1
0
mirror of https://github.com/OpenNebula/one.git synced 2025-01-08 21:17:43 +03:00

F #5722: Support for QinQ and MTU for OVS

- CVLANs to 1dotq-tunnel
    - QINQ_TYPE defaults to 802.1q
    - Addts support fot MTU set of OVS ports

co-authored-by: Mikhail Samoylov <msamoylov@opennebula.io>
This commit is contained in:
Ruben S. Montero 2022-02-25 14:37:30 +01:00
parent d498eb95d3
commit 2488ae1a13
No known key found for this signature in database
GPG Key ID: A0CEA6FA880A1D87
5 changed files with 59 additions and 33 deletions

View File

@ -337,9 +337,6 @@ VXLAN_IDS = [
# DEFAULT_IMAGE_PERSISTENT_NEW: Control the default value for the PERSISTENT
# attribute on image creation (oneimage create). By default images are no
# persistent if not set.
#
# VM_SNAPSHOT_FACTOR: How much disk size is counted as disk snapshot
# size. Default value 0 (0%) (Use 0.1 means 10%)
#*******************************************************************************
#DATASTORE_LOCATION = /var/lib/one/datastores
@ -353,8 +350,6 @@ DEFAULT_IMAGE_TYPE = "OS"
#DEFAULT_IMAGE_PERSISTENT = ""
#DEFAULT_IMAGE_PERSISTENT_NEW = ""
VM_SNAPSHOT_FACTOR = "0"
#*******************************************************************************
# Monitor Daemon
#*******************************************************************************
@ -986,16 +981,7 @@ GROUP_RESTRICTED_ATTR = "VM_ADMIN_OPERATIONS"
#*******************************************************************************
# Encrypted Attributes Configuration
#*******************************************************************************
# The following attributes are encrypted. OpenNebula objects that support
# encrypted attributes are:
# - CLUSTER_ENCRYPTED_ATTR
# - VM_ENCRYPTED_ATTR
# - HOST_ENCRYPTED_ATTR
# - VNET_ENCRYPTED_ATTR
# - USER_ENCRYPTED_ATTR
# - DATASTORE_ENCRYPTED_ATTR
# - IMAGE_ENCRYPTED_ATTR
# - DOCUMENT_ENCRYPTED_ATTR
# The following attributes are encrypted
#*******************************************************************************
HOST_ENCRYPTED_ATTR = "EC2_ACCESS"
@ -1012,16 +998,9 @@ VM_ENCRYPTED_ATTR = "CONTEXT/PASSWORD"
IMAGE_ENCRYPTED_ATTR = "LUKS_PASSWORD"
# Encrypted attrs for Edge Cluster documents
# DDC encrypted attrs
DOCUMENT_ENCRYPTED_ATTR = "PROVISION_BODY"
USER_ENCRYPTED_ATTR = "SSH_PRIVATE_KEY"
USER_ENCRYPTED_ATTR = "SSH_PASSPHRASE"
# CLUSTER_ENCRYPTED_ATTR = ""
# VNET_ENCRYPTED_ATTR = ""
# DATASTORE_ENCRYPTED_ATTR = ""
#*******************************************************************************
# Inherited Attributes Configuration
#*******************************************************************************

View File

@ -8,7 +8,7 @@ Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr
Cmnd_Alias ONE_LXC = /usr/bin/mount, /usr/bin/umount, /usr/bin/bindfs, /usr/sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /usr/sbin/e2fsck, /usr/sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd
Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh
Cmnd_Alias ONE_NET = /usr/sbin/ebtables, /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/sbin/ipset, /usr/sbin/ip link *, /usr/sbin/ip tuntap *, /usr/sbin/ip route *, /usr/sbin/ip neighbour *
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl
Cmnd_Alias ONE_MEM = /usr/sbin/sysctl vm.drop_caches=3 vm.compact_memory=1
Cmnd_Alias ONE_VGPU = /usr/lib/one/sh/vgpu

View File

@ -9,7 +9,7 @@ Cmnd_Alias ONE_LXC = /bin/mount, /bin/umount, /usr/bin/bindfs, /sbin/losetup, /u
Cmnd_Alias ONE_LXD = /snap/bin/lxc, /usr/bin/catfstab, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /sbin/losetup, /sbin/kpartx, /usr/bin/qemu-nbd, /sbin/blkid, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd, /usr/sbin/xfs_admin, /sbin/tune2fs
Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh
Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ipset, /sbin/ip link *, /sbin/ip tuntap *, /sbin/ip route *, /sbin/ip neighbour *
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl
Cmnd_Alias ONE_MEM = /sbin/sysctl vm.drop_caches=3 vm.compact_memory=1
Cmnd_Alias ONE_VGPU = /usr/lib/one/sh/vgpu

View File

@ -32,6 +32,7 @@ module VNMMAD
:virsh => 'virsh -c qemu:///system',
:ovs_vsctl=> 'sudo -n ovs-vsctl',
:ovs_ofctl=> 'sudo -n ovs-ofctl',
:ovs_appctl=> 'sudo -n ovs-appctl',
:lsmod => 'lsmod',
:ipset => 'sudo -n ipset'
}

View File

@ -68,10 +68,20 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
exit 1
end
if !@nic[:mtu].nil?
cmd = "#{command(:ovs_vsctl)} set int #{@nic[:tap]} "\
"mtu_request=#{@nic[:mtu]}"
run cmd
end
# Apply VLAN
if !@nic[:vlan_id].nil?
tag_vlan
tag_trunk_vlans
if !@nic[:cvlans].nil?
tag_qinq
else
tag_vlan
tag_trunk_vlans
end
end
# Delete any existing flows on port
@ -167,19 +177,16 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
0
end
def vlan
@nic[:vlan_id]
end
def tag_vlan
cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} "
cmd << "tag=#{vlan}"
cmd << "tag=#{@nic[:vlan_id]}"
run cmd
end
def tag_trunk_vlans
range = @nic[:vlan_tagged_id]
if range? range
ovs_vsctl_cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]}"
@ -195,6 +202,25 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
end
end
def tag_qinq
range = @nic[:cvlans]
set_vlan_limit(2)
cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} "
cmd << "vlan_mode=dot1q-tunnel tag=#{@nic[:vlan_id]} "
cmd << "cvlans=#{expand_range(range)}"
run cmd
qinq_type = @nic[:qinq_type]
qinq_type ||= "802.1q"
cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} "
cmd << "other_config:qinq-ethtype=#{qinq_type}"
run cmd
end
# Following IP-spoofing rules may be created:
# (if ARP Cache Poisoning) in_port=<PORT>,table=20,arp,arp_spa=<IP>,priority=50000,actions=NORMAL
@ -476,6 +502,26 @@ private
end
def validate_vlan_id
OpenNebula.log_error("VLAN ID validation not supported with Open vSwitch, skipped.")
OpenNebula.log_error("VLAN ID validation not supported for OpenvSwitch, skipped.")
end
def set_vlan_limit(limit)
vl =`#{command(:ovs_vsctl)} get Open_vSwitch . other_config:vlan-limit`
vl_limit = 0
begin
vl_limit = Integer(vl.tr("\"\n",''))
rescue ArgumentError
end
return if vl_limit == limit
cmd = "#{command(:ovs_vsctl)} set Open_vSwitch . "\
"other_config:vlan-limit=#{limit}"
run cmd
cmd = "#{command(:ovs_appctl)} revalidator/purge"
run cmd
end
end