Merge pull request #1159 from stgraber/ovn

Make OVS path configurable
lxc · Aug 27, 2024 · 5757692 · 5757692
2 parents 97bda17 + 3ddbdcc
commit 5757692
Show file tree

Hide file tree

Showing 20 changed files with 128 additions and 54 deletions.
diff --git a/cmd/incusd/api_1.0.go b/cmd/incusd/api_1.0.go
@@ -801,6 +801,7 @@ func doApi10UpdateTriggers(d *Daemon, nodeChanged, clusterChanged map[string]str
 	oidcChanged := false
 	openFGAChanged := false
 	ovnChanged := false
+	ovsChanged := false
 	syslogChanged := false
 
 	for key := range clusterChanged {
@@ -856,6 +857,9 @@ func doApi10UpdateTriggers(d *Daemon, nodeChanged, clusterChanged map[string]str
 
 		case "core.syslog_socket":
 			syslogChanged = true
+
+		case "network.ovs.connection":
+			ovsChanged = true
 		}
 	}
 
@@ -993,6 +997,13 @@ func doApi10UpdateTriggers(d *Daemon, nodeChanged, clusterChanged map[string]str
 		}
 	}
 
+	if ovsChanged {
+		err := d.setupOVS()
+		if err != nil {
+			return err
+		}
+	}
+
 	if syslogChanged {
 		err := d.setupSyslogSocket(nodeConfig.SyslogSocket())
 		if err != nil {

diff --git a/cmd/incusd/api_cluster.go b/cmd/incusd/api_cluster.go
@@ -773,6 +773,9 @@ func clusterPutJoin(d *Daemon, r *http.Request, req api.ClusterPut) response.Res
 		// Refresh the state.
 		s = d.State()
 
+		// Re-connect OVS if needed.
+		_ = d.setupOVS()
+
 		// Re-connect OVN if needed.
 		_ = d.setupOVN()
 

diff --git a/cmd/incusd/daemon.go b/cmd/incusd/daemon.go
@@ -170,6 +170,10 @@ type Daemon struct {
 	ovnsb *ovn.SB
 	ovnMu sync.Mutex
 
+	// OVS client.
+	ovs   *ovs.VSwitch
+	ovsMu sync.Mutex
+
 	// API info.
 	apiExtensions int
 }
@@ -561,6 +565,7 @@ func (d *Daemon) State() *state.State {
 		LocalConfig:            localConfig,
 		OS:                     d.os,
 		OVN:                    d.getOVN,
+		OVS:                    d.getOVS,
 		Proxy:                  d.proxy,
 		ServerCert:             d.serverCert,
 		ServerClustered:        d.serverClustered,
@@ -2540,7 +2545,7 @@ func (d *Daemon) setupOVN() error {
 	d.ovnsb = nil
 
 	// Connect to OpenVswitch.
-	vswitch, err := ovs.NewVSwitch()
+	vswitch, err := d.getOVS()
 	if err != nil {
 		return fmt.Errorf("Failed to connect to OVS: %w", err)
 	}
@@ -2608,3 +2613,33 @@ func (d *Daemon) getOVN() (*ovn.NB, *ovn.SB, error) {
 
 	return d.ovnnb, d.ovnsb, nil
 }
+
+func (d *Daemon) setupOVS() error {
+	d.ovsMu.Lock()
+	defer d.ovsMu.Unlock()
+
+	// Clear any existing client.
+	d.ovs = nil
+
+	// Connect to OpenVswitch.
+	vswitch, err := ovs.NewVSwitch(d.localConfig.NetworkOVSConnection())
+	if err != nil {
+		return fmt.Errorf("Failed to connect to OVS: %w", err)
+	}
+
+	// Set the client.
+	d.ovs = vswitch
+
+	return nil
+}
+
+func (d *Daemon) getOVS() (*ovs.VSwitch, error) {
+	if d.ovs == nil {
+		err := d.setupOVS()
+		if err != nil {
+			return nil, fmt.Errorf("Failed to connect to OVS: %w", err)
+		}
+	}
+
+	return d.ovs, nil
+}
diff --git a/cmd/incusd/networks.go b/cmd/incusd/networks.go
@@ -28,7 +28,6 @@ import (
 	"github.com/lxc/incus/v6/internal/server/instance/instancetype"
 	"github.com/lxc/incus/v6/internal/server/lifecycle"
 	"github.com/lxc/incus/v6/internal/server/network"
-	"github.com/lxc/incus/v6/internal/server/network/ovs"
 	"github.com/lxc/incus/v6/internal/server/project"
 	"github.com/lxc/incus/v6/internal/server/request"
 	"github.com/lxc/incus/v6/internal/server/resources"
@@ -961,7 +960,7 @@ func doNetworkGet(s *state.State, r *http.Request, allNodes bool, projectName st
 	} else if util.PathExists(fmt.Sprintf("/sys/class/net/%s/bonding", apiNet.Name)) {
 		apiNet.Type = "bond"
 	} else {
-		vswitch, err := ovs.NewVSwitch()
+		vswitch, err := s.OVS()
 		if err != nil {
 			return api.Network{}, fmt.Errorf("Failed to connect to OVS: %w", err)
 		}

diff --git a/doc/config_options.txt b/doc/config_options.txt
@@ -2442,13 +2442,21 @@ See {ref}`clustering-instance-placement-scriptlet` for more information.
 ```
 
 ```{config:option} network.ovn.northbound_connection server-miscellaneous
-:defaultdesc: "`unix:/var/run/ovn/ovnnb_db.sock`"
+:defaultdesc: "`unix:/run/ovn/ovnnb_db.sock`"
 :scope: "global"
 :shortdesc: "OVN northbound database connection string"
 :type: "string"
 
 ```
 
+```{config:option} network.ovs.connection server-miscellaneous
+:defaultdesc: "`unix:/run/openvswitch/db.sock`"
+:scope: "global"
+:shortdesc: "OVS socket path"
+:type: "string"
+
+```
+
 ```{config:option} storage.backups_volume server-miscellaneous
 :scope: "local"
 :shortdesc: "Volume to use to store backup tarballs"

diff --git a/doc/howto/network_ovn_setup.md b/doc/howto/network_ovn_setup.md
@@ -14,7 +14,7 @@ Complete the following steps to create a standalone OVN network that is connecte
 1. Configure the OVN integration bridge:
 
        sudo ovs-vsctl set open_vswitch . \
-          external_ids:ovn-remote=unix:/var/run/ovn/ovnsb_db.sock \
+          external_ids:ovn-remote=unix:/run/ovn/ovnsb_db.sock \
           external_ids:ovn-encap-type=geneve \
           external_ids:ovn-encap-ip=127.0.0.1
 

diff --git a/internal/server/cluster/config/config.go b/internal/server/cluster/config/config.go
@@ -731,9 +731,9 @@ var ConfigSchema = config.Schema{
 	// ---
 	//  type: string
 	//  scope: global
-	//  defaultdesc: `unix:/var/run/ovn/ovnnb_db.sock`
+	//  defaultdesc: `unix:/run/ovn/ovnnb_db.sock`
 	//  shortdesc: OVN northbound database connection string
-	"network.ovn.northbound_connection": {Default: "unix:/var/run/ovn/ovnnb_db.sock"},
+	"network.ovn.northbound_connection": {Default: "unix:/run/ovn/ovnnb_db.sock"},
 
 	// gendoc:generate(entity=server, group=miscellaneous, key=network.ovn.ca_cert)
 	//

diff --git a/internal/server/device/nic_bridged.go b/internal/server/device/nic_bridged.go
@@ -29,7 +29,6 @@ import (
 	"github.com/lxc/incus/v6/internal/server/instance/instancetype"
 	"github.com/lxc/incus/v6/internal/server/ip"
 	"github.com/lxc/incus/v6/internal/server/network"
-	"github.com/lxc/incus/v6/internal/server/network/ovs"
 	"github.com/lxc/incus/v6/internal/server/resources"
 	localUtil "github.com/lxc/incus/v6/internal/server/util"
 	internalUtil "github.com/lxc/incus/v6/internal/util"
@@ -566,12 +565,12 @@ func (d *nicBridged) Start() (*deviceConfig.RunConfig, error) {
 	revert.Add(r)
 
 	// Attach host side veth interface to bridge.
-	err = network.AttachInterface(d.config["parent"], saveData["host_name"])
+	err = network.AttachInterface(d.state, d.config["parent"], saveData["host_name"])
 	if err != nil {
 		return nil, err
 	}
 
-	revert.Add(func() { _ = network.DetachInterface(d.config["parent"], saveData["host_name"]) })
+	revert.Add(func() { _ = network.DetachInterface(d.state, d.config["parent"], saveData["host_name"]) })
 
 	// Attempt to disable router advertisement acceptance.
 	err = localUtil.SysctlSet(fmt.Sprintf("net/ipv6/conf/%s/accept_ra", saveData["host_name"]), "0")
@@ -824,7 +823,7 @@ func (d *nicBridged) postStop() error {
 
 	if d.config["host_name"] != "" && network.InterfaceExists(d.config["host_name"]) {
 		// Detach host-side end of veth pair from bridge (required for openvswitch particularly).
-		err := network.DetachInterface(d.config["parent"], d.config["host_name"])
+		err := network.DetachInterface(d.state, d.config["parent"], d.config["host_name"])
 		if err != nil {
 			return fmt.Errorf("Failed to detach interface %q from %q: %w", d.config["host_name"], d.config["parent"], err)
 		}
@@ -1537,7 +1536,7 @@ func (d *nicBridged) setupNativeBridgePortVLANs(hostName string) error {
 
 // setupOVSBridgePortVLANs configures the bridge port with the specified VLAN settings on the openvswitch bridge.
 func (d *nicBridged) setupOVSBridgePortVLANs(hostName string) error {
-	vswitch, err := ovs.NewVSwitch()
+	vswitch, err := d.state.OVS()
 	if err != nil {
 		return fmt.Errorf("Failed to connect to OVS: %w", err)
 	}

diff --git a/internal/server/device/nic_ovn.go b/internal/server/device/nic_ovn.go
@@ -25,7 +25,6 @@ import (
 	"github.com/lxc/incus/v6/internal/server/network"
 	"github.com/lxc/incus/v6/internal/server/network/acl"
 	"github.com/lxc/incus/v6/internal/server/network/ovn"
-	"github.com/lxc/incus/v6/internal/server/network/ovs"
 	"github.com/lxc/incus/v6/internal/server/project"
 	"github.com/lxc/incus/v6/internal/server/resources"
 	"github.com/lxc/incus/v6/internal/server/state"
@@ -439,7 +438,7 @@ func (d *nicOVN) Start() (*deviceConfig.RunConfig, error) {
 		delete(saveData, "host_name") // Nested NICs don't have a host side interface.
 	} else {
 		if d.config["acceleration"] == "sriov" {
-			vswitch, err := ovs.NewVSwitch()
+			vswitch, err := d.state.OVS()
 			if err != nil {
 				return nil, fmt.Errorf("Failed to connect to OVS: %w", err)
 			}
@@ -495,7 +494,7 @@ func (d *nicOVN) Start() (*deviceConfig.RunConfig, error) {
 			integrationBridgeNICName = vfRepresentor
 			peerName = vfDev
 		} else if d.config["acceleration"] == "vdpa" {
-			vswitch, err := ovs.NewVSwitch()
+			vswitch, err := d.state.OVS()
 			if err != nil {
 				return nil, fmt.Errorf("Failed to connect to OVS: %w", err)
 			}
@@ -657,7 +656,7 @@ func (d *nicOVN) Start() (*deviceConfig.RunConfig, error) {
 	runConf := deviceConfig.RunConfig{}
 
 	// Get local chassis ID for chassis group.
-	vswitch, err := ovs.NewVSwitch()
+	vswitch, err := d.state.OVS()
 	if err != nil {
 		return nil, fmt.Errorf("Failed to connect to OVS: %w", err)
 	}
@@ -880,7 +879,7 @@ func (d *nicOVN) Stop() (*deviceConfig.RunConfig, error) {
 	// port name using the same regime it does for new ports. This part is only here in order to allow
 	// instance ports generated under an older regime to be cleaned up properly.
 	networkVethFillFromVolatile(d.config, v)
-	vswitch, err := ovs.NewVSwitch()
+	vswitch, err := d.state.OVS()
 	if err != nil {
 		d.logger.Error("Failed to connect to OVS", logger.Ctx{"err": err})
 	}
@@ -1181,7 +1180,7 @@ func (d *nicOVN) setupHostNIC(hostName string, ovnPortName ovn.OVNSwitchPort) (r
 	// Attach host side veth interface to bridge.
 	integrationBridge := d.state.GlobalConfig.NetworkOVNIntegrationBridge()
 
-	vswitch, err := ovs.NewVSwitch()
+	vswitch, err := d.state.OVS()
 	if err != nil {
 		return nil, fmt.Errorf("Failed to connect to OVS: %w", err)
 	}

diff --git a/internal/server/instance/drivers/agent-loader/install.sh b/internal/server/instance/drivers/agent-loader/install.sh
@@ -36,7 +36,7 @@ systemctl daemon-reload
 
 # SELinux handling.
 if getenforce >/dev/null 2>&1 && type semanage >/dev/null 2>&1; then
-    semanage fcontext -a -t bin_t /var/run/incus_agent/incus-agent
+    semanage fcontext -a -t bin_t "${PWD}/incus-agent"
 fi
 
 echo ""

diff --git a/internal/server/metadata/configuration.json b/internal/server/metadata/configuration.json
@@ -2697,13 +2697,22 @@
 					},
 					{
 						"network.ovn.northbound_connection": {
-							"defaultdesc": "`unix:/var/run/ovn/ovnnb_db.sock`",
+							"defaultdesc": "`unix:/run/ovn/ovnnb_db.sock`",
 							"longdesc": "",
 							"scope": "global",
 							"shortdesc": "OVN northbound database connection string",
 							"type": "string"
 						}
 					},
+					{
+						"network.ovs.connection": {
+							"defaultdesc": "`unix:/run/openvswitch/db.sock`",
+							"longdesc": "",
+							"scope": "global",
+							"shortdesc": "OVS socket path",
+							"type": "string"
+						}
+					},
 					{
 						"storage.backups_volume": {
 							"longdesc": "Specify the volume using the syntax `POOL/VOLUME`.",

diff --git a/internal/server/network/driver_bridge.go b/internal/server/network/driver_bridge.go
@@ -29,7 +29,6 @@ import (
 	firewallDrivers "github.com/lxc/incus/v6/internal/server/firewall/drivers"
 	"github.com/lxc/incus/v6/internal/server/ip"
 	"github.com/lxc/incus/v6/internal/server/network/acl"
-	"github.com/lxc/incus/v6/internal/server/network/ovs"
 	"github.com/lxc/incus/v6/internal/server/project"
 	localUtil "github.com/lxc/incus/v6/internal/server/util"
 	"github.com/lxc/incus/v6/internal/server/warnings"
@@ -628,9 +627,9 @@ func (n *bridge) setup(oldConfig map[string]string) error {
 	// Create the bridge interface if doesn't exist.
 	if !n.isRunning() {
 		if n.config["bridge.driver"] == "openvswitch" {
-			vswitch, err := ovs.NewVSwitch()
-			if err != nil || !vswitch.Installed() {
-				return fmt.Errorf("Open vSwitch isn't installed on this system")
+			vswitch, err := n.state.OVS()
+			if err != nil {
+				return fmt.Errorf("Couldn't connect to OpenVSwitch: %v", err)
 			}
 
 			// Add and configure the interface in one operation to reduce the number of executions and
@@ -733,7 +732,7 @@ func (n *bridge) setup(oldConfig map[string]string) error {
 			revert.Add(func() { _ = dummy.Delete() })
 			err = dummy.SetUp()
 			if err == nil {
-				_ = AttachInterface(n.name, fmt.Sprintf("%s-mtu", n.name))
+				_ = AttachInterface(n.state, n.name, fmt.Sprintf("%s-mtu", n.name))
 			}
 		}
 	}
@@ -818,7 +817,7 @@ func (n *bridge) setup(oldConfig map[string]string) error {
 				return fmt.Errorf("Only unconfigured network interfaces can be bridged")
 			}
 
-			err = AttachInterface(n.name, entry)
+			err = AttachInterface(n.state, n.name, entry)
 			if err != nil {
 				return err
 			}
@@ -1320,7 +1319,7 @@ func (n *bridge) setup(oldConfig map[string]string) error {
 		}
 
 		// Bridge it and bring up.
-		err = AttachInterface(n.name, tunName)
+		err = AttachInterface(n.state, n.name, tunName)
 		if err != nil {
 			return err
 		}
@@ -1535,7 +1534,7 @@ func (n *bridge) Stop() error {
 
 	// Destroy the bridge interface
 	if n.config["bridge.driver"] == "openvswitch" {
-		vswitch, err := ovs.NewVSwitch()
+		vswitch, err := n.state.OVS()
 		if err != nil {
 			return err
 		}
@@ -1673,7 +1672,7 @@ func (n *bridge) Update(newNetwork api.NetworkPut, targetNode string, clientType
 				}
 
 				if !slices.Contains(devices, dev) && InterfaceExists(ifName) {
-					err = DetachInterface(n.name, ifName)
+					err = DetachInterface(n.state, n.name, ifName)
 					if err != nil {
 						return err
 					}