From patchwork Fri Jan 19 21:33:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mark Michelson X-Patchwork-Id: 1888674 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ZeWcrW77; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=patchwork.ozlabs.org) Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4TGtCY1Zzcz1yWl for ; Sat, 20 Jan 2024 08:33:43 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id 0D8094395F; Fri, 19 Jan 2024 21:33:41 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 0D8094395F Authentication-Results: smtp2.osuosl.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ZeWcrW77 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hK4l6Ac5fUjy; Fri, 19 Jan 2024 21:33:39 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp2.osuosl.org (Postfix) with ESMTPS id C2617401B1; Fri, 19 Jan 2024 21:33:38 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org C2617401B1 Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 94AE3C0077; Fri, 19 Jan 2024 21:33:38 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 48B8BC0037 for ; Fri, 19 Jan 2024 21:33:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 1EAC660BE5 for ; Fri, 19 Jan 2024 21:33:37 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1EAC660BE5 Authentication-Results: smtp3.osuosl.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=ZeWcrW77 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SnTDNIKOvfgu for ; Fri, 19 Jan 2024 21:33:36 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by smtp3.osuosl.org (Postfix) with ESMTPS id 4647660B8A for ; Fri, 19 Jan 2024 21:33:36 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 4647660B8A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1705700015; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IDXtXYNCeZaOl+5L48H0h9zn8RNNIO8sy5yYOHcZUoU=; b=ZeWcrW77ZBKVg4YhOU+e8z+UKeEKcTiJro4VUbL4KrXHHHgqcJTh6sHn/btsw9ZH76uKGm 244m4nDe4a52c9ecUbyBoIw+w9aWNJMvMp5aNmNq0NaVe7Zcw4w2EhYxJiV8mXUNAS4WOc zEJoxBEiq0uxzXJlGg7ldZY8mNPrhS8= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-120-4qApb784M7qRxsrJkC7VDw-1; Fri, 19 Jan 2024 16:33:33 -0500 X-MC-Unique: 4qApb784M7qRxsrJkC7VDw-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5CADC8353E4 for ; Fri, 19 Jan 2024 21:33:33 +0000 (UTC) Received: from localhost.redhat.com (unknown [10.22.50.17]) by smtp.corp.redhat.com (Postfix) with ESMTP id EBBD040D1B61 for ; Fri, 19 Jan 2024 21:33:32 +0000 (UTC) From: Mark Michelson To: dev@openvswitch.org Date: Fri, 19 Jan 2024 16:33:29 -0500 Message-Id: <20240119213331.454896-2-mmichels@redhat.com> In-Reply-To: <20240119213331.454896-1-mmichels@redhat.com> References: <20240119213331.454896-1-mmichels@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Subject: [ovs-dev] [PATCH ovn 2/4] rbac: Only allow relevant chassis to update service monitors. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Service monitors already had the restriction that chassis could not insert or delete records. However, there was nothing restricting chassis from updating records for service monitors that are relevant to other chassis. This change adds a new "chassis_name" column to the Service_Monitor table. ovn-northd will set this column to the chassis on which the relevant logical port is bound. This way, only that particular chassis can update the status of the service monitor. --- northd/northd.c | 19 +++++++++++++++++-- northd/ovn-northd.c | 2 +- ovn-sb.ovsschema | 5 +++-- ovn-sb.xml | 4 ++++ 4 files changed, 25 insertions(+), 5 deletions(-) diff --git a/northd/northd.c b/northd/northd.c index 952f8200d..9821fcef5 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -3841,13 +3841,19 @@ static struct service_monitor_info * create_or_get_service_mon(struct ovsdb_idl_txn *ovnsb_txn, struct hmap *monitor_map, const char *ip, const char *logical_port, - uint16_t service_port, const char *protocol) + uint16_t service_port, const char *protocol, + const char *chassis_name) { struct service_monitor_info *mon_info = get_service_mon(monitor_map, ip, logical_port, service_port, protocol); if (mon_info) { + if (chassis_name && strcmp(mon_info->sbrec_mon->chassis_name, + chassis_name)) { + sbrec_service_monitor_set_chassis_name(mon_info->sbrec_mon, + chassis_name); + } return mon_info; } @@ -3862,6 +3868,9 @@ create_or_get_service_mon(struct ovsdb_idl_txn *ovnsb_txn, sbrec_service_monitor_set_port(sbrec_mon, service_port); sbrec_service_monitor_set_logical_port(sbrec_mon, logical_port); sbrec_service_monitor_set_protocol(sbrec_mon, protocol); + if (chassis_name) { + sbrec_service_monitor_set_chassis_name(sbrec_mon, chassis_name); + } mon_info = xzalloc(sizeof *mon_info); mon_info->sbrec_mon = sbrec_mon; hmap_insert(monitor_map, &mon_info->hmap_node, hash); @@ -3904,12 +3913,18 @@ ovn_lb_svc_create(struct ovsdb_idl_txn *ovnsb_txn, protocol = "tcp"; } + const char *chassis_name = NULL; + if (op->sb && op->sb->chassis) { + chassis_name = op->sb->chassis->name; + } + struct service_monitor_info *mon_info = create_or_get_service_mon(ovnsb_txn, monitor_map, backend->ip_str, backend_nb->logical_port, backend->port, - protocol); + protocol, + chassis_name); ovs_assert(mon_info); sbrec_service_monitor_set_options( mon_info->sbrec_mon, &lb_vip_nb->lb_health_check->options); diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index f51dbecb4..ef580b561 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -114,7 +114,7 @@ static const char *rbac_mac_binding_update[] = {"logical_port", "ip", "mac", "datapath", "timestamp"}; static const char *rbac_svc_monitor_auth[] = - {""}; + {"chassis_name"}; static const char *rbac_svc_monitor_auth_update[] = {"status"}; static const char *rbac_igmp_group_auth[] = diff --git a/ovn-sb.ovsschema b/ovn-sb.ovsschema index 9cf91c8f7..563d1a215 100644 --- a/ovn-sb.ovsschema +++ b/ovn-sb.ovsschema @@ -1,7 +1,7 @@ { "name": "OVN_Southbound", - "version": "20.31.0", - "cksum": "3395536250 31224", + "version": "20.32.0", + "cksum": "482767101 31276", "tables": { "SB_Global": { "columns": { @@ -510,6 +510,7 @@ "logical_port": {"type": "string"}, "src_mac": {"type": "string"}, "src_ip": {"type": "string"}, + "chassis_name": {"type": "string"}, "status": { "type": {"key": {"type": "string", "enum": ["set", ["online", "offline", "error"]]}, diff --git a/ovn-sb.xml b/ovn-sb.xml index 411074083..046913201 100644 --- a/ovn-sb.xml +++ b/ovn-sb.xml @@ -4818,6 +4818,10 @@ tcp.flags = RST; Source IPv4 address to use in the service monitor packet. + + The name of the chassis where the logical port is bound. + + The interval, in seconds, between service monitor checks.