Merge trunk

Adapting code to changes in fetch_image

11 files changed, 670 insertions, 67 deletions

diff --git a/plugins/xenserver/networking/etc/init.d/openvswitch-nova b/plugins/xenserver/networking/etc/init.d/openvswitch-nova
new file mode 100755
index 000000000..8672a69b8
--- /dev/null
+++ b/plugins/xenserver/networking/etc/init.d/openvswitch-nova
@@ -0,0 +1,96 @@
+#!/bin/bash
+#
+# openvswitch-nova
+#
+# chkconfig: 2345 96 89
+# description: Apply initial OVS flows for Nova
+
+# Copyright 2011 OpenStack LLC.
+# Copyright (C) 2009, 2010, 2011 Nicira Networks, Inc.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+# source function library
+if [ -f /etc/init.d/functions ]; then
+    . /etc/init.d/functions
+elif [ -f /etc/rc.d/init.d/functions ]; then
+    . /etc/rc.d/init.d/functions
+elif [ -f /lib/lsb/init-functions ]; then
+    . /lib/lsb/init-functions
+else
+    echo "$0: missing LSB shell function library" >&2
+    exit 1
+fi
+
+OVS_CONFIGURE_BASE_FLOWS=/etc/xensource/scripts/ovs_configure_base_flows.py
+
+if test -e /etc/sysconfig/openvswitch-nova; then
+    . /etc/sysconfig/openvswitch-nova
+else
+    echo "$0: missing configuration file: /etc/sysconfig/openvswitch-nova"
+    exit 1
+fi
+
+if test -e /etc/xensource/network.conf; then
+    NETWORK_MODE=$(cat /etc/xensource/network.conf)
+fi
+
+case ${NETWORK_MODE:=openvswitch} in
+    vswitch|openvswitch)
+        ;;
+    bridge)
+        exit 0
+        ;;
+    *)
+        echo "Open vSwitch disabled (/etc/xensource/network.conf is invalid)" >&2
+        exit 0
+        ;;
+esac
+
+function run_ovs_conf_base_flows {
+    # expected format: DEVICE_BRIDGES="eth0:xenbr0 eth1:xenbr1"
+    for pair in $DEVICE_BRIDGES; do
+	# below in $info, physical device is [0], bridge name is [1]
+	info=${pair//:/ }
+	/usr/bin/python $OVS_CONFIGURE_BASE_FLOWS $1 ${info[0]} ${info[1]}
+    done
+}
+
+function start {
+    run_ovs_conf_base_flows online
+}
+
+function stop {
+    run_ovs_conf_base_flows offline
+}
+
+function restart {
+    run_ovs_conf_base_flows reset
+}
+
+case "$1" in
+    start)
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    restart)
+        restart
+        ;;
+    *)
+        echo "usage: openvswitch-nova [start|stop|restart]"
+        exit 1
+        ;;
+esac
diff --git a/plugins/xenserver/networking/etc/sysconfig/openvswitch-nova b/plugins/xenserver/networking/etc/sysconfig/openvswitch-nova
new file mode 100644
index 000000000..829782fb6
--- /dev/null
+++ b/plugins/xenserver/networking/etc/sysconfig/openvswitch-nova
@@ -0,0 +1 @@
+#DEVICE_BRIDGES="eth0:xenbr0 eth1:xenbr1"
diff --git a/plugins/xenserver/networking/etc/udev/rules.d/xen-openvswitch-nova.rules b/plugins/xenserver/networking/etc/udev/rules.d/xen-openvswitch-nova.rules
new file mode 100644
index 000000000..b179f0847
--- /dev/null
+++ b/plugins/xenserver/networking/etc/udev/rules.d/xen-openvswitch-nova.rules
@@ -0,0 +1,3 @@
+SUBSYSTEM=="xen-backend", KERNEL=="vif*", RUN+="/etc/xensource/scripts/ovs_configure_vif_flows.py $env{ACTION} %k all"
+# is this one needed?
+#SUBSYSTEM=="net",         KERNEL=="tap*", RUN+="/etc/xensource/scripts/ovs_configure_vif_flows.py $env{ACTION} %k all"
diff --git a/plugins/xenserver/networking/etc/xensource/scripts/novalib.py b/plugins/xenserver/networking/etc/xensource/scripts/novalib.py
new file mode 100644
index 000000000..dcbee3ded
--- /dev/null
+++ b/plugins/xenserver/networking/etc/xensource/scripts/novalib.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2011 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+
+import os
+import subprocess
+
+
+def execute_get_output(*command):
+    """Execute and return stdout"""
+    devnull = open(os.devnull, 'w')
+    command = map(str, command)
+    proc = subprocess.Popen(command, close_fds=True,
+                            stdout=subprocess.PIPE, stderr=devnull)
+    devnull.close()
+    return proc.stdout.read().strip()
+
+
+def execute(*command):
+    """Execute without returning stdout"""
+    devnull = open(os.devnull, 'w')
+    command = map(str, command)
+    proc = subprocess.Popen(command, close_fds=True,
+                            stdout=subprocess.PIPE, stderr=devnull)
+    devnull.close()
diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py
new file mode 100755
index 000000000..514a43a2d
--- /dev/null
+++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py
@@ -0,0 +1,62 @@
+#!/usr/bin/env python
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2011 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""
+This script is used to configure base openvswitch flows for XenServer hosts.
+"""
+
+import os
+import sys
+
+
+from novalib import execute, execute_get_output
+
+
+def main(command, phys_dev_name, bridge_name):
+    ovs_ofctl = lambda *rule: execute('/usr/bin/ovs-ofctl', *rule)
+
+    # always clear all flows first
+    ovs_ofctl('del-flows', bridge_name)
+
+    if command in ('online', 'reset'):
+        pnic_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get',
+                                         'Interface', phys_dev_name, 'ofport')
+
+        # these flows are lower priority than all VM-specific flows.
+
+        # allow all traffic from the physical NIC, as it is trusted (i.e.,
+        # from a filtered vif, or from the physical infrastructure)
+        ovs_ofctl('add-flow', bridge_name,
+                  "priority=2,in_port=%s,actions=normal" % pnic_ofport)
+
+        # default drop
+        ovs_ofctl('add-flow', bridge_name, 'priority=1,actions=drop')
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 4 or sys.argv[1] not in ('online', 'offline', 'reset'):
+        print sys.argv
+        script_name = os.path.basename(sys.argv[0])
+        print "This script configures base ovs flows."
+        print "usage: %s [online|offline|reset] phys-dev-name bridge-name" \
+                % script_name
+        print "   ex: %s online eth0 xenbr0" % script_name
+        sys.exit(1)
+    else:
+        command, phys_dev_name, bridge_name = sys.argv[1:4]
+        main(command, phys_dev_name, bridge_name)
diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py
new file mode 100755
index 000000000..accd08b91
--- /dev/null
+++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py
@@ -0,0 +1,180 @@
+#!/usr/bin/env python
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2011 OpenStack LLC.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+"""
+This script is used to configure openvswitch flows on XenServer hosts.
+"""
+
+import os
+import sys
+
+# This is written to Python 2.4, since that is what is available on XenServer
+import netaddr
+import simplejson as json
+
+from novalib import execute, execute_get_output
+
+
+OVS_OFCTL = '/usr/bin/ovs-ofctl'
+
+
+class OvsFlow(object):
+    def __init__(self, bridge, params):
+        self.bridge = bridge
+        self.params = params
+
+    def add(self, rule):
+        execute(OVS_OFCTL, 'add-flow', self.bridge, rule % self.params)
+
+    def clear_flows(self, ofport):
+        execute(OVS_OFCTL, 'del-flows', self.bridge, "in_port=%s" % ofport)
+
+
+def main(command, vif_raw, net_type):
+    if command not in ('online', 'offline'):
+        return
+
+    vif_name, dom_id, vif_index = vif_raw.split('-')
+    vif = "%s%s.%s" % (vif_name, dom_id, vif_index)
+    bridge = "xenbr%s" % vif_index
+
+    xsls = execute_get_output('/usr/bin/xenstore-ls',
+                              '/local/domain/%s/vm-data/networking' % dom_id)
+    macs = [line.split("=")[0].strip() for line in xsls.splitlines()]
+
+    for mac in macs:
+        xsread = execute_get_output('/usr/bin/xenstore-read',
+                                    '/local/domain/%s/vm-data/networking/%s' %
+                                    (dom_id, mac))
+        data = json.loads(xsread)
+        if data["label"] == "public":
+            this_vif = "vif%s.0" % dom_id
+        else:
+            this_vif = "vif%s.1" % dom_id
+
+        if vif == this_vif:
+            vif_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get',
+                                            'Interface', vif, 'ofport')
+
+            params = dict(VIF_NAME=vif,
+                          MAC=data['mac'],
+                          OF_PORT=vif_ofport)
+
+            ovs = OvsFlow(bridge, params)
+
+            if command == 'offline':
+                # I haven't found a way to clear only IPv4 or IPv6 rules.
+                ovs.clear_flows(vif_ofport)
+
+            if command == 'online':
+                if net_type in ('ipv4', 'all') and 'ips' in data:
+                    for ip4 in data['ips']:
+                        ovs.params.update({'IPV4_ADDR': ip4['ip']})
+                        apply_ovs_ipv4_flows(ovs, bridge, params)
+                if net_type in ('ipv6', 'all') and 'ip6s' in data:
+                    for ip6 in data['ip6s']:
+                        link_local = str(netaddr.EUI(data['mac']).eui64()\
+                                        .ipv6_link_local())
+                        ovs.params.update({'IPV6_LINK_LOCAL_ADDR': link_local})
+                        ovs.params.update({'IPV6_GLOBAL_ADDR': ip6['ip']})
+                        apply_ovs_ipv6_flows(ovs, bridge, params)
+
+
+def apply_ovs_ipv4_flows(ovs, bridge, params):
+    # allow valid ARP outbound (both request / reply)
+    ovs.add("priority=3,in_port=%(OF_PORT)s,dl_src=%(MAC)s,arp,"
+            "arp_sha=%(MAC)s,nw_src=%(IPV4_ADDR)s,actions=normal")
+
+    ovs.add("priority=3,in_port=%(OF_PORT)s,dl_src=%(MAC)s,arp,"
+            "arp_sha=%(MAC)s,nw_src=0.0.0.0,actions=normal")
+
+    # allow valid IPv4 outbound
+    ovs.add("priority=3,in_port=%(OF_PORT)s,dl_src=%(MAC)s,ip,"
+            "nw_src=%(IPV4_ADDR)s,actions=normal")
+
+
+def apply_ovs_ipv6_flows(ovs, bridge, params):
+    # allow valid IPv6 ND outbound (are both global and local IPs needed?)
+    # Neighbor Solicitation
+    ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6,"
+            "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp_type=135,nd_sll=%(MAC)s,"
+            "actions=normal")
+    ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6,"
+            "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp_type=135,actions=normal")
+    ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6,"
+            "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp_type=135,nd_sll=%(MAC)s,"
+            "actions=normal")
+    ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6,"
+            "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp_type=135,actions=normal")
+
+    # Neighbor Advertisement
+    ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6,"
+            "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp_type=136,"
+            "nd_target=%(IPV6_LINK_LOCAL_ADDR)s,actions=normal")
+    ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6,"
+            "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp_type=136,actions=normal")
+    ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6,"
+            "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp_type=136,"
+            "nd_target=%(IPV6_GLOBAL_ADDR)s,actions=normal")
+    ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6,"
+            "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp_type=136,actions=normal")
+
+    # drop all other neighbor discovery (req b/c we permit all icmp6 below)
+    ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=135,actions=drop")
+    ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=136,actions=drop")
+
+    # do not allow sending specifc ICMPv6 types
+    # Router Advertisement
+    ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=134,actions=drop")
+    # Redirect Gateway
+    ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=137,actions=drop")
+    # Mobile Prefix Solicitation
+    ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=146,actions=drop")
+    # Mobile Prefix Advertisement
+    ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=147,actions=drop")
+    # Multicast Router Advertisement
+    ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=151,actions=drop")
+    # Multicast Router Solicitation
+    ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=152,actions=drop")
+    # Multicast Router Termination
+    ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=153,actions=drop")
+
+    # allow valid IPv6 outbound, by type
+    ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s,"
+            "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp6,actions=normal")
+    ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s,"
+            "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp6,actions=normal")
+    ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s,"
+            "ipv6_src=%(IPV6_GLOBAL_ADDR)s,tcp6,actions=normal")
+    ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s,"
+            "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,tcp6,actions=normal")
+    ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s,"
+            "ipv6_src=%(IPV6_GLOBAL_ADDR)s,udp6,actions=normal")
+    ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s,"
+            "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,udp6,actions=normal")
+    # all else will be dropped ...
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 4:
+        print "usage: %s [online|offline] vif-domid-idx [ipv4|ipv6|all] " % \
+               os.path.basename(sys.argv[0])
+        sys.exit(1)
+    else:
+        command, vif_raw, net_type = sys.argv[1:4]
+        main(command, vif_raw, net_type)
diff --git a/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py b/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py
index 48122e6d6..662def205 100755
--- a/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py
+++ b/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # vim: tabstop=4 shiftwidth=4 softtabstop=4
 
-# Copyright 2010 OpenStack LLC.
+# Copyright 2010-2011 OpenStack LLC.
 # All Rights Reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -29,15 +29,18 @@ import sys
 import simplejson as json
 
 
+from novalib import execute, execute_get_output
+
+
 def main(dom_id, command, only_this_vif=None):
-    xsls = execute('/usr/bin/xenstore-ls',
-                   '/local/domain/%s/vm-data/networking' % dom_id, True)
+    xsls = execute_get_output('/usr/bin/xenstore-ls',
+                              '/local/domain/%s/vm-data/networking' % dom_id)
     macs = [line.split("=")[0].strip() for line in xsls.splitlines()]
 
     for mac in macs:
-        xsread = execute('/usr/bin/enstore-read',
-                         '/local/domain/%s/vm-data/networking/%s' %
-                         (dom_id, mac), True)
+        xsread = execute_get_output('/usr/bin/xenstore-read',
+                                    '/local/domain/%s/vm-data/networking/%s' %
+                                    (dom_id, mac))
         data = json.loads(xsread)
         for ip in data['ips']:
             if data["label"] == "public":
@@ -52,17 +55,6 @@ def main(dom_id, command, only_this_vif=None):
                 apply_iptables_rules(command, params)
 
 
-def execute(*command, return_stdout=False):
-    devnull = open(os.devnull, 'w')
-    command = map(str, command)
-    proc = subprocess.Popen(command, close_fds=True,
-                            stdout=subprocess.PIPE, stderr=devnull)
-    devnull.close()
-    if return_stdout:
-        return proc.stdout.read()
-    else:
-        return None
-
 # A note about adding rules:
 #   Whenever we add any rule to iptables, arptables or ebtables we first
 #   delete the same rule to ensure the rule only exists once.
@@ -113,8 +105,8 @@ def apply_ebtables_rules(command, params):
     ebtables('-D', 'FORWARD', '-p', '0806', '-o', params['VIF'],
              '--arp-ip-dst', params['IP'],
              '-j', 'ACCEPT')
-    ebtables('-D', 'FORWARD', '-p', '0800', '-o',
-             params['VIF'], '--ip-dst', params['IP'],
+    ebtables('-D', 'FORWARD', '-p', '0800', '-o', params['VIF'],
+             '--ip-dst', params['IP'],
              '-j', 'ACCEPT')
     if command == 'online':
         ebtables('-A', 'FORWARD', '-p', '0806',
diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/agent b/plugins/xenserver/xenapi/etc/xapi.d/plugins/agent
index 5496a6bd5..9e761f264 100755
--- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/agent
+++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/agent
@@ -53,7 +53,6 @@ class TimeoutError(StandardError):
     pass
 
 
-@jsonify
 def key_init(self, arg_dict):
     """Handles the Diffie-Hellman key exchange with the agent to
     establish the shared secret key used to encrypt/decrypt sensitive
@@ -72,7 +71,6 @@ def key_init(self, arg_dict):
     return resp
 
 
-@jsonify
 def password(self, arg_dict):
     """Writes a request to xenstore that tells the agent to set
     the root password for the given VM. The password should be
@@ -80,7 +78,6 @@ def password(self, arg_dict):
     previous call to key_init. The encrypted password value should
     be passed as the value for the 'enc_pass' key in arg_dict.
     """
-    pub = int(arg_dict["pub"])
     enc_pass = arg_dict["enc_pass"]
     arg_dict["value"] = json.dumps({"name": "password", "value": enc_pass})
     request_id = arg_dict["id"]
diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance
index 1eed7e862..5c8bc9c1c 100644
--- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance
+++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance
@@ -22,6 +22,10 @@
 #
 
 import httplib
+try:
+    import json
+except ImportError:
+    import simplejson as json
 import os
 import os.path
 import pickle
@@ -68,12 +72,12 @@ def _download_tarball(sr_path, staging_path, image_id, glance_host,
     area.
     """
     conn = httplib.HTTPConnection(glance_host, glance_port)
-    conn.request('GET', '/images/%s' % image_id)
+    conn.request('GET', '/v1/images/%s' % image_id)
     resp = conn.getresponse()
     if resp.status == httplib.NOT_FOUND:
         raise Exception("Image '%s' not found in Glance" % image_id)
     elif resp.status != httplib.OK:
-        raise Exception("Unexpected response from Glance %i" % res.status)
+        raise Exception("Unexpected response from Glance %i" % resp.status)
 
     tar_cmd = "tar -zx --directory=%(staging_path)s" % locals()
     tar_proc = _make_subprocess(tar_cmd, stderr=True, stdin=True)
@@ -87,8 +91,8 @@ def _download_tarball(sr_path, staging_path, image_id, glance_host,
     conn.close()
 
 
-def _fixup_vhds(sr_path, staging_path, uuid_stack):
-    """Fixup the downloaded VHDs before we move them into the SR.
+def _import_vhds(sr_path, staging_path, uuid_stack):
+    """Import the VHDs found in the staging path.
 
     We cannot extract VHDs directly into the SR since they don't yet have
     UUIDs, aren't properly associated with each other, and would be subject to
@@ -98,16 +102,25 @@ def _fixup_vhds(sr_path, staging_path, uuid_stack):
     To avoid these we problems, we use a staging area to fixup the VHDs before
     moving them into the SR. The steps involved are:
 
-        1. Extracting tarball into staging area
+        1. Extracting tarball into staging area (done prior to this call)
 
         2. Renaming VHDs to use UUIDs ('snap.vhd' -> 'ffff-aaaa-...vhd')
 
-        3. Linking the two VHDs together
+        3. Linking VHDs together if there's a snap.vhd
 
         4. Pseudo-atomically moving the images into the SR. (It's not really
-           atomic because it takes place as two os.rename operations; however,
-           the chances of an SR.scan occuring between the two rename()
+           atomic because it takes place as multiple os.rename operations;
+           however, the chances of an SR.scan occuring between the rename()s
            invocations is so small that we can safely ignore it)
+
+    Returns: A list of VDIs.  Each list element is a dictionary containing
+    information about the VHD.  Dictionary keys are:
+        1. "vdi_type" - The type of VDI. Currently they can be "os_disk" or
+           "swap"
+        2. "vdi_uuid" - The UUID of the VDI
+
+    Example return: [{"vdi_type": "os_disk","vdi_uuid": "ffff-aaa..vhd"},
+                     {"vdi_type": "swap","vdi_uuid": "ffff-bbb..vhd"}]
     """
     def rename_with_uuid(orig_path):
         """Rename VHD using UUID so that it will be recognized by SR on a
@@ -158,27 +171,59 @@ def _fixup_vhds(sr_path, staging_path, uuid_stack):
                         "VHD %(path)s is marked as hidden without child" %
                         locals())
 
-    orig_base_copy_path = os.path.join(staging_path, 'image.vhd')
-    if not os.path.exists(orig_base_copy_path):
+    def prepare_if_exists(staging_path, vhd_name, parent_path=None):
+        """
+        Check for existance of a particular VHD in the staging path and
+        preparing it for moving into the SR.
+
+        Returns: Tuple of (Path to move into the SR, VDI_UUID)
+                 None, if the vhd_name doesn't exist in the staging path
+
+        If the VHD exists, we will do the following:
+            1. Rename it with a UUID.
+            2. If parent_path exists, we'll link up the VHDs.
+        """
+        orig_path = os.path.join(staging_path, vhd_name)
+        if not os.path.exists(orig_path):
+            return None
+        new_path, vdi_uuid = rename_with_uuid(orig_path)
+        if parent_path:
+            # NOTE(sirp): this step is necessary so that an SR scan won't
+            # delete the base_copy out from under us (since it would be
+            # orphaned)
+            link_vhds(new_path, parent_path)
+        return (new_path, vdi_uuid)
+
+    vdi_return_list = []
+    paths_to_move = []
+
+    image_info = prepare_if_exists(staging_path, 'image.vhd')
+    if not image_info:
         raise Exception("Invalid image: image.vhd not present")
 
-    base_copy_path, base_copy_uuid = rename_with_uuid(orig_base_copy_path)
-
-    vdi_uuid = base_copy_uuid
-    orig_snap_path = os.path.join(staging_path, 'snap.vhd')
-    if os.path.exists(orig_snap_path):
-        snap_path, snap_uuid = rename_with_uuid(orig_snap_path)
-        vdi_uuid = snap_uuid
-        # NOTE(sirp): this step is necessary so that an SR scan won't
-        # delete the base_copy out from under us (since it would be
-        # orphaned)
-        link_vhds(snap_path, base_copy_path)
-        move_into_sr(snap_path)
+    paths_to_move.append(image_info[0])
+
+    snap_info = prepare_if_exists(staging_path, 'snap.vhd',
+            image_info[0])
+    if snap_info:
+        paths_to_move.append(snap_info[0])
+        # We return this snap as the VDI instead of image.vhd
+        vdi_return_list.append(dict(vdi_type="os", vdi_uuid=snap_info[1]))
     else:
-        assert_vhd_not_hidden(base_copy_path)
+        assert_vhd_not_hidden(image_info[0])
+        # If there's no snap, we return the image.vhd UUID
+        vdi_return_list.append(dict(vdi_type="os", vdi_uuid=image_info[1]))
+
+    swap_info = prepare_if_exists(staging_path, 'swap.vhd')
+    if swap_info:
+        assert_vhd_not_hidden(swap_info[0])
+        paths_to_move.append(swap_info[0])
+        vdi_return_list.append(dict(vdi_type="swap", vdi_uuid=swap_info[1]))
+
+    for path in paths_to_move:
+        move_into_sr(path)
 
-    move_into_sr(base_copy_path)
-    return vdi_uuid
+    return vdi_return_list
 
 
 def _prepare_staging_area_for_upload(sr_path, staging_path, vdi_uuids):
@@ -324,8 +369,9 @@ def download_vhd(session, args):
     try:
         _download_tarball(sr_path, staging_path, image_id, glance_host,
                           glance_port)
-        vdi_uuid = _fixup_vhds(sr_path, staging_path, uuid_stack)
-        return vdi_uuid
+        # Right now, it's easier to return a single string via XenAPI,
+        # so we'll json encode the list of VHDs.
+        return json.dumps(_import_vhds(sr_path, staging_path, uuid_stack))
     finally:
         _cleanup_staging_area(staging_path)
 
diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenhost b/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenhost
new file mode 100644
index 000000000..a8428e841
--- /dev/null
+++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenhost
@@ -0,0 +1,183 @@
+#!/usr/bin/env python
+
+# Copyright 2011 OpenStack LLC.
+# Copyright 2011 United States Government as represented by the
+# Administrator of the National Aeronautics and Space Administration.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+#
+# XenAPI plugin for reading/writing information to xenstore
+#
+
+try:
+    import json
+except ImportError:
+    import simplejson as json
+import os
+import random
+import re
+import subprocess
+import tempfile
+import time
+
+import XenAPIPlugin
+
+from pluginlib_nova import *
+configure_logging("xenhost")
+
+host_data_pattern = re.compile(r"\s*(\S+) \([^\)]+\) *: ?(.*)")
+
+
+def jsonify(fnc):
+    def wrapper(*args, **kwargs):
+        return json.dumps(fnc(*args, **kwargs))
+    return wrapper
+
+
+class TimeoutError(StandardError):
+    pass
+
+
+def _run_command(cmd):
+    """Abstracts out the basics of issuing system commands. If the command
+    returns anything in stderr, a PluginError is raised with that information.
+    Otherwise, the output from stdout is returned.
+    """
+    pipe = subprocess.PIPE
+    proc = subprocess.Popen([cmd], shell=True, stdin=pipe, stdout=pipe,
+            stderr=pipe, close_fds=True)
+    proc.wait()
+    err = proc.stderr.read()
+    if err:
+        raise pluginlib.PluginError(err)
+    return proc.stdout.read()
+
+
+@jsonify
+def host_data(self, arg_dict):
+    """Runs the commands on the xenstore host to return the current status
+    information.
+    """
+    cmd = "xe host-list | grep uuid"
+    resp = _run_command(cmd)
+    host_uuid = resp.split(":")[-1].strip()
+    cmd = "xe host-param-list uuid=%s" % host_uuid
+    resp = _run_command(cmd)
+    parsed_data = parse_response(resp)
+    # We have the raw dict of values. Extract those that we need,
+    # and convert the data types as needed.
+    ret_dict = cleanup(parsed_data)
+    return ret_dict
+
+
+def parse_response(resp):
+    data = {}
+    for ln in resp.splitlines():
+        if not ln:
+            continue
+        mtch = host_data_pattern.match(ln.strip())
+        try:
+            k, v = mtch.groups()
+            data[k] = v
+        except AttributeError:
+            # Not a valid line; skip it
+            continue
+    return data
+
+
+def cleanup(dct):
+    """Take the raw KV pairs returned and translate them into the
+    appropriate types, discarding any we don't need.
+    """
+    def safe_int(val):
+        """Integer values will either be string versions of numbers,
+        or empty strings. Convert the latter to nulls.
+        """
+        try:
+            return int(val)
+        except ValueError:
+            return None
+
+    def strip_kv(ln):
+        return [val.strip() for val in ln.split(":", 1)]
+
+    out = {}
+
+#    sbs = dct.get("supported-bootloaders", "")
+#    out["host_supported-bootloaders"] = sbs.split("; ")
+#    out["host_suspend-image-sr-uuid"] = dct.get("suspend-image-sr-uuid", "")
+#    out["host_crash-dump-sr-uuid"] = dct.get("crash-dump-sr-uuid", "")
+#    out["host_local-cache-sr"] = dct.get("local-cache-sr", "")
+    out["host_memory"] = omm = {}
+    omm["total"] = safe_int(dct.get("memory-total", ""))
+    omm["overhead"] = safe_int(dct.get("memory-overhead", ""))
+    omm["free"] = safe_int(dct.get("memory-free", ""))
+    omm["free-computed"] = safe_int(
+            dct.get("memory-free-computed", ""))
+
+#    out["host_API-version"] = avv = {}
+#    avv["vendor"] = dct.get("API-version-vendor", "")
+#    avv["major"] = safe_int(dct.get("API-version-major", ""))
+#    avv["minor"] = safe_int(dct.get("API-version-minor", ""))
+
+    out["host_uuid"] = dct.get("uuid", None)
+    out["host_name-label"] = dct.get("name-label", "")
+    out["host_name-description"] = dct.get("name-description", "")
+#    out["host_host-metrics-live"] = dct.get(
+#            "host-metrics-live", "false") == "true"
+    out["host_hostname"] = dct.get("hostname", "")
+    out["host_ip_address"] = dct.get("address", "")
+    oc = dct.get("other-config", "")
+    out["host_other-config"] = ocd = {}
+    if oc:
+        for oc_fld in oc.split("; "):
+            ock, ocv = strip_kv(oc_fld)
+            ocd[ock] = ocv
+#    out["host_capabilities"] = dct.get("capabilities", "").split("; ")
+#    out["host_allowed-operations"] = dct.get(
+#            "allowed-operations", "").split("; ")
+#    lsrv = dct.get("license-server", "")
+#    out["host_license-server"] = ols = {}
+#    if lsrv:
+#        for lspart in lsrv.split("; "):
+#            lsk, lsv = lspart.split(": ")
+#            if lsk == "port":
+#                ols[lsk] = safe_int(lsv)
+#            else:
+#                ols[lsk] = lsv
+#    sv = dct.get("software-version", "")
+#    out["host_software-version"] = osv = {}
+#    if sv:
+#        for svln in sv.split("; "):
+#            svk, svv = strip_kv(svln)
+#            osv[svk] = svv
+    cpuinf = dct.get("cpu_info", "")
+    out["host_cpu_info"] = ocp = {}
+    if cpuinf:
+        for cpln in cpuinf.split("; "):
+            cpk, cpv = strip_kv(cpln)
+            if cpk in ("cpu_count", "family", "model", "stepping"):
+                ocp[cpk] = safe_int(cpv)
+            else:
+                ocp[cpk] = cpv
+#    out["host_edition"] = dct.get("edition", "")
+#    out["host_external-auth-service-name"] = dct.get(
+#            "external-auth-service-name", "")
+    return out
+
+
+if __name__ == "__main__":
+    XenAPIPlugin.dispatch(
+        {"host_data": host_data})
diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenstore.py b/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenstore.py
index a35ccd6ab..6c589ed29 100755
--- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenstore.py
+++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenstore.py
@@ -56,16 +56,17 @@ def read_record(self, arg_dict):
     and boolean True, attempting to read a non-existent path will return
     the string 'None' instead of raising an exception.
     """
-    cmd = "xenstore-read /local/domain/%(dom_id)s/%(path)s" % arg_dict
+    cmd = ["xenstore-read", "/local/domain/%(dom_id)s/%(path)s" % arg_dict]
     try:
-        return _run_command(cmd).rstrip("\n")
+        ret, result = _run_command(cmd)
+        return result.strip()
     except pluginlib.PluginError, e:
         if arg_dict.get("ignore_missing_path", False):
-            cmd = "xenstore-exists /local/domain/%(dom_id)s/%(path)s; echo $?"
-            cmd = cmd % arg_dict
-            ret = _run_command(cmd).strip()
+            cmd = ["xenstore-exists",
+                   "/local/domain/%(dom_id)s/%(path)s" % arg_dict]
+            ret, result = _run_command(cmd)
             # If the path exists, the cmd should return "0"
-            if ret != "0":
+            if ret != 0:
                 # No such path, so ignore the error and return the
                 # string 'None', since None can't be marshalled
                 # over RPC.
@@ -83,8 +84,9 @@ def write_record(self, arg_dict):
     you must specify a 'value' key, whose value must be a string. Typically,
     you can json-ify more complex values and store the json output.
     """
-    cmd = "xenstore-write /local/domain/%(dom_id)s/%(path)s '%(value)s'"
-    cmd = cmd % arg_dict
+    cmd = ["xenstore-write",
+           "/local/domain/%(dom_id)s/%(path)s" % arg_dict,
+           arg_dict["value"]]
     _run_command(cmd)
     return arg_dict["value"]
 
@@ -96,10 +98,10 @@ def list_records(self, arg_dict):
     path as the key and the stored value as the value. If the path
     doesn't exist, an empty dict is returned.
     """
-    cmd = "xenstore-ls /local/domain/%(dom_id)s/%(path)s" % arg_dict
-    cmd = cmd.rstrip("/")
+    dirpath = "/local/domain/%(dom_id)s/%(path)s" % arg_dict
+    cmd = ["xenstore-ls", dirpath.rstrip("/")]
     try:
-        recs = _run_command(cmd)
+        ret, recs = _run_command(cmd)
     except pluginlib.PluginError, e:
         if "No such file or directory" in "%s" % e:
             # Path doesn't exist.
@@ -128,8 +130,9 @@ def delete_record(self, arg_dict):
     """Just like it sounds: it removes the record for the specified
     VM and the specified path from xenstore.
     """
-    cmd = "xenstore-rm /local/domain/%(dom_id)s/%(path)s" % arg_dict
-    return _run_command(cmd)
+    cmd = ["xenstore-rm", "/local/domain/%(dom_id)s/%(path)s" % arg_dict]
+    ret, result = _run_command(cmd)
+    return result
 
 
 def _paths_from_ls(recs):
@@ -168,16 +171,16 @@ def _paths_from_ls(recs):
 def _run_command(cmd):
     """Abstracts out the basics of issuing system commands. If the command
     returns anything in stderr, a PluginError is raised with that information.
-    Otherwise, the output from stdout is returned.
+    Otherwise, a tuple of (return code, stdout data) is returned.
     """
     pipe = subprocess.PIPE
-    proc = subprocess.Popen([cmd], shell=True, stdin=pipe, stdout=pipe,
-            stderr=pipe, close_fds=True)
-    proc.wait()
+    proc = subprocess.Popen(cmd, stdin=pipe, stdout=pipe, stderr=pipe,
+            close_fds=True)
+    ret = proc.wait()
     err = proc.stderr.read()
     if err:
         raise pluginlib.PluginError(err)
-    return proc.stdout.read()
+    return (ret, proc.stdout.read())
 
 
 if __name__ == "__main__":