lxc · hallyn · Jun 26, 2024 · Jun 26, 2024 · Jun 26, 2024 · Jun 26, 2024
@@ -403,7 +403,7 @@ func ovnApplyToPortGroup(l logger.Logger, client *ovn.NB, aclInfo *api.NetworkAC
 	}
 
 	// Clear all existing ACL rules from port group then add the new rules to the port group.
-	err = client.PortGroupSetACLRules(portGroupName, nil, portGroupRules...)
+	err = client.UpdatePortGroupACLRules(context.TODO(), portGroupName, nil, portGroupRules...)
 	if err != nil {
 		return fmt.Errorf("Failed applying ACL %q rules to port group %q: %w", aclInfo.Name, portGroupName, err)
 	}
@@ -419,7 +419,7 @@ func ovnApplyToPortGroup(l logger.Logger, client *ovn.NB, aclInfo *api.NetworkAC
 			fmt.Sprintf("@%s", ruleSubjectExternal): fmt.Sprintf(`"%s"`, OVNIntSwitchRouterPortName(aclNet.ID)),
 		}
 
-		err = client.PortGroupSetACLRules(netPortGroupName, matchReplace, networkRules...)
+		err = client.UpdatePortGroupACLRules(context.TODO(), netPortGroupName, matchReplace, networkRules...)
 		if err != nil {
 			return fmt.Errorf("Failed applying ACL %q rules to port group %q for network %q: %w", aclInfo.Name, netPortGroupName, aclNet.Name, err)
 		}
@@ -746,7 +746,7 @@ func OVNApplyNetworkBaselineRules(client *ovn.NB, switchName ovn.OVNSwitch, rout
 		)
 	}
 
-	err := client.LogicalSwitchSetACLRules(switchName, rules...)
+	err := client.UpdateLogicalSwitchACLRules(context.TODO(), switchName, rules...)
 	if err != nil {
 		return fmt.Errorf("Failed applying baseline ACL rules to logical switch %q: %w", switchName, err)
 	}
@@ -1024,7 +1024,7 @@ func OVNApplyInstanceNICDefaultRules(client *ovn.NB, switchPortGroup ovn.OVNPort
 		},
 	}
 
-	err := client.PortGroupPortSetACLRules(switchPortGroup, nicPortName, rules...)
+	err := client.UpdatePortGroupPortACLRules(context.TODO(), switchPortGroup, nicPortName, rules...)
 	if err != nil {
 		return fmt.Errorf("Failed applying instance NIC default ACL rules for port %q: %w", nicPortName, err)
 	}

@@ -3143,7 +3143,7 @@ func (n *ovn) Update(newNetwork api.NetworkPut, targetNode string, clientType re
 				// If there are no ACLs being applied to the NIC (either from network or NIC) then
 				// we should remove the default rule from the NIC.
 				if len(newACLs) <= 0 && len(nicACLs) <= 0 {
-					err = n.state.OVNNB.PortGroupPortClearACLRules(acl.OVNIntSwitchPortGroupName(n.ID()), instancePortName)
+					err = n.state.OVNNB.ClearPortGroupPortACLRules(context.TODO(), acl.OVNIntSwitchPortGroupName(n.ID()), instancePortName)
 					if err != nil {
 						return fmt.Errorf("Failed clearing OVN default ACL rules for instance NIC: %w", err)
 					}
@@ -3425,7 +3425,9 @@ func (n *ovn) InstanceDevicePortAdd(instanceUUID string, deviceName string, devi
 		return fmt.Errorf("Failed adding DNS record: %w", err)
 	}
 
-	revert.Add(func() { _ = n.state.OVNNB.LogicalSwitchPortDeleteDNS(n.getIntSwitchName(), dnsUUID, true) })
+	revert.Add(func() {
+		_ = n.state.OVNNB.DeleteLogicalSwitchPortDNS(context.TODO(), n.getIntSwitchName(), dnsUUID, true)
+	})
 
 	// If NIC has static IPv4 address then create a DHCPv4 reservation.
 	if deviceConfig["ipv4.address"] != "" {
@@ -3704,7 +3706,9 @@ func (n *ovn) InstanceDevicePortStart(opts *OVNInstanceNICSetupOpts, securityACL
 		return "", nil, fmt.Errorf("Failed setting DNS for %q: %w", dnsName, err)
 	}
 
-	revert.Add(func() { _ = n.state.OVNNB.LogicalSwitchPortDeleteDNS(n.getIntSwitchName(), dnsUUID, false) })
+	revert.Add(func() {
+		_ = n.state.OVNNB.DeleteLogicalSwitchPortDNS(context.TODO(), n.getIntSwitchName(), dnsUUID, false)
+	})
 
 	// If NIC has static IPv4 address then ensure a DHCPv4 reservation exists.
 	// Do this at start time as well as add time in case an instance was copied (causing a duplicate address
@@ -4000,7 +4004,7 @@ func (n *ovn) InstanceDevicePortStart(opts *OVNInstanceNICSetupOpts, securityACL
 
 		n.logger.Debug("Set NIC default rule", logger.Ctx{"port": instancePortName, "ingressAction": ingressAction, "ingressLogged": ingressLogged, "egressAction": egressAction, "egressLogged": egressLogged})
 	} else {
-		err = n.state.OVNNB.PortGroupPortClearACLRules(acl.OVNIntSwitchPortGroupName(n.ID()), instancePortName)
+		err = n.state.OVNNB.ClearPortGroupPortACLRules(context.TODO(), acl.OVNIntSwitchPortGroupName(n.ID()), instancePortName)
 		if err != nil {
 			return "", nil, fmt.Errorf("Failed clearing OVN default ACL rules for instance NIC: %w", err)
 		}
@@ -4099,7 +4103,7 @@ func (n *ovn) InstanceDevicePortStop(ovsExternalOVNPort networkOVN.OVNSwitchPort
 	}
 
 	// Cleanup logical switch port and associated config.
-	err = n.state.OVNNB.LogicalSwitchPortCleanup(instancePortName, n.getIntSwitchName(), acl.OVNIntSwitchPortGroupName(n.ID()), dnsUUID)
+	err = n.state.OVNNB.CleanupLogicalSwitchPort(context.TODO(), instancePortName, n.getIntSwitchName(), acl.OVNIntSwitchPortGroupName(n.ID()), dnsUUID)
 	if err != nil {
 		return err
 	}
@@ -4228,7 +4232,7 @@ func (n *ovn) InstanceDevicePortRemove(instanceUUID string, deviceName string, d
 			}
 		}
 
-		err = n.state.OVNNB.LogicalSwitchPortDeleteDNS(n.getIntSwitchName(), dnsUUID, true)
+		err = n.state.OVNNB.DeleteLogicalSwitchPortDNS(context.TODO(), n.getIntSwitchName(), dnsUUID, true)
 		if err != nil {
 			return fmt.Errorf("Failed deleting DNS record: %w", err)
 		}

@@ -6,7 +6,6 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
-	"os"
 	"reflect"
 	"runtime"
 	"strings"
@@ -17,21 +16,13 @@ import (
 	ovsdbClient "github.com/ovn-org/libovsdb/client"
 	ovsdbModel "github.com/ovn-org/libovsdb/model"
 
-	"github.com/lxc/incus/v6/internal/linux"
 	ovnNB "github.com/lxc/incus/v6/internal/server/network/ovn/schema/ovn-nb"
-	"github.com/lxc/incus/v6/shared/subprocess"
 )
 
 // NB client.
 type NB struct {
 	client ovsdbClient.Client
 	cookie ovsdbClient.MonitorCookie
-
-	// For nbctl command calls.
-	dbAddr        string
-	sslCACert     string
-	sslClientCert string
-	sslClientKey  string
 }
 
 var nb *NB
@@ -43,9 +34,7 @@ func NewNB(dbAddr string, sslCACert string, sslClientCert string, sslClientKey s
 	}
 
 	// Create the NB struct.
-	client := &NB{
-		dbAddr: dbAddr,
-	}
+	client := &NB{}
 
 	// Prepare the OVSDB client.
 	dbSchema, err := ovnNB.FullDatabaseModel()
@@ -140,11 +129,6 @@ func NewNB(dbAddr string, sslCACert string, sslClientCert string, sslClientKey s
 
 		// Add the TLS config to the client.
 		options = append(options, ovsdbClient.WithTLSConfig(tlsConfig))
-
-		// Fill the fields need for the CLI calls.
-		client.sslCACert = sslCACert
-		client.sslClientCert = sslClientCert
-		client.sslClientKey = sslClientKey
 	}
 
 	// Connect to OVSDB.
@@ -230,49 +214,3 @@ func (o *NB) get(ctx context.Context, m ovsdbModel.Model) error {
 	reflect.ValueOf(m).Elem().Set(rVal.Index(0))
 	return nil
 }
-
-// nbctl executes ovn-nbctl with arguments to connect to wrapper's northbound database.
-func (o *NB) nbctl(extraArgs ...string) (string, error) {
-	// Figure out args.
-	args := []string{"--timeout=10", "--db", o.dbAddr}
-
-	// Handle SSL args.
-	files := []*os.File{}
-	if strings.Contains(o.dbAddr, "ssl:") {
-		// Handle client certificate.
-		clientCertFile, err := linux.CreateMemfd([]byte(o.sslClientCert))
-		if err != nil {
-			return "", err
-		}
-
-		defer clientCertFile.Close()
-		files = append(files, clientCertFile)
-
-		// Handle client key.
-		clientKeyFile, err := linux.CreateMemfd([]byte(o.sslClientKey))
-		if err != nil {
-			return "", err
-		}
-
-		defer clientKeyFile.Close()
-		files = append(files, clientKeyFile)
-
-		// Handle CA certificate.
-		caCertFile, err := linux.CreateMemfd([]byte(o.sslCACert))
-		if err != nil {
-			return "", err
-		}
-
-		defer caCertFile.Close()
-		files = append(files, caCertFile)
-
-		args = append(args,
-			"-c", "/proc/self/fd/3",
-			"-p", "/proc/self/fd/4",
-			"-C", "/proc/self/fd/5",
-		)
-	}
-
-	args = append(args, extraArgs...)
-	return subprocess.RunCommandInheritFds(context.Background(), files, "ovn-nbctl", args...)
-}