|
 |
a8ca92 |
From 316f4fc3333627bcd3aef44c4a469cd6c04360ef Mon Sep 17 00:00:00 2001
|
|
|
a8ca92 |
From: Gris Ge <fge@redhat.com>
|
|
|
a8ca92 |
Date: Tue, 20 Sep 2022 21:35:47 +0800
|
|
|
a8ca92 |
Subject: [PATCH 2/2] ip: allow extra IP address found in verification stage
|
|
|
a8ca92 |
|
|
|
a8ca92 |
When nmstate applying the network state, there might be another tool
|
|
|
a8ca92 |
changing the IP addresses of interface, which lead to verification error
|
|
|
a8ca92 |
as extra IP address found. This is valid use case in kubernetes-nmstate
|
|
|
a8ca92 |
where keepalived is trying to add VIP(192.168.111.4) to certain interface.
|
|
|
a8ca92 |
|
|
|
a8ca92 |
To support that, we introduce `InterfaceIP.ALLOW_EXTRA_ADDRESS` with
|
|
|
a8ca92 |
default set to true, nmstate verification will ignore extra IP address
|
|
|
a8ca92 |
after applied.
|
|
|
a8ca92 |
|
|
|
a8ca92 |
Considering this is a very corner case, and could make the life of of
|
|
|
a8ca92 |
OpenshiftSDN engineer easier, I would suggest we accept this breaker of
|
|
|
a8ca92 |
API behavior.
|
|
|
a8ca92 |
|
|
|
a8ca92 |
It is hard to reproduce it in integration test case, hence only added
|
|
|
a8ca92 |
unit test cases.
|
|
|
a8ca92 |
|
|
|
a8ca92 |
Signed-off-by: Gris Ge <fge@redhat.com>
|
|
|
a8ca92 |
---
|
|
|
a8ca92 |
libnmstate/ifaces/base_iface.py | 20 ++++++
|
|
|
a8ca92 |
libnmstate/schema.py | 1 +
|
|
|
a8ca92 |
tests/lib/ifaces/base_iface_test.py | 98 +++++++++++++++++++++++++++++
|
|
|
a8ca92 |
tests/lib/testlib/constants.py | 2 +
|
|
|
a8ca92 |
4 files changed, 121 insertions(+)
|
|
|
a8ca92 |
|
|
|
a8ca92 |
diff --git a/libnmstate/ifaces/base_iface.py b/libnmstate/ifaces/base_iface.py
|
|
|
a8ca92 |
index e1b45617..fb2b7bb6 100644
|
|
|
a8ca92 |
--- a/libnmstate/ifaces/base_iface.py
|
|
|
a8ca92 |
+++ b/libnmstate/ifaces/base_iface.py
|
|
|
a8ca92 |
@@ -403,6 +403,10 @@ class BaseIface:
|
|
|
a8ca92 |
def match(self, other):
|
|
|
a8ca92 |
self_state = self.state_for_verify()
|
|
|
a8ca92 |
other_state = other.state_for_verify()
|
|
|
a8ca92 |
+ for family in (Interface.IPV4, Interface.IPV6):
|
|
|
a8ca92 |
+ apply_allow_extra_address(
|
|
|
a8ca92 |
+ self_state.get(family, {}), other_state.get(family, {})
|
|
|
a8ca92 |
+ )
|
|
|
a8ca92 |
return state_match(self_state, other_state)
|
|
|
a8ca92 |
|
|
|
a8ca92 |
def state_for_verify(self):
|
|
|
a8ca92 |
@@ -537,3 +541,19 @@ def _convert_ovs_external_ids_values_to_string(iface_info):
|
|
|
a8ca92 |
)
|
|
|
a8ca92 |
for key, value in external_ids.items():
|
|
|
a8ca92 |
external_ids[key] = str(value)
|
|
|
a8ca92 |
+
|
|
|
a8ca92 |
+
|
|
|
a8ca92 |
+# When `ALLOW_EXTRA_ADDRESS:True`, we should remove extra IP address in
|
|
|
a8ca92 |
+# current.
|
|
|
a8ca92 |
+def apply_allow_extra_address(desire_ip_state, current_ip_state):
|
|
|
a8ca92 |
+ # By default, we allow extra IP found during verification stage in order
|
|
|
a8ca92 |
+ # to make the life of OpenshiftSDN easier for this corner case.
|
|
|
a8ca92 |
+ if desire_ip_state.get(InterfaceIP.ALLOW_EXTRA_ADDRESS, True):
|
|
|
a8ca92 |
+ desire_addresses = desire_ip_state.get(InterfaceIP.ADDRESS, [])
|
|
|
a8ca92 |
+ new_cur_addresses = [
|
|
|
a8ca92 |
+ addr
|
|
|
a8ca92 |
+ for addr in current_ip_state.get(InterfaceIP.ADDRESS, [])
|
|
|
a8ca92 |
+ if addr in desire_addresses
|
|
|
a8ca92 |
+ ]
|
|
|
a8ca92 |
+ current_ip_state[InterfaceIP.ADDRESS] = new_cur_addresses
|
|
|
a8ca92 |
+ desire_ip_state.pop(InterfaceIP.ALLOW_EXTRA_ADDRESS, None)
|
|
|
a8ca92 |
diff --git a/libnmstate/schema.py b/libnmstate/schema.py
|
|
|
a8ca92 |
index 17daf8f1..76418bf0 100644
|
|
|
a8ca92 |
--- a/libnmstate/schema.py
|
|
|
a8ca92 |
+++ b/libnmstate/schema.py
|
|
|
a8ca92 |
@@ -142,6 +142,7 @@ class InterfaceIP:
|
|
|
a8ca92 |
ADDRESS = "address"
|
|
|
a8ca92 |
ADDRESS_IP = "ip"
|
|
|
a8ca92 |
ADDRESS_PREFIX_LENGTH = "prefix-length"
|
|
|
a8ca92 |
+ ALLOW_EXTRA_ADDRESS = "allow-extra-address"
|
|
|
a8ca92 |
DHCP = "dhcp"
|
|
|
a8ca92 |
AUTO_DNS = "auto-dns"
|
|
|
a8ca92 |
AUTO_GATEWAY = "auto-gateway"
|
|
|
a8ca92 |
--
|
|
|
a8ca92 |
2.37.3
|
|
|
a8ca92 |
|