d59c61caa5
This driver allows to announce tenant networks with an address scope via the virtual router IP. For this to work, all routers in the respective L2 network must be reachable to each other and the ovn-bgp-agent/frr needs an IP in this network to talk to its BGP peer. The following changes have been made: - To filter which networks are announced via which agent/BGP session, we added a filter on the OpenStack address scope - Networks are announced instead of VM IPs - Add SubnetRouterUpdateEvent to handle updates of lrp ports Depends-on: https://review.opendev.org/c/openstack/neutron/+/861719 Change-Id: I6e48c7e056ba2101ad670ab54c96e072459c5e65
174 lines
7.3 KiB
Python
174 lines
7.3 KiB
Python
# Copyright 2021 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
import shlex
|
|
|
|
from oslo_config import cfg
|
|
from oslo_log import log as logging
|
|
from oslo_privsep import priv_context
|
|
|
|
LOG = logging.getLogger(__name__)
|
|
|
|
agent_opts = [
|
|
cfg.IntOpt('reconcile_interval',
|
|
help='Time between re-sync actions.',
|
|
default=120),
|
|
cfg.BoolOpt('expose_tenant_networks',
|
|
help='Expose VM IPs on tenant networks. '
|
|
'If this flag is enabled, it takes precedence over '
|
|
'expose_ipv6_gua_tenant_networks flag and all tenant '
|
|
'network IPs will be exposed.',
|
|
default=False),
|
|
cfg.BoolOpt('expose_ipv6_gua_tenant_networks',
|
|
help='Expose only VM IPv6 IPs on tenant networks if they are '
|
|
'GUA. The expose_tenant_networks parameter takes '
|
|
'precedence over this one. So if it is set, all the '
|
|
'tenant network IPs will be exposed and not only the '
|
|
'IPv6 GUA IPs.',
|
|
default=False),
|
|
cfg.StrOpt('driver',
|
|
help='Driver to be used',
|
|
default='ovn_bgp_driver'),
|
|
cfg.StrOpt('ovsdb_connection',
|
|
default='unix:/usr/local/var/run/openvswitch/db.sock',
|
|
help='The connection string for the native OVSDB backend.\n'
|
|
'Use tcp:IP:PORT for TCP connection.\n'
|
|
'Use unix:FILE for unix domain socket connection.'),
|
|
cfg.StrOpt('ovn_sb_private_key',
|
|
default='/etc/pki/tls/private/ovn_controller.key',
|
|
help='The PEM file with private key for SSL connection to '
|
|
'OVN-SB-DB'),
|
|
cfg.StrOpt('ovn_sb_certificate',
|
|
default='/etc/pki/tls/certs/ovn_controller.crt',
|
|
help='The PEM file with certificate that certifies the '
|
|
'private key specified in ovn_sb_private_key'),
|
|
cfg.StrOpt('ovn_sb_ca_cert',
|
|
default='/etc/ipa/ca.crt',
|
|
help='The PEM file with CA certificate that OVN should use to'
|
|
' verify certificates presented to it by SSL peers'),
|
|
cfg.StrOpt('bgp_AS',
|
|
default='64999',
|
|
help='AS number to be used by the Agent when running in BGP '
|
|
'mode and configuring the VRF route leaking.'),
|
|
cfg.StrOpt('bgp_router_id',
|
|
default=None,
|
|
help='Router ID to be used by the Agent when running in BGP '
|
|
'mode and configuring the VRF route leaking.'),
|
|
cfg.IPOpt('evpn_local_ip',
|
|
default=None,
|
|
help='IP address of local EVPN VXLAN (tunnel) endpoint. '
|
|
'This option can be used instead of the evpn_nic one. '
|
|
'If none specified, it will take the one from the '
|
|
'loopback device.'),
|
|
cfg.StrOpt('evpn_nic',
|
|
default=None,
|
|
help='NIC with the IP address to use for the local EVPN '
|
|
'VXLAN (tunnel) endpoint. This option can be used '
|
|
'instead of the evpn_local_ip one. If none specified, '
|
|
'it will take the one from the loopback device.'),
|
|
cfg.PortOpt('evpn_udp_dstport',
|
|
default=4789,
|
|
help='The UDP port used for EVPN VXLAN communication. By '
|
|
'default 4789 is being used.'),
|
|
cfg.BoolOpt('clear_vrf_routes_on_startup',
|
|
help='If enabled, all routes are removed from the VRF table'
|
|
'(specified by bgp_vrf_table_id option) at startup.',
|
|
default=False),
|
|
cfg.StrOpt('bgp_nic',
|
|
default='bgp-nic',
|
|
help='The name of the interface used within the VRF '
|
|
'(bgp_vrf option) to expose the IPs and/or Networks.'),
|
|
cfg.StrOpt('bgp_vrf',
|
|
default='bgp-vrf',
|
|
help='The name of the VRF to be used to expose the IPs '
|
|
'and/or Networks through BGP.'),
|
|
cfg.IntOpt('bgp_vrf_table_id',
|
|
default=10,
|
|
help='The Routing Table ID that the VRF (bgp_vrf option) '
|
|
'should use. If it does not exist, this table will be '
|
|
'created.'),
|
|
cfg.ListOpt('address_scopes',
|
|
default=None,
|
|
help='Allows to filter on the address scope. Only networks'
|
|
' with the same address scope on the provider and'
|
|
' internal interface are announced.'),
|
|
]
|
|
|
|
root_helper_opts = [
|
|
cfg.StrOpt('root_helper', default='sudo',
|
|
help=("Root helper application. "
|
|
"Use 'sudo ovn-bgp-agent-rootwrap "
|
|
"/etc/ovn-bgp-agent/rootwrap.conf' to use the real "
|
|
"root filter facility. Change to 'sudo' to skip the "
|
|
"filtering and just run the command directly.")),
|
|
cfg.BoolOpt('use_helper_for_ns_read',
|
|
default=True,
|
|
help=("Use the root helper when listing the namespaces on a "
|
|
"system. This may not be required depending on the "
|
|
"security configuration. If the root helper is "
|
|
"not required, set this to False for a performance "
|
|
"improvement.")),
|
|
# We can't just use root_helper=sudo ovn-bgp-agent-rootwrap-daemon $cfg
|
|
# because it isn't appropriate for long-lived processes spawned with
|
|
# create_process. Having a bool use_rootwrap_daemon option precludes
|
|
# specifying the rootwrap daemon command, which may be necessary for Xen?
|
|
cfg.StrOpt('root_helper_daemon',
|
|
help=("""
|
|
Root helper daemon application to use when possible.
|
|
|
|
Use 'sudo ovn-bgp-agent-rootwrap-daemon /etc/ovn-bgp-agent/rootwrap.conf'
|
|
to run rootwrap in "daemon mode" which has been reported to improve
|
|
performance at scale. For more information on running rootwrap in
|
|
"daemon mode", see:
|
|
|
|
https://docs.openstack.org/oslo.rootwrap/latest/user/usage.html#daemon-mode
|
|
""")),
|
|
]
|
|
|
|
CONF = cfg.CONF
|
|
CONF.register_opts(agent_opts)
|
|
CONF.register_opts(root_helper_opts, "AGENT")
|
|
|
|
logging.register_options(CONF)
|
|
|
|
|
|
def register_opts():
|
|
cfg.CONF.register_opts(agent_opts)
|
|
cfg.CONF.register_opts(root_helper_opts, "AGENT")
|
|
|
|
|
|
def init(args, **kwargs):
|
|
CONF(args=args, project='bgp-agent', **kwargs)
|
|
|
|
|
|
def setup_logging():
|
|
logging.setup(CONF, 'bgp-agent')
|
|
logging.set_defaults(default_log_levels=logging.get_default_log_levels())
|
|
LOG.info("Logging enabled!")
|
|
|
|
|
|
def get_root_helper(conf):
|
|
return conf.AGENT.root_helper
|
|
|
|
|
|
def setup_privsep():
|
|
priv_context.init(root_helper=shlex.split(get_root_helper(cfg.CONF)))
|
|
|
|
|
|
def list_opts():
|
|
return [
|
|
("DEFAULT", agent_opts),
|
|
("AGENT", root_helper_opts)
|
|
]
|