]> git.proxmox.com Git - ovs.git/blob - xenserver/etc_xapi.d_plugins_openvswitch-cfg-update
projects / ovs.git / blob
? search:


0668b39d66fb4567e5528a5c17c3fd4ce8f9edc8
[ovs.git] / xenserver / etc_xapi.d_plugins_openvswitch-cfg-update
1 #!/usr/bin/env python
2 #
3 # xapi plugin script to update the cache of configuration items in the
4 # ovs-vswitchd configuration that are managed in the xapi database when
5 # integrated with Citrix management tools.
6
7 # Copyright (C) 2009, 2010, 2011, 2012, 2013 Nicira, Inc.
8 #
9 # Licensed under the Apache License, Version 2.0 (the "License");
10 # you may not use this file except in compliance with the License.
11 # You may obtain a copy of the License at:
12 #
13 # http://www.apache.org/licenses/LICENSE-2.0
14 #
15 # Unless required by applicable law or agreed to in writing, software
16 # distributed under the License is distributed on an "AS IS" BASIS,
17 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 # See the License for the specific language governing permissions and
19 # limitations under the License.
20
21 # TBD: - error handling needs to be improved. Currently this can leave
22 # TBD: the system in a bad state if anything goes wrong.
23
24 import XenAPIPlugin
25 import os
26 import subprocess
27 import syslog
28 import re
29
30 vsctl = '/usr/bin/ovs-vsctl'
31 ofctl = '/usr/bin/ovs-ofctl'
32 cacert_filename = '/etc/openvswitch/vswitchd.cacert'
33
34
35 # Delete the CA certificate, so that we go back to boot-strapping mode
36 def delete_cacert():
37 try:
38 os.remove(cacert_filename)
39 except OSError:
40 # Ignore error if file doesn't exist
41 pass
42
43
44 def update(session, args):
45 # Refresh bridge network UUIDs in case this host joined or left a pool.
46 script = '/opt/xensource/libexec/interface-reconfigure'
47 try:
48 retval = subprocess.call([script, 'rewrite'])
49 if retval != 0:
50 syslog.syslog('%s exited with status %d' % (script, retval))
51 except OSError, e:
52 syslog.syslog('%s: failed to execute (%s)' % (script, e.strerror))
53
54 pools = session.xenapi.pool.get_all()
55 # We assume there is only ever one pool...
56 if len(pools) == 0:
57 raise XenAPIPlugin.Failure('NO_POOL_FOR_HOST', [])
58 if len(pools) > 1:
59 raise XenAPIPlugin.Failure('MORE_THAN_ONE_POOL_FOR_HOST', [])
60 new_controller = False
61 pool = session.xenapi.pool.get_record(pools[0])
62 controller = pool.get('vswitch_controller')
63 ret_str = ''
64 currentControllers = vswitchCurrentControllers()
65
66 if not controller and currentControllers:
67 delete_cacert()
68 try:
69 emergency_reset(session, None)
70 except:
71 pass
72 removeControllerCfg()
73 ret_str += 'Successfully removed controller config. '
74 elif controller not in currentControllers:
75 delete_cacert()
76 try:
77 emergency_reset(session, None)
78 except:
79 pass
80 setControllerCfg(controller)
81 new_controller = True
82 ret_str += 'Successfully set controller to %s. ' % controller
83
84 try:
85 pool_fail_mode = pool['other_config']['vswitch-controller-fail-mode']
86 except KeyError, e:
87 pool_fail_mode = None
88
89 bton = {}
90
91 for rec in session.xenapi.network.get_all_records().values():
92 try:
93 bton[rec['bridge']] = rec
94 except KeyError:
95 pass
96
97 # If new controller, get management MAC addresses from XAPI now
98 # in case fail_mode set to secure which may affect XAPI access
99 mgmt_bridge = None
100 host_mgmt_mac = None
101 host_mgmt_device = None
102 pool_mgmt_macs = {}
103 if new_controller:
104 query = 'field "management"="true"'
105 recs = session.xenapi.PIF.get_all_records_where(query)
106 for rec in recs.itervalues():
107 pool_mgmt_macs[rec.get('MAC')] = rec.get('device')
108
109 dib_changed = False
110 fail_mode_changed = False
111 for bridge in vswitchCfgQuery(['list-br']).split():
112 network = bton[bridge]
113 bridge = vswitchCfgQuery(['br-to-parent', bridge])
114
115 xapi_dib = network['other_config'].get('vswitch-disable-in-band')
116 if not xapi_dib:
117 xapi_dib = ''
118
119 ovs_dib = vswitchCfgQuery(['--', '--if-exists', 'get', 'Bridge',
120 bridge,
121 'other_config:disable-in-band']).strip('"')
122
123 # Do nothing if setting is invalid, and warn the user.
124 if xapi_dib not in ['true', 'false', '']:
125 ret_str += '"' + xapi_dib + '"' + \
126 ' is an invalid value for vswitch-disable-in-band on ' + \
127 bridge + ' '
128
129 # Change bridge disable-in-band option if XAPI and OVS states differ.
130 elif xapi_dib != ovs_dib:
131 # 'true' or 'false'
132 if xapi_dib:
133 vswitchCfgMod(['--', 'set', 'Bridge', bridge,
134 'other_config:disable-in-band=' + xapi_dib])
135 # '' or None
136 else:
137 vswitchCfgMod(['--', 'remove', 'Bridge', bridge,
138 'other_config', 'disable-in-band'])
139 dib_changed = True
140
141 # Change bridge fail_mode if XAPI state differs from OVS state.
142 bridge_fail_mode = vswitchCfgQuery(['get', 'Bridge',
143 bridge, 'fail_mode']).strip('[]"')
144
145 try:
146 other_config = bton[bridge]['other_config']
147 fail_mode = other_config['vswitch-controller-fail-mode']
148 except KeyError, e:
149 fail_mode = None
150
151 if fail_mode not in ['secure', 'standalone']:
152 fail_mode = pool_fail_mode
153
154 if fail_mode != 'secure':
155 fail_mode = 'standalone'
156
157 if bridge_fail_mode != fail_mode:
158 vswitchCfgMod(['--', 'set', 'Bridge', bridge,
159 'fail_mode=%s' % fail_mode])
160 fail_mode_changed = True
161
162 # Determine local mgmt MAC address if host being added to secure
163 # pool so we can add default flows to allow management traffic
164 if new_controller and fail_mode_changed and pool_fail_mode == 'secure':
165 oc = vswitchCfgQuery(['get', 'Bridge', bridge, 'other-config'])
166 m = re.match('.*hwaddr="([0-9a-fA-F:].*)".*', oc)
167 if m and m.group(1) in pool_mgmt_macs.keys():
168 mgmt_bridge = bridge
169 host_mgmt_mac = m.group(1)
170 host_mgmt_device = pool_mgmt_macs[host_mgmt_mac]
171
172 if (host_mgmt_mac is not None and mgmt_bridge is not None and
173 host_mgmt_device is not None):
174 tp = 'idle_timeout=0,priority=0'
175 port = vswitchCfgQuery(['get', 'interface', host_mgmt_device,
176 'ofport'])
177
178 addFlow(mgmt_bridge, '%s,in_port=%s,arp,nw_proto=1,actions=local' %
179 (tp, port))
180 addFlow(mgmt_bridge, '%s,in_port=local,arp,dl_src=%s,actions=%s' %
181 (tp, host_mgmt_mac, port))
182 addFlow(mgmt_bridge, '%s,in_port=%s,dl_dst=%s,actions=local' %
183 (tp, port, host_mgmt_mac))
184 addFlow(mgmt_bridge, '%s,in_port=local,dl_src=%s,actions=%s' %
185 (tp, host_mgmt_mac, port))
186
187 if dib_changed:
188 ret_str += 'Updated in-band management. '
189 if fail_mode_changed:
190 ret_str += 'Updated fail_mode. '
191
192 if ret_str != '':
193 return ret_str
194 else:
195 return 'No change to configuration'
196
197
198 def vswitchCurrentControllers():
199 controllers = vswitchCfgQuery(['get-manager'])
200
201 def parse_controller(controller):
202 if controller.startswith('ssl:'):
203 return controller.split(':')[1]
204
205 return controller.split(':')[0]
206
207 return [parse_controller(controller)
208 for controller in controllers.split('\n')
209 if controller]
210
211
212 def removeControllerCfg():
213 vswitchCfgMod(['--', 'del-manager',
214 '--', 'del-ssl'])
215
216
217 def setControllerCfg(controller):
218 # /etc/xensource/xapi-ssl.pem is mentioned twice below because it
219 # contains both the private key and the certificate.
220 vswitchCfgMod(['--', 'del-manager',
221 '--', 'del-ssl',
222 '--', '--bootstrap', 'set-ssl',
223 '/etc/xensource/xapi-ssl.pem',
224 '/etc/xensource/xapi-ssl.pem',
225 cacert_filename,
226 '--', 'set-manager', 'ssl:' + controller + ':6632'])
227
228
229 def vswitchCfgQuery(action_args):
230 cmd = [vsctl, '-vconsole:off'] + action_args
231 output = subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate()
232 if len(output) == 0 or output[0] is None:
233 output = ''
234 else:
235 output = output[0].strip()
236 return output
237
238
239 def vswitchCfgMod(action_args):
240 cmd = [vsctl, '--timeout=5', '-vconsole:off'] + action_args
241 exitcode = subprocess.call(cmd)
242 if exitcode != 0:
243 raise XenAPIPlugin.Failure('VSWITCH_CONFIG_MOD_FAILURE',
244 [str(exitcode), str(action_args)])
245
246
247 def emergency_reset(session, args):
248 cmd = [vsctl, '--timeout=5', 'emer-reset']
249 exitcode = subprocess.call(cmd)
250 if exitcode != 0:
251 raise XenAPIPlugin.Failure('VSWITCH_EMER_RESET_FAILURE',
252 [str(exitcode)])
253
254 return 'Successfully reset configuration'
255
256
257 def addFlow(switch, flow):
258 cmd = [ofctl, 'add-flow', switch, flow]
259 exitcode = subprocess.call(cmd)
260 if exitcode != 0:
261 raise XenAPIPlugin.Failure('VSWITCH_ADD_FLOW_FAILURE',
262 [str(exitcode), str(switch), str(flow)])
263
264
265 if __name__ == '__main__':
266 XenAPIPlugin.dispatch({'update': update,
267 'emergency_reset': emergency_reset})
openvswitch packages for PVE