The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8038
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
These will be automatically added to new OVN networks when the associated IP address setting is being auto-generated.
Otherwise if these settings are missing then the default is to disable NAT.
From e67455914b5fe60c4a16c7a102518f3358df7ebf Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Thu, 15 Oct 2020 17:29:57 +0100
Subject: [PATCH 1/3] api: Adds network_ovn_nat extension
Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
doc/api-extensions.md | 8 ++++++++
shared/version/api.go | 1 +
2 files changed, 9 insertions(+)
diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index 06d84d4570..aac2f59bcf 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -1200,3 +1200,11 @@ allowed to be used in child OVN networks in their
`ipv4.routes.external` and `ip
Introduces the `restricted.networks.subnets` project setting that specifies
which external subnets are allowed to
be used by OVN networks inside the project (if not set then all routes defined
on the uplink network are allowed).
+
+## network\_ovn\_nat
+Adds support for `ipv4.nat` and `ipv6.nat` settings on `ovn` networks.
+
+When creating the network if these settings are unspecified, and an equivalent
IP address is being generated for
+the subnet, then the appropriate NAT setting will added set to `true`.
+
+If the setting is missing then the value is taken as `false`.
diff --git a/shared/version/api.go b/shared/version/api.go
index 9d9da206d9..b0bada4a3f 100644
--- a/shared/version/api.go
+++ b/shared/version/api.go
@@ -231,6 +231,7 @@ var APIExtensions = []string{
"storage_rsync_compression",
"network_type_physical",
"network_ovn_external_subnets",
+ "network_ovn_nat",
}
// APIExtensionsCount returns the number of available API extensions.
From 69e1cdff5f9b5e64db04ff731863b51c23f69251 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Thu, 15 Oct 2020 16:48:03 +0100
Subject: [PATCH 2/3] doc/networks: Adds ipv4.nat and ipv6.nat to OVN networks
Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
doc/networks.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/doc/networks.md b/doc/networks.md
index 3d972ddf72..6fb54fec4d 100644
--- a/doc/networks.md
+++ b/doc/networks.md
@@ -317,9 +317,11 @@ mtu | integer | -
| -
parent | string | - | -
| Parent interface to create sriov NICs on
vlan | integer | - | -
| The VLAN ID to attach to
ipv4.gateway | string | standard mode | -
| IPv4 address for the gateway and network (CIDR notation)
+ipv4.nat | boolean | ipv4 address | false
| Whether to NAT (will default to true if unset and a random
ipv4.address is generated)
ipv4.ovn.ranges | string | - | none
| Comma separate list of IPv4 ranges to use for child OVN
network routers (FIRST-LAST format)
ipv4.routes | string | ipv4 address | -
| Comma separated list of additional IPv4 CIDR subnets that
can be used with child OVN networks ipv4.routes.external setting
ipv6.gateway | string | standard mode | -
| IPv6 address for the gateway and network (CIDR notation)
+ipv6.nat | boolean | ipv6 address | false
| Whether to NAT (will default to true if unset and a random
ipv6.address is generated)
ipv6.ovn.ranges | string | - | none
| Comma separate list of IPv6 ranges to use for child OVN
network routers (FIRST-LAST format)
ipv6.routes | string | ipv6 address | -
| Comma separated list of additional IPv6 CIDR subnets that
can be used with child OVN networks ipv6.routes.external setting
dns.nameservers | string | standard mode | -
| List of DNS server IPs on physical network
From 9d52d2f6597aa76df8dc7deb95903d2294cf3a21 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Thu, 15 Oct 2020 17:13:00 +0100
Subject: [PATCH 3/3] lxd/network/driver/ovn: Adds ipv4.nat and ipv6.nat
support
NAT defaults to disabled if these settings are unset.
Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
lxd/network/driver_ovn.go | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/lxd/network/driver_ovn.go b/lxd/network/driver_ovn.go
index 0755b02580..a6dc816a7a 100644
--- a/lxd/network/driver_ovn.go
+++ b/lxd/network/driver_ovn.go
@@ -101,6 +101,8 @@ func (n *ovn) Validate(config map[string]string) error {
"ipv6.dhcp.stateful": validate.Optional(validate.IsBool),
"ipv4.routes.external":
validate.Optional(validate.IsNetworkV4List),
"ipv6.routes.external":
validate.Optional(validate.IsNetworkV6List),
+ "ipv4.nat": validate.Optional(validate.IsBool),
+ "ipv6.nat": validate.Optional(validate.IsBool),
"dns.domain": validate.IsAny,
"dns.search": validate.IsAny,
@@ -1112,6 +1114,10 @@ func (n *ovn) FillConfig(config map[string]string) error
{
}
config["ipv4.address"] = subnet
+
+ if config["ipv4.nat"] == "" {
+ config["ipv4.nat"] = "true"
+ }
}
if config["ipv6.address"] == "auto" {
@@ -1121,6 +1127,10 @@ func (n *ovn) FillConfig(config map[string]string) error
{
}
config["ipv6.address"] = subnet
+
+ if config["ipv6.nat"] == "" {
+ config["ipv6.nat"] = "true"
+ }
}
return nil
@@ -1373,14 +1383,14 @@ func (n *ovn) setup(update bool) error {
}
// Add SNAT rules.
- if routerIntPortIPv4Net != nil && routerExtPortIPv4 != nil {
+ if shared.IsTrue(n.config["ipv4.nat"]) && routerIntPortIPv4Net != nil
&& routerExtPortIPv4 != nil {
err = client.LogicalRouterSNATAdd(n.getRouterName(),
routerIntPortIPv4Net, routerExtPortIPv4)
if err != nil {
return err
}
}
- if routerIntPortIPv6Net != nil && routerExtPortIPv6 != nil {
+ if shared.IsTrue(n.config["ipv6.nat"]) && routerIntPortIPv6Net != nil
&& routerExtPortIPv6 != nil {
err = client.LogicalRouterSNATAdd(n.getRouterName(),
routerIntPortIPv6Net, routerExtPortIPv6)
if err != nil {
return err
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
