Feature #2719
Web UI: advanced network configuration
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-base | |||
Target version: | v6.5 | |||
Resolution: | NEEDINFO: | No |
Description
Extend web interface to allow configuration of advanced network interfaces.
The user should be able manage:- Bridges
- Bonding
- VLAN
- Aliases
- orange (DMZ): only static address
- blue (Guests): only static address
Associated revisions
Network helpers: handle bridges and tuns. Refs #2719
Dashboard: show virtual interfaces. Refs #2719
NetworkAdapter UI module: generic interface types management. Refs #2719
Added support for bridge, bond, vlan and alias interface.
NetworkAdapter: default label for undefined roles. Refs #2719
NetworkAdapter: use TableAdapter without specifying static record type. Refs #2719
NetworkAdapter: hide types on edit, return interfaces for bridges and bonds. Refs #2719
interface-config-reset: force removal of aliases configuration. Refs #2719
interface-config-write: use DEVICE instead of NAME. Refs #2719
Append additional parameters to output:
- NM_CONTROLLED
- USERCTL
- ONBOOT
- SLAVE
NetworkAdapter UI module: support for virtual interfaces. Refs #2719
- Wizard driven creation of bridge, bond, VLAN interfaces
- IP alias assignment
- Deletion with interface "successor"
Removed interface-update integration. Refs #2719
The firewall-adjust generic event is now signalled by
interface-update itself.
Calculated values for network configuration scripts. Refs #2719
- DB is no longer modified on-the-fly: removed interface-config-adjust
action.
- Added "default" prop values, overridable by values from DB
interface-update: signal firewall-adjust event. Refs #2719
NetworkAdapter UI module: use "none" instead of "static". Refs #2719
The "static" value for BOOTPROTO is not documented. Known values are
"dhcp", "bootp" and "none".
Fix "static" value for BOOTPROTO parameter. Refs #2719
The "static" word is replaced by "none".
NetworkAdapter UI module: fixed unassigned values notice. Refs #2719
Web UI: hide extra roles if lokkit is used as firewall. Refs #2719
interface-config-write: handle gateway for red interfaces. Refs #2719
Web UI: emphasize roles. Refs #2719
Networks db: ignore virbrX and macvtapX devices. Refs #2719
UI translations: add DeleteLogicalInterface_alias_message label. Refs #2719
NetworkAdapter: enable DHCP only on red interfaces. Refs #2719
Also fixed validation error message (requires Nethgui >= 1.5.0-22).
Network lib: handle vlans. Refs #2719
Web UI: handle vlans. Refs #2719
Inline help: add logical interfaces and roles. Refs #2719
Translations: add alias label. Refs #2719
NetworkAdapter: set VLAN id validator range [0-4094]. Refs #2719
Translations: update labels. Refs #2719
History
#1 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from NEW to TRIAGED
- % Done changed from 0 to 20
#2 Updated by Giacomo Sanchietti over 7 years ago
- Status changed from TRIAGED to ON_DEV
- % Done changed from 20 to 30
#3 Updated by Giacomo Sanchietti over 7 years ago
- Assignee set to Davide Principi
#4 Updated by Giacomo Sanchietti about 7 years ago
- Subject changed from Web UI: support for advanced network configuration to Web UI: advanced network configuration
#5 Updated by Davide Principi about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
Check interface management workflow:- physical interface role and other properties assignment; role release
- logical interface creation, composition, deletion (with and without role inheritance)
- DHCP protocol available only on red interfaces
- progress bar when changes are saved
#6 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
- nethserver-base-2.2.1-57.0git27156ae2.ns6.noarch.rpm
nethserver-nethgui-1.5.0-22.0git051080ae.ns6.noarch.rpm
nethserver-nethgui-1.5.0-23.0git0d145f80.ns6.noarch.rpm
#7 Updated by Alessandro Polidori about 7 years ago
- Assignee set to Alessandro Polidori
#8 Updated by Alessandro Polidori about 7 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
Only the following update are available on nethserver-testing repo:
- nethserver-base-2.2.1-60.0git4b6541f8.ns6
- nethserver-nethgui-1.5.0-26.0gitf9aa109c.ns6
I have done the following test for the physical interface, and they works:
- progress bar does not appears
- assign a role to an interface (ip, netmask and gateway): green,red,orange and blue.
- assign a red net role with dhcp
- modify a role (modify the ip address)
- remove a role
- create an alias
- remove an alias: it works, but what is the scope or "Successore" field ?
I have done the following test for the logical interface, and they works:
- creation of an interface bond
- creation of an interface bridge
- creation of a vlan
- modification of the IP address of a created bond
- modification of the IP address of a created bridge
- modification of the IP address and role of a green bridge to red
- deletion of a bond chosing an interface as role inheritance
- deletion of a bond without chosing an interface as role inheritance
- deletion of vlan
- create an alias of a bond logical interface
- create an alias of a ref bridge logical interface
- eliminate an alias of a bond logical interface
- eliminate an alias of a bridge logical interface
- dhcp protocol is available only in red intarfaces.
The following test has been failed
- creation of a vlan logical interface:
- the tag name must be only of numeric type: now it is possible to insert also a string value
- the vlan is never created: do not works.
The feature is not verified.
#9 Updated by Giacomo Sanchietti about 7 years ago
- Assignee deleted (
Alessandro Polidori)
#10 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 30
#11 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 30 to 60
- updated NetworkDB library to handle vlan
- changed validator for vlan tag on Web UI
- changed write-config action to handle vlan
#12 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
- nethserver-base-2.2.1-60.0gitb49d76d0.ns6.noarch.rpm
- Re-test vlan configuration
#13 Updated by Davide Principi about 7 years ago
- Related to Bug #2745: Certificate migration fails if "key" prop is missing added
#14 Updated by Davide Principi about 7 years ago
- Related to deleted (Bug #2745: Certificate migration fails if "key" prop is missing)
#15 Updated by Davide Principi about 7 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
alias
on a red
interface causes the following errors:
- The table shows an untranslated string
alias_label
, - If a port forward is created, Shorewall fails while applying the new configuration:
Jul 9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: Event: nethserver-firewall-base-save interface-update Jul 9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/lsm/lsm.conf Jul 9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/shorewall.conf Jul 9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/tcrules Jul 9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/masq Jul 9 15:04:17 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/tunnels Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/rtrules Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/tcpri Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/policy Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/tcinterfaces Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/providers Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/zones Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/rules Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/interfaces Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: expanding /etc/shorewall/hosts Jul 9 15:04:18 NethSecurity-NG-Corso esmith::event[19536]: Action: /etc/e-smith/events/actions/generic_template_expand SUCCESS [1.254687] Jul 9 15:04:19 NethSecurity-NG-Corso esmith::event[19536]: [INFO] lsm is disabled: skipped Jul 9 15:04:19 NethSecurity-NG-Corso esmith::event[19536]: [INFO] service shorewall restart Jul 9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: Restarting shorewall: ERROR: Undefined zone (alias) /etc/shorewall/policy (line 49) Jul 9 15:04:22 NethSecurity-NG-Corso logger: ERROR:Shorewall restart failed Jul 9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: [FALLITO]#015 Jul 9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: [WARNING] service shorewall restart failed! Jul 9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: Action: /etc/e-smith/events/actions/adjust-services FAILED: 1 [3.887112] Jul 9 15:04:22 NethSecurity-NG-Corso esmith::event[19536]: Event: nethserver-firewall-base-save FAILED Jul 9 15:04:22 NethSecurity-NG-Corso esmith::event[18623]: Action: /etc/e-smith/events/interface-update/S90firewall-adjust FAILED: 1 [5.499073] Jul 9 15:04:22 NethSecurity-NG-Corso esmith::event[18623]: Event: interface-update FAILED
#16 Updated by Davide Marini about 7 years ago
Davide Principi wrote:
Creating analias
on ared
interface causes the following errors:
- The table shows an untranslated string
alias_label
,
there is no way to set the string alias_label, we can just define ip address and netmask
#17 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from TRIAGED to MODIFIED
- Assignee set to Giacomo Sanchietti
- % Done changed from 20 to 60
Davide Principi wrote:
- The table shows an untranslated string
alias_label
,
This is just a missing label inside the translation file, just addedd.
- If a port forward is created, Shorewall fails while applying the new configuration:[...]
This bug is related to #2774 inside nethserver-firewall-base package. By the way, the bug is not present.
#18 Updated by Giacomo Sanchietti about 7 years ago
- Status changed from MODIFIED to ON_QA
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 60 to 70
- nethserver-firewall-base-1.1.0-99.0git62bf6314.ns6.noarch
#19 Updated by Davide Principi about 7 years ago
- Status changed from ON_QA to TRIAGED
- % Done changed from 70 to 20
FAILED
Allowed VLAN id range is 0-4094
Found sparse informations here
https://www.kernel.org/doc/Documentation/networking/pktgen.txt
I've tested the range: 0 is OK, 4094 is OK, 4095 fails.
#20 Updated by Davide Principi almost 7 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#21 Updated by Davide Principi almost 7 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
Test case
Creating a VLAN logical interface, the VLAN id must be an integer in range [0-4094], otherwise validation fails.
#22 Updated by Davide Principi almost 7 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing:
nethserver-base-2.2.1-72.0git85f138e5.ns6.noarch.rpm
#23 Updated by Filippo Carletti almost 7 years ago
- Status changed from ON_QA to VERIFIED
- % Done changed from 70 to 90
1. created a vlan with id 6666, it went into the network device table but with an error
2. deleted vlan
3. updated nethserver-base
4. tried to create a vlan with id 6677, refused with a notice that id has to be less than 4095
#24 Updated by Davide Principi almost 7 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates:
nethserver-base-2.3.0-1.ns6.noarch.rpm
nethserver-firewall-base-2.0.0-1.ns6.noarch.rpm