Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network: Begin transition to libovsdb #14841

Draft
wants to merge 54 commits into
base: main
Choose a base branch
from
Draft

Network: Begin transition to libovsdb #14841

wants to merge 54 commits into from

Conversation

markylaing
Copy link
Contributor

This begins a series of cherry-picks and amendments to transition LXD to use libovsdb, rather than OVN CLI tooling.

@markylaing markylaing self-assigned this Jan 22, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 22, 2025
View reviewed changes
lxd/network/ovn/ovn_nb.go

tlsConfig := &tls.Config{
Certificates: []tls.Certificate{clientCert},
InsecureSkipVerify: true,

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.
lxd/network/ovn/ovn_sb.go

tlsConfig := &tls.Config{
Certificates: []tls.Certificate{clientCert},
InsecureSkipVerify: true,

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.
@markylaing markylaing marked this pull request as draft January 23, 2025 07:20
@tomponline
Copy link
Member

@markylaing im going to wait until after LXD 6.3 to merge this btw.

@markylaing
Copy link
Contributor Author

@markylaing im going to wait until after LXD 6.3 to merge this btw.

Yep no problem. There are some issues with it in any case.

@github-actions github-actions bot added Documentation Documentation needs updating API Changes to the REST API labels Jan 23, 2025
stgraber and others added 21 commits January 24, 2025 08:05
@stgraber @markylaing
Makefile: Add update-ovsdb
b5a17dd 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@markylaing
Makefile: Only install modelgen if not already installed.
52f2d21 
Signed-off-by: Mark Laing <[email protected]>
@stgraber @markylaing
gomod: Add libovsdb
126e048 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Add OVS and OVN schemas
954cda0 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Remove unused functions
0c6c1fb 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Split OVN logic
cd5a35d 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Add OVN database types
b0fd68d 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
(cherry picked from commit d87d46523c7453932578b1cab42c874f724c34c0)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Add native ovsdb client
9736bda 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Use pointer receiver for LogicalRouterDelete
1a0cacb 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
(cherry picked from commit 757148099e1cf904bb96b1748184cd55e4092d1b)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Port ChassisGroupChassisAdd to ovsdb
80f7aad 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
(cherry picked from commit e67cddf68fc9b3ee6bb574ae126a5ae0abc69ca8)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/server/network: Move ovn to separate package
cbc1c69 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Move TCP flags to ovn package
615cf0e 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Update for separate ovn package
e95981e 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd: Update for network/ovn
238402c 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
Makefile: Update for new OVN package
7d61d94 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
(cherry picked from commit 0b9a4cda51353f64ef5628f3cc63462fa47098f4)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/openvswitch: Rename to ovs
570bc1c 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
Makefile: Update for OVS package
100ae13 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd: Update for OVS package rename
893148a 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd: Fix import shadowing
920cb0a 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
tests: Skip lint on OVSDB schemas
bc5e985 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@markylaing
lxd/network: Fix lint errors (pre-alloc).
1c91dbf 
Signed-off-by: Mark Laing <[email protected]>
stgraber and others added 26 commits January 24, 2025 08:06
@stgraber @markylaing
lxd/network: Update for GetLogicalRouterPortActiveChassisHostname
4dde41b 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovn: Replace OVN struct with NB
dcc1e65 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd: Update for OVN NB struct
3422478 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovn: Port PortGroupInfo to OVSDB
669ec9d 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovn: Port LogicalSwitchPortDynamicIPs to OVSDB
9072c87 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovs: Add OVSDB client
0c96fd0 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd: Update for NewVSwitch changes
c4b5b0e 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovs: Port BridgeExists to OVSDB
7650c55 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovs: Port ChassisID to OVSDB
1acf8c3 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovs: Port OVNBridgeMappings to OVSDB
841a146 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
Makefile: Set min OVN version to 22.03.0
c400ac8 
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovn: Update schemas
ec3b019 
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@markylaing
lxd/network/ovn: Add a wrapper for the ovsdb (client).Transact method.
d66cee6 
This commit adds logic to the client to listen for update events on the
`NB_Global` table. This is used to receive notifications when the value of
`sb_cfg` or `hv_cfg` is changed, so that we can wait for configuration to
propagate without polling.

The `(NB).transaction` method gets the existing NB_Global from the cache
and increments the `nb_cfg` value. It then waits for `sb_cfg` or `hv_cfg`
be updated to a number greater than or equal to the incremented `nb_cfg`.
This logic is the same as in ovn-nbctl (I've linked to the source in a
comment).

A new type `nbWaitMode` is added to control the wait behaviour.

Signed-off-by: Mark Laing <[email protected]>
@markylaing
lxd/network/ovn: Update ChassisGroupChassisAdd to use (NB).transact.
279b5dd 
Signed-off-by: Mark Laing <[email protected]>
@markylaing
test/suites: Test that (OVS).BridgeExists works.
babeb47 
Signed-off-by: Mark Laing <[email protected]>
@stgraber @markylaing
lxd/network/ovs: Fix empty OVNBridgeMappings
30a6cd0 
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network: Wait for port to appear
0290b61 
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ov{n,s}: Properly close the connections
1d51209 
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovn: Use Mutate instead of Update
0203028 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovn: Fix ChassisGroupChassisAdd
bdbabc6 
Signed-off-by: Stéphane Graber <[email protected]>
Sponsored-by: Luizalabs (https://luizalabs.com)
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@markylaing
api: Adds network_ovs_connection API extension.
5c9093b 
Signed-off-by: Mark Laing <[email protected]>
@stgraber @markylaing
lxd/node/config: Add network.ovs.connection
6b89fb5 
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
doc: Update configs
04ca19f 
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd/network/ovs: Make OVS database configurable
818c2d9 
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@stgraber @markylaing
lxd: Pass database address to ovn.NewVSwitch
555322d 
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Mark Laing <[email protected]>
License: Apache-2.0
@markylaing
test/includes: Set Open vSwitch connection after LXD start up if pres…
2012b1a 
…ent.

It's not just the `network_ovn` suite that uses Open vSwitch. It is used
in many places e.g. checking a OVS bridge exists for reporting the kind
of an unmanaged network.

Signed-off-by: Mark Laing <[email protected]>
@markylaing
Copy link
Contributor Author

Tests passing now (both in the main test suite and the network-ovn LXD CI tests).

A few things for discussion:

  • The code scanning errors above. I'm not sure if they're a false positive since the OVN CA certificate it used it present.
  • When adding the network.ovs.connection config key, the "scope" of the key in the Incus commit was set to "global", but it was added to the local config for the node. I changed the scope to "local" with the thinking that OVS is a per-cluster member config. We could change it to "global" and move to lxd/cluster/config instead, and require that the path be the same on all members.
  • Also when adding the network.ovs.connection I cherry-picked this commit (see here) to update the call sites. However, I'm not sure I should have because VSwitch is not yet defined on our state (it's not long-lived yet) so I had to edit all the calls to pass in the connection string instead. I'm thinking to remove this cherry-pick and implement myself, then cherry-pick the commit when we actually move to long-lived connections.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@markylaing markylaing

Labels
API Changes to the REST API Documentation Documentation needs updating
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@markylaing @tomponline @stgraber