metal-stack · majst01 · Jul 18, 2024 · Jul 4, 2024 · Jul 4, 2024 · Jul 4, 2024
@@ -30,4 +30,5 @@ type Config struct {
 	GrpcCACertFile            string        `required:"false" desc:"the gRPC CA certificate file" envconfig:"grpc_ca_cert_file"`
 	GrpcClientCertFile        string        `required:"false" desc:"the gRPC client certificate file" envconfig:"grpc_client_cert_file"`
 	GrpcClientKeyFile         string        `required:"false" desc:"the gRPC client key file" envconfig:"grpc_client_key_file"`
+	PXEVlanID                 uint16        `required:"false" default:"4000" desc:"the id of the pxe vlan" envconfig:"pxe_vlan_id"`
 }
@@ -32,6 +32,8 @@ type Core struct {
 	eventServiceClient v1.EventServiceClient
 
 	metrics *metrics.Metrics
+
+	pxeVlanID uint16
 }
 
 type Config struct {
@@ -56,6 +58,8 @@ type Config struct {
 	EventServiceClient v1.EventServiceClient
 
 	Metrics *metrics.Metrics
+
+	PXEVlanID uint16
 }
 
 func New(c Config) *Core {
@@ -77,5 +81,6 @@ func New(c Config) *Core {
 		driver:                    c.Driver,
 		eventServiceClient:        c.EventServiceClient,
 		metrics:                   c.Metrics,
+		pxeVlanID:                 c.PXEVlanID,
 	}
 }
@@ -120,13 +120,19 @@ func (c *Core) buildSwitcherConfig(s *models.V1SwitchResponse) (*types.Conf, err
 	if err != nil {
 		return nil, err
 	}
+
+	if c.pxeVlanID >= vlan.VlanIDMin && c.pxeVlanID <= vlan.VlanIDMax {
+		return nil, fmt.Errorf("configured PXE VLAN ID is in the reserved area of %d, %d", vlan.VlanIDMin, vlan.VlanIDMax)
+	}
+
 	switcherConfig := &types.Conf{
 		Name:                 s.Name,
 		LogLevel:             mapLogLevel(c.logLevel),
 		ASN:                  asn,
 		Loopback:             c.loopbackIP,
 		MetalCoreCIDR:        c.cidr,
 		AdditionalBridgeVIDs: c.additionalBridgeVIDs,
+		PXEVlanID:            c.pxeVlanID,
 	}
 
 	p := types.Ports{

@@ -55,7 +55,8 @@ func (a *Applier) Apply(cfg *types.Conf) error {
 	}
 
 	for _, interfaceName := range cfg.Ports.Unprovisioned {
-		if err := a.configureUnprovisionedPort(interfaceName, !cfg.Ports.DownPorts[interfaceName]); err != nil {
+		pxeVlan := fmt.Sprintf("Vlan%d", cfg.PXEVlanID)
+		if err := a.configureUnprovisionedPort(interfaceName, !cfg.Ports.DownPorts[interfaceName], pxeVlan); err != nil {
 			errs = append(errs, err)
 		}
 	}
@@ -115,7 +116,7 @@ func (a *Applier) refreshOidMaps() error {
 	return nil
 }
 
-func (a *Applier) configureUnprovisionedPort(interfaceName string, isUp bool) error {
+func (a *Applier) configureUnprovisionedPort(interfaceName string, isUp bool, pxeVlan string) error {
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 
@@ -129,7 +130,7 @@ func (a *Applier) configureUnprovisionedPort(interfaceName string, isUp bool) er
 		return fmt.Errorf("failed to update Port info for interface %s: %w", interfaceName, err)
 	}
 
-	return a.ensureInterfaceIsVlanMember(ctx, interfaceName, "Vlan4000")
+	return a.ensureInterfaceIsVlanMember(ctx, interfaceName, pxeVlan)
 }
 
 func (a *Applier) configureFirewallPort(interfaceName string, isUp bool) error {

@@ -39,3 +39,4 @@ ports:
 additionalbridgevids:
   - 201-256
   - 301-356
+pxevlanid: 966
@@ -100,4 +100,4 @@ iface swp4
 auto swp5
 iface swp5
     mtu 9000
-    bridge-access 4000
+    bridge-access 4000
@@ -98,4 +98,4 @@ auto {{ . }}
 iface {{ . }}
     mtu 9000
     bridge-access 4000
-{{- end }}
+{{- end }}
@@ -34,8 +34,8 @@ iface swp3
 
 auto bridge
 iface bridge
-    bridge-ports vni104000 swp4 swp5 swp7 swp8 vni104001
-    bridge-vids 4000 4001 201-256 301-356
+    bridge-ports vni100966 swp4 swp5 swp7 swp8 vni104001
+    bridge-vids 966 4001 201-256 301-356
     bridge-vlan-aware yes
 
 # Tenants
@@ -75,29 +75,29 @@ iface vni104001
     vxlan-local-tunnelip 10.0.0.10
 
 # PXE-Config
-auto vlan4000
-iface vlan4000
+auto vlan966
+iface vlan966
     mtu 9000
     address 10.255.255.2/24
-    vlan-id 4000
+    vlan-id 966
     vlan-raw-device bridge
 
-auto vni104000
-iface vni104000
+auto vni100966
+iface vni100966
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
     bridge-learning off
     mstpctl-bpduguard yes
     mstpctl-portbpdufilter yes
-    vxlan-id 104000
+    vxlan-id 100966
     vxlan-local-tunnelip 10.0.0.10
 
 auto swp4
 iface swp4
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
 
 auto swp5
 iface swp5
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
@@ -30,3 +30,4 @@ ports:
       neighbors:
         - swp1
         - swp2
+pxevlanid: 966
@@ -34,8 +34,8 @@ iface swp3
 
 auto bridge
 iface bridge
-    bridge-ports vni104000 swp4 swp5 vni104001
-    bridge-vids 4000 4001
+    bridge-ports vni100966 swp4 swp5 vni104001
+    bridge-vids 966 4001
     bridge-vlan-aware yes
 
 # Tenants
@@ -75,29 +75,29 @@ iface vni104001
     vxlan-local-tunnelip 10.0.0.10
 
 # PXE-Config
-auto vlan4000
-iface vlan4000
+auto vlan966
+iface vlan966
     mtu 9000
     address 10.255.255.2/24
-    vlan-id 4000
+    vlan-id 966
     vlan-raw-device bridge
 
-auto vni104000
-iface vni104000
+auto vni100966
+iface vni100966
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
     bridge-learning off
     mstpctl-bpduguard yes
     mstpctl-portbpdufilter yes
-    vxlan-id 104000
+    vxlan-id 100966
     vxlan-local-tunnelip 10.0.0.10
 
 auto swp4
 iface swp4
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
 
 auto swp5
 iface swp5
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
@@ -13,4 +13,5 @@ ports:
     - swp32
   unprovisioned:
     - swp1
-    - swp2
+    - swp2
+pxevlanid: 966
@@ -30,36 +30,36 @@ iface swp32
 
 auto bridge
 iface bridge
-    bridge-ports vni104000 swp1 swp2
-    bridge-vids 4000
+    bridge-ports vni100966 swp1 swp2
+    bridge-vids 966
     bridge-vlan-aware yes
 
 # Tenants
 
 # PXE-Config
-auto vlan4000
-iface vlan4000
+auto vlan966
+iface vlan966
     mtu 9000
     address 10.255.255.2/24
-    vlan-id 4000
+    vlan-id 966
     vlan-raw-device bridge
 
-auto vni104000
-iface vni104000
+auto vni100966
+iface vni100966
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
     bridge-learning off
     mstpctl-bpduguard yes
     mstpctl-portbpdufilter yes
-    vxlan-id 104000
+    vxlan-id 100966
     vxlan-local-tunnelip 10.0.0.10
 
 auto swp1
 iface swp1
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
 
 auto swp2
 iface swp2
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
@@ -24,3 +24,4 @@ ports:
     - swp2
   downports:
     swp3: True
+pxevlanid: 966
@@ -30,8 +30,8 @@ iface swp32
 
 auto bridge
 iface bridge
-    bridge-ports vni104000 swp1 swp2 vni1
-    bridge-vids 4000 2
+    bridge-ports vni100966 swp1 swp2 vni1
+    bridge-vids 966 2
     bridge-vlan-aware yes
 
 # Tenants
@@ -59,29 +59,29 @@ iface vni1
     vxlan-local-tunnelip 10.0.0.10
 
 # PXE-Config
-auto vlan4000
-iface vlan4000
+auto vlan966
+iface vlan966
     mtu 9000
     address 10.255.255.2/24
-    vlan-id 4000
+    vlan-id 966
     vlan-raw-device bridge
 
-auto vni104000
-iface vni104000
+auto vni100966
+iface vni100966
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
     bridge-learning off
     mstpctl-bpduguard yes
     mstpctl-portbpdufilter yes
-    vxlan-id 104000
+    vxlan-id 100966
     vxlan-local-tunnelip 10.0.0.10
 
 auto swp1
 iface swp1
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
 
 auto swp2
 iface swp2
     mtu 9000
-    bridge-access 4000
+    bridge-access 966
@@ -1,4 +1,6 @@
 {{- $IPLoopback := .Loopback -}}
+{{- $PXEVlanID := .PXEVlanID -}}
+{{- $PXEVni := printf "10%04d" $PXEVlanID -}}
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
 
@@ -35,8 +37,8 @@ iface {{ .Port }}
 
 auto bridge
 iface bridge
-    bridge-ports vni104000{{ range .Ports.Unprovisioned }} {{ . }}{{ end }}{{ range .Ports.BladePorts }} {{ . }}{{ end }}{{ range $vrf, $t := .Ports.Vrfs }} vni{{ $t.VNI }}{{ end }}
-    bridge-vids 4000{{ range $vrf, $t := .Ports.Vrfs }} {{ $t.VLANID }}{{ end }}{{ range $vids := .AdditionalBridgeVIDs }} {{ $vids }}{{ end }}
+    bridge-ports vni{{ $PXEVni }}{{ range .Ports.Unprovisioned }} {{ . }}{{ end }}{{ range .Ports.BladePorts }} {{ . }}{{ end }}{{ range $vrf, $t := .Ports.Vrfs }} vni{{ $t.VNI }}{{ end }}
+    bridge-vids {{ $PXEVlanID }}{{ range $vrf, $t := .Ports.Vrfs }} {{ $t.VLANID }}{{ end }}{{ range $vids := .AdditionalBridgeVIDs }} {{ $vids }}{{ end }}
     bridge-vlan-aware yes
 
 # Tenants
@@ -75,27 +77,27 @@ iface vni{{ $t.VNI }}
 {{- end }}
 
 # PXE-Config
-auto vlan4000
-iface vlan4000
+auto vlan{{ $PXEVlanID }}
+iface vlan{{ $PXEVlanID }}
     mtu 9000
     address {{ .MetalCoreCIDR }}
-    vlan-id 4000
+    vlan-id {{ $PXEVlanID }}
     vlan-raw-device bridge
 
-auto vni104000
-iface vni104000
+auto vni{{ $PXEVni }}
+iface vni{{ $PXEVni }}
     mtu 9000
-    bridge-access 4000
+    bridge-access {{ $PXEVlanID }}
     bridge-learning off
     mstpctl-bpduguard yes
     mstpctl-portbpdufilter yes
-    vxlan-id 104000
+    vxlan-id {{ $PXEVni }}
     vxlan-local-tunnelip {{ $IPLoopback }}
 
 {{- range .Ports.Unprovisioned }}
 
 auto {{ . }}
 iface {{ . }}
     mtu 9000
-    bridge-access 4000
+    bridge-access {{ $PXEVlanID }}
 {{- end }}
@@ -6,9 +6,9 @@ import (
 	"golang.org/x/text/language"
 )
 
-// FillVLANIDs fills the given configuration object with switch-local VLAN-IDs
+// FillVLANIDs fills the given configuration object with switch-local VLAN IDs
 // if they are present in the given VLAN-Mapping
-// otherwise: new available VLAN-IDs will be used
+// otherwise: new available VLAN IDs will be used
 func (c *Conf) FillVLANIDs(m vlan.Mapping) error {
 outer_loop:
 	for _, t := range c.Ports.Vrfs {

@@ -13,6 +13,7 @@ type Conf struct {
 	Ports                Ports
 	MetalCoreCIDR        string
 	AdditionalBridgeVIDs []string
+	PXEVlanID            uint16
 }
 
 type Ports struct {

@@ -6,7 +6,7 @@ import (
 	"github.com/vishvananda/netlink"
 )
 
-// Mapping holds the current mapping of VLAN-IDs to VNIs of the switch
+// Mapping holds the current mapping of VLAN IDs to VNIs of the switch
 type Mapping map[uint16]uint32
 
 // ReadMapping reads the current VLAN to VNI mapping with the help of netlink