Vlan profile option + OvS bridge stopped working after incus 6.1 upgrade on Debian 12

phillippe · May 8, 2024, 8:01am

Hello,

Since 6.1 upgrade from a functional 6.0 profile on a Debian 12 host, I get the following error message:

Project: default, Instance: bvdp: Failed to start device "eth0": 1 ovsdb operations failed

Here is the profile:

config: {}
description: Default Incus profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: sw-inetdoc
    type: nic
    vlan: 10
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:
- /1.0/instances/bvdp

When I delete the vlan line, containers start properly in the default VLAN and I need to set the veth vlan manually.

Here is a list of installed packages:

apt search ^incus | grep install

incus/bookworm,now 1:6.1-202405070419-debian12 amd64  [installé]
incus-base/bookworm,now 1:6.1-202405070419-debian12 amd64  [installé, automatique]
incus-client/bookworm,now 1:6.1-202405070419-debian12 amd64  [installé]
incus-extra/bookworm,now 1:6.1-202405070419-debian12 amd64  [installé]

Has anyone met the same issue?

stgraber · May 8, 2024, 4:35pm

sw-inetdoc is an openvswitch bridge?

stgraber · May 8, 2024, 4:36pm

We’ve been progressively rewriting all the old OVS logic to directly use their API, so it’s quite possible that one of those changes caused a regression, just need to understand the environment so I can reproduce it here and push a quick fix.

phillippe · May 8, 2024, 4:50pm

Yes

phillippe · May 8, 2024, 5:05pm

I made some progress, and it appears that incus network ls does not inherit from OvS non managed switches.

I addressed my 6.1 issue by setting IP addresses to the parent switch. It was easy as there is only one single VLAN for all containers connected to OVS sw-inetdoc on the host.
This means we have to start a new OVS switch per VLAN.

incus network ls
+------------+----------+------+------+------+-------------+-------------+------+
|    NOM     |   TYPE   | GÉRÉ | IPV4 | IPV6 | DESCRIPTION | UTILISÉ PAR | ÉTAT |
+------------+----------+------+------+------+-------------+-------------+------+
| eno1       | physical | NON  |      |      |             | 0           |      |
+------------+----------+------+------+------+-------------+-------------+------+
| sw-inetdoc | bridge   | NON  |      |      |             | 6           |      |
+------------+----------+------+------+------+-------------+-------------+------+
| wlp0s20f3  | physical | NON  |      |      |             | 0           |      |
+------------+----------+------+------+------+-------------+-------------+------

The 6.0 incus install allows to specify the “vlan:” key per profile. This way, we can have a profile per VLAN to match SVIs (OVS internal ports) addresses on a single OVS “main” switch.

incus profile show default
config: {}
description: Default Incus profile
devices:
  eth0:
    mtu: "1500"
    name: eth0
    nictype: bridged
    parent: dsw-host
    type: nic
    vlan: "3"
  root:
    path: /
    pool: default
    type: disk
name: default
used_by:
- /1.0/instances/c-ldap
- /1.0/instances/c-ansible

phillippe · May 8, 2024, 5:12pm

In the lxd example below, sw-vlan10 is a child switch of sw-buzz. Any container with sw-vlan10 as parent defined in profile connects to the VLAN 10.

lxc network ls
+-----------+----------+---------+------+------+-------------+---------+-------+
|   NAME    |   TYPE   | MANAGED | IPV4 | IPV6 | DESCRIPTION | USED BY | STATE |
+-----------+----------+---------+------+------+-------------+---------+-------+
| eno1      | physical | NO      |      |      |             | 0       |       |
+-----------+----------+---------+------+------+-------------+---------+-------+
| sw-buzz   | bridge   | NO      |      |      |             | 0       |       |
+-----------+----------+---------+------+------+-------------+---------+-------+
| sw-vlan10 | bridge   | NO      |      |      |             | 6       |       |
+-----------+----------+---------+------+------+-------------+---------+-------+
| wlp0s20f3 | physical | NO      |      |      |             | 0       |       |
+-----------+----------+---------+------+------+-------------+---------+-------+

sudo ovs-vsctl show
5f9ae15d-5181-4265-9c41-d797e23633e5
    Bridge sw-buzz
        Port veth37ba90db
            tag: 10
            Interface veth37ba90db
        Port sw-vlan10
            tag: 10
            Interface sw-vlan10
                type: internal
        Port vethe039ecb2
            tag: 10
            Interface vethe039ecb2
        Port veth5fc584ec
            tag: 10
            Interface veth5fc584ec
        Port vethbabc7ec8
            tag: 10
            Interface vethbabc7ec8
        Port sw-buzz
            Interface sw-buzz
                type: internal
        Port veth31f7f29a
            tag: 10
            Interface veth31f7f29a
    ovs_version: "3.1.0"
```

stgraber · May 9, 2024, 2:17am

Got the issue reproduced, looking at a fix now

stgraber · May 9, 2024, 2:26am

stgraber · May 9, 2024, 12:45pm

If using the zabbly stable packages, an update is rolling out now which will address this regression.

phillippe · May 9, 2024, 4:50pm

Thank you so much for your prompt reply.
I managed to set a lab vm with two different VLAN profiles and proper addressing and tagging.
I will have to find a way to configure this same setup with OVN

Non Incus managed access switch as parent

incus network ls
+----------+----------+------+------+------+-------------+-------------+------+
|   NOM    |   TYPE   | GÉRÉ | IPV4 | IPV6 | DESCRIPTION | UTILISÉ PAR | ÉTAT |
+----------+----------+------+------+------+-------------+-------------+------+
| asw-host | bridge   | NON  |      |      |             | 1           |      |
+----------+----------+------+------+------+-------------+-------------+------+
| enp0s1   | physical | NON  |      |      |             | 0           |      |
+----------+----------+------+------+------+-------------+-------------+------+

Two VLAN SVIs and two containers in each VLAN

sudo ovs-vsctl show
9922ebf3-7eb8-40f6-8415-d2b38a523a7f
    Bridge asw-host
        Port veth4912e945
            tag: 20
            Interface veth4912e945
        Port veth9368bae5
            tag: 20
            Interface veth9368bae5
        Port veth9fd7c5a9
            tag: 10
            Interface veth9fd7c5a9
        Port asw-host
            Interface asw-host
                type: internal
        Port vethf07fae3e
            tag: 10
            Interface vethf07fae3e
        Port vlan10
            tag: 10
            Interface vlan10
                type: internal
        Port vlan20
            tag: 20
            Interface vlan20
                type: internal
    ovs_version: "3.1.0"

The vlan key in each profile

incus profile show vlan10
config: {}
description: Default Incus profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: asw-host
    type: nic
    vlan: "10"
  root:
    path: /
    pool: default
    type: disk
name: vlan10
used_by:
- /1.0/instances/c0-vlan10
- /1.0/instances/c1-vlan10
project: default