From fed088d84b4901354bb299c6338e32a5277be3fb Mon Sep 17 00:00:00 2001 From: Roy Tang Date: Tue, 2 Oct 2018 19:05:54 +0000 Subject: [PATCH] Update Neutron TaaS Rootwrap Filter Need to adjust taas rootwrap filter for i40e_sysfs_command. Add code to allow sriov agent init script to run best effort. Update way to set nic promisc mode. Change-Id: Id1e22ea4b636ae7e05b880739a88c410a4da587c --- .../bin/_neutron-sriov-agent-init.sh.tpl | 21 ++++++++++++++++--- neutron/values.yaml | 9 +++++++- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/neutron/templates/bin/_neutron-sriov-agent-init.sh.tpl b/neutron/templates/bin/_neutron-sriov-agent-init.sh.tpl index cf307c3fee..b848af3955 100644 --- a/neutron/templates/bin/_neutron-sriov-agent-init.sh.tpl +++ b/neutron/templates/bin/_neutron-sriov-agent-init.sh.tpl @@ -16,7 +16,12 @@ See the License for the specific language governing permissions and limitations under the License. */}} +#NOTE: Please limit "besteffort" to dev env with mixed hardware computes only +# For prod env, the target nic should be there, if not, script should error out. set -ex +{{- if ( has "besteffort" .Values.conf.sriov_init ) }} +set +e +{{- end }} {{- range $k, $sriov := .Values.network.interface.sriov }} if [ "x{{ $sriov.num_vfs }}" != "x" ]; then @@ -37,18 +42,28 @@ else fi echo "${NUM_VFS}" > /sys/class/net/{{ $sriov.device }}/device/sriov_numvfs fi + {{- if $sriov.mtu }} ip link set dev {{ $sriov.device }} mtu {{ $sriov.mtu }} {{- end }} ip link set {{ $sriov.device }} up ip link show {{ $sriov.device }} + {{- if $sriov.promisc }} -ip link set {{ $sriov.device }} promisc on +promisc_mode="on" +{{- else }} +promisc_mode="off" +{{- end }} +ip link set {{ $sriov.device }} promisc ${promisc_mode} #NOTE(portdirect): get the bus that the port is on NIC_BUS=$(lshw -c network -businfo | awk '/{{ $sriov.device }}/ {print $1}') #NOTE(portdirect): get first port on the nic NIC_FIRST_PORT=$(lshw -c network -businfo | awk "/${NIC_BUS%%.*}/ { print \$2; exit }" #NOTE(portdirect): Enable promisc mode on the nic, by setting it for the 1st port -ethtool --set-priv-flags ${NIC_FIRST_PORT} vf-true-promisc-support on -{{- end }} +ethtool --set-priv-flags ${NIC_FIRST_PORT} vf-true-promisc-support ${promisc_mode} {{- end }} + + +{{- if ( has "besteffort" .Values.conf.sriov_init ) }} +exit 0 +{{ end }} diff --git a/neutron/values.yaml b/neutron/values.yaml index a19964b36d..03e37640eb 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -1451,7 +1451,7 @@ conf: # This is needed to allow taas to insert/remove vlan id to the # target vf under /sys/class/net/[device-name]/device/sriov/[vf-index]/[mirror] - i40e_sysfs_command: RegExpFilter, /opt/i40e_sysfs_command, root, /opt/i40e_sysfs_command, \w+, .+, .+ + i40e_sysfs_command: RegExpFilter, i40e_sysfs_command, root, i40e_sysfs_command, \w+, .+, .+ neutron: DEFAULT: log_config_append: /etc/neutron/logging.conf @@ -1649,6 +1649,13 @@ conf: priority: 0 apply-to: all pattern: '(notifications)\.' + sriov_init: + - + ## NOTE: "besteffort" is meant for dev env with mixed compute type only. + ## This helps prevent sriov init script from failing due to mis-matched NIC + ## For prod env, target NIC should match and init script should fail otherwise. + ## sriov_init: + ## - besteffort # Names of secrets used by bootstrap and environmental checks secrets: