From f835c01f41fdba5791190b9275775ae7fcfcafc6 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 18 Mar 2011 20:35:44 -0400 Subject: * committing ovs scripts --- .../xensource/scripts/ovs_configure_base_flows.py | 68 ++++++++ .../xensource/scripts/ovs_configure_vif_flows.py | 194 +++++++++++++++++++++ .../networking/etc/xensource/scripts/vif_rules.py | 9 +- 3 files changed, 267 insertions(+), 4 deletions(-) create mode 100755 plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py create mode 100755 plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py new file mode 100755 index 000000000..c46fb4b60 --- /dev/null +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py @@ -0,0 +1,68 @@ +#!/usr/bin/env python +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010-2011 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +""" +This script is used to configure base openvswitch flows for XenServer hosts. +""" + +import os +import subprocess +import sys + + +PNIC_NAME="eth1" +XEN_BRIDGE="xenbr1" + +def main(dom_id, command, only_this_vif=None): + pnic_ofport = execute('/usr/bin/ovs-ofctl', 'get', 'Interface', PNIC_NAME, + 'ofport', return_stdout=True) + ovs_ofctl = lambda *rule: execute('/usr/bin/ovs-ofctl', *rule) + + # clear all flows + ovs_ofctl('del-flows', XEN_BRIDGE) + + # these flows are lower priority than all VM-specific flows. + + # allow all traffic from the physical NIC, as it is trusted (i.e., from a + # filtered vif, or from the physical infrastructure + ovs_ofctl('add-flow', XEN_BRIDGE, + "priority=2,in_port=%s,action=normal" % pnic_ofport) + + # default drop + ovs_ofctl('add-flow', XEN_BRIDGE, 'priority=1,action=drop') + + +def execute(*command, return_stdout=False): + devnull = open(os.devnull, 'w') + command = map(str, command) + proc = subprocess.Popen(command, close_fds=True, + stdout=subprocess.PIPE, stderr=devnull) + devnull.close() + if return_stdout: + return proc.stdout.read() + else: + return None + + +if __name__ == "__main__": + if sys.argv: + print "This script configures base ovs flows." + print "usage: %s" % os.path.basename(sys.argv[0]) + sys.exit(1) + else: + main() diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py new file mode 100755 index 000000000..a77bbbf4b --- /dev/null +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -0,0 +1,194 @@ +#!/usr/bin/env python +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2010-2011 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +""" +This script is used to configure openvswitch flows on XenServer hosts. +""" + +import os +import subprocess +import sys + +# This is written to Python 2.4, since that is what is available on XenServer +import simplejson as json + + +XEN_BRIDGE = 'xenbr1' +OVS_OFCTL = '/usr/bin/ovs-ofctl' + + +def execute(*command, return_stdout=False): + devnull = open(os.devnull, 'w') + command = map(str, command) + proc = subprocess.Popen(command, close_fds=True, + stdout=subprocess.PIPE, stderr=devnull) + devnull.close() + if return_stdout: + return proc.stdout.read() + else: + return None + + +class OvsFlow(): + def __init__(self, command, params, bridge=None): + self.command = command + self.params = params + self.bridge = bridge or XEN_BRIDGE + + def add(self, rule): + execute(OVS_OFCTL, 'add-flow', self.bridge, rule) + + def delete(self, rule): + execute(OVS_OFCTL, 'del-flow', self.bridge, rule) + + def apply(self, rule): + self.delete(rule % self.params) + if self.command == 'online': + self.add(rule % params) + + +def main(dom_id, command, net, only_this_vif=None): + vif_ofport = execute('/usr/bin/ovs-ofctl', 'get', 'Interface', + only_this_vif, 'ofport', return_stdout=True) + + xsls = execute('/usr/bin/xenstore-ls', + '/local/domain/%s/vm-data/networking' % dom_id, + return_stdout=True) + macs = [line.split("=")[0].strip() for line in xsls.splitlines()] + + for mac in macs: + xsread = execute('/usr/bin/enstore-read', + '/local/domain/%s/vm-data/networking/%s' % + (dom_id, mac), True) + data = json.loads(xsread) + if data["label"] == "public": + vif = "vif%s.0" % dom_id + else: + vif = "vif%s.1" % dom_id + + if (only_this_vif is None) or (vif == only_this_vif): + params = dict(VIF=vif, MAC=data['mac']) + if net in ('ipv4', 'all'): + for ip4 in data['ips']: + params.update({'IP': ip4['ip']}) + apply_ovs_ipv4_flows(command, params) + if net in ('ipv6', 'all'): + for ip6 in data['ip6s']: + params.update({'IP': ip6['ip']}) + apply_ovs_ipv6_flows(command, params) + + +# usage: +# XEN_BRIDGE=xenbr1 +# VIF_NAME=$1 +# VIF_MAC=$2 +# VIF_IPv4=$3 +# VIF_GLOBAL_IPv6=$4 +# VIF_LOCAL_IPv6=$5 + +# # find the openflow port number associated with the vif interface +# VIF_OFPORT=`ovs-vsctl get Interface $VIF_NAME ofport` + +def apply_ovs_ipv4_flows(command, params): + flow = OvsFlow(command, params) + + # allow valid ARP outbound (both request / reply) + flow.apply("priority=3,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,arp," + "arp_sha=$VIF_MAC,nw_src=$VIF_IPv4,action=normal") + + flow.apply("priority=3,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,arp," + "arp_sha=$VIF_MAC,nw_src=0.0.0.0,action=normal") + + # allow valid IPv4 outbound + flow.apply("priority=3,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,ip," + "nw_src=$VIF_IPv4,action=normal") + + +def apply_ovs_ipv6_flows(command, params): + flow = OvsFlow(command, params) + + # allow valid IPv6 ND outbound (are both global and local IPs needed?) + # Neighbor Solicitation + flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," + "ipv6_src=$VIF_LOCAL_IPv6,icmp_type=135,nd_sll=$VIF_MAC," + "action=normal") + flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," + "ipv6_src=$VIF_LOCAL_IPv6,icmp_type=135,action=normal") + flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," + "ipv6_src=$VIF_GLOBAL_IPv6,icmp_type=135,nd_sll=$VIF_MAC," + "action=normal") + flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," + "ipv6_src=$VIF_GLOBAL_IPv6,icmp_type=135,action=normal") + + # Neighbor Advertisement + flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," + "ipv6_src=$VIF_LOCAL_IPv6,icmp_type=136," + "nd_target=$VIF_LOCAL_IPv6,action=normal") + flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," + "ipv6_src=$VIF_LOCAL_IPv6,icmp_type=136,action=normal") + flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," + "ipv6_src=$VIF_GLOBAL_IPv6,icmp_type=136," + "nd_target=$VIF_GLOBAL_IPv6,action=normal") + flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," + "ipv6_src=$VIF_GLOBAL_IPv6,icmp_type=136,action=normal") + + # drop all other neighbor discovery (required because we permit all icmp6 below) + flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=135,action=drop") + flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=136,action=drop") + + # do not allow sending specifc ICMPv6 types + # Router Advertisement + flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=134,action=drop") + # Redirect Gateway + flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=137,action=drop") + # Mobile Prefix Solicitation + flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=146,action=drop") + # Mobile Prefix Advertisement + flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=147,action=drop") + # Multicast Router Advertisement + flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=151,action=drop") + # Multicast Router Solicitation + flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=152,action=drop") + # Multicast Router Termination + flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=153,action=drop") + + # allow valid IPv6 outbound, by type + flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," + "ipv6_src=$VIF_GLOBAL_IPv6,icmp6,action=normal") + flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," + "ipv6_src=$VIF_LOCAL_IPv6,icmp6,action=normal") + flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," + "ipv6_src=$VIF_GLOBAL_IPv6,tcp6,action=normal") + flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," + "ipv6_src=$VIF_LOCAL_IPv6,tcp6,action=normal") + flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," + "ipv6_src=$VIF_GLOBAL_IPv6,udp6,action=normal") + flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," + "ipv6_src=$VIF_LOCAL_IPv6,udp6,action=normal") + # all else will be dropped ... + + +if __name__ == "__main__": + if len(sys.argv) < 3: + print "usage: %s dom_id online|offline ipv4|ipv6|all [vif]" % \ + os.path.basename(sys.argv[0]) + sys.exit(1) + else: + dom_id, command, net = sys.argv[1:4] + vif = len(sys.argv) == 5 and sys.argv[4] or None + main(dom_id, command, net, vif) diff --git a/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py b/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py index 48122e6d6..500e055d8 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # vim: tabstop=4 shiftwidth=4 softtabstop=4 -# Copyright 2010 OpenStack LLC. +# Copyright 2010-2011 OpenStack LLC. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -31,7 +31,8 @@ import simplejson as json def main(dom_id, command, only_this_vif=None): xsls = execute('/usr/bin/xenstore-ls', - '/local/domain/%s/vm-data/networking' % dom_id, True) + '/local/domain/%s/vm-data/networking' % dom_id, + return_stdout=True) macs = [line.split("=")[0].strip() for line in xsls.splitlines()] for mac in macs: @@ -113,8 +114,8 @@ def apply_ebtables_rules(command, params): ebtables('-D', 'FORWARD', '-p', '0806', '-o', params['VIF'], '--arp-ip-dst', params['IP'], '-j', 'ACCEPT') - ebtables('-D', 'FORWARD', '-p', '0800', '-o', - params['VIF'], '--ip-dst', params['IP'], + ebtables('-D', 'FORWARD', '-p', '0800', '-o', params['VIF'], + '--ip-dst', params['IP'], '-j', 'ACCEPT') if command == 'online': ebtables('-A', 'FORWARD', '-p', '0806', -- cgit From ab1bf7c0c12e205cd17b80be31226055cc90ef20 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Mon, 28 Mar 2011 21:00:44 +0000 Subject: minor fix and comment --- .../networking/etc/xensource/scripts/ovs_configure_vif_flows.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index a77bbbf4b..553811ab6 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -59,10 +59,11 @@ class OvsFlow(): def apply(self, rule): self.delete(rule % self.params) if self.command == 'online': - self.add(rule % params) + self.add(rule % self.params) def main(dom_id, command, net, only_this_vif=None): + # FIXME(dubs) what to do when only_this_vif is None vif_ofport = execute('/usr/bin/ovs-ofctl', 'get', 'Interface', only_this_vif, 'ofport', return_stdout=True) -- cgit From d7c51db418d554094c341639a0540ecfec8ddb19 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 1 Apr 2011 14:43:04 +0000 Subject: lots of updates to ovs scripts --- .../xensource/scripts/ovs_configure_base_flows.py | 26 ++-- .../xensource/scripts/ovs_configure_vif_flows.py | 139 ++++++++++----------- .../networking/etc/xensource/scripts/vif_rules.py | 2 +- 3 files changed, 80 insertions(+), 87 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py index c46fb4b60..1f3182e68 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # vim: tabstop=4 shiftwidth=4 softtabstop=4 -# Copyright 2010-2011 OpenStack LLC. +# Copyright 2011 OpenStack LLC. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -25,26 +25,23 @@ import subprocess import sys -PNIC_NAME="eth1" -XEN_BRIDGE="xenbr1" - -def main(dom_id, command, only_this_vif=None): - pnic_ofport = execute('/usr/bin/ovs-ofctl', 'get', 'Interface', PNIC_NAME, - 'ofport', return_stdout=True) +def main(phys_dev_name, bridge_name): + pnic_ofport = execute('/usr/bin/ovs-vsctl', 'get', 'Interface', + phys_dev_name, 'ofport', return_stdout=True) ovs_ofctl = lambda *rule: execute('/usr/bin/ovs-ofctl', *rule) # clear all flows - ovs_ofctl('del-flows', XEN_BRIDGE) + ovs_ofctl('del-flows', bridge_name) # these flows are lower priority than all VM-specific flows. # allow all traffic from the physical NIC, as it is trusted (i.e., from a # filtered vif, or from the physical infrastructure - ovs_ofctl('add-flow', XEN_BRIDGE, + ovs_ofctl('add-flow', bridge_name, "priority=2,in_port=%s,action=normal" % pnic_ofport) # default drop - ovs_ofctl('add-flow', XEN_BRIDGE, 'priority=1,action=drop') + ovs_ofctl('add-flow', bridge_name, 'priority=1,action=drop') def execute(*command, return_stdout=False): @@ -60,9 +57,12 @@ def execute(*command, return_stdout=False): if __name__ == "__main__": - if sys.argv: + if len(sys.argv) != 3: + script_name = os.path.basename(sys.argv[0]) print "This script configures base ovs flows." - print "usage: %s" % os.path.basename(sys.argv[0]) + print "usage: %s phys-dev-name bridge-name" % script_name + print " ex: %s eth2 xenbr2" % script_name sys.exit(1) else: - main() + phys_dev_name, bridge_name = sys.argv[1:3] + main(phys_dev_name, bridge_name) diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 553811ab6..7bad39830 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -1,7 +1,7 @@ #!/usr/bin/env python # vim: tabstop=4 shiftwidth=4 softtabstop=4 -# Copyright 2010-2011 OpenStack LLC. +# Copyright 2011 OpenStack LLC. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -28,6 +28,7 @@ import sys import simplejson as json +# FIXME(dubs) this needs to be able to be passed in, check xen vif script XEN_BRIDGE = 'xenbr1' OVS_OFCTL = '/usr/bin/ovs-ofctl' @@ -62,18 +63,14 @@ class OvsFlow(): self.add(rule % self.params) -def main(dom_id, command, net, only_this_vif=None): - # FIXME(dubs) what to do when only_this_vif is None - vif_ofport = execute('/usr/bin/ovs-ofctl', 'get', 'Interface', - only_this_vif, 'ofport', return_stdout=True) - +def main(dom_id, command, net_type, only_this_vif=None): xsls = execute('/usr/bin/xenstore-ls', '/local/domain/%s/vm-data/networking' % dom_id, return_stdout=True) macs = [line.split("=")[0].strip() for line in xsls.splitlines()] for mac in macs: - xsread = execute('/usr/bin/enstore-read', + xsread = execute('/usr/bin/xenstore-read', '/local/domain/%s/vm-data/networking/%s' % (dom_id, mac), True) data = json.loads(xsread) @@ -83,113 +80,109 @@ def main(dom_id, command, net, only_this_vif=None): vif = "vif%s.1" % dom_id if (only_this_vif is None) or (vif == only_this_vif): - params = dict(VIF=vif, MAC=data['mac']) - if net in ('ipv4', 'all'): + vif_ofport = execute('/usr/bin/ovs-vsctl', 'get', 'Interface', + vif, 'ofport', return_stdout=True) + + params = dict(VIF_NAME=vif, + VIF_MAC=data['mac'], + VIF_OFPORT=vif_ofport) + if net_type in ('ipv4', 'all'): for ip4 in data['ips']: - params.update({'IP': ip4['ip']}) + params.update({'VIF_IPv4': ip4['ip']}) apply_ovs_ipv4_flows(command, params) - if net in ('ipv6', 'all'): + if net_type in ('ipv6', 'all'): for ip6 in data['ip6s']: - params.update({'IP': ip6['ip']}) + params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) + # TODO(dubs) calculate v6 link local addr + #params.update({'VIF_LOCAL_IPv6': XXX}) apply_ovs_ipv6_flows(command, params) -# usage: -# XEN_BRIDGE=xenbr1 -# VIF_NAME=$1 -# VIF_MAC=$2 -# VIF_IPv4=$3 -# VIF_GLOBAL_IPv6=$4 -# VIF_LOCAL_IPv6=$5 - -# # find the openflow port number associated with the vif interface -# VIF_OFPORT=`ovs-vsctl get Interface $VIF_NAME ofport` - def apply_ovs_ipv4_flows(command, params): flow = OvsFlow(command, params) # allow valid ARP outbound (both request / reply) - flow.apply("priority=3,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,arp," - "arp_sha=$VIF_MAC,nw_src=$VIF_IPv4,action=normal") + flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," + "arp_sha=%(VIF_MAC)s,nw_src=%(VIF_IPv4)s,action=normal") - flow.apply("priority=3,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,arp," - "arp_sha=$VIF_MAC,nw_src=0.0.0.0,action=normal") + flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," + "arp_sha=%(VIF_MAC)s,nw_src=0.0.0.0,action=normal") # allow valid IPv4 outbound - flow.apply("priority=3,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,ip," - "nw_src=$VIF_IPv4,action=normal") + flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,ip," + "nw_src=%(VIF_IPv4)s,action=normal") def apply_ovs_ipv6_flows(command, params): flow = OvsFlow(command, params) # allow valid IPv6 ND outbound (are both global and local IPs needed?) - # Neighbor Solicitation - flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," - "ipv6_src=$VIF_LOCAL_IPv6,icmp_type=135,nd_sll=$VIF_MAC," + # Neighbor Solicitation + flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," "action=normal") - flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," - "ipv6_src=$VIF_LOCAL_IPv6,icmp_type=135,action=normal") - flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," - "ipv6_src=$VIF_GLOBAL_IPv6,icmp_type=135,nd_sll=$VIF_MAC," + flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,action=normal") + flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," "action=normal") - flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," - "ipv6_src=$VIF_GLOBAL_IPv6,icmp_type=135,action=normal") + flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,action=normal") # Neighbor Advertisement - flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," - "ipv6_src=$VIF_LOCAL_IPv6,icmp_type=136," - "nd_target=$VIF_LOCAL_IPv6,action=normal") - flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," - "ipv6_src=$VIF_LOCAL_IPv6,icmp_type=136,action=normal") - flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," - "ipv6_src=$VIF_GLOBAL_IPv6,icmp_type=136," - "nd_target=$VIF_GLOBAL_IPv6,action=normal") - flow.apply("priority=6,in_port=$VIF_OFPORT,dl_src=$VIF_MAC,icmp6," - "ipv6_src=$VIF_GLOBAL_IPv6,icmp_type=136,action=normal") + flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136," + "nd_target=%(VIF_LOCAL_IPv6)s,action=normal") + flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136,action=normal") + flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136," + "nd_target=%(VIF_GLOBAL_IPv6)s,action=normal") + flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136,action=normal") # drop all other neighbor discovery (required because we permit all icmp6 below) - flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=135,action=drop") - flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=136,action=drop") + flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=135,action=drop") + flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=136,action=drop") # do not allow sending specifc ICMPv6 types # Router Advertisement - flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=134,action=drop") + flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=134,action=drop") # Redirect Gateway - flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=137,action=drop") + flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=137,action=drop") # Mobile Prefix Solicitation - flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=146,action=drop") + flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=146,action=drop") # Mobile Prefix Advertisement - flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=147,action=drop") + flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=147,action=drop") # Multicast Router Advertisement - flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=151,action=drop") + flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=151,action=drop") # Multicast Router Solicitation - flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=152,action=drop") + flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=152,action=drop") # Multicast Router Termination - flow.apply("priority=5,in_port=$VIF_OFPORT,icmp6,icmp_type=153,action=drop") + flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=153,action=drop") # allow valid IPv6 outbound, by type - flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," - "ipv6_src=$VIF_GLOBAL_IPv6,icmp6,action=normal") - flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," - "ipv6_src=$VIF_LOCAL_IPv6,icmp6,action=normal") - flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," - "ipv6_src=$VIF_GLOBAL_IPv6,tcp6,action=normal") - flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," - "ipv6_src=$VIF_LOCAL_IPv6,tcp6,action=normal") - flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," - "ipv6_src=$VIF_GLOBAL_IPv6,udp6,action=normal") - flow.apply("priority=4,in_port=$VIF_OFPORT,dl_src=$VIF_MAC," - "ipv6_src=$VIF_LOCAL_IPv6,udp6,action=normal") + flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp6,action=normal") + flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp6,action=normal") + flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,tcp6,action=normal") + flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_LOCAL_IPv6)s,tcp6,action=normal") + flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,udp6,action=normal") + flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_LOCAL_IPv6)s,udp6,action=normal") # all else will be dropped ... if __name__ == "__main__": if len(sys.argv) < 3: - print "usage: %s dom_id online|offline ipv4|ipv6|all [vif]" % \ + print "usage: %s dom_id online|offline ipv4|ipv6|all [vif_name]" % \ os.path.basename(sys.argv[0]) sys.exit(1) else: - dom_id, command, net = sys.argv[1:4] - vif = len(sys.argv) == 5 and sys.argv[4] or None - main(dom_id, command, net, vif) + dom_id, command, net_type = sys.argv[1:4] + vif_name = len(sys.argv) == 5 and sys.argv[4] or None + main(dom_id, command, net_type, vif_name) diff --git a/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py b/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py index 500e055d8..4e13bad9d 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py @@ -36,7 +36,7 @@ def main(dom_id, command, only_this_vif=None): macs = [line.split("=")[0].strip() for line in xsls.splitlines()] for mac in macs: - xsread = execute('/usr/bin/enstore-read', + xsread = execute('/usr/bin/xenstore-read', '/local/domain/%s/vm-data/networking/%s' % (dom_id, mac), True) data = json.loads(xsread) -- cgit From 367581e63d4eb0018db293034dc1b096d2584720 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 1 Apr 2011 15:28:21 +0000 Subject: change bridge --- .../networking/etc/xensource/scripts/ovs_configure_vif_flows.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 7bad39830..2faf4e5c0 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -29,7 +29,7 @@ import simplejson as json # FIXME(dubs) this needs to be able to be passed in, check xen vif script -XEN_BRIDGE = 'xenbr1' +XEN_BRIDGE = 'xenbr0' OVS_OFCTL = '/usr/bin/ovs-ofctl' @@ -86,6 +86,7 @@ def main(dom_id, command, net_type, only_this_vif=None): params = dict(VIF_NAME=vif, VIF_MAC=data['mac'], VIF_OFPORT=vif_ofport) + if net_type in ('ipv4', 'all'): for ip4 in data['ips']: params.update({'VIF_IPv4': ip4['ip']}) -- cgit From 74b9f240c7e8c62e68011691488be9e63758e980 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 1 Apr 2011 19:54:55 +0000 Subject: extract execute methods to a library for reuse --- .../networking/etc/xensource/scripts/novalib.py | 41 ++++++++++++++++++++++ .../xensource/scripts/ovs_configure_base_flows.py | 21 ++++------- .../xensource/scripts/ovs_configure_vif_flows.py | 30 ++++++---------- 3 files changed, 57 insertions(+), 35 deletions(-) create mode 100644 plugins/xenserver/networking/etc/xensource/scripts/novalib.py (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/novalib.py b/plugins/xenserver/networking/etc/xensource/scripts/novalib.py new file mode 100644 index 000000000..5366c385d --- /dev/null +++ b/plugins/xenserver/networking/etc/xensource/scripts/novalib.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python +# vim: tabstop=4 shiftwidth=4 softtabstop=4 + +# Copyright 2011 OpenStack LLC. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +import os +import subprocess +import sys + + +def execute_get_output(*command): + """Execute and return stdout""" + devnull = open(os.devnull, 'w') + command = map(str, command) + proc = subprocess.Popen(command, close_fds=True, + stdout=subprocess.PIPE, stderr=devnull) + devnull.close() + return proc.stdout.read() + + +def execute(*command): + """Execute without returning stdout""" + devnull = open(os.devnull, 'w') + command = map(str, command) + proc = subprocess.Popen(command, close_fds=True, + stdout=subprocess.PIPE, stderr=devnull) + devnull.close() diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py index 1f3182e68..d036cf517 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py @@ -25,9 +25,12 @@ import subprocess import sys +from novalib import execute, execute_get_output + + def main(phys_dev_name, bridge_name): - pnic_ofport = execute('/usr/bin/ovs-vsctl', 'get', 'Interface', - phys_dev_name, 'ofport', return_stdout=True) + pnic_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get', 'Interface', + phys_dev_name, 'ofport') ovs_ofctl = lambda *rule: execute('/usr/bin/ovs-ofctl', *rule) # clear all flows @@ -44,24 +47,12 @@ def main(phys_dev_name, bridge_name): ovs_ofctl('add-flow', bridge_name, 'priority=1,action=drop') -def execute(*command, return_stdout=False): - devnull = open(os.devnull, 'w') - command = map(str, command) - proc = subprocess.Popen(command, close_fds=True, - stdout=subprocess.PIPE, stderr=devnull) - devnull.close() - if return_stdout: - return proc.stdout.read() - else: - return None - - if __name__ == "__main__": if len(sys.argv) != 3: script_name = os.path.basename(sys.argv[0]) print "This script configures base ovs flows." print "usage: %s phys-dev-name bridge-name" % script_name - print " ex: %s eth2 xenbr2" % script_name + print " ex: %s eth0 xenbr0" % script_name sys.exit(1) else: phys_dev_name, bridge_name = sys.argv[1:3] diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 2faf4e5c0..82e79c2d8 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -28,23 +28,14 @@ import sys import simplejson as json +from novalib import execute, execute_get_output + + # FIXME(dubs) this needs to be able to be passed in, check xen vif script XEN_BRIDGE = 'xenbr0' OVS_OFCTL = '/usr/bin/ovs-ofctl' -def execute(*command, return_stdout=False): - devnull = open(os.devnull, 'w') - command = map(str, command) - proc = subprocess.Popen(command, close_fds=True, - stdout=subprocess.PIPE, stderr=devnull) - devnull.close() - if return_stdout: - return proc.stdout.read() - else: - return None - - class OvsFlow(): def __init__(self, command, params, bridge=None): self.command = command @@ -64,15 +55,14 @@ class OvsFlow(): def main(dom_id, command, net_type, only_this_vif=None): - xsls = execute('/usr/bin/xenstore-ls', - '/local/domain/%s/vm-data/networking' % dom_id, - return_stdout=True) + xsls = execute_get_output('/usr/bin/xenstore-ls', + '/local/domain/%s/vm-data/networking' % dom_id) macs = [line.split("=")[0].strip() for line in xsls.splitlines()] for mac in macs: - xsread = execute('/usr/bin/xenstore-read', - '/local/domain/%s/vm-data/networking/%s' % - (dom_id, mac), True) + xsread = execute_get_output('/usr/bin/xenstore-read', + '/local/domain/%s/vm-data/networking/%s' % + (dom_id, mac)) data = json.loads(xsread) if data["label"] == "public": vif = "vif%s.0" % dom_id @@ -80,8 +70,8 @@ def main(dom_id, command, net_type, only_this_vif=None): vif = "vif%s.1" % dom_id if (only_this_vif is None) or (vif == only_this_vif): - vif_ofport = execute('/usr/bin/ovs-vsctl', 'get', 'Interface', - vif, 'ofport', return_stdout=True) + vif_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get', + 'Interface', vif, 'ofport') params = dict(VIF_NAME=vif, VIF_MAC=data['mac'], -- cgit From a4e1db03a2c61648588d9adb703a385f49d82fc0 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 1 Apr 2011 20:26:59 +0000 Subject: use novalib for vif_rules.py, fix OvsFlow class --- .../xensource/scripts/ovs_configure_vif_flows.py | 2 +- .../networking/etc/xensource/scripts/vif_rules.py | 25 +++++++--------------- 2 files changed, 9 insertions(+), 18 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 82e79c2d8..23b6d85c9 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -36,7 +36,7 @@ XEN_BRIDGE = 'xenbr0' OVS_OFCTL = '/usr/bin/ovs-ofctl' -class OvsFlow(): +class OvsFlow(object): def __init__(self, command, params, bridge=None): self.command = command self.params = params diff --git a/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py b/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py index 4e13bad9d..662def205 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/vif_rules.py @@ -29,16 +29,18 @@ import sys import simplejson as json +from novalib import execute, execute_get_output + + def main(dom_id, command, only_this_vif=None): - xsls = execute('/usr/bin/xenstore-ls', - '/local/domain/%s/vm-data/networking' % dom_id, - return_stdout=True) + xsls = execute_get_output('/usr/bin/xenstore-ls', + '/local/domain/%s/vm-data/networking' % dom_id) macs = [line.split("=")[0].strip() for line in xsls.splitlines()] for mac in macs: - xsread = execute('/usr/bin/xenstore-read', - '/local/domain/%s/vm-data/networking/%s' % - (dom_id, mac), True) + xsread = execute_get_output('/usr/bin/xenstore-read', + '/local/domain/%s/vm-data/networking/%s' % + (dom_id, mac)) data = json.loads(xsread) for ip in data['ips']: if data["label"] == "public": @@ -53,17 +55,6 @@ def main(dom_id, command, only_this_vif=None): apply_iptables_rules(command, params) -def execute(*command, return_stdout=False): - devnull = open(os.devnull, 'w') - command = map(str, command) - proc = subprocess.Popen(command, close_fds=True, - stdout=subprocess.PIPE, stderr=devnull) - devnull.close() - if return_stdout: - return proc.stdout.read() - else: - return None - # A note about adding rules: # Whenever we add any rule to iptables, arptables or ebtables we first # delete the same rule to ensure the rule only exists once. -- cgit From f2e9d4120ed0495d9c810a0d27d530e280f325c6 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Thu, 14 Apr 2011 14:35:42 -0400 Subject: set the bridge on each OvsFlow --- .../xensource/scripts/ovs_configure_vif_flows.py | 30 +++++++++++----------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 23b6d85c9..b59cc4d0b 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -27,30 +27,28 @@ import sys # This is written to Python 2.4, since that is what is available on XenServer import simplejson as json - from novalib import execute, execute_get_output -# FIXME(dubs) this needs to be able to be passed in, check xen vif script -XEN_BRIDGE = 'xenbr0' OVS_OFCTL = '/usr/bin/ovs-ofctl' class OvsFlow(object): - def __init__(self, command, params, bridge=None): + def __init__(self, command, bridge, params): self.command = command + self.bridge = bridge self.params = params - self.bridge = bridge or XEN_BRIDGE def add(self, rule): execute(OVS_OFCTL, 'add-flow', self.bridge, rule) def delete(self, rule): - execute(OVS_OFCTL, 'del-flow', self.bridge, rule) + execute(OVS_OFCTL, 'del-flows', self.bridge, rule) def apply(self, rule): - self.delete(rule % self.params) - if self.command == 'online': + if self.command in ('offline', 'reset'): + self.delete(rule % self.params) + if self.command in ('online', 'reset'): self.add(rule % self.params) @@ -66,8 +64,10 @@ def main(dom_id, command, net_type, only_this_vif=None): data = json.loads(xsread) if data["label"] == "public": vif = "vif%s.0" % dom_id + bridge = "xenbr0" else: vif = "vif%s.1" % dom_id + bridge = "xenbr1" if (only_this_vif is None) or (vif == only_this_vif): vif_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get', @@ -80,17 +80,17 @@ def main(dom_id, command, net_type, only_this_vif=None): if net_type in ('ipv4', 'all'): for ip4 in data['ips']: params.update({'VIF_IPv4': ip4['ip']}) - apply_ovs_ipv4_flows(command, params) + apply_ovs_ipv4_flows(command, bridge, params) if net_type in ('ipv6', 'all'): for ip6 in data['ip6s']: params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) # TODO(dubs) calculate v6 link local addr #params.update({'VIF_LOCAL_IPv6': XXX}) - apply_ovs_ipv6_flows(command, params) + apply_ovs_ipv6_flows(command, bridge, params) -def apply_ovs_ipv4_flows(command, params): - flow = OvsFlow(command, params) +def apply_ovs_ipv4_flows(command, bridge, params): + flow = OvsFlow(command, bridge, params) # allow valid ARP outbound (both request / reply) flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," @@ -104,8 +104,8 @@ def apply_ovs_ipv4_flows(command, params): "nw_src=%(VIF_IPv4)s,action=normal") -def apply_ovs_ipv6_flows(command, params): - flow = OvsFlow(command, params) +def apply_ovs_ipv6_flows(command, bridge, params): + flow = OvsFlow(command, bridge, params) # allow valid IPv6 ND outbound (are both global and local IPs needed?) # Neighbor Solicitation @@ -170,7 +170,7 @@ def apply_ovs_ipv6_flows(command, params): if __name__ == "__main__": if len(sys.argv) < 3: - print "usage: %s dom_id online|offline ipv4|ipv6|all [vif_name]" % \ + print "usage: %s dom_id online|offline|reset ipv4|ipv6|all [vif_name]" % \ os.path.basename(sys.argv[0]) sys.exit(1) else: -- cgit From c134d3c9bfb5a9d789776b243b8d6e4283fb3f80 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Mon, 18 Apr 2011 13:30:54 -0400 Subject: calc link local --- .../networking/etc/xensource/scripts/ovs_configure_vif_flows.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index b59cc4d0b..08d7a3859 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -25,6 +25,7 @@ import subprocess import sys # This is written to Python 2.4, since that is what is available on XenServer +import netaddr import simplejson as json from novalib import execute, execute_get_output @@ -84,8 +85,8 @@ def main(dom_id, command, net_type, only_this_vif=None): if net_type in ('ipv6', 'all'): for ip6 in data['ip6s']: params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) - # TODO(dubs) calculate v6 link local addr - #params.update({'VIF_LOCAL_IPv6': XXX}) + mac64 = netaddr.EUI(mac).eui64() + params.update({'VIF_LOCAL_IPv6': mac64.ipv6_link_local()}) apply_ovs_ipv6_flows(command, bridge, params) -- cgit From 4e11c04a34b3237853c0b4be90ce6362237bcbe0 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Tue, 19 Apr 2011 20:10:57 +0000 Subject: strip output, str() link local --- plugins/xenserver/networking/etc/xensource/scripts/novalib.py | 2 +- .../networking/etc/xensource/scripts/ovs_configure_vif_flows.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/novalib.py b/plugins/xenserver/networking/etc/xensource/scripts/novalib.py index 5366c385d..9fc4b2310 100644 --- a/plugins/xenserver/networking/etc/xensource/scripts/novalib.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/novalib.py @@ -29,7 +29,7 @@ def execute_get_output(*command): proc = subprocess.Popen(command, close_fds=True, stdout=subprocess.PIPE, stderr=devnull) devnull.close() - return proc.stdout.read() + return proc.stdout.read().strip() def execute(*command): diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 08d7a3859..d1d646b99 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -86,7 +86,7 @@ def main(dom_id, command, net_type, only_this_vif=None): for ip6 in data['ip6s']: params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) mac64 = netaddr.EUI(mac).eui64() - params.update({'VIF_LOCAL_IPv6': mac64.ipv6_link_local()}) + params.update({'VIF_LOCAL_IPv6': str(mac64.ipv6_link_local())}) apply_ovs_ipv6_flows(command, bridge, params) -- cgit From a46bd9fb6483959e210f25276ff70c76767e509d Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Tue, 19 Apr 2011 22:13:40 +0000 Subject: only apply ipv6 if the data exists in xenstore --- .../networking/etc/xensource/scripts/ovs_configure_vif_flows.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index d1d646b99..e1a151476 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -82,10 +82,10 @@ def main(dom_id, command, net_type, only_this_vif=None): for ip4 in data['ips']: params.update({'VIF_IPv4': ip4['ip']}) apply_ovs_ipv4_flows(command, bridge, params) - if net_type in ('ipv6', 'all'): + if net_type in ('ipv6', 'all') and 'ip6s' in data: for ip6 in data['ip6s']: params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) - mac64 = netaddr.EUI(mac).eui64() + mac64 = netaddr.EUI(data['mac']).eui64() params.update({'VIF_LOCAL_IPv6': str(mac64.ipv6_link_local())}) apply_ovs_ipv6_flows(command, bridge, params) -- cgit From 169496af390caa4035db2fefabffd71c95a57fbf Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Wed, 20 Apr 2011 14:11:25 -0400 Subject: refactor the way flows are deleted/reset --- .../xensource/scripts/ovs_configure_vif_flows.py | 143 ++++++++++----------- 1 file changed, 70 insertions(+), 73 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index e1a151476..37ff07e33 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -35,22 +35,15 @@ OVS_OFCTL = '/usr/bin/ovs-ofctl' class OvsFlow(object): - def __init__(self, command, bridge, params): - self.command = command + def __init__(self, bridge, params): self.bridge = bridge self.params = params def add(self, rule): - execute(OVS_OFCTL, 'add-flow', self.bridge, rule) + execute(OVS_OFCTL, 'add-flow', self.bridge, rule % self.params) - def delete(self, rule): - execute(OVS_OFCTL, 'del-flows', self.bridge, rule) - - def apply(self, rule): - if self.command in ('offline', 'reset'): - self.delete(rule % self.params) - if self.command in ('online', 'reset'): - self.add(rule % self.params) + def clear_flows(self, ofport): + execute(OVS_OFCTL, 'del-flows', self.bridge, "in_port=%s" % ofport) def main(dom_id, command, net_type, only_this_vif=None): @@ -78,94 +71,98 @@ def main(dom_id, command, net_type, only_this_vif=None): VIF_MAC=data['mac'], VIF_OFPORT=vif_ofport) - if net_type in ('ipv4', 'all'): - for ip4 in data['ips']: - params.update({'VIF_IPv4': ip4['ip']}) - apply_ovs_ipv4_flows(command, bridge, params) - if net_type in ('ipv6', 'all') and 'ip6s' in data: - for ip6 in data['ip6s']: - params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) - mac64 = netaddr.EUI(data['mac']).eui64() - params.update({'VIF_LOCAL_IPv6': str(mac64.ipv6_link_local())}) - apply_ovs_ipv6_flows(command, bridge, params) + ovs = OvsFlow(bridge, params) + + if command in ('offline', 'reset'): + # I haven't found a way to clear only IPv4 or IPv6 rules. + ovs.clear_flows(vif_ofport) + if command in ('online', 'reset'): + if net_type in ('ipv4', 'all') and 'ips' in data: + for ip4 in data['ips']: + ovs.params.update({'VIF_IPv4': ip4['ip']}) + apply_ovs_ipv4_flows(ovs, bridge, params) + if net_type in ('ipv6', 'all') and 'ip6s' in data: + for ip6 in data['ip6s']: + link_local = str(netaddr.EUI(data['mac']).eui64()\ + .ipv6_link_local()) + ovs.params.update({'VIF_LOCAL_IPv6': link_local}) + ovs.params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) + apply_ovs_ipv6_flows(ovs, bridge, params) -def apply_ovs_ipv4_flows(command, bridge, params): - flow = OvsFlow(command, bridge, params) +def apply_ovs_ipv4_flows(ovs, command, bridge, params): # allow valid ARP outbound (both request / reply) - flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," - "arp_sha=%(VIF_MAC)s,nw_src=%(VIF_IPv4)s,action=normal") + ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," + "arp_sha=%(VIF_MAC)s,nw_src=%(VIF_IPv4)s,action=normal") - flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," - "arp_sha=%(VIF_MAC)s,nw_src=0.0.0.0,action=normal") + ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," + "arp_sha=%(VIF_MAC)s,nw_src=0.0.0.0,action=normal") # allow valid IPv4 outbound - flow.apply("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,ip," - "nw_src=%(VIF_IPv4)s,action=normal") - + ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,ip," + "nw_src=%(VIF_IPv4)s,action=normal") -def apply_ovs_ipv6_flows(command, bridge, params): - flow = OvsFlow(command, bridge, params) +def apply_ovs_ipv6_flows(ovs, command, bridge, params): # allow valid IPv6 ND outbound (are both global and local IPs needed?) # Neighbor Solicitation - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," - "action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," - "action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," + "action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," + "action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,action=normal") # Neighbor Advertisement - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136," - "nd_target=%(VIF_LOCAL_IPv6)s,action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136,action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136," - "nd_target=%(VIF_GLOBAL_IPv6)s,action=normal") - flow.apply("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136," + "nd_target=%(VIF_LOCAL_IPv6)s,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136," + "nd_target=%(VIF_GLOBAL_IPv6)s,action=normal") + ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136,action=normal") # drop all other neighbor discovery (required because we permit all icmp6 below) - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=135,action=drop") - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=136,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=135,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=136,action=drop") # do not allow sending specifc ICMPv6 types # Router Advertisement - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=134,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=134,action=drop") # Redirect Gateway - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=137,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=137,action=drop") # Mobile Prefix Solicitation - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=146,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=146,action=drop") # Mobile Prefix Advertisement - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=147,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=147,action=drop") # Multicast Router Advertisement - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=151,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=151,action=drop") # Multicast Router Solicitation - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=152,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=152,action=drop") # Multicast Router Termination - flow.apply("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=153,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=153,action=drop") # allow valid IPv6 outbound, by type - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,tcp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,tcp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,udp6,action=normal") - flow.apply("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,udp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,tcp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_LOCAL_IPv6)s,tcp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_GLOBAL_IPv6)s,udp6,action=normal") + ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," + "ipv6_src=%(VIF_LOCAL_IPv6)s,udp6,action=normal") # all else will be dropped ... -- cgit From 7c53dc7a792dfcda0862178725adbe585c4fed21 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Wed, 20 Apr 2011 14:24:29 -0400 Subject: bugfix signature --- .../networking/etc/xensource/scripts/ovs_configure_vif_flows.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 37ff07e33..9557eb3e2 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -91,7 +91,7 @@ def main(dom_id, command, net_type, only_this_vif=None): apply_ovs_ipv6_flows(ovs, bridge, params) -def apply_ovs_ipv4_flows(ovs, command, bridge, params): +def apply_ovs_ipv4_flows(ovs, bridge, params): # allow valid ARP outbound (both request / reply) ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," "arp_sha=%(VIF_MAC)s,nw_src=%(VIF_IPv4)s,action=normal") @@ -104,7 +104,7 @@ def apply_ovs_ipv4_flows(ovs, command, bridge, params): "nw_src=%(VIF_IPv4)s,action=normal") -def apply_ovs_ipv6_flows(ovs, command, bridge, params): +def apply_ovs_ipv6_flows(ovs, bridge, params): # allow valid IPv6 ND outbound (are both global and local IPs needed?) # Neighbor Solicitation ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," -- cgit From bbcc2304167c3331f4c54898200f01fd66c0a20c Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Thu, 21 Apr 2011 14:53:03 -0400 Subject: change action= to actions= --- .../xensource/scripts/ovs_configure_base_flows.py | 4 +- .../xensource/scripts/ovs_configure_vif_flows.py | 52 +++++++++++----------- 2 files changed, 28 insertions(+), 28 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py index d036cf517..555dad71a 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py @@ -41,10 +41,10 @@ def main(phys_dev_name, bridge_name): # allow all traffic from the physical NIC, as it is trusted (i.e., from a # filtered vif, or from the physical infrastructure ovs_ofctl('add-flow', bridge_name, - "priority=2,in_port=%s,action=normal" % pnic_ofport) + "priority=2,in_port=%s,actions=normal" % pnic_ofport) # default drop - ovs_ofctl('add-flow', bridge_name, 'priority=1,action=drop') + ovs_ofctl('add-flow', bridge_name, 'priority=1,actions=drop') if __name__ == "__main__": diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 9557eb3e2..aba8487f6 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -94,14 +94,14 @@ def main(dom_id, command, net_type, only_this_vif=None): def apply_ovs_ipv4_flows(ovs, bridge, params): # allow valid ARP outbound (both request / reply) ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," - "arp_sha=%(VIF_MAC)s,nw_src=%(VIF_IPv4)s,action=normal") + "arp_sha=%(VIF_MAC)s,nw_src=%(VIF_IPv4)s,actions=normal") ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," - "arp_sha=%(VIF_MAC)s,nw_src=0.0.0.0,action=normal") + "arp_sha=%(VIF_MAC)s,nw_src=0.0.0.0,actions=normal") # allow valid IPv4 outbound ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,ip," - "nw_src=%(VIF_IPv4)s,action=normal") + "nw_src=%(VIF_IPv4)s,actions=normal") def apply_ovs_ipv6_flows(ovs, bridge, params): @@ -109,60 +109,60 @@ def apply_ovs_ipv6_flows(ovs, bridge, params): # Neighbor Solicitation ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," - "action=normal") + "actions=normal") ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,action=normal") + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,actions=normal") ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," - "action=normal") + "actions=normal") ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,action=normal") + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,actions=normal") # Neighbor Advertisement ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136," - "nd_target=%(VIF_LOCAL_IPv6)s,action=normal") + "nd_target=%(VIF_LOCAL_IPv6)s,actions=normal") ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136,action=normal") + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136,actions=normal") ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136," - "nd_target=%(VIF_GLOBAL_IPv6)s,action=normal") + "nd_target=%(VIF_GLOBAL_IPv6)s,actions=normal") ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136,action=normal") + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136,actions=normal") # drop all other neighbor discovery (required because we permit all icmp6 below) - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=135,action=drop") - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=136,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=135,actions=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=136,actions=drop") # do not allow sending specifc ICMPv6 types # Router Advertisement - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=134,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=134,actions=drop") # Redirect Gateway - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=137,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=137,actions=drop") # Mobile Prefix Solicitation - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=146,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=146,actions=drop") # Mobile Prefix Advertisement - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=147,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=147,actions=drop") # Multicast Router Advertisement - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=151,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=151,actions=drop") # Multicast Router Solicitation - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=152,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=152,actions=drop") # Multicast Router Termination - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=153,action=drop") + ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=153,actions=drop") # allow valid IPv6 outbound, by type ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp6,action=normal") + "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp6,actions=normal") ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp6,action=normal") + "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp6,actions=normal") ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,tcp6,action=normal") + "ipv6_src=%(VIF_GLOBAL_IPv6)s,tcp6,actions=normal") ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,tcp6,action=normal") + "ipv6_src=%(VIF_LOCAL_IPv6)s,tcp6,actions=normal") ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,udp6,action=normal") + "ipv6_src=%(VIF_GLOBAL_IPv6)s,udp6,actions=normal") ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,udp6,action=normal") + "ipv6_src=%(VIF_LOCAL_IPv6)s,udp6,actions=normal") # all else will be dropped ... -- cgit From a13616c2deae4ae90bb69ce87bda28576e194426 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 22 Apr 2011 16:35:26 -0400 Subject: removed unused imports and renamed template variables --- .../networking/etc/xensource/scripts/novalib.py | 1 - .../xensource/scripts/ovs_configure_base_flows.py | 1 - .../xensource/scripts/ovs_configure_vif_flows.py | 107 ++++++++++----------- 3 files changed, 53 insertions(+), 56 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/novalib.py b/plugins/xenserver/networking/etc/xensource/scripts/novalib.py index 9fc4b2310..dcbee3ded 100644 --- a/plugins/xenserver/networking/etc/xensource/scripts/novalib.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/novalib.py @@ -19,7 +19,6 @@ import os import subprocess -import sys def execute_get_output(*command): diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py index 555dad71a..82d0b9e31 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py @@ -21,7 +21,6 @@ This script is used to configure base openvswitch flows for XenServer hosts. """ import os -import subprocess import sys diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index aba8487f6..f91a5f49d 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -21,7 +21,6 @@ This script is used to configure openvswitch flows on XenServer hosts. """ import os -import subprocess import sys # This is written to Python 2.4, since that is what is available on XenServer @@ -68,8 +67,8 @@ def main(dom_id, command, net_type, only_this_vif=None): 'Interface', vif, 'ofport') params = dict(VIF_NAME=vif, - VIF_MAC=data['mac'], - VIF_OFPORT=vif_ofport) + MAC=data['mac'], + OF_PORT=vif_ofport) ovs = OvsFlow(bridge, params) @@ -80,95 +79,95 @@ def main(dom_id, command, net_type, only_this_vif=None): if command in ('online', 'reset'): if net_type in ('ipv4', 'all') and 'ips' in data: for ip4 in data['ips']: - ovs.params.update({'VIF_IPv4': ip4['ip']}) + ovs.params.update({'IPV4_ADDR': ip4['ip']}) apply_ovs_ipv4_flows(ovs, bridge, params) if net_type in ('ipv6', 'all') and 'ip6s' in data: for ip6 in data['ip6s']: link_local = str(netaddr.EUI(data['mac']).eui64()\ .ipv6_link_local()) - ovs.params.update({'VIF_LOCAL_IPv6': link_local}) - ovs.params.update({'VIF_GLOBAL_IPv6': ip6['ip']}) + ovs.params.update({'IPV6_LINK_LOCAL_ADDR': link_local}) + ovs.params.update({'IPV6_GLOBAL_ADDR': ip6['ip']}) apply_ovs_ipv6_flows(ovs, bridge, params) def apply_ovs_ipv4_flows(ovs, bridge, params): # allow valid ARP outbound (both request / reply) - ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," - "arp_sha=%(VIF_MAC)s,nw_src=%(VIF_IPv4)s,actions=normal") + ovs.add("priority=3,in_port=%(OF_PORT)s,dl_src=%(MAC)s,arp," + "arp_sha=%(MAC)s,nw_src=%(IPV4_ADDR)s,actions=normal") - ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,arp," - "arp_sha=%(VIF_MAC)s,nw_src=0.0.0.0,actions=normal") + ovs.add("priority=3,in_port=%(OF_PORT)s,dl_src=%(MAC)s,arp," + "arp_sha=%(MAC)s,nw_src=0.0.0.0,actions=normal") # allow valid IPv4 outbound - ovs.add("priority=3,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,ip," - "nw_src=%(VIF_IPv4)s,actions=normal") + ovs.add("priority=3,in_port=%(OF_PORT)s,dl_src=%(MAC)s,ip," + "nw_src=%(IPV4_ADDR)s,actions=normal") def apply_ovs_ipv6_flows(ovs, bridge, params): # allow valid IPv6 ND outbound (are both global and local IPs needed?) # Neighbor Solicitation - ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," + ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6," + "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp_type=135,nd_sll=%(MAC)s," "actions=normal") - ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=135,actions=normal") - ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,nd_sll=%(VIF_MAC)s," + ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6," + "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp_type=135,actions=normal") + ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6," + "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp_type=135,nd_sll=%(MAC)s," "actions=normal") - ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=135,actions=normal") + ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6," + "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp_type=135,actions=normal") # Neighbor Advertisement - ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136," - "nd_target=%(VIF_LOCAL_IPv6)s,actions=normal") - ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp_type=136,actions=normal") - ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136," - "nd_target=%(VIF_GLOBAL_IPv6)s,actions=normal") - ovs.add("priority=6,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s,icmp6," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp_type=136,actions=normal") - - # drop all other neighbor discovery (required because we permit all icmp6 below) - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=135,actions=drop") - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=136,actions=drop") + ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6," + "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp_type=136," + "nd_target=%(IPV6_LINK_LOCAL_ADDR)s,actions=normal") + ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6," + "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp_type=136,actions=normal") + ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6," + "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp_type=136," + "nd_target=%(IPV6_GLOBAL_ADDR)s,actions=normal") + ovs.add("priority=6,in_port=%(OF_PORT)s,dl_src=%(MAC)s,icmp6," + "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp_type=136,actions=normal") + + # drop all other neighbor discovery (req b/c we permit all icmp6 below) + ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=135,actions=drop") + ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=136,actions=drop") # do not allow sending specifc ICMPv6 types # Router Advertisement - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=134,actions=drop") + ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=134,actions=drop") # Redirect Gateway - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=137,actions=drop") + ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=137,actions=drop") # Mobile Prefix Solicitation - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=146,actions=drop") + ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=146,actions=drop") # Mobile Prefix Advertisement - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=147,actions=drop") + ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=147,actions=drop") # Multicast Router Advertisement - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=151,actions=drop") + ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=151,actions=drop") # Multicast Router Solicitation - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=152,actions=drop") + ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=152,actions=drop") # Multicast Router Termination - ovs.add("priority=5,in_port=%(VIF_OFPORT)s,icmp6,icmp_type=153,actions=drop") + ovs.add("priority=5,in_port=%(OF_PORT)s,icmp6,icmp_type=153,actions=drop") # allow valid IPv6 outbound, by type - ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,icmp6,actions=normal") - ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,icmp6,actions=normal") - ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,tcp6,actions=normal") - ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,tcp6,actions=normal") - ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_GLOBAL_IPv6)s,udp6,actions=normal") - ovs.add("priority=4,in_port=%(VIF_OFPORT)s,dl_src=%(VIF_MAC)s," - "ipv6_src=%(VIF_LOCAL_IPv6)s,udp6,actions=normal") + ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s," + "ipv6_src=%(IPV6_GLOBAL_ADDR)s,icmp6,actions=normal") + ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s," + "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,icmp6,actions=normal") + ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s," + "ipv6_src=%(IPV6_GLOBAL_ADDR)s,tcp6,actions=normal") + ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s," + "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,tcp6,actions=normal") + ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s," + "ipv6_src=%(IPV6_GLOBAL_ADDR)s,udp6,actions=normal") + ovs.add("priority=4,in_port=%(OF_PORT)s,dl_src=%(MAC)s," + "ipv6_src=%(IPV6_LINK_LOCAL_ADDR)s,udp6,actions=normal") # all else will be dropped ... if __name__ == "__main__": if len(sys.argv) < 3: - print "usage: %s dom_id online|offline|reset ipv4|ipv6|all [vif_name]" % \ + print "usage: %s dom_id online|offline|reset ipv4|ipv6|all [vif]" % \ os.path.basename(sys.argv[0]) sys.exit(1) else: -- cgit From a7c25a19a9a2fdf89fc9ecd3992ded936923af18 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 13 May 2011 14:21:55 +0000 Subject: Add init script and sysconfig file for openvswitch-nova --- .../networking/etc/init.d/openvswitch-nova | 96 ++++++++++++++++++++++ .../networking/etc/sysconfig/openvswitch-nova | 1 + .../xensource/scripts/ovs_configure_base_flows.py | 35 ++++---- 3 files changed, 116 insertions(+), 16 deletions(-) create mode 100755 plugins/xenserver/networking/etc/init.d/openvswitch-nova create mode 100644 plugins/xenserver/networking/etc/sysconfig/openvswitch-nova (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/init.d/openvswitch-nova b/plugins/xenserver/networking/etc/init.d/openvswitch-nova new file mode 100755 index 000000000..e4dbdf4af --- /dev/null +++ b/plugins/xenserver/networking/etc/init.d/openvswitch-nova @@ -0,0 +1,96 @@ +#!/bin/bash +# +# openvswitch-nova +# +# chkconfig: 2345 10 89 +# description: Apply initial OVS flows for Nova + +# Copyright 2011 OpenStack LLC. +# Copyright (C) 2009, 2010, 2011 Nicira Networks, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# source function library +if [ -f /etc/init.d/functions ]; then + . /etc/init.d/functions +elif [ -f /etc/rc.d/init.d/functions ]; then + . /etc/rc.d/init.d/functions +elif [ -f /lib/lsb/init-functions ]; then + . /lib/lsb/init-functions +else + echo "$0: missing LSB shell function library" >&2 + exit 1 +fi + +OVS_CONFIGURE_BASE_FLOWS=/etc/xensource/scripts/ovs_configure_base_flows.py + +if test -e /etc/sysconfig/openvswitch-nova; then + . /etc/sysconfig/openvswitch-nova +else + echo "$0: missing configuration file: /etc/sysconfig/openvswitch-nova" + exit 1 +fi + +if test -e /etc/xensource/network.conf; then + NETWORK_MODE=$(cat /etc/xensource/network.conf) +fi + +case ${NETWORK_MODE:=openvswitch} in + vswitch|openvswitch) + ;; + bridge) + exit 0 + ;; + *) + echo "Open vSwitch disabled (/etc/xensource/network.conf is invalid)" >&2 + exit 0 + ;; +esac + +function run_ovs_conf_base_flows { + # expected format: DEVICE_BRIDGES="eth0:xenbr0 eth1:xenbr1" + for pair in $DEVICE_BRIDGES; do + # below in $info, physical device is [0], bridge name is [1] + info=${pair//:/ } + /usr/bin/python $OVS_CONFIGURE_BASE_FLOWS $1 ${info[0]} ${info[1]} + done +} + +function start { + run_ovs_conf_base_flows online +} + +function stop { + run_ovs_conf_base_flows offline +} + +function restart { + run_ovs_conf_base_flows reset +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + *) + echo "usage: openvswitch-nova [start|stop|restart]" + exit 1 + ;; +esac diff --git a/plugins/xenserver/networking/etc/sysconfig/openvswitch-nova b/plugins/xenserver/networking/etc/sysconfig/openvswitch-nova new file mode 100644 index 000000000..829782fb6 --- /dev/null +++ b/plugins/xenserver/networking/etc/sysconfig/openvswitch-nova @@ -0,0 +1 @@ +#DEVICE_BRIDGES="eth0:xenbr0 eth1:xenbr1" diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py index 82d0b9e31..0186a3c8b 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py @@ -27,32 +27,35 @@ import sys from novalib import execute, execute_get_output -def main(phys_dev_name, bridge_name): - pnic_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get', 'Interface', - phys_dev_name, 'ofport') +def main(command, phys_dev_name, bridge_name): ovs_ofctl = lambda *rule: execute('/usr/bin/ovs-ofctl', *rule) - # clear all flows + # always clear all flows first ovs_ofctl('del-flows', bridge_name) - # these flows are lower priority than all VM-specific flows. + if command in ('online', 'reset'): + pnic_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get', 'Interface', + phys_dev_name, 'ofport') - # allow all traffic from the physical NIC, as it is trusted (i.e., from a - # filtered vif, or from the physical infrastructure - ovs_ofctl('add-flow', bridge_name, - "priority=2,in_port=%s,actions=normal" % pnic_ofport) + # these flows are lower priority than all VM-specific flows. - # default drop - ovs_ofctl('add-flow', bridge_name, 'priority=1,actions=drop') + # allow all traffic from the physical NIC, as it is trusted (i.e., from a + # filtered vif, or from the physical infrastructure + ovs_ofctl('add-flow', bridge_name, + "priority=2,in_port=%s,actions=normal" % pnic_ofport) + + # default drop + ovs_ofctl('add-flow', bridge_name, 'priority=1,actions=drop') if __name__ == "__main__": - if len(sys.argv) != 3: + if len(sys.argv) != 4 or sys.argv[1] not in ('online', 'offline', 'reset'): + print sys.argv script_name = os.path.basename(sys.argv[0]) print "This script configures base ovs flows." - print "usage: %s phys-dev-name bridge-name" % script_name - print " ex: %s eth0 xenbr0" % script_name + print "usage: %s [online|offline|reset] phys-dev-name bridge-name" % script_name + print " ex: %s online eth0 xenbr0" % script_name sys.exit(1) else: - phys_dev_name, bridge_name = sys.argv[1:3] - main(phys_dev_name, bridge_name) + command, phys_dev_name, bridge_name = sys.argv[1:4] + main(command, phys_dev_name, bridge_name) -- cgit From bccbe3f845e9e7661efefbe456bfa56144de8136 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 13 May 2011 19:29:10 +0000 Subject: add udev rules and modified ovs_configure_vif_flows.py to work with udev rules --- .../etc/udev/rules.d/openvswitch-nova.rules | 3 +++ .../xensource/scripts/ovs_configure_vif_flows.py | 28 ++++++++++++---------- 2 files changed, 19 insertions(+), 12 deletions(-) create mode 100644 plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules b/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules new file mode 100644 index 000000000..0dfb029eb --- /dev/null +++ b/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules @@ -0,0 +1,3 @@ +SUBSYSTEM=="xen-backend", KERNEL=="vif*", RUN+="/etc/xensource/scripts/ovs_configure_base_flows.py $env{ACTION} %k all" +# is this one needed? +#SUBSYSTEM=="net", KERNEL=="tap*", RUN+="/etc/xensource/scripts/ovs_configure_base_flows.py $env{ACTION} %k all" diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index f91a5f49d..95a944a2b 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -45,7 +45,14 @@ class OvsFlow(object): execute(OVS_OFCTL, 'del-flows', self.bridge, "in_port=%s" % ofport) -def main(dom_id, command, net_type, only_this_vif=None): +def main(command, vif_raw, net_type): + if command not in ('online', 'offline'): + return + + vif_name, dom_id, vif_index = vif_raw.split('-') + vif = "%s%s.%s" % (vif_name, dom_id, vif_index) + bridge = "xenbr%s" % vif_index + xsls = execute_get_output('/usr/bin/xenstore-ls', '/local/domain/%s/vm-data/networking' % dom_id) macs = [line.split("=")[0].strip() for line in xsls.splitlines()] @@ -56,13 +63,11 @@ def main(dom_id, command, net_type, only_this_vif=None): (dom_id, mac)) data = json.loads(xsread) if data["label"] == "public": - vif = "vif%s.0" % dom_id - bridge = "xenbr0" + this_vif = "vif%s.0" % dom_id else: - vif = "vif%s.1" % dom_id - bridge = "xenbr1" + this_vif = "vif%s.1" % dom_id - if (only_this_vif is None) or (vif == only_this_vif): + if vif == this_vif: vif_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get', 'Interface', vif, 'ofport') @@ -72,11 +77,11 @@ def main(dom_id, command, net_type, only_this_vif=None): ovs = OvsFlow(bridge, params) - if command in ('offline', 'reset'): + if command == 'offline': # I haven't found a way to clear only IPv4 or IPv6 rules. ovs.clear_flows(vif_ofport) - if command in ('online', 'reset'): + if command == 'online': if net_type in ('ipv4', 'all') and 'ips' in data: for ip4 in data['ips']: ovs.params.update({'IPV4_ADDR': ip4['ip']}) @@ -167,10 +172,9 @@ def apply_ovs_ipv6_flows(ovs, bridge, params): if __name__ == "__main__": if len(sys.argv) < 3: - print "usage: %s dom_id online|offline|reset ipv4|ipv6|all [vif]" % \ + print "usage: %s [online|offline] vif-domid-idx ipv4|ipv6|all " % \ os.path.basename(sys.argv[0]) sys.exit(1) else: - dom_id, command, net_type = sys.argv[1:4] - vif_name = len(sys.argv) == 5 and sys.argv[4] or None - main(dom_id, command, net_type, vif_name) + command, vif_raw, net_type = sys.argv[1:4] + main(command, vif_raw, net_type) -- cgit From fd2861fdcdae0d7a3f13dac7b54d4d8f106f2b3e Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 13 May 2011 21:05:12 +0000 Subject: fix sys.argv requirement --- .../networking/etc/xensource/scripts/ovs_configure_vif_flows.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 95a944a2b..2ebc4dd8c 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -171,7 +171,7 @@ def apply_ovs_ipv6_flows(ovs, bridge, params): if __name__ == "__main__": - if len(sys.argv) < 3: + if len(sys.argv) != 4: print "usage: %s [online|offline] vif-domid-idx ipv4|ipv6|all " % \ os.path.basename(sys.argv[0]) sys.exit(1) -- cgit From 4d025ef1d2b2b97c13d710cb5080b78e246215bc Mon Sep 17 00:00:00 2001 From: Josh Kearney Date: Wed, 18 May 2011 11:27:39 -0500 Subject: Added missing xenhost plugin. --- .../xenserver/xenapi/etc/xapi.d/plugins/xenhost | 183 +++++++++++++++++++++ 1 file changed, 183 insertions(+) create mode 100644 plugins/xenserver/xenapi/etc/xapi.d/plugins/xenhost (limited to 'plugins') diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenhost b/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenhost new file mode 100644 index 000000000..a8428e841 --- /dev/null +++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/xenhost @@ -0,0 +1,183 @@ +#!/usr/bin/env python + +# Copyright 2011 OpenStack LLC. +# Copyright 2011 United States Government as represented by the +# Administrator of the National Aeronautics and Space Administration. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# +# XenAPI plugin for reading/writing information to xenstore +# + +try: + import json +except ImportError: + import simplejson as json +import os +import random +import re +import subprocess +import tempfile +import time + +import XenAPIPlugin + +from pluginlib_nova import * +configure_logging("xenhost") + +host_data_pattern = re.compile(r"\s*(\S+) \([^\)]+\) *: ?(.*)") + + +def jsonify(fnc): + def wrapper(*args, **kwargs): + return json.dumps(fnc(*args, **kwargs)) + return wrapper + + +class TimeoutError(StandardError): + pass + + +def _run_command(cmd): + """Abstracts out the basics of issuing system commands. If the command + returns anything in stderr, a PluginError is raised with that information. + Otherwise, the output from stdout is returned. + """ + pipe = subprocess.PIPE + proc = subprocess.Popen([cmd], shell=True, stdin=pipe, stdout=pipe, + stderr=pipe, close_fds=True) + proc.wait() + err = proc.stderr.read() + if err: + raise pluginlib.PluginError(err) + return proc.stdout.read() + + +@jsonify +def host_data(self, arg_dict): + """Runs the commands on the xenstore host to return the current status + information. + """ + cmd = "xe host-list | grep uuid" + resp = _run_command(cmd) + host_uuid = resp.split(":")[-1].strip() + cmd = "xe host-param-list uuid=%s" % host_uuid + resp = _run_command(cmd) + parsed_data = parse_response(resp) + # We have the raw dict of values. Extract those that we need, + # and convert the data types as needed. + ret_dict = cleanup(parsed_data) + return ret_dict + + +def parse_response(resp): + data = {} + for ln in resp.splitlines(): + if not ln: + continue + mtch = host_data_pattern.match(ln.strip()) + try: + k, v = mtch.groups() + data[k] = v + except AttributeError: + # Not a valid line; skip it + continue + return data + + +def cleanup(dct): + """Take the raw KV pairs returned and translate them into the + appropriate types, discarding any we don't need. + """ + def safe_int(val): + """Integer values will either be string versions of numbers, + or empty strings. Convert the latter to nulls. + """ + try: + return int(val) + except ValueError: + return None + + def strip_kv(ln): + return [val.strip() for val in ln.split(":", 1)] + + out = {} + +# sbs = dct.get("supported-bootloaders", "") +# out["host_supported-bootloaders"] = sbs.split("; ") +# out["host_suspend-image-sr-uuid"] = dct.get("suspend-image-sr-uuid", "") +# out["host_crash-dump-sr-uuid"] = dct.get("crash-dump-sr-uuid", "") +# out["host_local-cache-sr"] = dct.get("local-cache-sr", "") + out["host_memory"] = omm = {} + omm["total"] = safe_int(dct.get("memory-total", "")) + omm["overhead"] = safe_int(dct.get("memory-overhead", "")) + omm["free"] = safe_int(dct.get("memory-free", "")) + omm["free-computed"] = safe_int( + dct.get("memory-free-computed", "")) + +# out["host_API-version"] = avv = {} +# avv["vendor"] = dct.get("API-version-vendor", "") +# avv["major"] = safe_int(dct.get("API-version-major", "")) +# avv["minor"] = safe_int(dct.get("API-version-minor", "")) + + out["host_uuid"] = dct.get("uuid", None) + out["host_name-label"] = dct.get("name-label", "") + out["host_name-description"] = dct.get("name-description", "") +# out["host_host-metrics-live"] = dct.get( +# "host-metrics-live", "false") == "true" + out["host_hostname"] = dct.get("hostname", "") + out["host_ip_address"] = dct.get("address", "") + oc = dct.get("other-config", "") + out["host_other-config"] = ocd = {} + if oc: + for oc_fld in oc.split("; "): + ock, ocv = strip_kv(oc_fld) + ocd[ock] = ocv +# out["host_capabilities"] = dct.get("capabilities", "").split("; ") +# out["host_allowed-operations"] = dct.get( +# "allowed-operations", "").split("; ") +# lsrv = dct.get("license-server", "") +# out["host_license-server"] = ols = {} +# if lsrv: +# for lspart in lsrv.split("; "): +# lsk, lsv = lspart.split(": ") +# if lsk == "port": +# ols[lsk] = safe_int(lsv) +# else: +# ols[lsk] = lsv +# sv = dct.get("software-version", "") +# out["host_software-version"] = osv = {} +# if sv: +# for svln in sv.split("; "): +# svk, svv = strip_kv(svln) +# osv[svk] = svv + cpuinf = dct.get("cpu_info", "") + out["host_cpu_info"] = ocp = {} + if cpuinf: + for cpln in cpuinf.split("; "): + cpk, cpv = strip_kv(cpln) + if cpk in ("cpu_count", "family", "model", "stepping"): + ocp[cpk] = safe_int(cpv) + else: + ocp[cpk] = cpv +# out["host_edition"] = dct.get("edition", "") +# out["host_external-auth-service-name"] = dct.get( +# "external-auth-service-name", "") + return out + + +if __name__ == "__main__": + XenAPIPlugin.dispatch( + {"host_data": host_data}) -- cgit From 2c6c184138b0d8c650496e0e8d033c85a2e2dec1 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Wed, 18 May 2011 20:46:21 +0000 Subject: fix typo in udev rule --- plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules b/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules index 0dfb029eb..b179f0847 100644 --- a/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules +++ b/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules @@ -1,3 +1,3 @@ -SUBSYSTEM=="xen-backend", KERNEL=="vif*", RUN+="/etc/xensource/scripts/ovs_configure_base_flows.py $env{ACTION} %k all" +SUBSYSTEM=="xen-backend", KERNEL=="vif*", RUN+="/etc/xensource/scripts/ovs_configure_vif_flows.py $env{ACTION} %k all" # is this one needed? -#SUBSYSTEM=="net", KERNEL=="tap*", RUN+="/etc/xensource/scripts/ovs_configure_base_flows.py $env{ACTION} %k all" +#SUBSYSTEM=="net", KERNEL=="tap*", RUN+="/etc/xensource/scripts/ovs_configure_vif_flows.py $env{ACTION} %k all" -- cgit From 0850945efd0c5d7341590acd109572b9caf89e18 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Fri, 20 May 2011 21:30:04 +0000 Subject: move init start position to 96 to allow openvswitch time to fully start --- plugins/xenserver/networking/etc/init.d/openvswitch-nova | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/init.d/openvswitch-nova b/plugins/xenserver/networking/etc/init.d/openvswitch-nova index e4dbdf4af..8672a69b8 100755 --- a/plugins/xenserver/networking/etc/init.d/openvswitch-nova +++ b/plugins/xenserver/networking/etc/init.d/openvswitch-nova @@ -2,7 +2,7 @@ # # openvswitch-nova # -# chkconfig: 2345 10 89 +# chkconfig: 2345 96 89 # description: Apply initial OVS flows for Nova # Copyright 2011 OpenStack LLC. -- cgit From a615702773ded561f01a270ad8bc04c60391bd51 Mon Sep 17 00:00:00 2001 From: "paul@openstack.org" <> Date: Fri, 20 May 2011 16:45:19 -0500 Subject: fixing glance plugin bug and setting the plugin to use /v1 of the glance api --- plugins/xenserver/xenapi/etc/xapi.d/plugins/glance | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance index 0a45f3873..4b45671ae 100644 --- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance +++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance @@ -68,12 +68,12 @@ def _download_tarball(sr_path, staging_path, image_id, glance_host, area. """ conn = httplib.HTTPConnection(glance_host, glance_port) - conn.request('GET', '/images/%s' % image_id) + conn.request('GET', '/v1/images/%s' % image_id) resp = conn.getresponse() if resp.status == httplib.NOT_FOUND: raise Exception("Image '%s' not found in Glance" % image_id) elif resp.status != httplib.OK: - raise Exception("Unexpected response from Glance %i" % res.status) + raise Exception("Unexpected response from Glance %i" % resp.status) tar_cmd = "tar -zx --directory=%(staging_path)s" % locals() tar_proc = _make_subprocess(tar_cmd, stderr=True, stdin=True) -- cgit From ffac2aa8162ba5111a01b495d9dd7e43bfda4af4 Mon Sep 17 00:00:00 2001 From: Chris Behrens Date: Mon, 23 May 2011 14:38:37 -0500 Subject: initial fudging in of swap disk --- plugins/xenserver/xenapi/etc/xapi.d/plugins/glance | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance index 4b45671ae..9d6ee78ab 100644 --- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance +++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance @@ -177,8 +177,15 @@ def _fixup_vhds(sr_path, staging_path, uuid_stack): else: assert_vhd_not_hidden(base_copy_path) + # If we find a swap.vhd, go ahead and copy it into the SR + swap_uuid = None + orig_swap_path = os.path.join(staging_path, 'swap.vhd') + if os.path.exists(orig_swap_path): + swap_path, swap_uuid = rename_with_uuid(orig_swap_path) + move_into_sr(swap_path) + move_into_sr(base_copy_path) - return vdi_uuid + return dict(primary_vdi_uuid=vdi_uuid, swap_vdi_uuid=swap_uuid) def _prepare_staging_area_for_upload(sr_path, staging_path, vdi_uuids): @@ -324,8 +331,7 @@ def download_vhd(session, args): try: _download_tarball(sr_path, staging_path, image_id, glance_host, glance_port) - vdi_uuid = _fixup_vhds(sr_path, staging_path, uuid_stack) - return vdi_uuid + return _fixup_vhds(sr_path, staging_path, uuid_stack) finally: _cleanup_staging_area(staging_path) -- cgit From 94766fac0f5fdb3c7847b1129a8f05948a97f887 Mon Sep 17 00:00:00 2001 From: Chris Behrens Date: Mon, 23 May 2011 20:42:54 +0000 Subject: cleanup and fixes --- plugins/xenserver/xenapi/etc/xapi.d/plugins/glance | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance index 9d6ee78ab..6cc7617e0 100644 --- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance +++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance @@ -178,15 +178,19 @@ def _fixup_vhds(sr_path, staging_path, uuid_stack): assert_vhd_not_hidden(base_copy_path) # If we find a swap.vhd, go ahead and copy it into the SR - swap_uuid = None + swap_vdi_uuid = None orig_swap_path = os.path.join(staging_path, 'swap.vhd') if os.path.exists(orig_swap_path): - swap_path, swap_uuid = rename_with_uuid(orig_swap_path) + swap_path, swap_vdi_uuid = rename_with_uuid(orig_swap_path) move_into_sr(swap_path) - move_into_sr(base_copy_path) - return dict(primary_vdi_uuid=vdi_uuid, swap_vdi_uuid=swap_uuid) + vdi_uuids = {} + vdi_uuids['primary_vdi_uuid'] = vdi_uuid + if swap_vdi_uuid: + vdi_uuids['swap_vdi_uuid'] = swap_vdi_uuid + move_into_sr(base_copy_path) + return vdi_uuids def _prepare_staging_area_for_upload(sr_path, staging_path, vdi_uuids): """Hard-link VHDs into staging area with appropriate filename -- cgit From 42c209d90f491d19b3aabc70f8dafc33b76cf20d Mon Sep 17 00:00:00 2001 From: Chris Behrens Date: Mon, 23 May 2011 16:51:28 -0500 Subject: fix tests, have glance plugin return json encoded string of vdi uuids --- plugins/xenserver/xenapi/etc/xapi.d/plugins/glance | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance index 6cc7617e0..0d02adfe9 100644 --- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance +++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance @@ -22,6 +22,10 @@ # import httplib +try: + import json +except ImportError: + import simplejson as json import os import os.path import pickle @@ -335,7 +339,7 @@ def download_vhd(session, args): try: _download_tarball(sr_path, staging_path, image_id, glance_host, glance_port) - return _fixup_vhds(sr_path, staging_path, uuid_stack) + return json.dumps(_fixup_vhds(sr_path, staging_path, uuid_stack)) finally: _cleanup_staging_area(staging_path) -- cgit From 899642030dd60541153ccee810d082816f92dd49 Mon Sep 17 00:00:00 2001 From: Chris Behrens Date: Thu, 26 May 2011 19:27:27 +0000 Subject: Change the return from glance to be a list of dictionaries describing VDIs Fix the rest of the code to account for this Add a test for swap --- plugins/xenserver/xenapi/etc/xapi.d/plugins/glance | 97 ++++++++++++++-------- 1 file changed, 63 insertions(+), 34 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance index 0d02adfe9..039d1b8f6 100644 --- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance +++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance @@ -91,8 +91,8 @@ def _download_tarball(sr_path, staging_path, image_id, glance_host, conn.close() -def _fixup_vhds(sr_path, staging_path, uuid_stack): - """Fixup the downloaded VHDs before we move them into the SR. +def _import_vhds(sr_path, staging_path, uuid_stack): + """Import the VHDs found in the staging path. We cannot extract VHDs directly into the SR since they don't yet have UUIDs, aren't properly associated with each other, and would be subject to @@ -102,16 +102,25 @@ def _fixup_vhds(sr_path, staging_path, uuid_stack): To avoid these we problems, we use a staging area to fixup the VHDs before moving them into the SR. The steps involved are: - 1. Extracting tarball into staging area + 1. Extracting tarball into staging area (done prior to this call) 2. Renaming VHDs to use UUIDs ('snap.vhd' -> 'ffff-aaaa-...vhd') - 3. Linking the two VHDs together + 3. Linking VHDs together if there's a snap.vhd 4. Pseudo-atomically moving the images into the SR. (It's not really - atomic because it takes place as two os.rename operations; however, - the chances of an SR.scan occuring between the two rename() + atomic because it takes place as multiple os.rename operations; + however, the chances of an SR.scan occuring between the rename()s invocations is so small that we can safely ignore it) + + Returns: A list of VDIs. Each list element is a dictionary containing + information about the VHD. Dictionary keys are: + 1. "vdi_type" - The type of VDI. Currently they can be "os_disk" or + "swap" + 2. "vdi_uuid" - The UUID of the VDI + + Example return: [{"vdi_type": "os_disk","vdi_uuid": "ffff-aaa..vhd"}, + {"vdi_type": "swap","vdi_uuid": "ffff-bbb..vhd"}] """ def rename_with_uuid(orig_path): """Rename VHD using UUID so that it will be recognized by SR on a @@ -162,39 +171,57 @@ def _fixup_vhds(sr_path, staging_path, uuid_stack): "VHD %(path)s is marked as hidden without child" % locals()) - orig_base_copy_path = os.path.join(staging_path, 'image.vhd') - if not os.path.exists(orig_base_copy_path): + def prepare_if_exists(staging_path, vhd_name, parent_path=None): + """ + Check for existance of a particular VHD in the staging path and + preparing it for moving into the SR. + + Returns: Tuple of (Path to move into the SR, VDI_UUID) + None, if the vhd_name doesn't exist in the staging path + + If the VHD exists, we will do the following: + 1. Rename it with a UUID. + 2. If parent_path exists, we'll link up the VHDs. + """ + orig_path = os.path.join(staging_path, vhd_name) + if not os.path.exists(orig_path): + return None + new_path, vdi_uuid = rename_with_uuid(orig_path) + if parent_path: + # NOTE(sirp): this step is necessary so that an SR scan won't + # delete the base_copy out from under us (since it would be + # orphaned) + link_vhds(new_path, parent_path) + return (new_path, vdi_uuid) + + vdi_return_list = [] + paths_to_move = [] + + image_info = prepare_if_exists(staging_path, 'image.vhd') + if not image_info: raise Exception("Invalid image: image.vhd not present") - base_copy_path, base_copy_uuid = rename_with_uuid(orig_base_copy_path) - - vdi_uuid = base_copy_uuid - orig_snap_path = os.path.join(staging_path, 'snap.vhd') - if os.path.exists(orig_snap_path): - snap_path, snap_uuid = rename_with_uuid(orig_snap_path) - vdi_uuid = snap_uuid - # NOTE(sirp): this step is necessary so that an SR scan won't - # delete the base_copy out from under us (since it would be - # orphaned) - link_vhds(snap_path, base_copy_path) - move_into_sr(snap_path) + paths_to_move.append(image_info[0]) + + snap_info = prepare_if_exists(staging_path, 'snap.vhd', image_path) + if snap_info: + paths_to_move.append(snap_info[0]) + # We return this snap as the VDI instead of image.vhd + vdi_return_list.append(dict(vdi_type="os", vdi_uuid=snap_info[1])) else: - assert_vhd_not_hidden(base_copy_path) + # If there's no snap, we return the image.vhd UUID + vdi_return_list.append(dict(vdi_type="os", vdi_uuid=image_info[1])) + + swap_info = prepare_if_exists(staging_path, 'swap.vhd') + if swap_info: + paths_to_move.append(swap_info[0]) + vdi_return_list.append(dict(vdi_type="swap", vdi_uuid=swap_info[1])) - # If we find a swap.vhd, go ahead and copy it into the SR - swap_vdi_uuid = None - orig_swap_path = os.path.join(staging_path, 'swap.vhd') - if os.path.exists(orig_swap_path): - swap_path, swap_vdi_uuid = rename_with_uuid(orig_swap_path) - move_into_sr(swap_path) + for path in paths_to_move: + move_into_sr(path) - vdi_uuids = {} - vdi_uuids['primary_vdi_uuid'] = vdi_uuid - if swap_vdi_uuid: - vdi_uuids['swap_vdi_uuid'] = swap_vdi_uuid + return vdi_return_list - move_into_sr(base_copy_path) - return vdi_uuids def _prepare_staging_area_for_upload(sr_path, staging_path, vdi_uuids): """Hard-link VHDs into staging area with appropriate filename @@ -339,7 +366,9 @@ def download_vhd(session, args): try: _download_tarball(sr_path, staging_path, image_id, glance_host, glance_port) - return json.dumps(_fixup_vhds(sr_path, staging_path, uuid_stack)) + # Right now, it's easier to return a single string via XenAPI, + # so we'll json encode the list of VHDs. + return json.dumps(_import_vhds(sr_path, staging_path, uuid_stack)) finally: _cleanup_staging_area(staging_path) -- cgit From 04785db717492c8ba7c2d184924b3773ec944f4c Mon Sep 17 00:00:00 2001 From: Chris Behrens Date: Thu, 26 May 2011 19:37:51 +0000 Subject: fix image_path in glance plugin --- plugins/xenserver/xenapi/etc/xapi.d/plugins/glance | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'plugins') diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance index 039d1b8f6..fef31a9ff 100644 --- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance +++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance @@ -203,7 +203,8 @@ def _import_vhds(sr_path, staging_path, uuid_stack): paths_to_move.append(image_info[0]) - snap_info = prepare_if_exists(staging_path, 'snap.vhd', image_path) + snap_info = prepare_if_exists(staging_path, 'snap.vhd', + image_info[0]) if snap_info: paths_to_move.append(snap_info[0]) # We return this snap as the VDI instead of image.vhd -- cgit From 9e22f51c80cc5f7f5ea60b5b8bb779779a19667c Mon Sep 17 00:00:00 2001 From: Chris Behrens Date: Thu, 26 May 2011 20:01:09 +0000 Subject: put back the hidden assert check i accidentally removed from glance plugin --- plugins/xenserver/xenapi/etc/xapi.d/plugins/glance | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins') diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance index fef31a9ff..0c00d168b 100644 --- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance +++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance @@ -210,11 +210,13 @@ def _import_vhds(sr_path, staging_path, uuid_stack): # We return this snap as the VDI instead of image.vhd vdi_return_list.append(dict(vdi_type="os", vdi_uuid=snap_info[1])) else: + assert_vhd_not_hidden(image_info[0]) # If there's no snap, we return the image.vhd UUID vdi_return_list.append(dict(vdi_type="os", vdi_uuid=image_info[1])) swap_info = prepare_if_exists(staging_path, 'swap.vhd') if swap_info: + assert_vhd_not_hidden(swap_info[0]) paths_to_move.append(swap_info[0]) vdi_return_list.append(dict(vdi_type="swap", vdi_uuid=swap_info[1])) -- cgit From 613aee2dd146957cb0c040d7a7a1a661b487efbc Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Thu, 26 May 2011 16:58:06 -0400 Subject: move udev file so it follows the xen-backend.rules --- plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules | 3 --- .../xenserver/networking/etc/udev/rules.d/xen-openvswitch-nova.rules | 3 +++ .../networking/etc/xensource/scripts/ovs_configure_vif_flows.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) delete mode 100644 plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules create mode 100644 plugins/xenserver/networking/etc/udev/rules.d/xen-openvswitch-nova.rules (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules b/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules deleted file mode 100644 index b179f0847..000000000 --- a/plugins/xenserver/networking/etc/udev/rules.d/openvswitch-nova.rules +++ /dev/null @@ -1,3 +0,0 @@ -SUBSYSTEM=="xen-backend", KERNEL=="vif*", RUN+="/etc/xensource/scripts/ovs_configure_vif_flows.py $env{ACTION} %k all" -# is this one needed? -#SUBSYSTEM=="net", KERNEL=="tap*", RUN+="/etc/xensource/scripts/ovs_configure_vif_flows.py $env{ACTION} %k all" diff --git a/plugins/xenserver/networking/etc/udev/rules.d/xen-openvswitch-nova.rules b/plugins/xenserver/networking/etc/udev/rules.d/xen-openvswitch-nova.rules new file mode 100644 index 000000000..b179f0847 --- /dev/null +++ b/plugins/xenserver/networking/etc/udev/rules.d/xen-openvswitch-nova.rules @@ -0,0 +1,3 @@ +SUBSYSTEM=="xen-backend", KERNEL=="vif*", RUN+="/etc/xensource/scripts/ovs_configure_vif_flows.py $env{ACTION} %k all" +# is this one needed? +#SUBSYSTEM=="net", KERNEL=="tap*", RUN+="/etc/xensource/scripts/ovs_configure_vif_flows.py $env{ACTION} %k all" diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 2ebc4dd8c..9fde69377 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -172,7 +172,7 @@ def apply_ovs_ipv6_flows(ovs, bridge, params): if __name__ == "__main__": if len(sys.argv) != 4: - print "usage: %s [online|offline] vif-domid-idx ipv4|ipv6|all " % \ + print "usage: %s [online|offline] vif-domid-idx [ipv4|ipv6|all] " % \ os.path.basename(sys.argv[0]) sys.exit(1) else: -- cgit From 2bd6e5561339a6755709461dab9aa6cad4a1cf81 Mon Sep 17 00:00:00 2001 From: Cory Wright Date: Tue, 31 May 2011 09:51:20 -0400 Subject: pep8 fixes --- .../etc/xensource/scripts/ovs_configure_base_flows.py | 11 ++++++----- .../etc/xensource/scripts/ovs_configure_vif_flows.py | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'plugins') diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py index 0186a3c8b..514a43a2d 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_base_flows.py @@ -34,13 +34,13 @@ def main(command, phys_dev_name, bridge_name): ovs_ofctl('del-flows', bridge_name) if command in ('online', 'reset'): - pnic_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get', 'Interface', - phys_dev_name, 'ofport') + pnic_ofport = execute_get_output('/usr/bin/ovs-vsctl', 'get', + 'Interface', phys_dev_name, 'ofport') # these flows are lower priority than all VM-specific flows. - # allow all traffic from the physical NIC, as it is trusted (i.e., from a - # filtered vif, or from the physical infrastructure + # allow all traffic from the physical NIC, as it is trusted (i.e., + # from a filtered vif, or from the physical infrastructure) ovs_ofctl('add-flow', bridge_name, "priority=2,in_port=%s,actions=normal" % pnic_ofport) @@ -53,7 +53,8 @@ if __name__ == "__main__": print sys.argv script_name = os.path.basename(sys.argv[0]) print "This script configures base ovs flows." - print "usage: %s [online|offline|reset] phys-dev-name bridge-name" % script_name + print "usage: %s [online|offline|reset] phys-dev-name bridge-name" \ + % script_name print " ex: %s online eth0 xenbr0" % script_name sys.exit(1) else: diff --git a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py index 9fde69377..accd08b91 100755 --- a/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py +++ b/plugins/xenserver/networking/etc/xensource/scripts/ovs_configure_vif_flows.py @@ -52,7 +52,7 @@ def main(command, vif_raw, net_type): vif_name, dom_id, vif_index = vif_raw.split('-') vif = "%s%s.%s" % (vif_name, dom_id, vif_index) bridge = "xenbr%s" % vif_index - + xsls = execute_get_output('/usr/bin/xenstore-ls', '/local/domain/%s/vm-data/networking' % dom_id) macs = [line.split("=")[0].strip() for line in xsls.splitlines()] -- cgit