From 86d4300c71a225145d48d4d52ba879de45934654 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 10 Aug 2021 12:22:58 -0400 Subject: [PATCH] getOrCreatePort: add support to configure port Profile Configuring port profiles can be useful to enable an application running on the specified host to pass and receive VIF port-specific information to the plugin. One of the use-cases here is when configuring ports in OVS Hardware offload, where we need to use the profile: {"capabilities": ["switchdev"]} Thanks to this patch, we'll now able to do it when creating the machines and their ports. thinx cluster-api-provider- OSASINFRA-2434 --- .../openstackproviderconfig/v1alpha1/types.go | 10 ++++++++-- pkg/cloud/openstack/clients/machineservice.go | 19 ++++++++++++++++++- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/pkg/apis/openstackproviderconfig/v1alpha1/types.go b/pkg/apis/openstackproviderconfig/v1alpha1/types.go index 42eec77cdd..c213154dd0 100644 --- a/pkg/apis/openstackproviderconfig/v1alpha1/types.go +++ b/pkg/apis/openstackproviderconfig/v1alpha1/types.go @@ -135,8 +135,9 @@ type NetworkParam struct { // NoAllowedAddressPairs disables creation of allowed address pairs for the network ports NoAllowedAddressPairs bool `json:"noAllowedAddressPairs,omitempty"` // PortTags allows users to specify a list of tags to add to ports created in a given network - PortTags []string `json:"portTags,omitempty"` - VNICType string `json:"vnicType,omitempty"` + PortTags []string `json:"portTags,omitempty"` + VNICType string `json:"vnicType,omitempty"` + Profile map[string]string `json:"profile,omitempty"` // PortSecurity optionally enables or disables security on ports managed by OpenStack PortSecurity *bool `json:"portSecurity,omitempty"` } @@ -218,6 +219,11 @@ type PortOpts struct { // neutron port. VNICType string `json:"vnicType,omitempty"` + // A dictionary that enables the application running on the specified + // host to pass and receive virtual network interface (VIF) port-specific + // information to the plug-in. + Profile map[string]string `json:"profile,omitempty"` + // enable or disable security on a given port // incompatible with securityGroups and allowedAddressPairs PortSecurity *bool `json:"portSecurity,omitempty"` diff --git a/pkg/cloud/openstack/clients/machineservice.go b/pkg/cloud/openstack/clients/machineservice.go index dfd80cbffc..3a21c9f694 100644 --- a/pkg/cloud/openstack/clients/machineservice.go +++ b/pkg/cloud/openstack/clients/machineservice.go @@ -375,7 +375,7 @@ func getOrCreatePort(is *InstanceService, name string, portOpts openstackconfigv CreateOptsBuilder: createOpts, HostID: portOpts.HostID, VNICType: portOpts.VNICType, - Profile: nil, + Profile: getPortProfile(portOpts.Profile), }).Extract() if err != nil { return nil, err @@ -405,6 +405,21 @@ func getOrCreatePort(is *InstanceService, name string, portOpts openstackconfigv return nil, fmt.Errorf("multiple ports found with name \"%s\"", portName) } +func getPortProfile(p map[string]string) map[string]interface{} { + portProfile := make(map[string]interface{}) + for k, v := range p { + portProfile[k] = v + } + // We need return nil if there is no profiles + // to have backward compatible defaults. + // To set profiles, your tenant needs this permission: + // rule:create_port and rule:create_port:binding:profile + if len(portProfile) == 0 { + return nil + } + return portProfile +} + func listPorts(is *InstanceService, opts ports.ListOpts) ([]ports.Port, error) { allPages, err := ports.List(is.networkClient, opts).AllPages() if err != nil { @@ -572,6 +587,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust NameSuffix: net.UUID, Tags: net.PortTags, VNICType: net.VNICType, + Profile: net.Profile, PortSecurity: net.PortSecurity, }) } @@ -598,6 +614,7 @@ func (is *InstanceService) InstanceCreate(clusterName string, name string, clust FixedIPs: []openstackconfigv1.FixedIPs{{SubnetID: snet.ID}}, Tags: append(net.PortTags, snetParam.PortTags...), VNICType: net.VNICType, + Profile: net.Profile, PortSecurity: portSecurity, }) }