mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-22 13:33:52 +03:00
F #5722: Support for QinQ and MTU for OVS
- CVLANs to 1dotq-tunnel - QINQ_TYPE defaults to 802.1q - Addts support fot MTU set of OVS ports co-authored-by: Mikhail Samoylov <msamoylov@opennebula.io>
This commit is contained in:
parent
d498eb95d3
commit
2488ae1a13
@ -337,9 +337,6 @@ VXLAN_IDS = [
|
||||
# DEFAULT_IMAGE_PERSISTENT_NEW: Control the default value for the PERSISTENT
|
||||
# attribute on image creation (oneimage create). By default images are no
|
||||
# persistent if not set.
|
||||
#
|
||||
# VM_SNAPSHOT_FACTOR: How much disk size is counted as disk snapshot
|
||||
# size. Default value 0 (0%) (Use 0.1 means 10%)
|
||||
#*******************************************************************************
|
||||
|
||||
#DATASTORE_LOCATION = /var/lib/one/datastores
|
||||
@ -353,8 +350,6 @@ DEFAULT_IMAGE_TYPE = "OS"
|
||||
#DEFAULT_IMAGE_PERSISTENT = ""
|
||||
#DEFAULT_IMAGE_PERSISTENT_NEW = ""
|
||||
|
||||
VM_SNAPSHOT_FACTOR = "0"
|
||||
|
||||
#*******************************************************************************
|
||||
# Monitor Daemon
|
||||
#*******************************************************************************
|
||||
@ -986,16 +981,7 @@ GROUP_RESTRICTED_ATTR = "VM_ADMIN_OPERATIONS"
|
||||
#*******************************************************************************
|
||||
# Encrypted Attributes Configuration
|
||||
#*******************************************************************************
|
||||
# The following attributes are encrypted. OpenNebula objects that support
|
||||
# encrypted attributes are:
|
||||
# - CLUSTER_ENCRYPTED_ATTR
|
||||
# - VM_ENCRYPTED_ATTR
|
||||
# - HOST_ENCRYPTED_ATTR
|
||||
# - VNET_ENCRYPTED_ATTR
|
||||
# - USER_ENCRYPTED_ATTR
|
||||
# - DATASTORE_ENCRYPTED_ATTR
|
||||
# - IMAGE_ENCRYPTED_ATTR
|
||||
# - DOCUMENT_ENCRYPTED_ATTR
|
||||
# The following attributes are encrypted
|
||||
#*******************************************************************************
|
||||
|
||||
HOST_ENCRYPTED_ATTR = "EC2_ACCESS"
|
||||
@ -1012,16 +998,9 @@ VM_ENCRYPTED_ATTR = "CONTEXT/PASSWORD"
|
||||
|
||||
IMAGE_ENCRYPTED_ATTR = "LUKS_PASSWORD"
|
||||
|
||||
# Encrypted attrs for Edge Cluster documents
|
||||
# DDC encrypted attrs
|
||||
DOCUMENT_ENCRYPTED_ATTR = "PROVISION_BODY"
|
||||
|
||||
USER_ENCRYPTED_ATTR = "SSH_PRIVATE_KEY"
|
||||
USER_ENCRYPTED_ATTR = "SSH_PASSPHRASE"
|
||||
|
||||
# CLUSTER_ENCRYPTED_ATTR = ""
|
||||
# VNET_ENCRYPTED_ATTR = ""
|
||||
# DATASTORE_ENCRYPTED_ATTR = ""
|
||||
|
||||
#*******************************************************************************
|
||||
# Inherited Attributes Configuration
|
||||
#*******************************************************************************
|
||||
|
@ -8,7 +8,7 @@ Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr
|
||||
Cmnd_Alias ONE_LXC = /usr/bin/mount, /usr/bin/umount, /usr/bin/bindfs, /usr/sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /usr/sbin/e2fsck, /usr/sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd
|
||||
Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh
|
||||
Cmnd_Alias ONE_NET = /usr/sbin/ebtables, /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/sbin/ipset, /usr/sbin/ip link *, /usr/sbin/ip tuntap *, /usr/sbin/ip route *, /usr/sbin/ip neighbour *
|
||||
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
|
||||
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl
|
||||
Cmnd_Alias ONE_MEM = /usr/sbin/sysctl vm.drop_caches=3 vm.compact_memory=1
|
||||
Cmnd_Alias ONE_VGPU = /usr/lib/one/sh/vgpu
|
||||
|
||||
|
@ -9,7 +9,7 @@ Cmnd_Alias ONE_LXC = /bin/mount, /bin/umount, /usr/bin/bindfs, /sbin/losetup, /u
|
||||
Cmnd_Alias ONE_LXD = /snap/bin/lxc, /usr/bin/catfstab, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /sbin/losetup, /sbin/kpartx, /usr/bin/qemu-nbd, /sbin/blkid, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd, /usr/sbin/xfs_admin, /sbin/tune2fs
|
||||
Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh
|
||||
Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ipset, /sbin/ip link *, /sbin/ip tuntap *, /sbin/ip route *, /sbin/ip neighbour *
|
||||
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
|
||||
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl
|
||||
Cmnd_Alias ONE_MEM = /sbin/sysctl vm.drop_caches=3 vm.compact_memory=1
|
||||
Cmnd_Alias ONE_VGPU = /usr/lib/one/sh/vgpu
|
||||
|
||||
|
@ -32,6 +32,7 @@ module VNMMAD
|
||||
:virsh => 'virsh -c qemu:///system',
|
||||
:ovs_vsctl=> 'sudo -n ovs-vsctl',
|
||||
:ovs_ofctl=> 'sudo -n ovs-ofctl',
|
||||
:ovs_appctl=> 'sudo -n ovs-appctl',
|
||||
:lsmod => 'lsmod',
|
||||
:ipset => 'sudo -n ipset'
|
||||
}
|
||||
|
@ -68,10 +68,20 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
|
||||
exit 1
|
||||
end
|
||||
|
||||
if !@nic[:mtu].nil?
|
||||
cmd = "#{command(:ovs_vsctl)} set int #{@nic[:tap]} "\
|
||||
"mtu_request=#{@nic[:mtu]}"
|
||||
run cmd
|
||||
end
|
||||
|
||||
# Apply VLAN
|
||||
if !@nic[:vlan_id].nil?
|
||||
tag_vlan
|
||||
tag_trunk_vlans
|
||||
if !@nic[:cvlans].nil?
|
||||
tag_qinq
|
||||
else
|
||||
tag_vlan
|
||||
tag_trunk_vlans
|
||||
end
|
||||
end
|
||||
|
||||
# Delete any existing flows on port
|
||||
@ -167,19 +177,16 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
|
||||
0
|
||||
end
|
||||
|
||||
def vlan
|
||||
@nic[:vlan_id]
|
||||
end
|
||||
|
||||
def tag_vlan
|
||||
cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} "
|
||||
cmd << "tag=#{vlan}"
|
||||
cmd << "tag=#{@nic[:vlan_id]}"
|
||||
|
||||
run cmd
|
||||
end
|
||||
|
||||
def tag_trunk_vlans
|
||||
range = @nic[:vlan_tagged_id]
|
||||
|
||||
if range? range
|
||||
ovs_vsctl_cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]}"
|
||||
|
||||
@ -195,6 +202,25 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
|
||||
end
|
||||
end
|
||||
|
||||
def tag_qinq
|
||||
range = @nic[:cvlans]
|
||||
|
||||
set_vlan_limit(2)
|
||||
|
||||
cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} "
|
||||
cmd << "vlan_mode=dot1q-tunnel tag=#{@nic[:vlan_id]} "
|
||||
cmd << "cvlans=#{expand_range(range)}"
|
||||
|
||||
run cmd
|
||||
|
||||
qinq_type = @nic[:qinq_type]
|
||||
qinq_type ||= "802.1q"
|
||||
|
||||
cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} "
|
||||
cmd << "other_config:qinq-ethtype=#{qinq_type}"
|
||||
|
||||
run cmd
|
||||
end
|
||||
|
||||
# Following IP-spoofing rules may be created:
|
||||
# (if ARP Cache Poisoning) in_port=<PORT>,table=20,arp,arp_spa=<IP>,priority=50000,actions=NORMAL
|
||||
@ -476,6 +502,26 @@ private
|
||||
end
|
||||
|
||||
def validate_vlan_id
|
||||
OpenNebula.log_error("VLAN ID validation not supported with Open vSwitch, skipped.")
|
||||
OpenNebula.log_error("VLAN ID validation not supported for OpenvSwitch, skipped.")
|
||||
end
|
||||
|
||||
def set_vlan_limit(limit)
|
||||
vl =`#{command(:ovs_vsctl)} get Open_vSwitch . other_config:vlan-limit`
|
||||
|
||||
vl_limit = 0
|
||||
|
||||
begin
|
||||
vl_limit = Integer(vl.tr("\"\n",''))
|
||||
rescue ArgumentError
|
||||
end
|
||||
|
||||
return if vl_limit == limit
|
||||
|
||||
cmd = "#{command(:ovs_vsctl)} set Open_vSwitch . "\
|
||||
"other_config:vlan-limit=#{limit}"
|
||||
run cmd
|
||||
|
||||
cmd = "#{command(:ovs_appctl)} revalidator/purge"
|
||||
run cmd
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user