Proxmox VE 5.1時代の /etc/network/interfaces を整理しただけ

Posted on 2020/12/13(Sun) 17:00 in technical

あらまし

自宅サーバーのProxmox VE 5.1 - 3 nodes cluster環境の構築 の時は、bond0のMTUが適切に設定されない不具合があったので、自分で書いた設定を使っていました。
Proxmox VE 6.2にアップデートして、WebUIから新しいブリッジを追加しようとするとMTU周辺の設定不整合のエラーダイアログが出て追加できなくなり、不具合も直って安定しているようだったので、Proxmox VEのWebUIで作成できるコンフィグに修正しなおして適用します。

修正

前回

# PVE cluster network
#   bond0: eno1, eno2
#   intport0: 192.168.122.26 (admin)

auto lo
iface lo inet loopback

iface eno1 inet manual
iface eno2 inet manual

allow-vmbr0 intport0
iface intport0 inet static
        address 192.168.122.26
        netmask 255.255.255.0
        gateway 192.168.122.1
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        mtu 9000
        post-up ( iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8006 )

allow-vmbr0 bond0
iface bond0 inet manual
        ovs_bonds eno1 eno2
        ovs_type OVSBond
        ovs_bridge vmbr0
        pre-up ( ip link set mtu 9000 eno1 && ip link set mtu 9000 eno2 )
        ovs_options bond_mode=balance-slb
        mtu 9000

auto vmbr0
iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports bond0 intport0

Note

アドレス回りは環境でコロコロ変わるのであんまり気にしないでくださいませ。

再生成した設定ファイル

以前設定していた bond0 の pre-up は手動で削除しました。

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual
        mtu 9000

auto eno2
iface eno2 inet manual
        mtu 9000

auto intport0
iface intport0 inet static
        address 192.168.122.26/24
        gateway 192.168.122.1
        ovs_type OVSIntPort
        ovs_bridge vmbr0
        ovs_mtu 9000
        post-up ( iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8006 )

auto bond0
iface bond0 inet manual
        ovs_bonds eno1 eno2
        ovs_type OVSBond
        ovs_bridge vmbr0
        ovs_mtu 9000
        ovs_options bond_mode=balance-slb

auto vmbr0
iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports bond0 intport0
        ovs_mtu 9000
#production network

auto vmbr1
iface vmbr1 inet manual
        ovs_type OVSBridge
#develop network

どうやらovs_mtuというパラメータが入ったらしい。
https://metadata.ftp-master.debian.org/changelogs/main/o/openvswitch/testing_openvswitch-switch.README.Debian

適用

今回は ifupdown2 パッケージを追加して、ネットワーク設定の変更をオンラインで適用します。

インストールはこれだけ。GUIから Apply Configuration で適用。

apt install -y ifupdown2

適用後

root@pve01:/etc/network# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq master ovs-system state UP group default qlen 1000
    link/ether 90:1b:0e:9b:c4:2b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::921b:eff:fe9b:c42b/64 scope link 
       valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq master ovs-system state UP group default qlen 1000
    link/ether 90:1b:0e:9b:e2:ba brd ff:ff:ff:ff:ff:ff
    inet6 fe80::921b:eff:fe9b:e2ba/64 scope link 
       valid_lft forever preferred_lft forever
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 02:45:30:01:90:80 brd ff:ff:ff:ff:ff:ff
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 90:1b:0e:9b:c4:2b brd ff:ff:ff:ff:ff:ff
    inet6 2400:406f:1d6e:fb00:921b:eff:fe9b:c42b/64 scope global dynamic mngtmpaddr 
       valid_lft 2591923sec preferred_lft 604723sec
    inet6 fe80::921b:eff:fe9b:c42b/64 scope link 
       valid_lft forever preferred_lft forever
6: bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether ae:79:eb:a3:7e:64 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ac79:ebff:fea3:7e64/64 scope link 
       valid_lft forever preferred_lft forever
7: intport0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 42:2f:67:08:9d:d8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.26/24 brd 192.168.122.255 scope global intport0
       valid_lft forever preferred_lft forever
    inet6 2400:406f:1d6e:fb00:402f:67ff:fe08:9dd8/64 scope global dynamic mngtmpaddr 
       valid_lft 2591923sec preferred_lft 604723sec
    inet6 fe80::402f:67ff:fe08:9dd8/64 scope link 
       valid_lft forever preferred_lft forever

余談

Warning

この後再起動すると bond0 のMTUが1500になるのだが、pingを打った感じでは問題なさそう。気持ち悪いのはそうだけど。

内から打ってlocal error。

root@pve01:~# ping -M do -s 8972 -c2 192.168.122.27
PING 192.168.122.27 (192.168.122.27) 8972(9000) bytes of data.
8980 bytes from 192.168.122.27: icmp_seq=1 ttl=64 time=0.837 ms
8980 bytes from 192.168.122.27: icmp_seq=2 ttl=64 time=0.820 ms

--- 192.168.122.27 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 13ms
rtt min/avg/max/mdev = 0.820/0.828/0.837/0.030 ms
root@pve01:~# ping -M do -s 8973 -c2 192.168.122.27
PING 192.168.122.27 (192.168.122.27) 8973(9001) bytes of data.
ping: local error: Message too long, mtu=9000
ping: local error: Message too long, mtu=9000

--- 192.168.122.27 ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 14ms

外から打って返答あり。

root@pve02:~# ping -M do -s 8972 -c4 192.168.122.26
PING 192.168.122.26 (192.168.122.26) 8972(9000) bytes of data.
8980 bytes from 192.168.122.26: icmp_seq=1 ttl=64 time=0.998 ms
8980 bytes from 192.168.122.26: icmp_seq=2 ttl=64 time=1.05 ms
8980 bytes from 192.168.122.26: icmp_seq=3 ttl=64 time=0.775 ms
8980 bytes from 192.168.122.26: icmp_seq=4 ttl=64 time=1.15 ms

--- 192.168.122.26 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 21ms
rtt min/avg/max/mdev = 0.775/0.991/1.149/0.141 ms

そもそも bond0 ってOVS的にはMTU持ってないんですよね。構成しているinterfacesのMTU参照してほしい気持ちはありますけど。

root@pve02:~# ovs-vsctl list Interface | grep bond0
root@pve02:~# ovs-vsctl list Port 50d26c82-2571-47ed-bd7e-a4b6c39e198e
_uuid               : 50d26c82-2571-47ed-bd7e-a4b6c39e198e
bond_active_slave   : "90:1b:0e:98:6e:c6"
bond_downdelay      : 0
bond_fake_iface     : true
bond_mode           : balance-slb
bond_updelay        : 0
cvlans              : []
external_ids        : {}
fake_bridge         : false
interfaces          : [5487d20d-395e-42e3-9f57-809bec089a25, e2dd4f0e-eba0-45e8-b56d-6c9f8c74d914]
lacp                : []
mac                 : []
name                : "bond0"
other_config        : {}
protected           : false
qos                 : []
rstp_statistics     : {}
rstp_status         : {}
statistics          : {}
status              : {}
tag                 : []
trunks              : []
vlan_mode           : []
root@pve02:~# ovs-vsctl list Interface 5487d20d-395e-42e3-9f57-809bec089a25
_uuid               : 5487d20d-395e-42e3-9f57-809bec089a25
admin_state         : up
bfd                 : {}
bfd_status          : {}
cfm_fault           : []
cfm_fault_status    : []
cfm_flap_count      : []
cfm_health          : []
cfm_mpid            : []
cfm_remote_mpids    : []
cfm_remote_opstate  : []
duplex              : full
error               : []
external_ids        : {}
ifindex             : 3
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current        : []
link_resets         : 1
link_speed          : 1000000000
link_state          : up
lldp                : {}
mac                 : []
mac_in_use          : "90:1b:0e:98:6e:c6"
mtu                 : 9000
mtu_request         : 9000
name                : "eno2"
ofport              : 2
ofport_request      : []
options             : {}
other_config        : {}
statistics          : {collisions=0, rx_bytes=2879087520, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=430959, tx_bytes=331410720, tx_dropped=0, tx_errors=0, tx_packets=213604}
status              : {driver_name=igb, driver_version="5.6.0-k", firmware_version="3.25, 0x80000604"}
type                : ""
root@pve02:~# ovs-vsctl list Interface e2dd4f0e-eba0-45e8-b56d-6c9f8c74d914
_uuid               : e2dd4f0e-eba0-45e8-b56d-6c9f8c74d914
admin_state         : up
bfd                 : {}
bfd_status          : {}
cfm_fault           : []
cfm_fault_status    : []
cfm_flap_count      : []
cfm_health          : []
cfm_mpid            : []
cfm_remote_mpids    : []
cfm_remote_opstate  : []
duplex              : full
error               : []
external_ids        : {}
ifindex             : 2
ingress_policing_burst: 0
ingress_policing_rate: 0
lacp_current        : []
link_resets         : 1
link_speed          : 1000000000
link_state          : up
lldp                : {}
mac                 : []
mac_in_use          : "90:1b:0e:98:54:cb"
mtu                 : 9000
mtu_request         : 9000
name                : "eno1"
ofport              : 3
ofport_request      : []
options             : {}
other_config        : {}
statistics          : {collisions=0, rx_bytes=898646, rx_crc_err=0, rx_dropped=0, rx_errors=0, rx_frame_err=0, rx_over_err=0, rx_packets=6377, tx_bytes=1006, tx_dropped=0, tx_errors=0, tx_packets=13}
status              : {driver_name=igb, driver_version="5.6.0-k", firmware_version="3.25, 0x80000603"}
type                : ""

終わり

終わり。