diff --git a/source/conf.py b/source/conf.py index cf248d2da..d836313a4 100644 --- a/source/conf.py +++ b/source/conf.py @@ -88,7 +88,7 @@ # The short X.Y version. version = '6.10' # The full version, including alpha/beta/rc tags. -release = '6.10.1' +release = '6.10.2' # The context packages released version context_release = '6.10.0' diff --git a/source/ext/spellchecking/wordlists/opennebula.txt b/source/ext/spellchecking/wordlists/opennebula.txt index dafa8cdf4..93975b22d 100644 --- a/source/ext/spellchecking/wordlists/opennebula.txt +++ b/source/ext/spellchecking/wordlists/opennebula.txt @@ -116,6 +116,7 @@ PublicIP Pyone Qcow Qemu +QinQ QoS Qos RSync @@ -150,6 +151,7 @@ Unassigns Uncomment Unmanaged Unregister +Untagged Uplink VID VMs @@ -262,6 +264,8 @@ conf config cooldown cpu +cpuset +cputune cryptographic css customizable @@ -287,6 +291,7 @@ decrypted deduplicate deduplication defaultquota +del deladmin delcluster deldatastore @@ -328,6 +333,7 @@ edk ee eebc eht +emulatorpin entrypoint epil epilog @@ -642,6 +648,7 @@ securetty serveradmin serverless serveruser +server-del sftp sg sgID @@ -722,6 +729,7 @@ unregister unresched unshare unsynced +untagged untar updatear updateconf diff --git a/source/installation_and_configuration/opennebula_services/fireedge.rst b/source/installation_and_configuration/opennebula_services/fireedge.rst index 8ebdccd50..ec1f2ccbc 100644 --- a/source/installation_and_configuration/opennebula_services/fireedge.rst +++ b/source/installation_and_configuration/opennebula_services/fireedge.rst @@ -31,7 +31,7 @@ Main Features .. _fireedge_install_configuration: .. note:: - We are continually expanding the feature set of FireEdge Sunstone, and hence its configuration files are in constant change. In versions 6.10.1 and later, configuration files in ``/etc/one/fireedge/`` can be replaced by the ones that can be downloaded from `here `__ in order to activate the latest features. + We are continually expanding the feature set of FireEdge Sunstone, and hence its configuration files are in constant change. In versions 6.10.2 and later, configuration files in ``/etc/one/fireedge/`` can be replaced by the ones that can be downloaded from `here `__ in order to activate the latest features. Configuration ================================================================================ diff --git a/source/intro_release_notes/release_notes_enterprise/index.rst b/source/intro_release_notes/release_notes_enterprise/index.rst index f5b348573..daea1797f 100644 --- a/source/intro_release_notes/release_notes_enterprise/index.rst +++ b/source/intro_release_notes/release_notes_enterprise/index.rst @@ -9,3 +9,4 @@ Release Notes |version| Enterprise Edition What is OpenNebula EE Resolved Issues 6.10.1 + Resolved Issues 6.10.2 diff --git a/source/intro_release_notes/release_notes_enterprise/resolved_issues_6102.rst b/source/intro_release_notes/release_notes_enterprise/resolved_issues_6102.rst new file mode 100644 index 000000000..a826b47e7 --- /dev/null +++ b/source/intro_release_notes/release_notes_enterprise/resolved_issues_6102.rst @@ -0,0 +1,33 @@ +.. _resolved_issues_6102: + +Resolved Issues in 6.10.2 +-------------------------------------------------------------------------------- + +A complete list of solved issues for 6.10.2 can be found in the `project development portal `__. + +The following new features have been backported to 6.10.2: + +- `Add support for VLAN filtering to the Linux bridge drivers `__. This allows to limit the VLANs in trunk mode, as well as in QinQ mode. For more information check the :ref:`bridge driver ` and the :ref:`802.1Q VLAN driver ` documentation guides. + +The following issues has been solved in 6.10.2: + +- `Fix bug in the DS Ceph driver: set the value for the --keyfile to CEPH_KEY instead of CEPH_USER in the export operation `__. +- `Fix GOCA OS vector attribute to include FIRMWARE, FIRMWARE_SECURE, UUID and SD_DISK_BUS `__. +- `Fix PyOne installation through pip `__. +- `Fix the list of attibutes that can be overriden in vmm_exec_kvm.conf `__. +- `Fix a rare crash in 'onedb fsck' caused by a locked MarketPlaceApp in a federated environment `__. +- `Fix iotune attributes not being passed to VM if value is a big number `__. +- `Fix SecurityGroup rule validation logic to include additional checks for port ranges `__. +- `Fix KVM domain definition to set up CPU affinity to the auto-selected NUMA node when using huge pages without CPU pinning `__. +- `Fix multiple problems with QEMU Guest Agent monitoring `__. Additional monitor commands for the qemu-agent probe are `shown here `__. You can add them to your existing 6.10 configuration files. +- `Fix Checkpoint file is not always cleaned up on VM Action `__. +- `Fix Set NEXT_SNAPSHOT=1 for persistent images `__. +- `Fix Restored disks of VM additional disks does not show the real size of the original disk `__. + +The following issues have been solved in the Sunstone Web UI: + +- `Fix DEV_PREFIX wrong when using Sunstone `__. +- `Fix Sunstone host graph not showing information `__. +- `Fix number of instances ignored in service instantiation `__. +- `Fix Sunstone filter VMs on "Locked" gives empty white page `__. +- `Fix missing boot order selector `__. \ No newline at end of file diff --git a/source/open_cluster_deployment/kvm_node/kvm_driver.rst b/source/open_cluster_deployment/kvm_node/kvm_driver.rst index f0cb16cce..a11a26986 100644 --- a/source/open_cluster_deployment/kvm_node/kvm_driver.rst +++ b/source/open_cluster_deployment/kvm_node/kvm_driver.rst @@ -16,7 +16,7 @@ Considerations & Limitations Try to use :ref:`virtio ` whenever possible, both for networks and disks. Using emulated hardware, both for networks and disks, will have an impact on performance and will not expose all the available functionality. For instance, if you don't use ``virtio`` for the disk drivers, you will not be able to exceed a small number of devices connected to the controller, meaning that you have a limit when attaching disks and it will not work while the VM is running (live disk-attach). -When **updating the VM configuration live** using ``one.vm.updateconf`` although the all of the VM configuration will get updated on the VM instance template, only the CONTEXT and BACKUP_CONFIG will take effect immediately. The rest of the configuration will not take effect until the next VM reboot because it changes the VM virtual hardware. +When **updating the VM configuration live** using ``one.vm.updateconf`` although all of the VM configuration will get updated on the VM instance template, only the CONTEXT and BACKUP_CONFIG will take effect immediately. The rest of the configuration will not take effect until the next VM reboot because it changes the VM virtual hardware. The full list of configuration attributes are: @@ -50,22 +50,30 @@ The KVM driver is enabled by default in OpenNebula ``/etc/one/oned.conf`` on you Driver Defaults -------------------------------------------------------------------------------- -There are some attributes required for KVM to boot a VM. You can set a suitable default for them so all the VMs get the required values. These attributes are set in ``/etc/one/vmm_exec/vmm_exec_kvm.conf``. The following can be set for KVM: +There are some attributes required for KVM to boot a VM. You can set a suitable default for them so all the VMs get the required values. These attributes are set in ``/etc/one/vmm_exec/vmm_exec_kvm.conf``. Default values from the configuration file can be overriden in the Cluster, Host or VM Template. The following attributes can be set for KVM: * ``EMULATOR``: path to the kvm executable. -* ``OS``: attributes ``KERNEL``, ``INITRD``, ``BOOT``, ``ROOT``, ``KERNEL_CMD``, ``MACHINE``, ``ARCH`` and ``SD_DISK_BUS``. +* ``OS``: attributes ``KERNEL``, ``INITRD``, ``ROOT``, ``KERNEL_CMD``, ``MACHINE``, ``ARCH``, ``SD_DISK_BUS``, ``FIRMWARE``, ``FIMRWARE_SECURE`` and ``BOOTLOADER`` * ``VCPU`` -* ``FEATURES``: attributes ``ACPI``, ``PAE``, ``APIC``, ``HEPRV``, ``GUEST_AGENT``, ``VIRTIO_SCSI_QUEUES``, ``VIRTIO_BLK_QUEUES``, ``IOTHREADS``. -* ``CPU_MODEL``: attribute ``MODEL``. -* ``DISK``: attributes ``DRIVER``, ``CACHE``, ``IO``, ``DISCARD``, ``TOTAL_BYTES_SEC``, ``TOTAL_IOPS_SEC``, ``READ_BYTES_SEC``, ``WRITE_BYTES_SEC``, ``READ_IOPS_SEC``, ``WRITE_IOPS_SEC``, ``SIZE_IOPS_SEC``. +* ``VCPU_MAX`` +* ``MEMORY_SLOTS`` +* ``FEATURES``: attributes ``ACPI``, ``PAE``, ``APIC``, ``HEPRV``, ``LOCALTIME``, ``GUEST_AGENT``, ``VIRTIO_SCSI_QUEUES``, ``VIRTIO_BLK_QUEUES``, ``IOTHREADS``. +* ``CPU_MODEL``: attribute ``MODEL``, ``FEATURES``. +* ``DISK``: attributes ``DRIVER``, ``CACHE``, ``IO``, ``DISCARD``, ``TOTAL_BYTES_SEC``, ``TOTAL_BYTES_SEC_MAX``, ``TOTAL_BYTES_SEC_MAX_LENGTH``, ``TOTAL_IOPS_SEC``, ``TOTAL_IOPS_SEC_MAX``, ``TOTAL_IOPS_SEC_MAX_LENGTH``, ``READ_BYTES_SEC``, ``READ_BYTES_SEC_MAX``, ``READ_BYTES_SEC_MAX_LENGTH``, ``WRITE_BYTES_SEC``, ``WRITE_BYTES_SEC_MAX``, ``WRITE_BYTES_SEC_MAX_LENGTH``, ``READ_IOPS_SEC``, ``READ_IOPS_SEC_MAX``, ``READ_IOPS_SEC_MAX_LENGTH``, ``WRITE_IOPS_SEC``, ``WRITE_IOPS_SEC_MAX``, ``WRITE_IOPS_SEC_MAX_LENGTH``, ``SIZE_IOPS_SEC``. * ``NIC``: attribute ``FILTER``, ``MODEL``. * ``GRAPHICS``: attributes ``TYPE``, ``LISTEN``, ``PASSWD``, ``KEYMAP``, ``RANDOM_PASSWD``. The VM instance must have at least empty ``GRAPHICS = []`` section to read these default attributes from the config file and to generate cluster unique ``PORT`` attribute. * ``VIDEO``: attributes: ``TYPE``, ``IOMMU``, ``ATS``, ``VRAM``, ``RESOLUTION``. * ``RAW``: to add libvirt attributes to the domain XML file. * ``HYPERV_OPTIONS``: to enable hyperv extensions. +* ``HYPERV_TIMERS``: timers added when HYPERV is set to yes in FEATURES. * ``SPICE_OPTIONS``: to add default devices for SPICE. + +The following attributes can be overridden at Cluster and Host level, but not within individual VM configuration: + * ``OVMF_UEFIS``: to add allowed file paths for Open Virtual Machine Firmware. * ``Q35_ROOT_PORTS``: to modify the number of PCI devices that can be attached in q35 VMs (defaults to 16) +* ``CGROUPS_VERSION``: Use '2' to use Cgroup V2, all other values or undefined: use Cgroup V1 +* ``EMULATOR_CPUS``: Value used for kvm option .. warning:: These values are only used during VM creation; for other actions like nic or disk attach/detach the default values must be set in ``/var/lib/one/remotes/etc/vmm/kvm/kvmrc``. For more info check :ref:`Files and Parameters ` section. @@ -89,10 +97,6 @@ For example (check the actual state in the configuration file on your Front-end) " -.. note:: - - These values can be overriden in the Cluster, Host and VM Template - **Since OpenNebula 6.0** you should no longer need to modify the ``EMULATOR`` variable to point to the kvm executable; instead, ``EMULATOR`` now points to the symlink ``/usr/bin/qemu-kvm-one`` which should link the correct KVM binary for the given OS on a Host. Live-Migration for Other Cache settings @@ -526,77 +530,85 @@ And the following driver configuration files: The parameters that can be changed here are as follows: -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| Parameter | Description | -+===============================================+=================================================================================================================================================================================================================+ -| ``LIBVIRT_URI`` | Connection string to libvirtd | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``QEMU_PROTOCOL`` | Protocol used for live migrations | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``SHUTDOWN_TIMEOUT`` | Seconds to wait after shutdown until timeout | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``VIRSH_RETRIES`` | Number of "virsh" command retries when required. Currently used in detach-interface and restore. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``SYNC_TIME`` | Trigger VM time synchronization from RTC on resume and after migration. QEMU guest agent must be running. Valid values: ``no`` or ``yes`` (default). | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``FORCE_DESTROY`` | Force VM cancellation after shutdown timeout | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``CANCEL_NO_ACPI`` | Force VMs without ACPI enabled to be destroyed on shutdown | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``MIGRATE_OPTIONS`` | Set options for the virsh migrate command | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``CLEANUP_MEMORY_ON_START`` | Compact memory before running the VM. Values ``yes`` or ``no`` (default) | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``CLEANUP_MEMORY_ON_STOP`` | Compact memory after VM stops. Values ``yes`` (default) or ``no`` | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_CACHE`` | This parameter will set the default cache type for new attached disks. It will be used in case the attached disk does not have a specific cache method set (can be set using templates when attaching a disk). | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_DISCARD`` | Default discard option for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_IO`` | Default I/O policy for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_TOTAL_BYTES_SEC`` | Default total bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_TOTAL_BYTES_SEC_MAX`` | Default Maximum total bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_TOTAL_BYTES_SEC_MAX_LENGTH`` | Default Maximum length total bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_READ_BYTES_SEC`` | Default read bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_READ_BYTES_SEC_MAX`` | Default Maximum read bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_READ_BYTES_SEC_MAX_LENGTH`` | Default Maximum length read bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_WRITE_BYTES_SEC`` | Default write bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_WRITE_BYTES_SEC_MAX`` | Default Maximum write bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_WRITE_BYTES_SEC_MAX_LENGTH`` | Default Maximum length write bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_TOTAL_IOPS_SEC`` | Default total IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_TOTAL_IOPS_SEC_MAX`` | Default Maximum total IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_TOTAL_IOPS_SEC_MAX_LENGTH`` | Default Maximum length total IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_READ_IOPS_SEC`` | Default read IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_READ_IOPS_SEC_MAX`` | Default Maximum read IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_READ_IOPS_SEC_MAX_LENGTH`` | Default Maximum length read IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_WRITE_IOPS_SEC`` | Default write IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_WRITE_IOPS_SEC_MAX`` | Default Maximum write IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_WRITE_IOPS_SEC_MAX_LENGTH`` | Default Maximum length write IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_SIZE_IOPS_SEC`` | Default size of IOPS throttling for newly attached disks, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_NIC_MODEL`` | Default NIC model for newly attached NICs, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ -| ``DEFAULT_ATTACH_NIC_FILTER`` | Default NIC libvirt filter for newly attached NICs, if the attribute is missing in the template. | -+-----------------------------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| Parameter | Description | ++===============================================+============================================================================================================================+ +| ``LIBVIRT_URI`` | Connection string to libvirtd | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``QEMU_PROTOCOL`` | Protocol used for live migrations | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``SHUTDOWN_TIMEOUT`` | Seconds to wait after shutdown until timeout | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``VIRSH_RETRIES`` | Number of "virsh" command retries when required. Currently used in detach-interface and restore. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``VIRSH_TIMEOUT`` | Default "virsh" timeout for operations which might block indefinitely. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``SYNC_TIME`` | Trigger VM time synchronization from RTC on resume and after migration. QEMU guest agent must be running. | +| | Valid values: ``no`` or ``yes`` (default). | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``FORCE_DESTROY`` | Force VM cancellation after shutdown timeout | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``CANCEL_NO_ACPI`` | Force VMs without ACPI enabled to be destroyed on shutdown | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``MIGRATE_OPTIONS`` | Set options for the virsh migrate command | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``CLEANUP_MEMORY_ON_START`` | Compact memory before running the VM. Values ``yes`` or ``no`` (default) | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``CLEANUP_MEMORY_ON_STOP`` | Compact memory after VM stops. Values ``yes`` or ``no`` (default) | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_CACHE`` | This parameter will set the default cache type for new attached disks. It will be used in case the attached disk does | +| | not have a specific cache method set (can be set using templates when attaching a disk). | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_DISCARD`` | Default discard option for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_IO`` | Default I/O policy for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_VIRTIO_BLK_QUEUES`` | The default number of queues for virtio-blk driver. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_TOTAL_BYTES_SEC`` | Default total bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_TOTAL_BYTES_SEC_MAX`` | Default Maximum total bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_TOTAL_BYTES_SEC_MAX_LENGTH`` | Default Maximum length total bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_READ_BYTES_SEC`` | Default read bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_READ_BYTES_SEC_MAX`` | Default Maximum read bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_READ_BYTES_SEC_MAX_LENGTH`` | Default Maximum length read bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_WRITE_BYTES_SEC`` | Default write bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_WRITE_BYTES_SEC_MAX`` | Default Maximum write bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_WRITE_BYTES_SEC_MAX_LENGTH`` | Default Maximum length write bytes/s I/O throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_TOTAL_IOPS_SEC`` | Default total IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_TOTAL_IOPS_SEC_MAX`` | Default Maximum total IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_TOTAL_IOPS_SEC_MAX_LENGTH`` | Default Maximum length total IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_READ_IOPS_SEC`` | Default read IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_READ_IOPS_SEC_MAX`` | Default Maximum read IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_READ_IOPS_SEC_MAX_LENGTH`` | Default Maximum length read IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_WRITE_IOPS_SEC`` | Default write IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_WRITE_IOPS_SEC_MAX`` | Default Maximum write IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_WRITE_IOPS_SEC_MAX_LENGTH`` | Default Maximum length write IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_SIZE_IOPS_SEC`` | Default size of IOPS throttling for newly attached disks, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_NIC_MODEL`` | Default NIC model for newly attached NICs, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``DEFAULT_ATTACH_NIC_FILTER`` | Default NIC libvirt filter for newly attached NICs, if the attribute is missing in the template. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ +| ``OVMF_NVRAM`` | Virtual Machine Firmware path to the NVRAM file. | ++-----------------------------------------------+----------------------------------------------------------------------------------------------------------------------------+ See the :ref:`Virtual Machine drivers reference ` for more information. diff --git a/source/open_cluster_deployment/networking_setup/bridged.rst b/source/open_cluster_deployment/networking_setup/bridged.rst index 42744f1e8..255545eed 100644 --- a/source/open_cluster_deployment/networking_setup/bridged.rst +++ b/source/open_cluster_deployment/networking_setup/bridged.rst @@ -57,3 +57,25 @@ For example, you can define a *Bridged with Security Groups* type network with t NAME = "private1" VN_MAD = "fw" + +VLAN filtering and trunking +------------------------------ + +By default the Linux bridge driver does not performs any filtering on the VLAN traffic generated by the virtual machines. You can limit the allowed VLAN to trunk in the VM ports with following attributes: + ++-------------------------------+---------------------------------------------------------------+-----------+ +| Attribute | Value | Mandatory | ++===============================+===============================================================+===========+ +| | Specify a range of VLANs that are allowed for the VM traffic. | | +| ``VLAN_TAGGED_ID`` | Comma separated list of tags, ranges are supported. | NO | ++-------------------------------+---------------------------------------------------------------+-----------+ + +For example to only allow a VM to use the VLANS IDs 100, 105, 106 and 107, add to the network: + +.. code:: + + VLAN_TAGGED_ID = "100,105-107" + +.. note:: + + The VM is responsible for tagging the VLAN traffic, no tagging is performed in the bridge diff --git a/source/open_cluster_deployment/networking_setup/vlan.rst b/source/open_cluster_deployment/networking_setup/vlan.rst index a9368e6be..01c9af36f 100644 --- a/source/open_cluster_deployment/networking_setup/vlan.rst +++ b/source/open_cluster_deployment/networking_setup/vlan.rst @@ -100,3 +100,88 @@ For example, you can define a *802.1Q Network* with the following template: VLAN_ID = 50 # Optional. If not setting VLAN_ID set AUTOMATIC_VLAN_ID = "YES" In this example, the driver will check for the existence of the ``br0`` bridge. If it doesn't exist it will be created. ``eth0`` will be tagged (``eth0.50``) and attached to ``br0`` (unless it's already attached). + +Using 802.1Q driver with Q-in-Q +================================================================================ + +Q-in-Q is not natively supported by Linux bridges, as compared to Open vSwitch, and presents some limitations: + +- The service VLAN tag (also referred as transport or outer) cannot be preserved in the VMs, +- The bridge cannot be fully configured using both VLAN tags. + +However, for the most common scenarios the 802.1Q driver can produce the double tag and filter out VLANs not included in the customer VLAN set. In this configuration the bridge works as follow: + +- Untagged traffic from the VM will be tagged using the transport VLAN. +- Tagged traffic from the VM using the CVLANS will be also tagged with the transport VLAN. +- Tagged traffic from the VM using any other VLAN ID will be discarded. + +.. note:: + + When ``CVLANS`` is not configured the bridge will add the VLAN ID tag to any traffic coming from the VM (tagged or not). There is no filtering of the VLAN IDs used by the VM. + +OpenNebula Configuration +------------------------ + +There is no configuration specific for this use case, just consider the general options specified above. + +Defining a Q-in-Q Network +---------------------------------------- + +The Q-in-Q behavior is controlled by the following attributes (**please, also refer to the attributes defined above**): + ++-----------------------+----------------------------------------------------------------+----------------------------------------+ +| Attribute | Value | Mandatory | ++=======================+================================================================+========================================+ +| ``VLAN_ID`` | The VLAN ID for the transport/outer VLAN. | **YES** (unless ``AUTOMATIC_VLAN_ID``) | ++-----------------------+----------------------------------------------------------------+----------------------------------------+ +| ``CVLANS`` | The customer VLAN set. A comma separated list, supports ranges | **YES** | ++-----------------------+----------------------------------------------------------------+----------------------------------------+ + +For example, you can define an *QinQ aware Network* with the following template: + +.. code:: + + NAME = "qinq_net" + VN_MAD = "802.1Q" + PHYDEV = eth0 + VLAN_ID = 50 # Service VLAN ID + CVLANS = "101,103,110-113" # Customer VLAN ID list + +.. note:: + + ``CVLANS`` can be updated and will be dynamically reconfigured in any existing bridge + +Implementation Details +---------------------- + +When the ``CVLANS`` attribute is defined the 802.1Q perform the following configurations on the bridge: + +- Activate the VLAN filtering flag +- Installs a VLAN filter that includes all the VLANs in the ``CVLANS`` set in all VM ports in the network. In this way only tagged traffic in the customer set will be allowed in the bridge. +- All untagged traffic is associated to the transport (outer) VLAN. +- As in the other configurations, a tagged link for the transport VLAN is added to the bridge. This link is the one that will add the transport tag. + +The following example shows the main configurations performed in the bridge: + +.. code:: + + # - Transport / outer / S-VLAN : 100 + # - Customer / inner / C-VLAN : 200,300 + + # "Transport" link + ip link add link eth1 name eth1.100 type vlan id 100 + ip link set eth1.100 master onebr.23 + ip link set eth1.100 up + + # Bridge Configuration: + ip link set dev onebr.23 type bridge vlan_filtering 1 + + # VM port configuration (NIC 1 of VM 20, and transport link): + bridge vlan add dev one-20-1 vid 100 pvid untagged + bridge vlan add dev one-20-1 vid 200 + bridge vlan add dev one-20-1 vid 300 + + bridge vlan add dev eth1.100 vid 100 pvid untagged + bridge vlan add dev eth1.100 vid 200 + bridge vlan add dev eth1.100 vid 300 +