[lxc-devel] [lxd/master] Network: Sets ipv4.nat=true by default for new fan bridges and adds the setting if missing to existing fan bridges

Tue, 20 Oct 2020 07:15:00 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/8064

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Fixes an issue introduced by https://github.com/lxc/lxd/pull/8037 where fan bridges do not have `ipv4.nat` setting by default which broke external connectivity.

From f6dd88a5b60b99fb65d23f6c769368459366d849 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Tue, 20 Oct 2020 14:40:04 +0100
Subject: [PATCH 1/2] lxd/network/driver/bridge: Sets ipv4.nat=true when adding
 a new fan network with fan.underlay_subnet=auto

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 lxd/network/driver_bridge.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
index e0d8779072..72a0952ca7 100644
--- a/lxd/network/driver_bridge.go
+++ b/lxd/network/driver_bridge.go
@@ -89,6 +89,10 @@ func (n *bridge) FillConfig(config map[string]string) error {
                if config["fan.underlay_subnet"] == "" {
                        config["fan.underlay_subnet"] = "auto"
                }
+
+               if config["fan.underlay_subnet"] == "auto" && 
config["ipv4.nat"] == "" {
+                       config["ipv4.nat"] = "true"
+               }
        } else {
                if config["ipv4.address"] == "" {
                        config["ipv4.address"] = "auto"

From e59f674cee6f2b5c3baeb694d3e351c27726c520 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Tue, 20 Oct 2020 15:11:48 +0100
Subject: [PATCH 2/2] lxd/patches: Adds patchNetworkFANEnableNAT to set
 ipv4.nat=true for fan networks missing the setting

Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
 lxd/patches.go | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/lxd/patches.go b/lxd/patches.go
index 462cd78173..4b3d415fef 100644
--- a/lxd/patches.go
+++ b/lxd/patches.go
@@ -103,6 +103,7 @@ var patches = []patch{
        {name: "move_backups_instances", stage: patchPostDaemonStorage, run: 
patchMoveBackupsInstances},
        {name: "network_ovn_enable_nat", stage: patchPostDaemonStorage, run: 
patchNetworkOVNEnableNAT},
        {name: "network_ovn_remove_routes", stage: patchPostDaemonStorage, run: 
patchNetworkOVNRemoveRoutes},
+       {name: "network_fan_enable_nat", stage: patchPostDaemonStorage, run: 
patchNetworkFANEnableNAT},
 }
 
 type patch struct {
@@ -167,6 +168,54 @@ func patchesApply(d *Daemon, stage patchStage) error {
 
 // Patches begin here
 
+// patchNetworkFANEnableNAT sets "ipv4.nat=true" on fan bridges that are 
missing the "ipv4.nat" setting.
+// This prevents outbound connectivity breaking on existing fan networks now 
that the default behaviour of not
+// having "ipv4.nat" set is to disable NAT (bringing in line with the non-fan 
bridge behavior and docs).
+func patchNetworkFANEnableNAT(name string, d *Daemon) error {
+       err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+               projectNetworks, err := tx.GetNonPendingNetworks()
+               if err != nil {
+                       return err
+               }
+
+               for _, networks := range projectNetworks {
+                       for networkID, network := range networks {
+                               if network.Type != "bridge" {
+                                       continue
+                               }
+
+                               if network.Config["bridge.mode"] != "fan" {
+                                       continue
+                               }
+
+                               modified := false
+
+                               // Enable ipv4.nat if setting not specified.
+                               if _, found := network.Config["ipv4.nat"]; 
!found {
+                                       modified = true
+                                       network.Config["ipv4.nat"] = "true"
+                               }
+
+                               if modified {
+                                       err = tx.UpdateNetwork(networkID, 
network.Description, network.Config)
+                                       if err != nil {
+                                               return errors.Wrapf(err, 
"Failed setting ipv4.nat=true for fan network %q (%d)", network.Name, networkID)
+                                       }
+
+                                       logger.Debugf("Set ipv4.nat=true for 
fan network %q (%d)", network.Name, networkID)
+                               }
+                       }
+               }
+
+               return nil
+       })
+       if err != nil {
+               return err
+       }
+
+       return nil
+}
+
 // patchNetworkOVNRemoveRoutes removes the "ipv4.routes.external" and 
"ipv6.routes.external" settings from OVN
 // networks. It was decided that the OVN NIC level equivalent settings were 
sufficient.
 func patchNetworkOVNRemoveRoutes(name string, d *Daemon) error {

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to