Update Neutron TaaS Rootwrap Filter

Need to adjust taas rootwrap filter for i40e_sysfs_command. Add code to allow sriov agent init script to run best effort. Update way to set nic promisc mode. Change-Id: Id1e22ea4b636ae7e05b880739a88c410a4da587c
2018-10-02 19:05:54 +00:00 · 2018-10-02 19:05:54 +00:00 · fed088d84b
parent f97e644aa6
commit fed088d84b
2 changed files with 26 additions and 4 deletions
--- a/neutron/templates/bin/_neutron-sriov-agent-init.sh.tpl
+++ b/neutron/templates/bin/_neutron-sriov-agent-init.sh.tpl
@ -16,7 +16,12 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}

+#NOTE: Please limit "besteffort" to dev env with mixed hardware computes only
+#      For prod env, the target nic should be there, if not, script should error out.
 set -ex
+{{- if ( has "besteffort" .Values.conf.sriov_init ) }}
+set +e
+{{- end }}

 {{- range $k, $sriov := .Values.network.interface.sriov }}
 if [ "x{{ $sriov.num_vfs }}" != "x" ]; then
@ -37,18 +42,28 @@ else
  fi
  echo "${NUM_VFS}" > /sys/class/net/{{ $sriov.device }}/device/sriov_numvfs
 fi
+
 {{- if $sriov.mtu }}
 ip link set dev {{ $sriov.device }} mtu {{ $sriov.mtu }}
 {{- end }}
 ip link set {{ $sriov.device }} up
 ip link show {{ $sriov.device }}
+
 {{- if $sriov.promisc }}
-ip link set {{ $sriov.device }} promisc on
+promisc_mode="on"
+{{- else }}
+promisc_mode="off"
+{{- end }}
+ip link set {{ $sriov.device }} promisc ${promisc_mode}
 #NOTE(portdirect): get the bus that the port is on
 NIC_BUS=$(lshw -c network -businfo | awk '/{{ $sriov.device }}/ {print $1}')
 #NOTE(portdirect): get first port on the nic
 NIC_FIRST_PORT=$(lshw -c network -businfo | awk "/${NIC_BUS%%.*}/ { print \$2; exit }"
 #NOTE(portdirect): Enable promisc mode on the nic, by setting it for the 1st port
-ethtool --set-priv-flags ${NIC_FIRST_PORT} vf-true-promisc-support on
-{{- end }}
+ethtool --set-priv-flags ${NIC_FIRST_PORT} vf-true-promisc-support ${promisc_mode}
 {{- end }}
+
+
+{{- if ( has "besteffort" .Values.conf.sriov_init ) }}
+exit 0
+{{ end }}
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -1451,7 +1451,7 @@ conf:

        # This is needed to allow taas to insert/remove vlan id to the
        # target vf under /sys/class/net/[device-name]/device/sriov/[vf-index]/[mirror]
-        i40e_sysfs_command: RegExpFilter, /opt/i40e_sysfs_command, root, /opt/i40e_sysfs_command, \w+, .+, .+
+        i40e_sysfs_command: RegExpFilter, i40e_sysfs_command, root, i40e_sysfs_command, \w+, .+, .+
  neutron:
    DEFAULT:
      log_config_append: /etc/neutron/logging.conf
@ -1649,6 +1649,13 @@ conf:
        priority: 0
        apply-to: all
        pattern: '(notifications)\.'
+  sriov_init:
+    -
+    ## NOTE: "besteffort" is meant for dev env with mixed compute type only.
+    ##       This helps prevent sriov init script from failing due to mis-matched NIC
+    ##       For prod env, target NIC should match and init script should fail otherwise.
+    ## sriov_init:
+    ##   - besteffort

 # Names of secrets used by bootstrap and environmental checks
 secrets: