++blog uncloud 3
This commit is contained in:
Nico Schottelius
parent
7519f26ebb
commit
c6ba63e69b
2 changed files with 125 additions and 3 deletions
|
|
@ -0,0 +1,122 @@
|
|||
title: How to build an OpenStack alternative: Step 3, Generating Mac Addresses
|
||||
---
|
||||
pub_date: 2020-01-13
|
||||
---
|
||||
author: ungleich virtualisation team
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
First step to automation
|
||||
---
|
||||
body:
|
||||
|
||||
This time we describe how to begin automation in uncloud,
|
||||
our OpenStack alternative.
|
||||
|
||||
The previous time we described
|
||||
[how to secure the network](../how-to-build-an-openstack-alternative-step-2-secure-the-network/).
|
||||
|
||||
## Mac Addresses
|
||||
|
||||
Mac addresses are identifiers for network cards. Like a street number
|
||||
is for a house. A virtual machine can have one or more network
|
||||
interfaces. Each of these interfaces need a unique number, the mac
|
||||
address.
|
||||
|
||||
## Choosing the prefix
|
||||
|
||||
We checked how [OpenNebula](https://opennebula.org/) is doing it.
|
||||
They basically use the **02:00** prefix and generate mac addresses after
|
||||
that. The
|
||||
[QEMU mac address
|
||||
prefix](https://gist.github.com/ashee/9241ab6281e6f4d1ef9b)
|
||||
seems to be 52:54:00.
|
||||
According to [Michael
|
||||
Stapelberg](https://michael.stapelberg.ch/posts/2012-11-21-kvm_best_practices_2012/)
|
||||
the **f6** prefix can be used due to the second lowest bit set to 1.
|
||||
|
||||
Checking with [wikipedia](https://en.wikipedia.org/wiki/MAC_address),
|
||||
this bit indeed specifies whether or not a mac address is locally or
|
||||
universally administrated.
|
||||
|
||||
For that reason we will use **42** as our prefix, which is **1000010**
|
||||
in binary and thus has the second least significant bit set to 1.
|
||||
|
||||
## Generating Mac addresses
|
||||
|
||||
Mac addresses are basically just numbers and so we treat them as
|
||||
such. We need to store the index of which is the current mac address
|
||||
and for the next time we create a VM, use the next mac address.
|
||||
|
||||
The python code to generate a new mac address looks as follows:
|
||||
|
||||
```
|
||||
@staticmethod
|
||||
def int_to_mac(number):
|
||||
b = number.to_bytes(6, byteorder="big")
|
||||
return ':'.join(format(s, '02x') for s in b)
|
||||
|
||||
def getnext(self):
|
||||
if self.last:
|
||||
last_number = int(self.last[0], 16)
|
||||
|
||||
if last_number == int('0xffffff', 16):
|
||||
raise Error("Exhausted all possible mac addresses - try to free some")
|
||||
|
||||
next_number = last_number + 1
|
||||
else:
|
||||
next_number = 0
|
||||
|
||||
next_number_string = "{:012x}".format(next_number)
|
||||
|
||||
next_mac_number = self.prefix + next_number
|
||||
next_mac = self.int_to_mac(next_mac_number)
|
||||
```
|
||||
|
||||
It basically says:
|
||||
|
||||
* If there has been a mac address used add 1 to it and use the next
|
||||
one
|
||||
* Produce an error, if the whole prefix has been used
|
||||
* If no mac address has been used, use the first one
|
||||
* Convert the number to the standard format (aa:bb:cc:dd:ee:ff)
|
||||
|
||||
There is some additional logic on saving the MAC address to which we
|
||||
will come back in one of the next posts.
|
||||
|
||||
## Using the MAC address generator
|
||||
|
||||
From our prototype, we modify the original `vm.sh` script to include a
|
||||
call to the mac address generator as follows:
|
||||
|
||||
```
|
||||
...
|
||||
mac=$(./mac-gen.py)
|
||||
...
|
||||
$qemu -name "uncloud-${uuid}" \
|
||||
-machine pc,accel=${accel} \
|
||||
-m ${memory} \
|
||||
-smp ${cores} \
|
||||
-uuid ${uuid} \
|
||||
-drive file=alpine-virt-3.11.2-x86_64.iso,media=cdrom \
|
||||
-netdev tap,id=netmain,script=./ifup.sh,downscript=./ifdown.sh \
|
||||
-device virtio-net-pci,netdev=netmain,id=net0,mac=${mac}
|
||||
```
|
||||
|
||||
In good UNIX manner, the generator simply outputs the MAC address on
|
||||
stdout to be used by any software.
|
||||
|
||||
## Status
|
||||
|
||||
While being a small and very specific tool, the mac address generator
|
||||
is actually a key element of creating a virtualisation
|
||||
framework. Without it, it is practically impossible to spawn a dynamic
|
||||
amount of virtual machines.
|
||||
|
||||
With our prototype, a secured network and the mac address generator we
|
||||
are not far from being able to migrate some test VMs to uncloud.!
|
||||
|
|
@ -1,8 +1,6 @@
|
|||
- how to secure the network
|
||||
- rate limiting
|
||||
- metadata!
|
||||
- automating
|
||||
- trigger / postgres / etcd
|
||||
- metadata!
|
||||
- building vm images!
|
||||
- generate tap names matching vm??? problem, because inteerfaces are
|
||||
limited in length!
|
||||
|
|
@ -63,3 +61,5 @@ table bridge filter {
|
|||
can generate new full chain, change only the jump
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
Much later:
|
||||
- rate limiting
|
||||
|
|
|
|||
Loading…
Reference in a new issue