Add VXLAN support (#64)

* Add vxlan charm config

* Add disable-vxlan-tx-checksumming config

* Add missing FELIX_VXLANMTU config

config.yaml

@@ -14,7 +14,16 @@ options:
     type: string
     default: Never
     description: |
-      IPIP mode. Must be one of "Always", "CrossSubnet", or "Never".
+      IPIP encapsulation mode. Must be one of "Always", "CrossSubnet", or "Never".
+      This is incompatible with VXLAN encapsulation. If VXLAN encapsulation is
+      enabled, then this must be set to "Never".
+  vxlan:
+    type: string
+    default: Never
+    description: |
+      VXLAN encapsulation mode. Must be one of "Always", "CrossSubnet", or "Never".
+      This is incompatible with IPIP encapsulation. If IPIP encapsulation is
+      enabled, then this must be set to "Never".
   veth-mtu:
     type: int
     default:
@@ -121,3 +130,11 @@ options:
     description: |
       Enable or disable IgnoreLooseRPF for Calico Felix.  This is only used
       when rp_filter is set to a value of 2.
+  disable-vxlan-tx-checksumming:
+    type: boolean
+    default: true
+    description: |
+      When set to true, if VXLAN encapsulation is in use, then the charm will
+      disable TX checksumming on the vxlan.calico network interface. This works
+      around an upstream issue in Calico:
+      https://github.com/projectcalico/calico/issues/3145

reactive/calico.py

@@ -247,11 +247,11 @@ def get_mtu(overlay_interface=False):
     if not charm_config('veth-mtu'):
         return None
     if overlay_interface:
-        return charm_config('veth-mtu') if charm_config('ipip') == 'Never' \
-           else (charm_config('veth-mtu') - 50)
-    else:
-        return charm_config('veth-mtu')
-    return None
+        ipip_enabled = charm_config('ipip') != 'Never'
+        vxlan_enabled = charm_config('vxlan') != 'Never'
+        if ipip_enabled or vxlan_enabled:
+            return charm_config('veth-mtu') - 50
+    return charm_config('veth-mtu')
 
 
 def get_bind_address():
@@ -363,21 +363,26 @@ def configure_calico_pool():
                 'spec': {
                     'cidr': cidr,
                     'ipipMode': config['ipip'],
+                    'vxlanMode': config['vxlan'],
                     'natOutgoing': config['nat-outgoing'],
                 }
             }
 
             calicoctl_apply(pool)
     except CalledProcessError:
         log(traceback.format_exc())
-        status.waiting('Waiting to retry calico pool configuration')
+        if config['ipip'] != 'Never' and config['vxlan'] != 'Never':
+            status.blocked('ipip and vxlan configs are in conflict')
+        else:
+            status.waiting('Waiting to retry calico pool configuration')
         return
 
     set_state('calico.pool.configured')
 
 
 @when_any('config.changed.ipip', 'config.changed.nat-outgoing',
-          'config.changed.cidr', 'config.changed.manage-pools')
+          'config.changed.cidr', 'config.changed.manage-pools',
+          'config.changed.vxlan')
 def reconfigure_calico_pool():
     ''' Reconfigure the Calico IP pool '''
     remove_state('calico.pool.configured')
@@ -672,6 +677,22 @@ def repull_calico_node_image():
     remove_state('calico.service.installed')
 
 
+@when('calico.service.installed', 'calico.pool.configured')
+def disable_vxlan_tx_checksumming():
+    '''Workaround for https://github.com/projectcalico/calico/issues/3145'''
+    config = charm_config()
+
+    if config['disable-vxlan-tx-checksumming'] and config['vxlan'] != 'Never':
+        cmd = ['ethtool', '-K', 'vxlan.calico', 'tx-checksum-ip-generic',
+               'off']
+        try:
+            check_call(cmd)
+        except CalledProcessError:
+            msg = 'Waiting to retry disabling VXLAN TX checksumming'
+            log(msg)
+            status.waiting(msg)
+
+
 def calicoctl_get(*args):
     args = ['get', '-o', 'yaml', '--export'] + list(args)
     output = calicoctl(*args)

templates/calico-node.service

@@ -32,6 +32,7 @@ ExecStart=/usr/local/sbin/charm-env --charm calico conctl run \
   --env FELIX_IGNORELOOSERPF={{ ignore_loose_rpf | string | lower }} \
   {% if mtu -%}
   --env FELIX_IPINIPMTU={{ mtu }} \
+  --env FELIX_VXLANMTU={{ mtu }} \
   {% endif -%}
   --mount /lib/modules:/lib/modules \
   --mount /var/run/calico:/var/run/calico \