Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lxd/network/acl: return ACL logs from syslogs when the OVN controller is deployed in MicroOVN #14327

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

lxd/network/acl: return ACL logs from syslogs when the OVN controller is deployed in MicroOVN #14327

wants to merge 2 commits into from
+109 −25

Conversation

gabrielmougard
Copy link
Contributor

closes #12836

@gabrielmougard gabrielmougard changed the title lxd/network/acl: return ACL logs when the OVN controller is deployed in MicroOVN lxd/network/acl: return ACL logs from syslogs when the OVN controller is deployed in MicroOVN Oct 23, 2024
@gabrielmougard gabrielmougard mentioned this pull request Oct 23, 2024
Closed
@gabrielmougard gabrielmougard force-pushed the fix/microovn-logs branch 4 times, most recently from 95e766e to d4828be Compare October 25, 2024 09:16
@gabrielmougard
lxd/network/acl: Read OVN logs from systemd journal
a0496c1 
In the case of an OVN controller being deployed as part of a MicroOVN deployment,
the OVN controller logs are stored in MicroOVN's snap syslog. The LXD snap should have root access,
which means that it should be authorized (this is being tested) to read the OVN controller logs.

Signed-off-by: Gabriel Mougard <gabriel.mougard@canonical.com>
@gabrielmougard
lxd/network/acl: If the OVN chassis is in MicroOVN, read the ACL logs…
316aeed 
… from syslogs

If the OVN controller is deployed as part of MicroOVN, it means that the `ovn-chassis` snap connection hook
between LXD and MicroOVN has been fired and that a symlink like:

`/run/openvswitch -> /var/snap/lxd/<ID>/microovn/...`

exists. Otherwise, there might still be a symlink but not with that target prefix. That's how we detect the ovn chassis
connection without introducing a new plug / slot between LXD and MicroOVN.

Then, if this case is detected, we check the status of the systemd unit 'snap.microovn.chassis.service' (the one containing the OVN controller in its sd journal)
If it is loaded and active, we read the last 5000 ACL log entries (we can discuss on this limit) in the journal and return them.

Signed-off-by: Gabriel Mougard <gabriel.mougard@canonical.com>
@gabrielmougard gabrielmougard marked this pull request as ready for review October 25, 2024 18:25
@gabrielmougard
Copy link
Contributor Author

gabrielmougard commented Oct 25, 2024
edited
Loading

@tomponline this should be working. Regarding the documentation, as we discussed earlier, we probably need to add a note in the doc section Set up a LXD cluster on OVN to tell that a northbound_db_connection can also be added as a unix socket pointing toward an existing MicroOVN installation (unix:/var/snap/microovn/common/run/ovn/ovnnd_db.sock). However, as discovered here https://chat.canonical.com/canonical/pl/7fdhjesei3n9tcz1tkwbastozr, this seems to work only for a single node MicroOVN.. Do we really want to document that if it is not working for a multi node MicroOVN deployment?

@gabrielmougard gabrielmougard mentioned this pull request Oct 25, 2024
Open
@gabrielmougard
Copy link
Contributor Author

Here is the lxd-ci PR: canonical/lxd-ci#330

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ACL logs with MicroOVN do not work because of hard coded file path
1 participant
@gabrielmougard