Hey all,
When I take a look at [1], I can see some parameters, such as network_device_mtu, isolate_vif, etc.
As far as I can tell, nova is using these params when plugging the port in OVS (if using OVS as ml2 plugin of course).
But I cannot find the config params in the documentation: [2]
Am I missing something?
Cheers, Arnaud.
[1] https://github.com/openstack/os-vif/blob/master/vif_plug_ovs/ovs.py [2] https://docs.openstack.org/nova/latest/configuration/config.html
Hi Arnaud:
Those parameters should be set in nova.conf, in the "os_vif_XXX" section [1].
"network_device_mtu" is deprecated. The interface MTU is retrieved from the network MTU. "ovs_vsctl_timeout" is deprecated too, we don't use vsctl commands anymore.
Maybe Nova folks can extend my answer.
Regards.
[1] https://github.com/openstack/nova/blob/50fdbc752a9ca9c31488140ef2997ed59d861...
On Fri, Mar 4, 2022 at 6:18 PM Arnaud Morin arnaud.morin@gmail.com wrote:
Hey all,
When I take a look at [1], I can see some parameters, such as network_device_mtu, isolate_vif, etc.
As far as I can tell, nova is using these params when plugging the port in OVS (if using OVS as ml2 plugin of course).
But I cannot find the config params in the documentation: [2]
Am I missing something?
Cheers, Arnaud.
[1] https://github.com/openstack/os-vif/blob/master/vif_plug_ovs/ovs.py [2] https://docs.openstack.org/nova/latest/configuration/config.html
On Fri, 2022-03-04 at 18:33 +0100, Rodolfo Alonso Hernandez wrote:
Hi Arnaud:
Those parameters should be set in nova.conf, in the "os_vif_XXX" section [1].
"network_device_mtu" is deprecated. The interface MTU is retrieved from the network MTU. "ovs_vsctl_timeout" is deprecated too, we don't use vsctl commands anymore.
actully we do use vsctl at least in ci but it is deprecated. we are currently using it in ci to workaround a bug in the ovs python bindings.
after the RC period is clear i might revert that since i think the ovs python bidnign are fixed but im not sure they are fixed in ubuntu 20.04 so i dont want to regress the ci stablity currently by reverting to the native bindings.
https://review.opendev.org/c/openstack/devstack/+/796826
ill update https://github.com/openstack/devstack/blob/master/lib/os-vif#L6 to native once we are sure https://bugs.launchpad.net/os-vif/+bug/1929446 is fixed in the ovs python bindings.
Maybe Nova folks can extend my answer.
Regards.
[1] https://github.com/openstack/nova/blob/50fdbc752a9ca9c31488140ef2997ed59d861...
On Fri, Mar 4, 2022 at 6:18 PM Arnaud Morin arnaud.morin@gmail.com wrote:
Hey all,
When I take a look at [1], I can see some parameters, such as network_device_mtu, isolate_vif, etc.
As far as I can tell, nova is using these params when plugging the port in OVS (if using OVS as ml2 plugin of course).
But I cannot find the config params in the documentation: [2]
Am I missing something?
Cheers, Arnaud.
[1] https://github.com/openstack/os-vif/blob/master/vif_plug_ovs/ovs.py [2] https://docs.openstack.org/nova/latest/configuration/config.html
Hi Sean, Rodolfo,
Thanks for your answers. I will try to do the patch next week so these parameters are included in the nova config sample and documentation.
About the isolated_vif params. It seems like a security enhancement to set it to True when using ovs? Do you confirm that?
Regards, Arnaud
Le 4 mars 2022 18:57:40 GMT+01:00, Sean Mooney smooney@redhat.com a écrit :
On Fri, 2022-03-04 at 18:33 +0100, Rodolfo Alonso Hernandez wrote:
Hi Arnaud:
Those parameters should be set in nova.conf, in the "os_vif_XXX" section [1].
"network_device_mtu" is deprecated. The interface MTU is retrieved from the network MTU. "ovs_vsctl_timeout" is deprecated too, we don't use vsctl commands anymore.
actully we do use vsctl at least in ci but it is deprecated. we are currently using it in ci to workaround a bug in the ovs python bindings.
after the RC period is clear i might revert that since i think the ovs python bidnign are fixed but im not sure they are fixed in ubuntu 20.04 so i dont want to regress the ci stablity currently by reverting to the native bindings.
https://review.opendev.org/c/openstack/devstack/+/796826
ill update https://github.com/openstack/devstack/blob/master/lib/os-vif#L6 to native once we are sure https://bugs.launchpad.net/os-vif/+bug/1929446 is fixed in the ovs python bindings.
Maybe Nova folks can extend my answer.
Regards.
[1] https://github.com/openstack/nova/blob/50fdbc752a9ca9c31488140ef2997ed59d861...
On Fri, Mar 4, 2022 at 6:18 PM Arnaud Morin arnaud.morin@gmail.com wrote:
Hey all,
When I take a look at [1], I can see some parameters, such as network_device_mtu, isolate_vif, etc.
As far as I can tell, nova is using these params when plugging the port in OVS (if using OVS as ml2 plugin of course).
But I cannot find the config params in the documentation: [2]
Am I missing something?
Cheers, Arnaud.
[1] https://github.com/openstack/os-vif/blob/master/vif_plug_ovs/ovs.py [2] https://docs.openstack.org/nova/latest/configuration/config.html
On Fri, 2022-03-04 at 19:57 +0100, Arnaud wrote:
Hi Sean, Rodolfo,
Thanks for your answers. I will try to do the patch next week so these parameters are included in the nova config sample and documentation.
About the isolated_vif params. It seems like a security enhancement to set it to True when using ovs? Do you confirm that?
yes if you are usging ovs with ml2/ovs and the l2 agent then you shoudl enable isolated_vif to enaure that the port are added to the "dead" vlan 4095 which will drop all packets until the l2 agent moves the port onto the correct local vlan for the neutron netowrk. this impoves tenant isolation during move operations.
it is not requried/tested with ovn, odl or other sdn contolers that use ovs as a switch. they do not use vlans for local tenant isolation or the normal action. they use ovs in secure mode which will drop packets by default if there are no openflow rules to process the packet. as such they shoudl not have isolated_vif enabled.
Regards, Arnaud
Le 4 mars 2022 18:57:40 GMT+01:00, Sean Mooney smooney@redhat.com a écrit :
On Fri, 2022-03-04 at 18:33 +0100, Rodolfo Alonso Hernandez wrote:
Hi Arnaud:
Those parameters should be set in nova.conf, in the "os_vif_XXX" section [1].
"network_device_mtu" is deprecated. The interface MTU is retrieved from the network MTU. "ovs_vsctl_timeout" is deprecated too, we don't use vsctl commands anymore.
actully we do use vsctl at least in ci but it is deprecated. we are currently using it in ci to workaround a bug in the ovs python bindings.
after the RC period is clear i might revert that since i think the ovs python bidnign are fixed but im not sure they are fixed in ubuntu 20.04 so i dont want to regress the ci stablity currently by reverting to the native bindings.
https://review.opendev.org/c/openstack/devstack/+/796826
ill update https://github.com/openstack/devstack/blob/master/lib/os-vif#L6 to native once we are sure https://bugs.launchpad.net/os-vif/+bug/1929446 is fixed in the ovs python bindings.
Maybe Nova folks can extend my answer.
Regards.
[1] https://github.com/openstack/nova/blob/50fdbc752a9ca9c31488140ef2997ed59d861...
On Fri, Mar 4, 2022 at 6:18 PM Arnaud Morin arnaud.morin@gmail.com wrote:
Hey all,
When I take a look at [1], I can see some parameters, such as network_device_mtu, isolate_vif, etc.
As far as I can tell, nova is using these params when plugging the port in OVS (if using OVS as ml2 plugin of course).
But I cannot find the config params in the documentation: [2]
Am I missing something?
Cheers, Arnaud.
[1] https://github.com/openstack/os-vif/blob/master/vif_plug_ovs/ovs.py [2] https://docs.openstack.org/nova/latest/configuration/config.html
On Fri, 2022-03-04 at 17:07 +0000, Arnaud Morin wrote:
Hey all,
When I take a look at [1], I can see some parameters, such as network_device_mtu, isolate_vif, etc.
As far as I can tell, nova is using these params when plugging the port in OVS (if using OVS as ml2 plugin of course).
But I cannot find the config params in the documentation: [2]
Am I missing something?
no we dont currently generate that documenation currntly https://docs.openstack.org/nova/latest/configuration/config.html should list it but we have not added the appropriate namespaces to the list of namespaces for nova to generate.
to use these option today you create a [os_vif_ovs] section in your nova.conf we do that in devstack today https://github.com/openstack/devstack/blob/master/lib/os-vif
so if you look at the nova-cpu.conf form one of our jobs you can see it set to false in this case since we are using ovn https://zuul.openstack.org/build/7ea68106815e492a8de73c28afffaa0a/log/contro...
network_device_mtu is not used anymore that was for nova network and should be delete in the future.
ovsdb_connection = tcp:[::1]:6640 isolate_vif = False ovsdb_interface = vsctl
are all valid to configure still.
i think we just need to add os-vif here https://github.com/openstack/nova/blob/a74bced0eb3232c0c3384e26db1838bbc26c2... although i coudl be wrong. i know there is something we need to tweek to include options form opther project likel the messaging option in the config ref the os-vif docs are located here but we do not generate a sperate config ref https://docs.openstack.org/os-vif/xena/index.html
Cheers, Arnaud.
[1] https://github.com/openstack/os-vif/blob/master/vif_plug_ovs/ovs.py [2] https://docs.openstack.org/nova/latest/configuration/config.html
On Fri, 2022-03-04 at 17:37 +0000, Sean Mooney wrote:
On Fri, 2022-03-04 at 17:07 +0000, Arnaud Morin wrote:
Hey all,
When I take a look at [1], I can see some parameters, such as network_device_mtu, isolate_vif, etc.
As far as I can tell, nova is using these params when plugging the port in OVS (if using OVS as ml2 plugin of course).
But I cannot find the config params in the documentation: [2]
Am I missing something?
no we dont currently generate that documenation currntly https://docs.openstack.org/nova/latest/configuration/config.html should list it but we have not added the appropriate namespaces to the list of namespaces for nova to generate.
to use these option today you create a [os_vif_ovs] section in your nova.conf we do that in devstack today https://github.com/openstack/devstack/blob/master/lib/os-vif
so if you look at the nova-cpu.conf form one of our jobs you can see it set to false in this case since we are using ovn https://zuul.openstack.org/build/7ea68106815e492a8de73c28afffaa0a/log/contro...
network_device_mtu is not used anymore that was for nova network and should be delete in the future.
ovsdb_connection = tcp:[::1]:6640 isolate_vif = False ovsdb_interface = vsctl
are all valid to configure still.
i think we just need to add os-vif here https://github.com/openstack/nova/blob/a74bced0eb3232c0c3384e26db1838bbc26c2... although i coudl be wrong.
actully i think we need to list the namespce here https://github.com/openstack/nova/blob/a74bced0eb3232c0c3384e26db1838bbc26c2... in the sample nova-config generator config
i dont think its hard to fix that you just need to find the right place and added it but no one has done the work to figure it out and push a patch.
i know there is something we need to tweek to include options form opther project likel the messaging option in the config ref the os-vif docs are located here but we do not generate a sperate config ref https://docs.openstack.org/os-vif/xena/index.html
Cheers, Arnaud.
[1] https://github.com/openstack/os-vif/blob/master/vif_plug_ovs/ovs.py [2] https://docs.openstack.org/nova/latest/configuration/config.html
participants (4)
-
Arnaud
-
Arnaud Morin
-
Rodolfo Alonso Hernandez
-
Sean Mooney