Why does my ethernet interface not get added to my openvswitch bridge on startup, with debian 10.5?

Question

I am setting up a kvm/qemu/libvirt host (debian buster 10.5) with two ethernet interfaces: eno1 for the host traffic and eno2 for the VM traffic. eno2 is connected to a trunk switch port carrying the VLANs 4,7,221 and 800. The setup of eno1 is done by systemd-networkd. For the openvswitch configuration i seem to have to rely on the osv-extensions (see /usr/share/doc/openvswitch-switch/README.Debian.gz)

So I put this in /etc/network/interfaces:

auto lo
iface lo inet loopback

iface eno1 inet manual

allow-ovs br0
iface br0 inet manual
    ovs_type OVSBridge
    ovs_ports eno2
    pre-up ip link set $IFACE up
    post-down ip link set $IFACE down

allow-br0 eno2
iface eno2 inet manual
    ovs_bridge br0
    ovs_type OVSPort
    pre-up ip link set $IFACE up
    post-up ovs-vsctl add-port br0 $IFACE
    post-down ip link set $IFACE down

this gives me

ovs-vsctl show
0946b4ce-fb87-4fb5-84fd-c9fec7d7dbd5
    Bridge "br0"
        Port "vnet1"
            tag: 800
            Interface "vnet1"
        Port "br0"
            Interface "br0"
                type: internal
        Port "vnet0"
            tag: 800
            Interface "vnet0"
    ovs_version: "2.12.0"

the vnet0 and vnet1 are virtual machines. btw, this is the XML of the respective network:

<network connections='2'>
  <name>guest-network</name>
  <uuid>c6c325fb-cd95-4d1a-971a-dc241c2c853e</uuid>
  <forward mode='bridge'/>
  <bridge name='br0'/>
  <virtualport type='openvswitch'/>
  <portgroup name='vlan-4'>
    <vlan>
      <tag id='4'/>
    </vlan>
  </portgroup>
  <portgroup name='vlan-7'>
    <vlan>
      <tag id='7'/>
    </vlan>
  </portgroup>
  <portgroup name='vlan-800'>
    <vlan>
      <tag id='800'/>
    </vlan>
  </portgroup>
  <portgroup name='vlan-all'>
    <vlan trunk='yes'>
      <tag id='4'/>
      <tag id='7'/>
      <tag id='221'/>
      <tag id='800'/>
    </vlan>
  </portgroup>
</network>

if i activate the eno2 interface manually with ip link set eno2 up I get

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 34:48:ed:f0:a9:e8 brd ff:ff:ff:ff:ff:ff
    inet 195.37.235.117/26 brd 195.37.235.127 scope global eno1
       valid_lft forever preferred_lft forever
    inet6 fe80::3648:edff:fef0:a9e8/64 scope link
       valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 34:48:ed:f0:a9:e9 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3648:edff:fef0:a9e9/64 scope link
       valid_lft forever preferred_lft forever
4: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 36:97:3a:8e:fd:fb brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 36:66:8b:eb:9a:42 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3466:8bff:feeb:9a42/64 scope link
       valid_lft forever preferred_lft forever
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether fe:ad:be:ef:02:02 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcad:beff:feef:202/64 scope link
       valid_lft forever preferred_lft forever
7: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
    link/ether fe:ad:be:ef:01:01 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcad:beff:feef:101/64 scope link
       valid_lft forever preferred_lft forever

Why doesn't eno2 show up on br0? Is the best way to tell /etc/network/interfaces that eno2 should be UP to use the pre-up notiation? I would like to use the openvswitch database to have my configuration accross reboots

if i add eno2 to the br0 manually ovs-vsctl add-port br0 eno2 my setup works and my VMs can access the network.

Answer 1

For those struggling the same issue: ifupdown supports pre-up/up/post-up hooks right in the /etc/network/interfaces. No surprises with /etc/network/if-post-up.d

    # the configuration for eno2 may be completely removed from this file
    auto vmbr0
    iface vmbr0 inet manual
    ovs_type OVSBridge
    pre-up ip link set eno2 up
    pre-up ovs-vsctl add-port vmbr0 eno2

Answer 2

This can be done by creating the directory /etc/network/if-post-up.d

mkdir /etc/network/if-post-up.d

with a file (e.g. /etc/network/if-post-up.d/05-configure-eno2) and do the manual steps there:

#!/bin/bash
ip link set eno2 up
ovs-vsctl add-port br0 eno2

and making it executable

chmod +x /etc/network/if-post-up.d/05-configure-eno2

This is not a good solution as it violatates the rule of least surprise. No one will find that script on her own. A working solution in /etc/network/interfaces is preferable.