| 2025-01-04 03:17:41 |
Miro Tomaska |
description |
While I was experimenting with metadata service I discovered that ovn metadata agent fails to spawn a haproxy service when port security is disabled.
This happens because here [1] we look into vif_port mac column for an IP address. However, when port security is disabled, OVN will set it to [unknown]. As per OVN documentation [2] this column is not guranteed to contain MAC and IPs
mac: set of strings
This column is a misnomer as it may contain MAC addresses
and IP addresses.
Example of a VIF port with security disabled (I am omiting some columns/data):
_uuid : 43a5e506-2361-4cdb-a2fb-2ce0636cf34a
chassis : 5f37d656-e7ab-4ea9-8a9a-52633fb2b43e
datapath : ef68b5d5-a133-4dcd-98ba-6aac76dcf148
external_ids : {"neutron:cidrs"="2001:db8:0:1:f816:3eff:feef:f2ad/64", .....}
logical_port : "19b7a707-4762-400b-9fd9-6e90cf5bfbde"
mac : [unknown]
port_security : []
type : ""
When the port security is enabled the mac column looks like this:
mac : ["fa:16:3e:ef:f2:ad 2001:db8:0:1:f816:3eff:feef:f2ad"]
port_security : ["fa:16:3e:ef:f2:ad 2001:db8:0:1:f816:3eff:feef:f2ad"]
It appears that more reliable way of getting an IP would be extracting it from external_ids column under the neutron:cidrs key.
This eventually just manifests as this[3] log in the agents logs.
[1]
https://github.com/openstack/neutron/blob/0c29e730db2629c084de0c114a0d1e8e6939ac25/neutron/agent/ovn/metadata/agent.py#L619-L622
[2] https://man7.org/linux/man-pages/man5/ovn-sb.5.html#Port_Binding_TABLE
[3] https://github.com/openstack/neutron/blob/0c29e730db2629c084de0c114a0d1e8e6939ac25/neutron/agent/ovn/metadata/agent.py#L627-L630 |
While I was experimenting with metadata service I discovered that ovn metadata agent fails to spawn a haproxy service when port security is disabled.
This happens because here [1] we look into vif_port mac column for an IP address. However, when port security is disabled, OVN will set it to [unknown]. As per OVN documentation [2] this column is not guranteed to contain MAC and IPs
mac: set of strings
This column is a misnomer as it may contain MAC addresses
and IP addresses.
Example of a VIF port with security disabled (I am omiting some columns/data):
_uuid : 43a5e506-2361-4cdb-a2fb-2ce0636cf34a
chassis : 5f37d656-e7ab-4ea9-8a9a-52633fb2b43e
datapath : ef68b5d5-a133-4dcd-98ba-6aac76dcf148
external_ids : {"neutron:cidrs"="2001:db8:0:1:f816:3eff:feef:f2ad/64", .....}
logical_port : "19b7a707-4762-400b-9fd9-6e90cf5bfbde"
mac : [unknown]
port_security : []
type : ""
When the port security is enabled the mac column looks like this:
mac : ["fa:16:3e:ef:f2:ad 2001:db8:0:1:f816:3eff:feef:f2ad"]
port_security : ["fa:16:3e:ef:f2:ad 2001:db8:0:1:f816:3eff:feef:f2ad"]
It appears that more reliable way of getting an IP would be extracting it from external_ids column under the neutron:cidrs key.
This eventually just manifests as this[3] log in the agents logs.
[1]
https://github.com/openstack/neutron/blob/0c29e730db2629c084de0c114a0d1e8e6939ac25/neutron/agent/ovn/metadata/agent.py#L619-L622
[2] https://man7.org/linux/man-pages/man5/ovn-sb.5.html#Port_Binding_TABLE
[3] https://github.com/openstack/neutron/blob/0c29e730db2629c084de0c114a0d1e8e6939ac25/neutron/agent/ovn/metadata/agent.py#L627-L630 |
|
