Hi, I'm new here, so be patient with me. In fact, I don't know much of
OVN/OVS
because I'm actually using it through LXD. I can follow much of what LXD builds
for me
at a high level, but I need something LXD doesn't provide and this led me here.
LXD can create containers with arbitrary NICs and attach them to
networks. The
networks I create are now running on top of OVN and OVS; they consist of a
switch and a
router. These networks are completely isolated, which is good, but I need at
least one
of them to do the following:
* Provide DHCP so one of the interfaces in the containers can get its IP from
it.
* Provide internet access to the containers.
* Provide an upstream DNS server to the containers.
This used to be provided by LXD with a linux bridge and dnsmasq running
on it,
butr LXD does not do this for OVN networks, so I have to do it myself.
In my head, this sounds quite easy: create a new port on the switch, and
somehow connect an interface on the host to that switch and just run dnsmasq on
it. Let's
look at what I did to accomplish the former:
--- 8< ---
# I get the switch's UUID; LXD does not create them with nice names :(
sudo ovn-nbctl lsp-add $switch_uuid lxd-provision
sudo ovn-nbctl lsp-set-addresses lxd-provision dynamic
# then I get the MAC addr and IPv4 addr
# I don't know why I have to do the following step
sudo ovs-vsctl add-port br-int lxd-provision -- \
set interface lxd-provision type=internal mac="[\"${mac_addr}\"]" \
external_ids:iface-id=lxd-provision
# that created an interface on the host, we have to assing the same IP to it
sudo ip address add ${ipv4}/24 dev lxd-provision
sudo ip link set lxd-provision up
--- >8 ---
That works, meaning that if I configure the container and the host
properly (routes,
forwarding, masquerading), I can ping from the container to say 1.1.1.1. My
first set of
questions is:
Is this OK, or is it as hacky as it sounds to me?
Why do I have to go all the way down to OVS to create (another?) port
with the same
MAC addr than the port I created at the OVN level? And similarly, why do I have
to assign
the _same_ IP to the external interface on the host?
LXD uses OVN's DHCP server to provide that initial IP, with these
params:
$ sudo ovn-nbctl dhcp-options-get-options 22646e19-d7d8-4917-9a55-48b2cf329b1e
server_mac=00:16:3e:e9:5f:fc
router=10.138.38.1 <-- change to 10.138.38.2
server_id=10.138.38.1
mtu=1442
domain_name="lxd"
lease_time=3600
10.138.38.1 is the IP of the router I barely mentioned in the second
paragraph.
Meanwhile the interface I just crated has IP 10.138.38.2, so I either want this
DHCP server
to be off and replace it with dnsmasq, or I can live with this server as long
as I can
configure it so the router and DNS server options can be changed so they point
to the dnsmasq
running on my host. But once I change at least that highlighted option (yes, I
know I have
to re-set all the options in one go), DHCP stops working. That leads me to the
second (set of)
questions:
Where it the documentation for the capabilities of this DHCP server;
Or can you tell me what I'm doing wrong here?
I hope you got all the way down here. Thanks for listening. Cheers,
-- Marcos.
--
Marcos Dione | Engineering EMEA - Installer
Phone: +33 6 24 21 59 91
Zoom: 261-124-4701
https://cloudian.com/
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
