Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Network sanity checks #277

Merged
merged 1 commit into from
Apr 19, 2024
Merged

Network sanity checks #277

merged 1 commit into from
Apr 19, 2024

Conversation

MggMuggins
Copy link
Contributor

@MggMuggins MggMuggins commented Apr 3, 2024
edited
Loading

I will rebase once #276 is merged, the only new commit here is this one.

@MggMuggins MggMuggins force-pushed the network-sanity-checks branch 2 times, most recently from e7d08d7 to 320dbe1 Compare April 3, 2024 23:06
@MggMuggins
Copy link
Contributor Author

@masnax Would you be willing to take a quick pass at this? I'm looking for feedback on if the tests look reasonable as much as anything. Realize I missed testing the case where other InitSystem addresses conflict with the uplink gateway. I'll add that and fix the linter this afternoon.

@MggMuggins MggMuggins marked this pull request as ready for review April 4, 2024 20:38
@MggMuggins MggMuggins requested a review from masnax April 11, 2024 20:19
@masnax masnax mentioned this pull request Apr 16, 2024
Merged
masnax
masnax previously requested changes Apr 16, 2024
View reviewed changes
Copy link
Contributor

@masnax masnax left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MggMuggins There's one more component to the networking questions: the dns nameservers we pass to LXD.

Can you also include a check that verifies that the input is a comma-separated list of IPs?

It's part of the same UPLINK network struct as the other fields, accessed by the config key dns.nameservers

microcloud/microcloud/service/lxd_config.go

Lines 88 to 90 in a28d437

if dnsServers != "" {
finalUplinkCfg.Config["dns.nameservers"] = dnsServers
}

@MggMuggins MggMuggins force-pushed the network-sanity-checks branch 2 times, most recently from b1483c8 to 96b886e Compare April 18, 2024 19:21
@MggMuggins
microcloud/cmd: Check uplink network config before setting up the clu…
b7bb3ea 
…ster

Fixes canonical#210

1. Invalid OVN ranges in UPLINK networks (range outside gateway subnet, etc)
2. UPLINK OVN ranges that contain any system's management address;
3. Invalid dns nameserver IPs

Signed-off-by: Wesley Hershberger <[email protected]>
tomponline
tomponline reviewed Apr 19, 2024
View reviewed changes
microcloud/cmd/microcloud/main_init.go
var ip4OVNRanges, ip6OVNRanges []*shared.IPRange

for _, network := range curSystem.Networks {
if network.Type == "physical" && network.Name == "UPLINK" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not enjoying the hardcoded "UPLINK" here, we should be using a constant for "UPLINK" and then ensuring that everywhere that needs to reference the uplink network by name uses this constant - this allows for quick understanding of the uses of that network and updating of it if needed.

I've burying configuration assumptions in lower level functions like this can lead to brittle code in the future if those assumptions change and its forgotten/unknown about where to update.

Alternatively we could have the dependencies of the validateSystems function accept them as arguments, i.e uplinkNetName string and have it passed in by the caller so we aren't tightly coupling things together.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MggMuggins you can use this method to grab the corresponding network type. These methods are how we keep the payloads that we send to LXD consistent.

You can either instantiate a new LXDService or extract the receiver from handler.Services[types.LXD].(*service.LXDService) from the service.Handler that carries through the whole init.

tomponline
tomponline approved these changes Apr 19, 2024
View reviewed changes
Copy link
Member

@tomponline tomponline left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from the hardcoded UPLINK, which can be addressed in a separate PR, this looks great thanks.

@tomponline tomponline dismissed masnax’s stale review April 19, 2024 07:13

changes addressed

@tomponline tomponline merged commit 2b874ac into canonical:main Apr 19, 2024
9 checks passed
@MggMuggins MggMuggins deleted the network-sanity-checks branch April 19, 2024 13:12
@MggMuggins MggMuggins mentioned this pull request Apr 30, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomponline tomponline tomponline approved these changes

@roosterfish roosterfish Awaiting requested review from roosterfish

@markylaing markylaing Awaiting requested review from markylaing

@masnax masnax Awaiting requested review from masnax

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MggMuggins @tomponline @masnax