Add ff_fix_default_route

  If there is an interface in vrf_external, install a workaround script
  for a bug in ifupdown2 which will sometimes drop an IPv4 default route
  present in the kernel and not reinstall it.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

network/interfaces/ff_fix_default_route

@@ -0,0 +1,62 @@
+#!/usr/bin/perl -W
+#
+# Maximilian Wilhelm <max@rfc2324.org>
+#  --  Sat 11 Feb 2017 10:29:29 PM CET
+#
+
+use strict;
+
+# Search for interface entry for an external interface with an IPv4 default
+# route configured, like this:
+#
+#auto eth0
+#iface eth0
+#	address 5.196.106.54/32
+#	gateway 5.196.106.48
+#	mtu 1500
+#	pointopoint 5.196.106.48
+my $gateway = undef;
+open (ENI, "< /etc/network/interfaces")
+	or die "Failed to open '/etc/network/interfaces': $!\n";
+while (my $line = <ENI>) {
+	chomp $line;
+
+	# New interface stanza
+	if ($line =~ /^iface (.*)/) {
+		$gateway = undef;
+	}
+
+	# gateway set?
+	elsif ($line =~ m/gateway\s+([0-9.]+)/) {
+		$gateway = $1;
+	}
+
+	# Interface part of vrf_external
+	elsif ($line =~ m/vrf vrf_external/) {
+		last;
+	}
+}
+close (ENI);
+
+# If there's no gateway configured for vrf_external, nothing to do
+if (not defined $gateway) {
+	exit (0);
+}
+
+
+# Check for current default route in vrf_external
+my $default_route_active = undef;
+open (ROUTE, "ip route show table 1023 | grep ^default |")
+	or die "Failed to read default route from table 1023: $!\n";
+while (my $line = <ROUTE>) {
+	if ($line =~ m/^default via ([0-9.]+)/) {
+		$default_route_active = $1;
+	}
+}
+close (ROUTE);
+
+
+# If we didn't find an active default route, re-add it.
+if (not defined $default_route_active) {
+	system ("ip route add default via $gateway table 1023");
+}

network/interfaces/ff_fix_default_route.cron

@@ -0,0 +1,8 @@
+#
+# Check if a default route within vrf_external is configured and if it's active
+#
+SHELL=/bin/bash
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=ops@ffho.net
+
+* * * * *       root    /usr/local/sbin/ff_fix_default_route

network/interfaces/init.sls

@@ -36,3 +36,36 @@ ifreload:
       - file: /etc/network/interfaces
     - require:
       - file: /etc/network/ifupdown2/ifupdown2.conf
+
+
+# If there is an interface in vrf_external, install a workaround script
+# for a bug in ifupdown2 which will sometimes drop an IPv4 default route
+# present in the kernel and not reinstall it.
+#
+# The fix script will be called every minute by cron and after ifreload
+# was called to try to minimize any downtime.
+{% set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}
+{% set sites_config = salt['pillar.get']('sites', {}) %}
+{% set ifaces = salt['ffho_net.get_interface_config'](node_config, sites_config) %}
+{% if 'vrf_external' in ifaces %}
+/usr/local/sbin/ff_fix_default_route:
+  file.managed:
+    - source: salt://network/interfaces/ff_fix_default_route
+    - mode: 755
+  cmd.wait:
+    - require:
+      - cmd: ifreload
+    - watch:
+      - file: /etc/network/interfaces
+
+/etc/cron.d/ff_fix_default_route:
+  file.managed:
+    - source: salt://network/interfaces/ff_fix_default_route.cron
+
+{% else %}
+/usr/local/sbin/ff_fix_default_route:
+  file.absent
+
+/etc/cron.d/ff_fix_default_route:
+  file.absent
+{% endif %}