces. Refs #2719

- Wizard driven creation of bridge, bond, VLAN interfaces
- IP alias assignment
- Deletion with interface "successor"

Revision 135a0d68
Added by Davide Principi over 5 years ago

Removed interface-update integration. Refs #2719

The firewall-adjust generic event is now signalled by
interface-update itself.

Revision f53713d6
Added by Davide Principi over 5 years ago

Calculated values for network configuration scripts. Refs #2719

- DB is no longer modified on-the-fly: removed interface-config-adjust
action.
- Added "default" prop values, overridable by values from DB

Revision bef90c78
Added by Davide Principi over 5 years ago

interface-update: signal firewall-adjust event. Refs #2719

Revision d85dd5d1
Added by Davide Principi over 5 years ago

NetworkAdapter UI module: use "none" instead of "static". Refs #2719

The "static" value for BOOTPROTO is not documented. Known values are
"dhcp", "bootp" and "none".

Revision 1a4aeff1
Added by Davide Principi over 5 years ago

Fix "static" value for BOOTPROTO parameter. Refs #2719

The "static" word is replaced by "none".

Revision faf00cba
Added by Davide Principi over 5 years ago

NetworkAdapter UI module: fixed unassigned values notice. Refs #2719

Revision 5dea81da
Added by Giacomo Sanchietti over 5 years ago

Web UI: hide extra roles if lokkit is used as firewall. Refs #2719

Revision 7ef52662
Added by Giacomo Sanchietti over 5 years ago

interface-config-write: handle gateway for red interfaces. Refs #2719

Revision dec02bc7
Added by Giacomo Sanchietti over 5 years ago

Web UI: emphasize roles. Refs #2719

Revision 93cbf817
Added by Giacomo Sanchietti over 5 years ago

Networks db: ignore virbrX and macvtapX devices. Refs #2719

Revision dd174780
Added by Giacomo Sanchietti over 5 years ago

UI translations: add DeleteLogicalInterface_alias_message label. Refs #2719

Revision ae421e4e
Added by Davide Principi over 5 years ago

NetworkAdapter: enable DHCP only on red interfaces. Refs #2719

Also fixed validation error message (requires Nethgui >= 1.5.0-22).

Revision ef68714b
Added by Giacomo Sanchietti over 5 years ago

Network lib: handle vlans. Refs #2719

Revision b49d76d0
Added by Giacomo Sanchietti over 5 years ago

Web UI: handle vlans. Refs #2719

Revision 74007d61
Added by Giacomo Sanchietti over 5 years ago

Inline help: add logical interfaces and roles. Refs #2719

Revision 8e1bcabe
Added by Giacomo Sanchietti over 5 years ago

Translations: add alias label. Refs #2719

Revision 85f138e5
Added by Davide Principi over 5 years ago

NetworkAdapter: set VLAN id validator range [0-4094]. Refs #2719

Revision f27ed79b
Added by Giacomo Sanchietti about 5 years ago

Translations: update labels. Refs #2719

History

#1 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from NEW to TRIAGED
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti over 5 years ago

  • Assignee set to Davide Principi

#4 Updated by Giacomo Sanchietti over 5 years ago

  • Subject changed from Web UI: support for advanced network configuration to Web UI: advanced network configuration

#5 Updated by Davide Principi over 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

Check interface management workflow:
  • physical interface role and other properties assignment; role release
  • logical interface creation, composition, deletion (with and without role inheritance)
  • DHCP protocol available only on red interfaces
Missing:
  • progress bar when changes are saved

#6 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
Packages in nethserver-testing:
  • nethserver-base-2.2.1-57.0git27156ae2.ns6.noarch.rpm
  • nethserver-nethgui-1.5.0-22.0git051080ae.ns6.noarch.rpm
    nethserver-nethgui-1.5.0-23.0git0d145f80.ns6.noarch.rpm

#7 Updated by Alessandro Polidori over 5 years ago

  • Assignee set to Alessandro Polidori

#8 Updated by Alessandro Polidori over 5 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20

Only the following update are available on nethserver-testing repo:

  • nethserver-base-2.2.1-60.0git4b6541f8.ns6
  • nethserver-nethgui-1.5.0-26.0gitf9aa109c.ns6

I have done the following test for the physical interface, and they works:

  1. progress bar does not appears
  2. assign a role to an interface (ip, netmask and gateway): green,red,orange and blue.
  3. assign a red net role with dhcp
  4. modify a role (modify the ip address)
  5. remove a role
  6. create an alias
  1. remove an alias: it works, but what is the scope or "Successore" field ?

I have done the following test for the logical interface, and they works:

  1. creation of an interface bond
  2. creation of an interface bridge
  3. creation of a vlan
  4. modification of the IP address of a created bond
  5. modification of the IP address of a created bridge
  6. modification of the IP address and role of a green bridge to red
  7. deletion of a bond chosing an interface as role inheritance
  8. deletion of a bond without chosing an interface as role inheritance
  9. deletion of vlan
  10. create an alias of a bond logical interface
  11. create an alias of a ref bridge logical interface
  12. eliminate an alias of a bond logical interface
  13. eliminate an alias of a bridge logical interface
  1. dhcp protocol is available only in red intarfaces.

The following test has been failed

  1. creation of a vlan logical interface:
    1. the tag name must be only of numeric type: now it is possible to insert also a string value
    2. the vlan is never created: do not works.

The feature is not verified.

#9 Updated by Giacomo Sanchietti over 5 years ago

  • Assignee deleted (Alessandro Polidori)

#10 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#11 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 30 to 60
Modifications:
  • updated NetworkDB library to handle vlan
  • changed validator for vlan tag on Web UI
  • changed write-config action to handle vlan

#12 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70
New package in nethserver-testing:
  • nethserver-base-2.2.1-60.0gitb49d76d0.ns6.noarch.rpm
Test case
  • Re-test vlan configuration

#13 Updated by Davide Principi over 5 years ago

  • Related to Bug #2745: Certificate migration fails if "key" prop is missing added

#14 Updated by Davide Principi over 5 years ago

  • Related to deleted (Bug #2745: Certificate migration fails if "key" prop is missing)

#15 Updated by Davide Principi over 5 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20
Creating an alias on a red interface causes the following errors:
  • The table shows an untranslated string alias_label,
  • If a port forward is created, Shorewall fails while applying the new configuration:
    Jul  9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: Event: nethserver-firewall-base-save interface-update
    Jul  9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/lsm/lsm.conf
    Jul  9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/shorewall.conf
    Jul  9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/tcrules
    Jul  9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/masq
    Jul  9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/tunnels
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/rtrules
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/tcpri
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/policy
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/tcinterfaces
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/providers
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/zones
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/rules
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/interfaces
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/hosts
    Jul  9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [1.254687]
    Jul  9 15:04:19 NethSecurity-NG-Corso esmith::event[19536]: [INFO] lsm is disabled: skipped
    Jul  9 15:04:19 NethSecurity-NG-Corso esmith::event[19536]: [INFO] service shorewall restart
    Jul  9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: Restarting shorewall:    ERROR: Undefined zone (alias) /etc/shorewall/policy (line 49)
    Jul  9 15:04:22 NethSecurity-NG-Corso logger: ERROR:Shorewall restart failed
    Jul  9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: [FALLITO]#015
    Jul  9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: [WARNING] service shorewall restart failed!
    Jul  9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: Action: /etc/e-smith/events/actions/adjust-services FAILED: 1 [3.887112]
    Jul  9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: Event: nethserver-firewall-base-save FAILED
    Jul  9 15:04:22 NethSecurity-NG-Corso esmith::event[18623]: Action: /etc/e-smith/events/interface-update/S90firewall-adjust FAILED: 1 [5.499073]
    Jul  9 15:04:22 NethSecurity-NG-Corso esmith::event[18623]: Event: interface-update FAILED
    

#16 Updated by Davide Marini over 5 years ago

Davide Principi wrote:

Creating an alias on a red interface causes the following errors:
  • The table shows an untranslated string alias_label,

there is no way to set the string alias_label, we can just define ip address and netmask

#17 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from TRIAGED to MODIFIED
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 60

Davide Principi wrote:

  • The table shows an untranslated string alias_label,

This is just a missing label inside the translation file, just addedd.

  • If a port forward is created, Shorewall fails while applying the new configuration:[...]

This bug is related to #2774 inside nethserver-firewall-base package. By the way, the bug is not present.

#18 Updated by Giacomo Sanchietti over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-firewall-base-1.1.0-99.0git62bf6314.ns6.noarch

#19 Updated by Davide Principi over 5 years ago

  • Status changed from ON_QA to TRIAGED
  • % Done changed from 70 to 20

FAILED

Allowed VLAN id range is 0-4094

Found sparse informations here

https://www.kernel.org/doc/Documentation/networking/pktgen.txt

I've tested the range: 0 is OK, 4094 is OK, 4095 fails.

#20 Updated by Davide Principi over 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#21 Updated by Davide Principi over 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

Test case

Creating a VLAN logical interface, the VLAN id must be an integer in range [0-4094], otherwise validation fails.

#22 Updated by Davide Principi over 5 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing:
nethserver-base-2.2.1-72.0git85f138e5.ns6.noarch.rpm

#23 Updated by Filippo Carletti over 5 years ago

  • Status changed from ON_QA to VERIFIED
  • % Done changed from 70 to 90

1. created a vlan with id 6666, it went into the network device table but with an error
2. deleted vlan
3. updated nethserver-base
4. tried to create a vlan with id 6677, refused with a notice that id has to be less than 4095

#24 Updated by Davide Principi over 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-base-2.3.0-1.ns6.noarch.rpm
nethserver-firewall-base-2.0.0-1.ns6.noarch.rpm

Also available in: Atom PDF