[ovs.git] / xenserver / etc_xapi.d_plugins_openvswitch-cfg-update

#!/usr/bin/env python
#
# xapi plugin script to update the cache of configuration items in the
# ovs-vswitchd configuration that are managed in the xapi database when 
# integrated with Citrix management tools.

# Copyright (C) 2009, 2010, 2011 Nicira Networks, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at:
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# TBD: - error handling needs to be improved.  Currently this can leave
# TBD:   the system in a bad state if anything goes wrong.

import XenAPIPlugin
import XenAPI
import os
import subprocess
import syslog

vsctl="/usr/bin/ovs-vsctl"
cacert_filename="/etc/openvswitch/vswitchd.cacert"

# Delete the CA certificate, so that we go back to boot-strapping mode
def delete_cacert():
    try:
        os.remove(cacert_filename)
    except OSError:
        # Ignore error if file doesn't exist
        pass

def update(session, args):
    # Refresh bridge network UUIDs in case this host joined or left a pool.
    script = "/opt/xensource/libexec/interface-reconfigure"
    try:
        retval = subprocess.call([script, "rewrite"])
        if retval != 0:
            syslog.syslog("%s exited with status %d" % (script, retval))
    except OSError, e:
        syslog.syslog("%s: failed to execute (%s)" % (script, e.strerror))

    pools = session.xenapi.pool.get_all()
    # We assume there is only ever one pool...
    if len(pools) == 0:
        raise XenAPIPlugin.Failure("NO_POOL_FOR_HOST", [])
    if len(pools) > 1:
        raise XenAPIPlugin.Failure("MORE_THAN_ONE_POOL_FOR_HOST", [])
    pool = session.xenapi.pool.get_record(pools[0])
    try:
        try:
            controller = pool["vswitch_controller"]
        except KeyError:
            # On systems older than XenServer 5.6.0, we needed to store
            # the key in "other_config".
            controller = pool["other_config"]["vSwitchController"]
    except KeyError, e:
        controller = ""
    ret_str = ""
    currentController = vswitchCurrentController()
    if controller == "" and currentController != "":
        delete_cacert()
        try:
            emergency_reset(session, None)
        except:
            pass
        removeControllerCfg()
        ret_str += "Successfully removed controller config.  "
    elif controller != currentController:
        delete_cacert()
        try:
            emergency_reset(session, None)
        except:
            pass
        setControllerCfg(controller)
        ret_str += "Successfully set controller to %s.  " % controller

    try:
        pool_fail_mode = pool["other_config"]["vswitch-controller-fail-mode"]
    except KeyError, e:
        pool_fail_mode = None

    bton = {}

    for n in session.xenapi.network.get_all():
        rec = session.xenapi.network.get_record(n)
        try:
            bton[rec['bridge']] = rec
        except KeyError:
            pass

    fail_mode_changed = False
    for bridge in vswitchCfgQuery(['list-br']).split():
        bridge = vswitchCfgQuery(['br-to-parent', bridge])
        bridge_fail_mode = vswitchCfgQuery(["get", "Bridge",
            bridge, "fail_mode"]).strip('[]"')

        try:
            fail_mode = bton[bridge]["other_config"]["vswitch-controller-fail-mode"]
        except KeyError, e:
            fail_mode = None

        if fail_mode not in ['secure', 'standalone']:
            fail_mode = pool_fail_mode

        if fail_mode != 'secure':
            fail_mode = 'standalone'

        if bridge_fail_mode != fail_mode:
            vswitchCfgMod(['--', 'set', 'Bridge', bridge,
                "fail_mode=%s" % fail_mode])
            fail_mode_changed = True

    if fail_mode_changed:
        ret_str += "Updated fail_mode.  "

    if ret_str != '':
        return ret_str
    else:
        return "No change to configuration"

def vswitchCurrentController():
    controller = vswitchCfgQuery(["get", "Open_vSwitch", 
                                  ".", "managers"]).strip('[]"')
    if controller == "":
        return controller
    if len(controller) < 4 or controller[0:4] != "ssl:":
        return controller
    else:
        return controller.split(':')[1]

def removeControllerCfg():
    vswitchCfgMod(["--", "clear", "Open_vSwitch", ".", "managers",
                   "--", "del-ssl"])

def setControllerCfg(controller):
    # /etc/xensource/xapi-ssl.pem is mentioned twice below because it
    # contains both the private key and the certificate.
    vswitchCfgMod(["--", "clear", "Open_vSwitch", ".", "managers",
                   "--", "del-ssl",
                   "--", "--bootstrap", "set-ssl",
                   "/etc/xensource/xapi-ssl.pem",
                   "/etc/xensource/xapi-ssl.pem",
                   cacert_filename,
                   "--", "set", "Open_vSwitch", ".",
                   'managers="ssl:' + controller + ':6632"'])

def vswitchCfgQuery(action_args):
    cmd = [vsctl, "--timeout=5", "-vANY:console:emer"] + action_args
    output = subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate()
    if len(output) == 0 or output[0] == None:
        output = ""
    else:
        output = output[0].strip()
    return output

def vswitchCfgMod(action_args):
    cmd = [vsctl, "--timeout=5", "-vANY:console:emer"] + action_args
    exitcode = subprocess.call(cmd)
    if exitcode != 0:
        raise XenAPIPlugin.Failure("VSWITCH_CONFIG_MOD_FAILURE",
                                   [ str(exitcode) , str(action_args) ])

def emergency_reset(session, args):
    cmd = [vsctl, "--timeout=5", "emer-reset"]
    exitcode = subprocess.call(cmd)
    if exitcode != 0:
        raise XenAPIPlugin.Failure("VSWITCH_EMER_RESET_FAILURE",
                                   [ str(exitcode) ])

    return "Successfully reset configuration"
    
if __name__ == "__main__":
    XenAPIPlugin.dispatch({"update": update,
                           "emergency_reset": emergency_reset})
Commit	Line	Data
064af421 BP	1	#!/usr/bin/env python
	2	#
	3	# xapi plugin script to update the cache of configuration items in the
bc391960 JP	4	# ovs-vswitchd configuration that are managed in the xapi database when
bc391960 JP	5	# integrated with Citrix management tools.
064af421	6
939e5a1b	7	# Copyright (C) 2009, 2010, 2011 Nicira Networks, Inc.
064af421	8	#
a14bc59f BP	9	# Licensed under the Apache License, Version 2.0 (the "License");
	10	# you may not use this file except in compliance with the License.
	11	# You may obtain a copy of the License at:
064af421	12	#
a14bc59f	13	# http://www.apache.org/licenses/LICENSE-2.0
064af421	14	#
a14bc59f BP	15	# Unless required by applicable law or agreed to in writing, software
	16	# distributed under the License is distributed on an "AS IS" BASIS,
	17	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	18	# See the License for the specific language governing permissions and
	19	# limitations under the License.
064af421 BP	20
	21	# TBD: - error handling needs to be improved. Currently this can leave
	22	# TBD: the system in a bad state if anything goes wrong.
	23
064af421 BP	24	import XenAPIPlugin
064af421 BP	25	import XenAPI
7e40e21d	26	import os
064af421	27	import subprocess
7730bd8f	28	import syslog
064af421	29
f95c85e2	30	vsctl="/usr/bin/ovs-vsctl"
bc391960	31	cacert_filename="/etc/openvswitch/vswitchd.cacert"
7e40e21d JP	32
	33	# Delete the CA certificate, so that we go back to boot-strapping mode
	34	def delete_cacert():
	35	try:
	36	os.remove(cacert_filename)
	37	except OSError:
	38	# Ignore error if file doesn't exist
	39	pass
064af421 BP	40
064af421 BP	41	def update(session, args):
bc31db1f	42	# Refresh bridge network UUIDs in case this host joined or left a pool.
9575eae3	43	script = "/opt/xensource/libexec/interface-reconfigure"
bc31db1f	44	try:
9575eae3	45	retval = subprocess.call([script, "rewrite"])
bc31db1f BP	46	if retval != 0:
	47	syslog.syslog("%s exited with status %d" % (script, retval))
	48	except OSError, e:
	49	syslog.syslog("%s: failed to execute (%s)" % (script, e.strerror))
	50
064af421 BP	51	pools = session.xenapi.pool.get_all()
	52	# We assume there is only ever one pool...
	53	if len(pools) == 0:
064af421 BP	54	raise XenAPIPlugin.Failure("NO_POOL_FOR_HOST", [])
064af421 BP	55	if len(pools) > 1:
064af421 BP	56	raise XenAPIPlugin.Failure("MORE_THAN_ONE_POOL_FOR_HOST", [])
	57	pool = session.xenapi.pool.get_record(pools[0])
	58	try:
80854880 JP	59	try:
	60	controller = pool["vswitch_controller"]
	61	except KeyError:
	62	# On systems older than XenServer 5.6.0, we needed to store
	63	# the key in "other_config".
	64	controller = pool["other_config"]["vSwitchController"]
064af421 BP	65	except KeyError, e:
064af421 BP	66	controller = ""
939e5a1b	67	ret_str = ""
064af421 BP	68	currentController = vswitchCurrentController()
064af421 BP	69	if controller == "" and currentController != "":
7e40e21d	70	delete_cacert()
59a81d82 JP	71	try:
	72	emergency_reset(session, None)
	73	except:
	74	pass
064af421	75	removeControllerCfg()
939e5a1b	76	ret_str += "Successfully removed controller config. "
064af421	77	elif controller != currentController:
7e40e21d	78	delete_cacert()
59a81d82 JP	79	try:
	80	emergency_reset(session, None)
	81	except:
	82	pass
064af421	83	setControllerCfg(controller)
939e5a1b EJ	84	ret_str += "Successfully set controller to %s. " % controller
	85
	86	try:
2dd26837	87	pool_fail_mode = pool["other_config"]["vswitch-controller-fail-mode"]
939e5a1b	88	except KeyError, e:
2dd26837	89	pool_fail_mode = None
939e5a1b	90
2dd26837 EJ	91	bton = {}
	92
	93	for n in session.xenapi.network.get_all():
	94	rec = session.xenapi.network.get_record(n)
	95	try:
	96	bton[rec['bridge']] = rec
	97	except KeyError:
	98	pass
939e5a1b EJ	99
939e5a1b EJ	100	fail_mode_changed = False
75fca0a4 EJ	101	for bridge in vswitchCfgQuery(['list-br']).split():
75fca0a4 EJ	102	bridge = vswitchCfgQuery(['br-to-parent', bridge])
939e5a1b EJ	103	bridge_fail_mode = vswitchCfgQuery(["get", "Bridge",
	104	bridge, "fail_mode"]).strip('[]"')
	105
2dd26837 EJ	106	try:
	107	fail_mode = bton[bridge]["other_config"]["vswitch-controller-fail-mode"]
	108	except KeyError, e:
	109	fail_mode = None
	110
	111	if fail_mode not in ['secure', 'standalone']:
	112	fail_mode = pool_fail_mode
	113
	114	if fail_mode != 'secure':
	115	fail_mode = 'standalone'
	116
939e5a1b EJ	117	if bridge_fail_mode != fail_mode:
	118	vswitchCfgMod(['--', 'set', 'Bridge', bridge,
	119	"fail_mode=%s" % fail_mode])
	120	fail_mode_changed = True
	121
	122	if fail_mode_changed:
2dd26837	123	ret_str += "Updated fail_mode. "
939e5a1b EJ	124
	125	if ret_str != '':
	126	return ret_str
064af421	127	else:
5990cd46	128	return "No change to configuration"
83497018	129
064af421	130	def vswitchCurrentController():
7e67d10d BP	131	controller = vswitchCfgQuery(["get", "Open_vSwitch",
7e67d10d BP	132	".", "managers"]).strip('[]"')
064af421 BP	133	if controller == "":
	134	return controller
	135	if len(controller) < 4 or controller[0:4] != "ssl:":
064af421 BP	136	return controller
064af421 BP	137	else:
5a9e7099	138	return controller.split(':')[1]
064af421 BP	139
064af421 BP	140	def removeControllerCfg():
5a9e7099	141	vswitchCfgMod(["--", "clear", "Open_vSwitch", ".", "managers",
f95c85e2	142	"--", "del-ssl"])
83497018	143
064af421	144	def setControllerCfg(controller):
88b56f29 BP	145	# /etc/xensource/xapi-ssl.pem is mentioned twice below because it
88b56f29 BP	146	# contains both the private key and the certificate.
5a9e7099	147	vswitchCfgMod(["--", "clear", "Open_vSwitch", ".", "managers",
f95c85e2 JP	148	"--", "del-ssl",
	149	"--", "--bootstrap", "set-ssl",
	150	"/etc/xensource/xapi-ssl.pem",
90056dc0	151	"/etc/xensource/xapi-ssl.pem",
bc391960	152	cacert_filename,
5a9e7099 JP	153	"--", "set", "Open_vSwitch", ".",
5a9e7099 JP	154	'managers="ssl:' + controller + ':6632"'])
064af421	155
7e67d10d	156	def vswitchCfgQuery(action_args):
6b7b9d34	157	cmd = [vsctl, "--timeout=5", "-vANY:console:emer"] + action_args
064af421 BP	158	output = subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate()
	159	if len(output) == 0 or output[0] == None:
	160	output = ""
	161	else:
	162	output = output[0].strip()
	163	return output
	164
	165	def vswitchCfgMod(action_args):
6b7b9d34	166	cmd = [vsctl, "--timeout=5", "-vANY:console:emer"] + action_args
064af421 BP	167	exitcode = subprocess.call(cmd)
064af421 BP	168	if exitcode != 0:
064af421 BP	169	raise XenAPIPlugin.Failure("VSWITCH_CONFIG_MOD_FAILURE",
064af421 BP	170	[ str(exitcode) , str(action_args) ])
7730bd8f JP	171
7730bd8f JP	172	def emergency_reset(session, args):
6b7b9d34	173	cmd = [vsctl, "--timeout=5", "emer-reset"]
59a81d82 JP	174	exitcode = subprocess.call(cmd)
	175	if exitcode != 0:
	176	raise XenAPIPlugin.Failure("VSWITCH_EMER_RESET_FAILURE",
	177	[ str(exitcode) ])
	178
	179	return "Successfully reset configuration"
064af421	180
064af421	181	if __name__ == "__main__":
7730bd8f JP	182	XenAPIPlugin.dispatch({"update": update,
7730bd8f JP	183	"emergency_reset": emergency_reset})