Allow creating isolated OVN networks (no uplink)

[stgraber]

This came up in https://discuss.linuxcontainers.org/t/isolated-ovn-network/20167/6

While there are workarounds, it'd probably make sense to just support creating an OVN network with no parent, likely by introducing a special value of none (and consequently preventing a managed network be named none).

[SpiffyEight77]

Hey @stgraber, I'm really interested in delving into incus and would like to work on this issue. Could you please assign it to me? 🙇🏻‍♂️

[stgraber]

Done!

[SpiffyEight77]

Hey @stgraber, sorry to bother you at this moment. I've read the source code for this issue and have a few questions I'd like to make a confirmation with you.

1. From my understanding, we intend to use the following command to create isolated OVN networks for the instance.

incus network create my-ovn --type ovn network=none ipv4.gateway=10.0.0.1/16 ipv4.ovn.ranges=10.0.0.2-10.255.255.254

2. I need to allow the network=none in this method.

incus/internal/server/network/driver_ovn.go

Line 1888 in 0d9855e

func (n *ovn) validateUplinkNetwork(p *api.Project, uplinkNetworkName string) (string, error) {

3. After that, there are many settings such as MTU and DHCP that I'm still trying to understand. Should I modify these settings when network=none? 🙇🏻‍♂️

[stgraber]

So the initial steps probably should be:

• Modify networksPost to make none an invalid name for a new network, so we avoid anyone getting themselves in a confusing situation.
• Look for where validateUplinkNetwork is called today and bypass the validation check if the value is none. We shouldn't modify validateUplinkNetwork itself as that function should still be left to validate an uplink network and should only be called if one is provided.
• Edit setupUplinkPort to skip if the value is none
• Edit startUplinkPort to skip if the value is none
• Edit deleteUplinkPort to skip if the value is none
• Make checkUplinkUse immediately return false if the value is none
• Make Start skip the IsAvailable check if network is none
• Make InstanceDevicePortValidateExternalRoutes return if network is none
• Make ForwardCreate fail if network is none
• Make LoadBalancerCreate fail if network is none

I think that's about it for what I'm seeing in the OVN driver code.

[SpiffyEight77]

@stgraber
Thank you for your guidance. I will keep studying the source code and implement this feature. 🙇🏻‍♂️

[SpiffyEight77]

Hey @stgraber sorry to bother you again.

I've tried to implement this feature, which creates isolated OVN networks (no uplink), but I've encountered additional problems.

After creating the isolated OVN networks using this command and assigning them to the instance, I noticed that upon starting, the instance does not receive IPv4 or IPv6 addresses. This issue appears to be due to a method returning an empty slice.

incus/internal/server/network/driver_ovn.go

Line 2371 in b0f1040

existingOpts, err := n.state.OVNNB.GetLogicalSwitchDHCPOptions(context.TODO(), n.getIntSwitchName())

Another issue occurs when I try to delete isolated networks (those without an uplink), which results in an "object not found" error. I am still debugging this problem.

I would like to hear your advice. 🙇🏻‍♂️

I am very interested in the incus project and hope to thoroughly read and understand the source code. I hope you don't mind my weak computer science background. 🙇🏻‍♂️