From 5446171d0164784ca763f62e98e4217a8feeb450 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= Date: Tue, 6 Aug 2024 16:32:44 +0100 Subject: [PATCH 1/4] CA-396743: log non managed devices in PIF.scan MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Edwin Török --- ocaml/xapi/xapi_pif.ml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ocaml/xapi/xapi_pif.ml b/ocaml/xapi/xapi_pif.ml index d6d7a16a692..04e942f4d10 100644 --- a/ocaml/xapi/xapi_pif.ml +++ b/ocaml/xapi/xapi_pif.ml @@ -667,6 +667,8 @@ let scan ~__context ~host = ([], []) ) in + debug "non-managed devices=%s" (String.concat "," non_managed_devices) ; + debug "disallow-unplug devices=%s" (String.concat "," disallow_unplug_devices) ; Xapi_stdext_threads.Threadext.Mutex.execute scan_m (fun () -> let t = make_tables ~__context ~host in let devices_not_yet_represented_by_pifs = @@ -681,6 +683,8 @@ let scan ~__context ~host = let mTU = Int64.of_int (Net.Interface.get_mtu dbg device) in let managed = not (List.mem device non_managed_devices) in let disallow_unplug = List.mem device disallow_unplug_devices in + debug "About to introduce %s, managed=%b, disallow-unplug=%b" device + managed disallow_unplug ; let (_ : API.ref_PIF) = introduce_internal ~t ~__context ~host ~mAC ~mTU ~vLAN:(-1L) ~vLAN_master_of:Ref.null ~device ~managed ~disallow_unplug () From 5acf001e6bccc41090dd48d318a6d5804dcc8f96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= Date: Tue, 6 Aug 2024 16:33:12 +0100 Subject: [PATCH 2/4] CA-396743: make Network.managed reflect PIF.managed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will make it easier to filter out these networks in test code. A PIF is unmanaged when it is a boot from SAN interface for example, as returned by the 'bfs-interfaces' script. Certain operations are not valid on such interfaces, e.g. you cannot use them to export NBD devices. Fixes: 1a9cc7660a ("CP-20482: Create network with the specified bridge name") Signed-off-by: Edwin Török --- ocaml/xapi/xapi_pif.ml | 7 ++++--- ocaml/xapi/xapi_pif.mli | 6 ------ 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/ocaml/xapi/xapi_pif.ml b/ocaml/xapi/xapi_pif.ml index 04e942f4d10..baaef68714d 100644 --- a/ocaml/xapi/xapi_pif.ml +++ b/ocaml/xapi/xapi_pif.ml @@ -347,7 +347,8 @@ let assert_fcoe_not_in_use ~__context ~self = () ) -let find_or_create_network (bridge : string) (device : string) ~__context = +let find_or_create_network (bridge : string) (device : string) ~managed + ~__context = let nets = Db.Network.get_refs_where ~__context ~expr:(Eq (Field "bridge", Literal bridge)) @@ -362,7 +363,7 @@ let find_or_create_network (bridge : string) (device : string) ~__context = Db.Network.create ~__context ~ref:net_ref ~uuid:net_uuid ~current_operations:[] ~allowed_operations:[] ~name_label:(Helpers.choose_network_name_for_pif device) - ~name_description:"" ~mTU:1500L ~purpose:[] ~bridge ~managed:true + ~name_description:"" ~mTU:1500L ~purpose:[] ~bridge ~managed ~other_config:[] ~blobs:[] ~tags:[] ~default_locking_mode:`unlocked ~assigned_ips:[] in @@ -463,7 +464,7 @@ let introduce_internal ?network ?(physical = true) ~t:_ ~__context ~host ~mAC let net_ref = match network with | None -> - find_or_create_network bridge device ~__context + find_or_create_network bridge device ~managed ~__context | Some x -> x in diff --git a/ocaml/xapi/xapi_pif.mli b/ocaml/xapi/xapi_pif.mli index 93bacd86be5..07c3a85877c 100644 --- a/ocaml/xapi/xapi_pif.mli +++ b/ocaml/xapi/xapi_pif.mli @@ -175,12 +175,6 @@ val assert_usable_for_management : -> unit (** Ensure the PIF can be used for management. *) -val find_or_create_network : - string -> string -> __context:Context.t -> [`network] Ref.t -(** If a network for the given bridge already exists, then return a reference to this network, - * otherwise create a new network and return its reference. -*) - (** Convenient lookup tables for scanning etc *) type tables From 2c7bc39f821c38a5b07ef7c3cfcd0697878357a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= Date: Tue, 6 Aug 2024 16:39:18 +0100 Subject: [PATCH 3/4] CA-396743: forbid setting NBD purpose on unmanaged networks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We wouldn't be able to add the correct firewall rules, and you're not meant to use the boot from SAN network for NBD. Signed-off-by: Edwin Török --- ocaml/xapi/xapi_network.ml | 1 + 1 file changed, 1 insertion(+) diff --git a/ocaml/xapi/xapi_network.ml b/ocaml/xapi/xapi_network.ml index 3aefbad3be8..37d527a2a34 100644 --- a/ocaml/xapi/xapi_network.ml +++ b/ocaml/xapi/xapi_network.ml @@ -439,6 +439,7 @@ let assert_can_add_purpose ~__context ~network:_ ~current:_ newval = assert_no_net_has_bad_porpoise [`nbd] let add_purpose ~__context ~self ~value = + assert_network_is_managed ~__context ~self ; let current = Db.Network.get_purpose ~__context ~self in if not (List.mem value current) then ( assert_can_add_purpose ~__context ~network:self ~current value ; From 1adffbd62673f2df3be45d026f963ed8f058dc97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= Date: Tue, 6 Aug 2024 16:35:20 +0100 Subject: [PATCH 4/4] CA-396743: fix bridge name for unmanaged devices MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is no bridge for unmanaged devices, return the empty string instead of a non-existent device. Previously we would've returned 'bribft0' for the 'ibft0' interface. Signed-off-by: Edwin Török --- ocaml/xapi/xapi_pif.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ocaml/xapi/xapi_pif.ml b/ocaml/xapi/xapi_pif.ml index baaef68714d..b6067a509de 100644 --- a/ocaml/xapi/xapi_pif.ml +++ b/ocaml/xapi/xapi_pif.ml @@ -458,7 +458,7 @@ let db_forget ~__context ~self = Db.PIF.destroy ~__context ~self let introduce_internal ?network ?(physical = true) ~t:_ ~__context ~host ~mAC ~mTU ~device ~vLAN ~vLAN_master_of ?metrics ~managed ?(disallow_unplug = false) () = - let bridge = bridge_naming_convention device in + let bridge = if managed then bridge_naming_convention device else "" in (* If we are not told which network to use, * apply the default convention *) let net_ref =