[lxc-devel] [lxd/master] Network: Sets ipv4.nat=true by default for new fan bridges and adds the setting if missing to existing fan bridges

tomponline on Github lxc-bot at linuxcontainers.org
Tue Oct 20 14:13:57 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 461 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20201020/b151d115/attachment-0001.bin>
-------------- next part --------------
From f6dd88a5b60b99fb65d23f6c769368459366d849 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 20 Oct 2020 14:40:04 +0100
Subject: [PATCH 1/2] lxd/network/driver/bridge: Sets ipv4.nat=true when adding
 a new fan network with fan.underlay_subnet=auto

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/network/driver_bridge.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lxd/network/driver_bridge.go b/lxd/network/driver_bridge.go
index e0d8779072..72a0952ca7 100644
--- a/lxd/network/driver_bridge.go
+++ b/lxd/network/driver_bridge.go
@@ -89,6 +89,10 @@ func (n *bridge) FillConfig(config map[string]string) error {
 		if config["fan.underlay_subnet"] == "" {
 			config["fan.underlay_subnet"] = "auto"
 		}
+
+		if config["fan.underlay_subnet"] == "auto" && config["ipv4.nat"] == "" {
+			config["ipv4.nat"] = "true"
+		}
 	} else {
 		if config["ipv4.address"] == "" {
 			config["ipv4.address"] = "auto"

From e59f674cee6f2b5c3baeb694d3e351c27726c520 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parrott at canonical.com>
Date: Tue, 20 Oct 2020 15:11:48 +0100
Subject: [PATCH 2/2] lxd/patches: Adds patchNetworkFANEnableNAT to set
 ipv4.nat=true for fan networks missing the setting

Signed-off-by: Thomas Parrott <thomas.parrott at canonical.com>
---
 lxd/patches.go | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)

diff --git a/lxd/patches.go b/lxd/patches.go
index 462cd78173..4b3d415fef 100644
--- a/lxd/patches.go
+++ b/lxd/patches.go
@@ -103,6 +103,7 @@ var patches = []patch{
 	{name: "move_backups_instances", stage: patchPostDaemonStorage, run: patchMoveBackupsInstances},
 	{name: "network_ovn_enable_nat", stage: patchPostDaemonStorage, run: patchNetworkOVNEnableNAT},
 	{name: "network_ovn_remove_routes", stage: patchPostDaemonStorage, run: patchNetworkOVNRemoveRoutes},
+	{name: "network_fan_enable_nat", stage: patchPostDaemonStorage, run: patchNetworkFANEnableNAT},
 }
 
 type patch struct {
@@ -167,6 +168,54 @@ func patchesApply(d *Daemon, stage patchStage) error {
 
 // Patches begin here
 
+// patchNetworkFANEnableNAT sets "ipv4.nat=true" on fan bridges that are missing the "ipv4.nat" setting.
+// This prevents outbound connectivity breaking on existing fan networks now that the default behaviour of not
+// having "ipv4.nat" set is to disable NAT (bringing in line with the non-fan bridge behavior and docs).
+func patchNetworkFANEnableNAT(name string, d *Daemon) error {
+	err := d.cluster.Transaction(func(tx *db.ClusterTx) error {
+		projectNetworks, err := tx.GetNonPendingNetworks()
+		if err != nil {
+			return err
+		}
+
+		for _, networks := range projectNetworks {
+			for networkID, network := range networks {
+				if network.Type != "bridge" {
+					continue
+				}
+
+				if network.Config["bridge.mode"] != "fan" {
+					continue
+				}
+
+				modified := false
+
+				// Enable ipv4.nat if setting not specified.
+				if _, found := network.Config["ipv4.nat"]; !found {
+					modified = true
+					network.Config["ipv4.nat"] = "true"
+				}
+
+				if modified {
+					err = tx.UpdateNetwork(networkID, network.Description, network.Config)
+					if err != nil {
+						return errors.Wrapf(err, "Failed setting ipv4.nat=true for fan network %q (%d)", network.Name, networkID)
+					}
+
+					logger.Debugf("Set ipv4.nat=true for fan network %q (%d)", network.Name, networkID)
+				}
+			}
+		}
+
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // patchNetworkOVNRemoveRoutes removes the "ipv4.routes.external" and "ipv6.routes.external" settings from OVN
 // networks. It was decided that the OVN NIC level equivalent settings were sufficient.
 func patchNetworkOVNRemoveRoutes(name string, d *Daemon) error {

More information about the lxc-devel mailing list