Problem creating a project-specific network in a cluster

Yiannis_Mandravellos · September 7, 2023, 8:09am

Hello,

I 'm having a bit of a problem with creating a project-specific network in a cluster using OVN.
For starters, I have this (showing only managed networks):

$ lxc network ls
+---------+----------+---------+----------------+---------------+-------------+---------+---------+
|  NAME   |   TYPE   | MANAGED |      IPV4      |     IPV6      | DESCRIPTION | USED BY |  STATE  |
+---------+----------+---------+----------------+---------------+-------------+---------+---------+
| UPLINK  | physical | YES     |                |               |             | 1       | CREATED |
+---------+----------+---------+----------------+---------------+-------------+---------+---------+
| ovn0    | ovn      | YES     | 10.168.20.1/24 | fd20:42::1/64 |             | 1       | CREATED |
+---------+----------+---------+----------------+---------------+-------------+---------+---------+

Everything’s fine with this setup.

Add a new project with:
$ lxc network create test -c features.networks=true

Create a network for this new test project. Remember this is a cluster so we must target the members first:

$ lxc network create ovn-test --target member1 --project test
Error: Network type "ovn" does not support member specific config

OK, maybe I just have to define the network’s project when it is actually created. Let’s try this:

$ lxc network create ovn-test --target member1
Network test pending on member member1

$ lxc network create ovn-test --target member2
Network test pending on member member2

$ lxc network create ovn-test --target member3
Network test pending on member member3

$ lxc network create test --type=ovn --project test
Network test created

It all looks good.
Let’s check some things:

$ lxc network ls --project test
+------+------+---------+-----------------+---------------------------+-------------+---------+---------+
| NAME | TYPE | MANAGED |      IPV4       |           IPV6            | DESCRIPTION | USED BY |  STATE  |
+------+------+---------+-----------------+---------------------------+-------------+---------+---------+
| test | ovn  | YES     | 10.132.154.1/24 | fd42:401c:3309:3bc0::1/64 |             | 0       | CREATED |
+------+------+---------+-----------------+---------------------------+-------------+---------+---------+
$ # looking good!

$ lxc network ls
+---------+----------+---------+----------------+---------------+-------------+---------+---------+
|  NAME   |   TYPE   | MANAGED |      IPV4      |     IPV6      | DESCRIPTION | USED BY |  STATE  |
+---------+----------+---------+----------------+---------------+-------------+---------+---------+
| UPLINK  | physical | YES     |                |               |             | 2       | CREATED |
+---------+----------+---------+----------------+---------------+-------------+---------+---------+
| ovn0    | ovn      | YES     | 10.168.20.1/24 | fd20:42::1/64 |             | 1       | CREATED |
+---------+----------+---------+----------------+---------------+-------------+---------+---------+
| test    | bridge   | YES     |                |               |             | 0       | PENDING |
+---------+----------+---------+----------------+---------------+-------------+---------+---------+

Ooops! Why is there a test network (it’s a bridge too) in the default project? And it’s in ‘pending’ state…

Also of note, after I configure the project’s profile with a disk/eth0 pair and launch a container, the container never gets an IP address until I remove the test network which is in the default project in pending state. I don’t get it how a container in a project waits to receive DHCP from a network in another project (default)?! (turns out that was my mistake, please ignore)

I really think I 'm missing something obvious here but I can’t spot what…
Can someone spot what I 'm doing wrong with this setup?

stgraber · September 7, 2023, 3:09pm

This means that you only need lxc network create ovn-test --project test to create the network, none of the --target calls are needed for OVN networks.

With what you ran above, you effectively created that OVN network with the final command (the one with --project test), the others have instead created a PENDING network on all your cluster members of type “bridge” rather than OVN.

So to clean things up, just lxc network delete test --project default

Yiannis_Mandravellos · September 7, 2023, 3:20pm

I was so used to using --target with networking and storage that I didn’t even bother to check just directly creating the network…
Thanks for the explanation.