F #5722: Support for QinQ and MTU for OVS

- CVLANs to 1dotq-tunnel - QINQ_TYPE defaults to 802.1q - Addts support fot MTU set of OVS ports co-authored-by: Mikhail Samoylov <msamoylov@opennebula.io> (cherry picked from commit 2488ae1a13f011521f39d736494191f126d30215)
2025-03-21 14:50:08 +03:00 · 2022-02-25 14:37:30 +01:00 · 2022-02-25 14:37:30 +01:00 · aa14a3dba5
commit aa14a3dba5
parent 9f4b660d3d
4 changed files with 57 additions and 10 deletions
--- a/share/pkgs/sudoers/centos/opennebula
+++ b/share/pkgs/sudoers/centos/opennebula
@ -8,7 +8,7 @@ Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr
 Cmnd_Alias ONE_LXC = /usr/bin/mount, /usr/bin/umount, /usr/bin/bindfs, /usr/sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /usr/sbin/e2fsck, /usr/sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd
 Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh
 Cmnd_Alias ONE_NET = /usr/sbin/ebtables, /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/sbin/ipset, /usr/sbin/ip link *, /usr/sbin/ip tuntap *, /usr/sbin/ip route *, /usr/sbin/ip neighbour *
-Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
+Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl
 Cmnd_Alias ONE_MEM = /usr/sbin/sysctl vm.drop_caches=3 vm.compact_memory=1

 ## Command aliases are enabled individually in dedicated
--- a/share/pkgs/sudoers/debian/opennebula
+++ b/share/pkgs/sudoers/debian/opennebula
@ -9,7 +9,7 @@ Cmnd_Alias ONE_LXC = /bin/mount, /bin/umount, /usr/bin/bindfs, /sbin/losetup, /u
 Cmnd_Alias ONE_LXD = /snap/bin/lxc, /usr/bin/catfstab, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /sbin/losetup, /sbin/kpartx, /usr/bin/qemu-nbd, /sbin/blkid, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd, /usr/sbin/xfs_admin, /sbin/tune2fs
 Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh
 Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ipset, /sbin/ip link *, /sbin/ip tuntap *, /sbin/ip route *, /sbin/ip neighbour *
-Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
+Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl
 Cmnd_Alias ONE_MEM = /sbin/sysctl vm.drop_caches=3 vm.compact_memory=1

 ## Command aliases are enabled individually in dedicated
--- a/src/vnm_mad/remotes/lib/command.rb
+++ b/src/vnm_mad/remotes/lib/command.rb
@ -32,6 +32,7 @@ module VNMMAD
            :virsh    => 'virsh -c qemu:///system',
            :ovs_vsctl=> 'sudo -n ovs-vsctl',
            :ovs_ofctl=> 'sudo -n ovs-ofctl',
+            :ovs_appctl=> 'sudo -n ovs-appctl',
            :lsmod    => 'lsmod',
            :ipset    => 'sudo -n ipset'
        }
--- a/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb
+++ b/src/vnm_mad/remotes/ovswitch/OpenvSwitch.rb
@ -68,10 +68,20 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
                exit 1
            end

+            if !@nic[:mtu].nil?
+              cmd = "#{command(:ovs_vsctl)} set int #{@nic[:tap]} "\
+                    "mtu_request=#{@nic[:mtu]}"
+              run cmd
+            end
+
            # Apply VLAN
            if !@nic[:vlan_id].nil?
-                tag_vlan
-                tag_trunk_vlans
+                if !@nic[:cvlans].nil?
+                    tag_qinq
+                else
+                    tag_vlan
+                    tag_trunk_vlans
+                end
            end

            # Delete any existing flows on port
@ -167,19 +177,16 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
        0
    end

-    def vlan
-        @nic[:vlan_id]
-    end
-
    def tag_vlan
        cmd =  "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} "
-        cmd << "tag=#{vlan}"
+        cmd << "tag=#{@nic[:vlan_id]}"

        run cmd
    end

    def tag_trunk_vlans
        range = @nic[:vlan_tagged_id]
+
        if range? range
            ovs_vsctl_cmd = "#{command(:ovs_vsctl)} set Port #{@nic[:tap]}"

@ -195,6 +202,25 @@ class OpenvSwitchVLAN < VNMMAD::VNMDriver
        end
    end

+    def tag_qinq
+        range = @nic[:cvlans]
+
+        set_vlan_limit(2)
+
+        cmd =  "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} "
+        cmd << "vlan_mode=dot1q-tunnel tag=#{@nic[:vlan_id]} "
+        cmd << "cvlans=#{expand_range(range)}"
+
+        run cmd
+
+        qinq_type = @nic[:qinq_type]
+        qinq_type ||= "802.1q"
+
+        cmd =  "#{command(:ovs_vsctl)} set Port #{@nic[:tap]} "
+        cmd << "other_config:qinq-ethtype=#{qinq_type}"
+
+        run cmd
+    end

    # Following IP-spoofing rules may be created:
    # (if ARP Cache Poisoning) in_port=<PORT>,table=20,arp,arp_spa=<IP>,priority=50000,actions=NORMAL
@ -476,6 +502,26 @@ private
    end

    def validate_vlan_id
-        OpenNebula.log_error("VLAN ID validation not supported with Open vSwitch, skipped.")
+        OpenNebula.log_error("VLAN ID validation not supported for OpenvSwitch, skipped.")
+    end
+
+    def set_vlan_limit(limit)
+        vl  =`#{command(:ovs_vsctl)} get Open_vSwitch . other_config:vlan-limit`
+
+        vl_limit = 0
+
+        begin
+            vl_limit = Integer(vl.tr("\"\n",''))
+        rescue ArgumentError
+        end
+
+        return if vl_limit == limit
+
+        cmd = "#{command(:ovs_vsctl)} set Open_vSwitch . "\
+            "other_config:vlan-limit=#{limit}"
+        run cmd
+
+        cmd = "#{command(:ovs_appctl)} revalidator/purge"
+        run cmd
    end
 end