From 2488ae1a13f011521f39d736494191f126d30215 Mon Sep 17 00:00:00 2001 From: "Ruben S. Montero" Date: Fri, 25 Feb 2022 14:37:30 +0100 Subject: [PATCH] F #5722: Support for QinQ and MTU for OVS - CVLANs to 1dotq-tunnel - QINQ_TYPE defaults to 802.1q - Addts support fot MTU set of OVS ports co-authored-by: Mikhail Samoylov --- share/etc/oned.conf | 25 +-------- share/pkgs/sudoers/centos/opennebula | 2 +- share/pkgs/sudoers/debian/opennebula | 2 +- src/vnm_mad/remotes/lib/command.rb | 1 + src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb | 62 ++++++++++++++++++--- 5 files changed, 59 insertions(+), 33 deletions(-) diff --git a/share/etc/oned.conf b/share/etc/oned.conf index 009815c31b..379c5e2ffb 100644 --- a/share/etc/oned.conf +++ b/share/etc/oned.conf @@ -337,9 +337,6 @@ VXLAN_IDS = [ # DEFAULT_IMAGE_PERSISTENT_NEW: Control the default value for the PERSISTENT # attribute on image creation (oneimage create). By default images are no # persistent if not set. -# -# VM_SNAPSHOT_FACTOR: How much disk size is counted as disk snapshot -# size. Default value 0 (0%) (Use 0.1 means 10%) #******************************************************************************* #DATASTORE_LOCATION = /var/lib/one/datastores @@ -353,8 +350,6 @@ DEFAULT_IMAGE_TYPE = "OS" #DEFAULT_IMAGE_PERSISTENT = "" #DEFAULT_IMAGE_PERSISTENT_NEW = "" -VM_SNAPSHOT_FACTOR = "0" - #******************************************************************************* # Monitor Daemon #******************************************************************************* @@ -986,16 +981,7 @@ GROUP_RESTRICTED_ATTR = "VM_ADMIN_OPERATIONS" #******************************************************************************* # Encrypted Attributes Configuration #******************************************************************************* -# The following attributes are encrypted. OpenNebula objects that support -# encrypted attributes are: -# - CLUSTER_ENCRYPTED_ATTR -# - VM_ENCRYPTED_ATTR -# - HOST_ENCRYPTED_ATTR -# - VNET_ENCRYPTED_ATTR -# - USER_ENCRYPTED_ATTR -# - DATASTORE_ENCRYPTED_ATTR -# - IMAGE_ENCRYPTED_ATTR -# - DOCUMENT_ENCRYPTED_ATTR +# The following attributes are encrypted #******************************************************************************* HOST_ENCRYPTED_ATTR = "EC2_ACCESS" @@ -1012,16 +998,9 @@ VM_ENCRYPTED_ATTR = "CONTEXT/PASSWORD" IMAGE_ENCRYPTED_ATTR = "LUKS_PASSWORD" -# Encrypted attrs for Edge Cluster documents +# DDC encrypted attrs DOCUMENT_ENCRYPTED_ATTR = "PROVISION_BODY" -USER_ENCRYPTED_ATTR = "SSH_PRIVATE_KEY" -USER_ENCRYPTED_ATTR = "SSH_PASSPHRASE" - -# CLUSTER_ENCRYPTED_ATTR = "" -# VNET_ENCRYPTED_ATTR = "" -# DATASTORE_ENCRYPTED_ATTR = "" - #******************************************************************************* # Inherited Attributes Configuration #******************************************************************************* diff --git a/share/pkgs/sudoers/centos/opennebula b/share/pkgs/sudoers/centos/opennebula index 0bcf51416f..c04ba284b1 100644 --- a/share/pkgs/sudoers/centos/opennebula +++ b/share/pkgs/sudoers/centos/opennebula @@ -8,7 +8,7 @@ Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr Cmnd_Alias ONE_LXC = /usr/bin/mount, /usr/bin/umount, /usr/bin/bindfs, /usr/sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /usr/sbin/e2fsck, /usr/sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh Cmnd_Alias ONE_NET = /usr/sbin/ebtables, /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/sbin/ipset, /usr/sbin/ip link *, /usr/sbin/ip tuntap *, /usr/sbin/ip route *, /usr/sbin/ip neighbour * -Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl +Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl Cmnd_Alias ONE_MEM = /usr/sbin/sysctl vm.drop_caches=3 vm.compact_memory=1 Cmnd_Alias ONE_VGPU = /usr/lib/one/sh/vgpu diff --git a/share/pkgs/sudoers/debian/opennebula b/share/pkgs/sudoers/debian/opennebula index 4071c57433..07fdce801d 100644 --- a/share/pkgs/sudoers/debian/opennebula +++ b/share/pkgs/sudoers/debian/opennebula @@ -9,7 +9,7 @@ Cmnd_Alias ONE_LXC = /bin/mount, /bin/umount, /usr/bin/bindfs, /sbin/losetup, /u Cmnd_Alias ONE_LXD = /snap/bin/lxc, /usr/bin/catfstab, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /sbin/losetup, /sbin/kpartx, /usr/bin/qemu-nbd, /sbin/blkid, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd, /usr/sbin/xfs_admin, /sbin/tune2fs Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ipset, /sbin/ip link *, /sbin/ip tuntap *, /sbin/ip route *, /sbin/ip neighbour * -Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl +Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl Cmnd_Alias ONE_MEM = /sbin/sysctl vm.drop_caches=3 vm.compact_memory=1 Cmnd_Alias ONE_VGPU = /usr/lib/one/sh/vgpu diff --git a/src/vnm_mad/remotes/lib/command.rb b/src/vnm_mad/remotes/lib/command.rb index 5d43991673..fcfc397c47 100644 --- a/src/vnm_mad/remotes/lib/command.rb +++ b/src/vnm_mad/remotes/lib/command.rb @@ -32,6 +32,7 @@ module VNMMAD :virsh => 'virsh -c qemu:///system', :ovs_vsctl=> 'sudo -n ovs-vsctl', :ovs_ofctl=> 'sudo -n ovs-ofctl', + :ovs_appctl=> 'sudo -n ovs-appctl', :lsmod => 'lsmod', :ipset => 'sudo -n ipset' } diff --git a/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb b/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb index c73723a8bd..053e7f0241 100644 --- a/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb +++ b/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb @@ -68,10 +68,20 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver exit 1 end + if !@nic[:mtu].nil? + cmd = "#{command(:ovs_vsctl)} set int #{@nic[:tap]} "\ + "mtu_request=#{@nic[:mtu]}" + run cmd + end + # Apply VLAN if !@nic[:vlan_id].nil? - tag_vlan - tag_trunk_vlans + if !@nic[:cvlans].nil? + tag_qinq + else + tag_vlan + tag_trunk_vlans + end end # Delete any existing flows on port @@ -167,19 +177,16 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver 0 end - def vlan - @nic[:vlan_id] - end - def tag_vlan cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} " - cmd << "tag=#{vlan}" + cmd << "tag=#{@nic[:vlan_id]}" run cmd end def tag_trunk_vlans range = @nic[:vlan_tagged_id] + if range? range ovs_vsctl_cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]}" @@ -195,6 +202,25 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver end end + def tag_qinq + range = @nic[:cvlans] + + set_vlan_limit(2) + + cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} " + cmd << "vlan_mode=dot1q-tunnel tag=#{@nic[:vlan_id]} " + cmd << "cvlans=#{expand_range(range)}" + + run cmd + + qinq_type = @nic[:qinq_type] + qinq_type ||= "802.1q" + + cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} " + cmd << "other_config:qinq-ethtype=#{qinq_type}" + + run cmd + end # Following IP-spoofing rules may be created: # (if ARP Cache Poisoning) in_port=,table=20,arp,arp_spa=,priority=50000,actions=NORMAL @@ -476,6 +502,26 @@ private end def validate_vlan_id - OpenNebula.log_error("VLAN ID validation not supported with Open vSwitch, skipped.") + OpenNebula.log_error("VLAN ID validation not supported for OpenvSwitch, skipped.") + end + + def set_vlan_limit(limit) + vl =`#{command(:ovs_vsctl)} get Open_vSwitch . other_config:vlan-limit` + + vl_limit = 0 + + begin + vl_limit = Integer(vl.tr("\"\n",'')) + rescue ArgumentError + end + + return if vl_limit == limit + + cmd = "#{command(:ovs_vsctl)} set Open_vSwitch . "\ + "other_config:vlan-limit=#{limit}" + run cmd + + cmd = "#{command(:ovs_appctl)} revalidator/purge" + run cmd end end