Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add VXLAN support #64

Merged
merged 3 commits into from
Oct 27, 2020
Merged

Add VXLAN support #64

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3d0940c
Add vxlan charm config
Oct 13, 2020
7f3d737
Add disable-vxlan-tx-checksumming config
Oct 19, 2020
ffdf3cc
Add missing FELIX_VXLANMTU config
Oct 27, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
19 changes: 18 additions & 1 deletion config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,16 @@ options:
type: string
default: Never
description: |
IPIP mode. Must be one of "Always", "CrossSubnet", or "Never".
IPIP encapsulation mode. Must be one of "Always", "CrossSubnet", or "Never".
This is incompatible with VXLAN encapsulation. If VXLAN encapsulation is
enabled, then this must be set to "Never".
vxlan:
type: string
default: Never
description: |
VXLAN encapsulation mode. Must be one of "Always", "CrossSubnet", or "Never".
This is incompatible with IPIP encapsulation. If IPIP encapsulation is
enabled, then this must be set to "Never".
veth-mtu:
type: int
default:
Expand Down Expand Up @@ -121,3 +130,11 @@ options:
description: |
Enable or disable IgnoreLooseRPF for Calico Felix. This is only used
when rp_filter is set to a value of 2.
disable-vxlan-tx-checksumming:
type: boolean
default: true
description: |
When set to true, if VXLAN encapsulation is in use, then the charm will
disable TX checksumming on the vxlan.calico network interface. This works
around an upstream issue in Calico:
https://github.com/projectcalico/calico/issues/3145
35 changes: 28 additions & 7 deletions reactive/calico.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,11 +247,11 @@ def get_mtu(overlay_interface=False):
if not charm_config('veth-mtu'):
return None
if overlay_interface:
return charm_config('veth-mtu') if charm_config('ipip') == 'Never' \
else (charm_config('veth-mtu') - 50)
else:
return charm_config('veth-mtu')
return None
ipip_enabled = charm_config('ipip') != 'Never'
vxlan_enabled = charm_config('vxlan') != 'Never'
if ipip_enabled or vxlan_enabled:
return charm_config('veth-mtu') - 50
johnsca marked this conversation as resolved.
Show resolved Hide resolved
return charm_config('veth-mtu')


def get_bind_address():
Expand Down Expand Up @@ -363,21 +363,26 @@ def configure_calico_pool():
'spec': {
'cidr': cidr,
'ipipMode': config['ipip'],
'vxlanMode': config['vxlan'],
'natOutgoing': config['nat-outgoing'],
}
}

calicoctl_apply(pool)
except CalledProcessError:
log(traceback.format_exc())
status.waiting('Waiting to retry calico pool configuration')
if config['ipip'] != 'Never' and config['vxlan'] != 'Never':
status.blocked('ipip and vxlan configs are in conflict')
else:
status.waiting('Waiting to retry calico pool configuration')
return

set_state('calico.pool.configured')


@when_any('config.changed.ipip', 'config.changed.nat-outgoing',
'config.changed.cidr', 'config.changed.manage-pools')
'config.changed.cidr', 'config.changed.manage-pools',
'config.changed.vxlan')
def reconfigure_calico_pool():
''' Reconfigure the Calico IP pool '''
remove_state('calico.pool.configured')
Expand Down Expand Up @@ -672,6 +677,22 @@ def repull_calico_node_image():
remove_state('calico.service.installed')


@when('calico.service.installed', 'calico.pool.configured')
def disable_vxlan_tx_checksumming():
'''Workaround for https://github.com/projectcalico/calico/issues/3145'''
config = charm_config()

if config['disable-vxlan-tx-checksumming'] and config['vxlan'] != 'Never':
cmd = ['ethtool', '-K', 'vxlan.calico', 'tx-checksum-ip-generic',
'off']
Comment on lines +686 to +687
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any cost to doing this every hook, or should we try to be smarter and limit it to only install and machine restart?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is a time cost, of course, but not a huge one. Ideally we would do something smarter here, but I'm hopeful that this will only be a temporary workaround - one that we can remove after we upgrade to Calico 3.16.x.

try:
check_call(cmd)
except CalledProcessError:
msg = 'Waiting to retry disabling VXLAN TX checksumming'
log(msg)
status.waiting(msg)


def calicoctl_get(*args):
args = ['get', '-o', 'yaml', '--export'] + list(args)
output = calicoctl(*args)
Expand Down
1 change: 1 addition & 0 deletions templates/calico-node.service
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ ExecStart=/usr/local/sbin/charm-env --charm calico conctl run \
--env FELIX_IGNORELOOSERPF={{ ignore_loose_rpf | string | lower }} \
{% if mtu -%}
--env FELIX_IPINIPMTU={{ mtu }} \
--env FELIX_VXLANMTU={{ mtu }} \
{% endif -%}
--mount /lib/modules:/lib/modules \
--mount /var/run/calico:/var/run/calico \
Expand Down