vti: T6085: bring VTI interfaces up only when the IPsec tunnel is up (backport #3157)

[mergify[bot]]

Change Summary

When a VTI interface is just created, it is in ADMIN UP state by default, even if an IPSec peer is not connected. After the peer is disconnected the interface goes to DOWN state as expected.

This breaks routing logic - for example, static routes through VTI interfaces will be active even if a peer is not connected.

This changes to logic so ADMIN UP/DOWN state can only be changed by the vti-up-down helper script.

Types of changes

• [x] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Code style update (formatting, renaming)
• [ ] Refactoring (no functional changes)
• [ ] Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• [ ] Other (please describe):

Related Task(s)

• https://vyos.dev/T6085

Related PR(s)

Component(s) name

vyos.ifconfig.vti

Proposed changes

How to test

Smoketest result

[email protected]:~$ /usr/libexec/vyos/tests/smoke/cli/test_interfaces_vti.py
test_add_multiple_ip_addresses (__main__.VTIInterfaceTest.test_add_multiple_ip_addresses) ... ok
test_add_single_ip_address (__main__.VTIInterfaceTest.test_add_single_ip_address) ... ok
test_dhcp_client_options (__main__.VTIInterfaceTest.test_dhcp_client_options) ... skipped 'not supported'
test_dhcp_disable_interface (__main__.VTIInterfaceTest.test_dhcp_disable_interface) ... skipped 'not supported'
test_dhcp_vrf (__main__.VTIInterfaceTest.test_dhcp_vrf) ... skipped 'not supported'
test_dhcpv6_client_options (__main__.VTIInterfaceTest.test_dhcpv6_client_options) ... skipped 'not supported'
test_dhcpv6_vrf (__main__.VTIInterfaceTest.test_dhcpv6_vrf) ... skipped 'not supported'
test_dhcpv6pd_auto_sla_id (__main__.VTIInterfaceTest.test_dhcpv6pd_auto_sla_id) ... skipped 'not supported'
test_dhcpv6pd_manual_sla_id (__main__.VTIInterfaceTest.test_dhcpv6pd_manual_sla_id) ... skipped 'not supported'
test_interface_description (__main__.VTIInterfaceTest.test_interface_description) ... ok
test_interface_disable (__main__.VTIInterfaceTest.test_interface_disable) ... ok
test_interface_ip_options (__main__.VTIInterfaceTest.test_interface_ip_options) ... ok
test_interface_ipv6_options (__main__.VTIInterfaceTest.test_interface_ipv6_options) ... ok
test_interface_mtu (__main__.VTIInterfaceTest.test_interface_mtu) ... ok
test_ipv6_link_local_address (__main__.VTIInterfaceTest.test_ipv6_link_local_address) ... ok
test_mtu_1200_no_ipv6_interface (__main__.VTIInterfaceTest.test_mtu_1200_no_ipv6_interface) ... ok
test_span_mirror (__main__.VTIInterfaceTest.test_span_mirror) ... skipped 'not supported'
test_vif_8021q_interfaces (__main__.VTIInterfaceTest.test_vif_8021q_interfaces) ... skipped 'not supported'
test_vif_8021q_lower_up_down (__main__.VTIInterfaceTest.test_vif_8021q_lower_up_down) ... skipped 'not supported'
test_vif_8021q_mtu_limits (__main__.VTIInterfaceTest.test_vif_8021q_mtu_limits) ... skipped 'not supported'
test_vif_8021q_qos_change (__main__.VTIInterfaceTest.test_vif_8021q_qos_change) ... skipped 'not supported'
test_vif_s_8021ad_vlan_interfaces (__main__.VTIInterfaceTest.test_vif_s_8021ad_vlan_interfaces) ... skipped 'not supported'
test_vif_s_protocol_change (__main__.VTIInterfaceTest.test_vif_s_protocol_change) ... skipped 'not supported'

----------------------------------------------------------------------
Ran 23 tests in 125.563s

OK (skipped=14)

Checklist:

• [x] I have read the CONTRIBUTING document
• [x] I have linked this PR to one or more Phabricator Task(s)
• [x] I have run the components SMOKETESTS if applicable
• [x] My commit headlines contain a valid Task id
• [ ] My change requires a change to the documentation
• [ ] I have updated the documentation accordingly

---

This is an automatic backport of pull request #3157 done by [Mergify](https://mergify.com).