Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for user-defined network interface order (kvm only) #4452

Merged
merged 5 commits into from
Dec 6, 2024

Conversation

milan-zededa
Copy link
Contributor

@milan-zededa milan-zededa commented Dec 2, 2024

Currently, when application has both virtual network interfaces
configured and some network devices directly assigned, EVE will first
attach virtual interfaces in the order that follows ACL IDs (a historical
workaround for missing interface order field), followed by directly assigned
network adapters, in the order of the AppInstanceConfig.adapters list.

To allow the user to specify the order between all application
network interfaces (across both virtual and passthrough devices), we
introduced a new boolean flag EnforceNetworkInterfaceOrder inside
the application instance config and allow the controller to pass the order
requirements for all the application network adapters.

For the KVM hypervisor, and depending on the application’s operating system,
we can influence the interface order through the PCI topology. A network
device that should appear earlier in the interface list is assigned a lower
PCI address. This ensures the desired network interface order, at least for
Linux-based operating systems with systemd. However, there are
limitations when assigning multifunction PCI devices to applications.
Specifically, the functions of a multifunction device cannot be interleaved
with other virtual or passthrough devices. If the user configures a network
interface order that violates this constraint, EVE will report an error for
the application, and it will not be started.

In a separate commit, I have also cleaned up Go templates used for generating
Qemu config a bit. Specifically, I moved parsing of the templates into the init
function (we only need to do it once) and declared contexts for templates as proper
(not inline) types for better readability.

@milan-zededa
Copy link
Contributor Author

I'm going to ignore this yetus complain:

yetus: pkg/pillar/hypervisor/kvm_test.go#L15
revive: should not use dot imports https://revive.run/r#dot-imports

Importing gomega directly makes tests more readable...

@milan-zededa milan-zededa changed the title Add support for user-defined network interface order to domainmgr/kvm Add support for user-defined network interface order (kvm only) Dec 2, 2024
@OhmSpectator
Copy link
Member

Is it still a draft, or is it better to start reviewing?

@milan-zededa
Copy link
Contributor Author

Is it still a draft, or is it better to start reviewing?

I left it in the draft state until we complete the end-to-end testing.
But you can start reviewing - it is better if we find out that something is very wrong in this PR sooner rather than later.

Copy link
Member

@OhmSpectator OhmSpectator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have reviewed only the first commit now... Will continue.

pkg/pillar/hypervisor/kvm.go Outdated Show resolved Hide resolved
pkg/pillar/hypervisor/kvm.go Show resolved Hide resolved
pkg/pillar/hypervisor/kvm.go Show resolved Hide resolved
pkg/pillar/hypervisor/kvm.go Outdated Show resolved Hide resolved
pkg/pillar/hypervisor/kvm.go Outdated Show resolved Hide resolved
pkg/pillar/hypervisor/kvm.go Outdated Show resolved Hide resolved
pkg/pillar/hypervisor/kvm.go Show resolved Hide resolved
@github-actions github-actions bot requested a review from OhmSpectator December 3, 2024 10:13
@milan-zededa milan-zededa force-pushed the app-interface-order branch 2 times, most recently from 7ea1ee6 to 38c620c Compare December 3, 2024 10:34
pkg/pillar/hypervisor/kubevirt.go Outdated Show resolved Hide resolved
pkg/pillar/hypervisor/xen.go Show resolved Hide resolved
return nil
}

func (f *pciAssignmentsTemplateFiller) do(file io.Writer, pciAssignments []pciDevice, pciID int) error {
func (f *pciAssignmentsTemplateFiller) do(file io.Writer, pciAssignments []pciDevice) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@christoph-zededa, could you please take a look at the changes here as well? I'm looking at it now, but it would be nice if you have a look, too =)

Copy link
Member

@OhmSpectator OhmSpectator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, it looks good to me. I hope the testing is successful.
Also, I would like @christoph-zededa and @rucoder to go through the code.

Adapter (direct assignment) and NetworkAdapter (VIF) now allow to
configure the desired application network interface order. EVE ability
to enforce the order is limited, however.

Signed-off-by: Milan Lenco <[email protected]>
Move parsing of the templates into the init function (we only need to do
it once) and declare contexts for templates as proper (not inline) types
for better readability.

Signed-off-by: Milan Lenco <[email protected]>
Parse newly added interface order fields and the EnforceNetworkInterfaceOrder
boolean option.

Signed-off-by: Milan Lenco <[email protected]>
Currently, when application has both virtual network interfaces
configured and some network devices directly assigned, EVE will first
attach virtual interfaces in the order that follows ACL IDs (a historical
workaround for missing interface order field), followed by directly assigned
network adapters, in the order of the AppInstanceConfig.adapters list.

To allow the user to specify the order between all application
network interfaces (across both virtual and passthrough devices), we
introduced a new boolean flag EnforceNetworkInterfaceOrder inside
the application instance config and allow the controller to pass the order
requirements for all the application network adapters.

For the KVM hypervisor, and depending on the application’s operating system,
we can influence the interface order through the PCI topology. A network
device that should appear earlier in the interface list is assigned a lower
PCI address. This ensures the desired network interface order, at least for
Linux-based operating systems with systemd (see [1]). However, there are
limitations when assigning multifunction PCI devices to applications.
Specifically, the functions of a multifunction device cannot be interleaved
with other virtual or passthrough devices. If the user configures a network
interface order that violates this constraint, EVE will report an error for
the application, and it will not be started.

[1] https://www.freedesktop.org/software/systemd/man/latest/systemd.net-naming-scheme.html

Signed-off-by: Milan Lenco <[email protected]>
Describe both the legacy and the user-enforced interface ordering
with all its limitations.

Signed-off-by: Milan Lenco <[email protected]>
@milan-zededa milan-zededa marked this pull request as ready for review December 6, 2024 10:00
@milan-zededa
Copy link
Contributor Author

Marking this as ready for review so that it is not blocked from merging. However, I didn't get a chance to test it end-to-end since the controller is not ready and I also wasn't yet provided access to the target edge device.
I might test it later when I'm on vacation but can't promise...

Copy link
Contributor

@eriknordmark eriknordmark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Run tests

@eriknordmark eriknordmark merged commit 121fed8 into lf-edge:master Dec 6, 2024
39 of 40 checks passed
@OhmSpectator
Copy link
Member

@eriknordmark , do we need to port it to 13.4 to be a part of the upcoming release?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants