Address sets for nftables and OVN #1728
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
github-actions
bot
added
Documentation
irhndt
changed the title
|
Hi, is there anything I can do to help process the PR? |
|
Nope, it's next on my list to review, just taking a bit as it's a sizable PR :) |
|
I spent a couple of hours on cleaning up the branch, mostly rebasing everything on current main and re-slicing the code in our usual commit chunks. I also did a few minor code style tweaks here and there, but nothing major. I did notice a few major changes that I'll want to make to this branch, but I'll need to do that later, maybe tomorrow evening, maybe Thursday. It's mostly around the database, changing the name of the tables to line up with our usual pattern, using the DB generator instead of manual SQL functions and a few other similar tweaks. Anyway, I also need to do an actual review of the logic and manual testing of all of this. |
|
Don't worry about the test failures, it's expected at this stage :) |
|
Good to know, looking forward to learn from your modifications ! |
|
Haven't forgotten about this but have had to deal with some priority bugs. |
|
Been making some progress on this one, but working locally so haven't pushed anything yet. I've renamed all the ExternalIDs stuff to Config for consistency, renamed the tables to our usual pattern too and put the DB generator in place to generate all the DB access code. I'm now replacing all the DB function calls with the equivalent for the generated code. After that's done, I'll want to make sure we can get the tests behaving again before I actually review the content of the commits. |
|
Yes, at first glance I used ExternalIDs while reading OVN man pages however after I have seen that ACL for example had the same field under config... Forgot to change to comply but I should have done it. Concerning DB function I want to see how you do that as I don't get exactly what is the 'equivalent'. When I took a look at failed tests last week I saw that we have failure on the PATCH request test. I was able to get it to work on my computer but once I ran it in github action it wouldn't, so as everything else was ok in github actions I commented it out. So we may want to check other tests are behaving before tackling the patch issue. Thanks for the heads up! |
|
Just pushing an intermediate state. I've moved everything to the DB generator, code builds, static analysis looks clean, so I want to get an idea of what I broke before I clean things up and review the rest. |
|
HI, I took a look at the error:
I think the issue lies in the GetConfig function in |
Yeah, I know, but this is generated code. You can't change that file as it will get overwritten. I reached out to @masnax about the database generator and what we need to do to make it behave given the name of the tables involved. |
stgraber
force-pushed
the
main
branch
11 times, most recently
from
3e1ee93 to
d91fb72
Compare
Signed-off-by: Stéphane Graber <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Isidore Reinhardt <[email protected]>
Signed-off-by: Stéphane Graber <[email protected]>
|
The OVN behavior seems fine now. Going to quickly recheck the nftables one. |
|
nftables implementation seems to still work as expected here, so I think we're good to go! |
|
Thanks for all the work @irhndt ! |
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
May 10, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [lxc/incus](https://github.com/lxc/incus) | minor | `v6.11.0` -> `v6.12.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>lxc/incus (lxc/incus)</summary> ### [`v6.12.0`](https://github.com/lxc/incus/releases/tag/v6.12.0): Incus 6.12 [Compare Source](lxc/incus@v6.11.0...v6.12.0) ### Announcement https://discuss.linuxcontainers.org/t/incus-6-12-has-been-released/23556 #### What's Changed - doc: Fix missing OCI section by [@​stgraber](https://github.com/stgraber) in lxc/incus#1855 - doc: Fix config option reference on LINSTOR driver by [@​luissimas](https://github.com/luissimas) in lxc/incus#1857 - Add support for server-side filtering by instance name by [@​presztak](https://github.com/presztak) in lxc/incus#1856 - incusd/instance/lxc: Fix max gid when in a privileged container by [@​stgraber](https://github.com/stgraber) in lxc/incus#1859 - Fix some static analysis nits by [@​stgraber](https://github.com/stgraber) in lxc/incus#1860 - README: Fix typo by [@​stgraber](https://github.com/stgraber) in lxc/incus#1861 - Docs: correct restriction on `path` option by [@​gwenya](https://github.com/gwenya) in lxc/incus#1862 - lxd-to-incus: Fix typo in trigger by [@​stgraber](https://github.com/stgraber) in lxc/incus#1865 - incusd/instance/edk2: Limit test to UEFI architectures by [@​stgraber](https://github.com/stgraber) in lxc/incus#1866 - doc: Tweak ACME documentation by [@​stgraber](https://github.com/stgraber) in lxc/incus#1868 - instances/drivers/qemu: update user parameter for QEMU v9.1+ by [@​dnegreira](https://github.com/dnegreira) in lxc/incus#1871 - OCI improvements by [@​stgraber](https://github.com/stgraber) in lxc/incus#1873 - Support server-side filtering by [@​presztak](https://github.com/presztak) in lxc/incus#1872 - Enable filtering with the `all-projects` flag when listing images by [@​presztak](https://github.com/presztak) in lxc/incus#1874 - Improve migration by [@​stgraber](https://github.com/stgraber) in lxc/incus#1878 - incusd/storage: Add missing forwarding on snapshot list by [@​stgraber](https://github.com/stgraber) in lxc/incus#1882 - incusd/instance/common: Fix concurrent restarts by [@​stgraber](https://github.com/stgraber) in lxc/incus#1884 - Fix all static analysis in client/, shared/ and cmd/incus/ by [@​stgraber](https://github.com/stgraber) in lxc/incus#1883 - generate-database: Fix documentation for `ignore` by [@​breml](https://github.com/breml) in lxc/incus#1885 - incusd/response: Remove redundant line break in error by [@​stgraber](https://github.com/stgraber) in lxc/incus#1886 - RFC 3442 compliance in forknet dhcp client by [@​gwenya](https://github.com/gwenya) in lxc/incus#1887 - incus-agent: Retry mounts to avoid kernel races by [@​stgraber](https://github.com/stgraber) in lxc/incus#1888 - Address sets for nftables and OVN by [@​irhndt](https://github.com/irhndt) in lxc/incus#1728 - incusd/operations: Fix WaitGet on op failure by [@​stgraber](https://github.com/stgraber) in lxc/incus#1894 - Update list of compresors by [@​stgraber](https://github.com/stgraber) in lxc/incus#1892 - Add snapshot pre-fetching support by [@​stgraber](https://github.com/stgraber) in lxc/incus#1891 - incusd/instance/lxc: Use pre-existing PATH when not overridden by [@​stgraber](https://github.com/stgraber) in lxc/incus#1895 - incusd/acme: Include CA in generate certificate by [@​stgraber](https://github.com/stgraber) in lxc/incus#1897 - Usability improvements to incus-migrate by [@​stgraber](https://github.com/stgraber) in lxc/incus#1898 - client/incus: Fix non-constant format strings by [@​c4t3l](https://github.com/c4t3l) in lxc/incus#1899 - docs: mDNS setup for cluster HA by [@​MOZGIII](https://github.com/MOZGIII) in lxc/incus#1896 - Support filtering storage volumes by a single keyword by [@​presztak](https://github.com/presztak) in lxc/incus#1915 - incusd/instance/qemu: Clean leftover sockets on startup by [@​stgraber](https://github.com/stgraber) in lxc/incus#1916 - incusd: Implement Incus OS API forwarding by [@​stgraber](https://github.com/stgraber) in lxc/incus#1918 - Add generated documentation for network bridge by [@​NathanChase22](https://github.com/NathanChase22) in lxc/incus#1920 - doc: Use `$USER` instead of YOUR-USERNAME by [@​bjackman](https://github.com/bjackman) in lxc/incus#1922 - doc: Ignore link that's blocking Azure by [@​stgraber](https://github.com/stgraber) in lxc/incus#1924 - Storage bugfixes by [@​bensmrs](https://github.com/bensmrs) in lxc/incus#1923 - incusd/patches: Refresh OpenFGA model for address sets by [@​stgraber](https://github.com/stgraber) in lxc/incus#1925 - Add generated documentation for network forwards by [@​tonyn10](https://github.com/tonyn10) in lxc/incus#1926 - Add support for configurable logging targets by [@​presztak](https://github.com/presztak) in lxc/incus#1903 - Port tpm device documentation to gendoc by [@​saahirN](https://github.com/saahirN) in lxc/incus#1929 - Allow basic connectivity under nftables by [@​stgraber](https://github.com/stgraber) in lxc/incus#1930 - incusd/storage/zfs: Make CacheVolumeSnapshots failures non-fatal by [@​stgraber](https://github.com/stgraber) in lxc/incus#1931 - incusd/instance/lxc: Restrict unprivileged ping to recent kernels by [@​stgraber](https://github.com/stgraber) in lxc/incus#1934 - Implement SNAT as part of network forwards by [@​stgraber](https://github.com/stgraber) in lxc/incus#1935 - incusd/apparmor/lxc: Allow write access to /proc/sys/user by [@​zgttotev](https://github.com/zgttotev) in lxc/incus#1937 - incusd/instance/lxc: Defer calls to the scheduler by [@​stgraber](https://github.com/stgraber) in lxc/incus#1938 - shared/archive: Prevent xattr errors from crashing unsquashfs by [@​zgttotev](https://github.com/zgttotev) in lxc/incus#1939 - Extend use of ZFS pre-caching by [@​stgraber](https://github.com/stgraber) in lxc/incus#1941 - Add common aliases for add/create remove/delete/rm in the CLI by [@​joecwilson](https://github.com/joecwilson) in lxc/incus#1943 - feat: support access_token query parameter as JWT fallback by [@​irtaza9](https://github.com/irtaza9) in lxc/incus#1940 - Memory hotplug support for VMs by [@​presztak](https://github.com/presztak) in lxc/incus#1945 - incusd: Remove old routing logic by [@​stgraber](https://github.com/stgraber) in lxc/incus#1947 - Fix refresh migrations in cluster and speed up ZFS startup by [@​stgraber](https://github.com/stgraber) in lxc/incus#1946 - incusd/devices: Don't require a serial number for USB hotplug by [@​stgraber](https://github.com/stgraber) in lxc/incus#1949 - Move tls testing functions to tlstest by [@​nanjj](https://github.com/nanjj) in lxc/incus#1948 - Remove Rican7/retry dependency by [@​nanjj](https://github.com/nanjj) in lxc/incus#1952 - Port `proxy` device documentation to `gendoc` by [@​Abdomash](https://github.com/Abdomash) in lxc/incus#1953 - Port gpu device documentation to gendoc by [@​kmxtn](https://github.com/kmxtn) in lxc/incus#1954 - Port nic device documentation to gendoc by [@​rahafjrw](https://github.com/rahafjrw) in lxc/incus#1956 - Remove arping dependency by [@​ahmetfturhan](https://github.com/ahmetfturhan) in lxc/incus#1958 - Remove gocapability dependency by [@​nanjj](https://github.com/nanjj) in lxc/incus#1957 - Infiniband Device Documentation Ported to GenDoc by [@​AbhinavTiruvee](https://github.com/AbhinavTiruvee) in lxc/incus#1962 - Replace rebfig/cron/v3 with adhocore/gronx by [@​nanjj](https://github.com/nanjj) in lxc/incus#1959 - Update help of `incus storage list` by [@​stgraber](https://github.com/stgraber) in lxc/incus#1968 - shared/api/scriptlet: Add yaml struct tags by [@​breml](https://github.com/breml) in lxc/incus#1973 - incusd/storage/migration: Check instance size during migration by [@​stgraber](https://github.com/stgraber) in lxc/incus#1971 - Logfile for forknet dhcp by [@​gwenya](https://github.com/gwenya) in lxc/incus#1976 - Add dhcp static routes via 0.0.0.0 with link scope in forknet by [@​gwenya](https://github.com/gwenya) in lxc/incus#1977 - incusd/device/disk: Fix registration of custom volumes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1980 - Add server side filtering for `incus profile list` by [@​Abdomash](https://github.com/Abdomash) in lxc/incus#1982 - Fix reference passing when yaml unmarshal by [@​nanjj](https://github.com/nanjj) in lxc/incus#1984 - Various fixes by [@​stgraber](https://github.com/stgraber) in lxc/incus#1983 - scriptlet: Return proper error by [@​breml](https://github.com/breml) in lxc/incus#1986 - incusd/instance: Also consider local CPU flags by [@​stgraber](https://github.com/stgraber) in lxc/incus#1987 - Cap maximum VM memory to match host memory total by [@​stgraber](https://github.com/stgraber) in lxc/incus#1988 #### New Contributors - [@​dnegreira](https://github.com/dnegreira) made their first contribution in lxc/incus#1871 - [@​c4t3l](https://github.com/c4t3l) made their first contribution in lxc/incus#1899 - [@​MOZGIII](https://github.com/MOZGIII) made their first contribution in lxc/incus#1896 - [@​NathanChase22](https://github.com/NathanChase22) made their first contribution in lxc/incus#1920 - [@​bjackman](https://github.com/bjackman) made their first contribution in lxc/incus#1922 - [@​tonyn10](https://github.com/tonyn10) made their first contribution in lxc/incus#1926 - [@​saahirN](https://github.com/saahirN) made their first contribution in lxc/incus#1929 - [@​zgttotev](https://github.com/zgttotev) made their first contribution in lxc/incus#1937 - [@​joecwilson](https://github.com/joecwilson) made their first contribution in lxc/incus#1943 - [@​irtaza9](https://github.com/irtaza9) made their first contribution in lxc/incus#1940 - [@​Abdomash](https://github.com/Abdomash) made their first contribution in lxc/incus#1953 - [@​kmxtn](https://github.com/kmxtn) made their first contribution in lxc/incus#1954 - [@​rahafjrw](https://github.com/rahafjrw) made their first contribution in lxc/incus#1956 - [@​ahmetfturhan](https://github.com/ahmetfturhan) made their first contribution in lxc/incus#1958 - [@​AbhinavTiruvee](https://github.com/AbhinavTiruvee) made their first contribution in lxc/incus#1962 **Full Changelog**: lxc/incus@v6.11.0...v6.12.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4xMS4yIiwidXBkYXRlZEluVmVyIjoiNDAuMTEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #1450
This pull request add address sets support for incus, more precisely it allows the use of named sets for nftables and address sets in OVN.
This is my first 'real' contribution and first go project. You may want to check important logic parts in nftables and ovn drivers.
Notes: