X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=xenserver%2Fetc_xapi.d_plugins_openvswitch-cfg-update;h=bceccbf4cb985f3c6aa31e8fb73c5de354fd617b;hb=9fc47ed759a82391070dfbda0e06592eb0a18391;hp=f001d2f61706cdac56863870cfb48a6b960de582;hpb=2576975552851665507a715ca6de9ed6c4efd95b;p=openvswitch diff --git a/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update b/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update index f001d2f6..bceccbf4 100755 --- a/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update +++ b/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update @@ -26,8 +26,10 @@ import XenAPI import os import subprocess import syslog +import re vsctl="/usr/bin/ovs-vsctl" +ofctl="/usr/bin/ovs-ofctl" cacert_filename="/etc/openvswitch/vswitchd.cacert" # Delete the CA certificate, so that we go back to boot-strapping mode @@ -54,6 +56,7 @@ def update(session, args): raise XenAPIPlugin.Failure("NO_POOL_FOR_HOST", []) if len(pools) > 1: raise XenAPIPlugin.Failure("MORE_THAN_ONE_POOL_FOR_HOST", []) + new_controller = False pool = session.xenapi.pool.get_record(pools[0]) controller = pool.get("vswitch_controller", "") ret_str = "" @@ -73,6 +76,7 @@ def update(session, args): except: pass setControllerCfg(controller) + new_controller = True ret_str += "Successfully set controller to %s. " % controller try: @@ -89,6 +93,18 @@ def update(session, args): except KeyError: pass + # If new controller, get managagment MAC addresses from XAPI now + # in case fail_mode set to secure which may affect XAPI access + mgmt_bridge = None + host_mgmt_mac = None + host_mgmt_device = None + pool_mgmt_macs = {} + if new_controller: + for n in session.xenapi.PIF.get_all(): + rec = session.xenapi.PIF.get_record(n) + if rec.get('management', False): + pool_mgmt_macs[rec.get('MAC')] = rec.get('device') + dib_changed = False fail_mode_changed = False for bridge in vswitchCfgQuery(['list-br']).split(): @@ -141,6 +157,29 @@ def update(session, args): "fail_mode=%s" % fail_mode]) fail_mode_changed = True + # Determine local mgmt MAC address if host being added to secure + # pool so we can add default flows to allow management traffic + if new_controller and fail_mode_changed and pool_fail_mode == "secure": + oc = vswitchCfgQuery(["get", "Bridge", bridge, "other-config"]) + m = re.match('.*hwaddr="([0-9a-fA-F:].*)".*', oc) + if m and m.group(1) in pool_mgmt_macs.keys(): + mgmt_bridge = bridge + host_mgmt_mac = m.group(1) + host_mgmt_device = pool_mgmt_macs[host_mgmt_mac] + + if host_mgmt_mac is not None and mgmt_bridge is not None and \ + host_mgmt_device is not None: + tp = "idle_timeout=0,priority=0" + port = vswitchCfgQuery(["get", "interface", host_mgmt_device, "ofport"]) + addFlow(mgmt_bridge, "%s,in_port=%s,arp,nw_proto=1,actions=local" % \ + (tp, port)) + addFlow(mgmt_bridge, "%s,in_port=local,arp,dl_src=%s,actions=%s" % \ + (tp, host_mgmt_mac, port)) + addFlow(mgmt_bridge, "%s,in_port=%s,dl_dst=%s,actions=local" % \ + (tp, port, host_mgmt_mac)) + addFlow(mgmt_bridge, "%s,in_port=local,dl_src=%s,actions=%s" % \ + (tp, host_mgmt_mac, port)) + if dib_changed: ret_str += "Updated in-band management. " if fail_mode_changed: @@ -199,6 +238,13 @@ def emergency_reset(session, args): [ str(exitcode) ]) return "Successfully reset configuration" + +def addFlow(switch, flow): + cmd = [ofctl, "add-flow", switch, flow] + exitcode = subprocess.call(cmd) + if exitcode != 0: + raise XenAPIPlugin.Failure("VSWITCH_ADD_FLOW_FAILURE", + [ str(exitcode) , str(switch), str(flow) ]) if __name__ == "__main__": XenAPIPlugin.dispatch({"update": update,