lxd icon indicating copy to clipboard operation
lxd copied to clipboard
verified publisher icon canonical

ACL logs with MicroOVN do not work because of hard coded file path

Open escabo opened this issue 1 year ago • 8 comments

Required information

  • Found with a MicroCloud setup using LXD 5.20

Issue description

  • The lxc network acl show-log bla command always produces this error: Error: Only OVN log entries may be retrieved at this time

Seems like this line https://github.com/canonical/lxd/blob/main/lxd/network/acl/driver_common.go#L734 should be snap aware as if I manually create a link on the servers of the cluster to the snap location of the file (when using MicroOVN), the error disappears.

escabo avatar Feb 07 '24 21:02 escabo

@escabo the HostPath() call in line https://github.com/canonical/lxd/blob/main/lxd/network/acl/driver_common.go#L734 is snap aware.

Was this tested only using a microovn installation or also with a normal Ubuntu based OVN setup (such as the one described here https://documentation.ubuntu.com/lxd/en/latest/howto/network_ovn_setup/#set-up-a-standalone-ovn-network)?

If it works with the standard OVN setup and not with the microovn setup then its likely an issue with the snap packaging in LXD not setting up the correct symlinks internally for the microovn log directory.

tomponline avatar Feb 08 '24 08:02 tomponline

This was with MicroOVN (in a MicroCloud setup) and I reported it because when I added symlinks, the error message disappeared.

escabo avatar Feb 08 '24 13:02 escabo

@masnax want to take a look at this one given you've done the work around microovn content interfaces previously?

tomponline avatar Feb 08 '24 13:02 tomponline

I think LXD and MicroOVN snaps should have a plug/interface to allow for easy retrieval of OVN logs by LXD. On the MicroOVN side, all I could find is for local log files.

We currently have a couple of interfaces/connections between the 2:

# snap connections lxd | grep ovn
content[ovn-certificates]  lxd:ovn-certificates  microovn:ovn-certificates  -
content[ovn-chassis]       lxd:ovn-chassis       microovn:ovn-chassis       -

# snap connections microovn | grep lxd
content[ovn-certificates]  lxd:ovn-certificates          microovn:ovn-certificates  -
content[ovn-chassis]       lxd:ovn-chassis               microovn:ovn-chassis       -

I think an eventual ovn-logs interface should only be manually connected as we would not always want to receive OVN logs. On the LXD side, this should also be conditional to having core.syslog_socket=true.

This would be a joint effort with the MicroOVN team.

simondeziel avatar May 08 '24 15:05 simondeziel