apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
cloudstack/scripts/vm/network/vnet/ovstunnel.py
John Bampton 8e538028b2
Enable Flake8 rule W391 (#6606) 
Best practice is to have one blank line at the end of Python files.

Remove unneeded blank lines from the end of files
2022-11-13 11:00:07 +01:00

312 lines
13 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/python3
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Creates a tunnel mesh across xenserver hosts
# Enforces broadcast drop rules on ingress GRE tunnels
import cloudstack_pluginlib as lib
import logging
import subprocess
import os
import sys
import subprocess
import time
import json
from optparse import OptionParser, OptionGroup, OptParseError, BadOptionError, OptionError, OptionConflictError, OptionValueError
from time import localtime as _localtime, asctime as _asctime
def setup_ovs_bridge(bridge, key, cs_host_id):
res = lib.check_switch()
if res != "SUCCESS":
#return "FAILURE:%s" % res
return 'false'
logging.debug("About to manually create the bridge:%s" % bridge)
#set gre_key to bridge
res = lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge,
"other_config:gre_key=%s" % key])
# enable stp
lib.do_cmd([lib.VSCTL_PATH, "set", "Bridge", bridge, "stp_enable=true"])
logging.debug("Bridge has been manually created:%s" % res)
if res:
# result = "FAILURE:%s" % res
result = 'false'
else:
# Verify the bridge actually exists, with the gre_key properly set
res = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge",
bridge, "other_config:gre_key"])
if key in str(res):
# result = "SUCCESS:%s" % bridge
result = 'true'
else:
# result = "FAILURE:%s" % res
result = 'false'
lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge, "other_config:is-ovs-tun-network=True"])
#get list of hosts using this bridge
conf_hosts = lib.do_cmd([lib.VSCTL_PATH, "get","bridge", bridge,"other_config:ovs-host-setup"])
#add cs_host_id to list of hosts using this bridge
conf_hosts = cs_host_id + (conf_hosts and ',%s' % eval(conf_hosts) or '')
lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge,
"other_config:ovs-host-setup=%s" % conf_hosts])
logging.debug("Setup_ovs_bridge completed with result:%s" % result)
return result
def setup_ovs_bridge_for_distributed_routing(bridge, cs_host_id):
res = lib.check_switch()
if res != "SUCCESS":
return "FAILURE:%s" % res
logging.debug("About to manually create the bridge:%s" % bridge)
res = lib.do_cmd([lib.VSCTL_PATH, "--", "--may-exist", "add-br", bridge])
logging.debug("Bridge has been manually created:%s" % res)
# Non empty result means something went wrong
if res:
result = "FAILURE:%s" % res
else:
# Verify the bridge actually exists
res = lib.do_cmd([lib.VSCTL_PATH, "list", "bridge", bridge])
res = lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge, "other_config:is-ovs_vpc_distributed_vr_network=True"])
conf_hosts = lib.do_cmd([lib.VSCTL_PATH, "get","bridge", bridge,"other:ovs-host-setup"])
conf_hosts = cs_host_id + (conf_hosts and ',%s' % eval(conf_hosts) or '')
lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge,
"other_config:ovs-host-setup=%s" % conf_hosts])
# add a default flow rule to send broadcast and multi-cast packets to L2 flooding table
lib.add_flow(bridge, priority=1000, dl_dst='ff:ff:ff:ff:ff:ff', table=0, actions='resubmit(,2)')
lib.add_flow(bridge, priority=1000, nw_dst='224.0.0.0/24', table=0, actions='resubmit(,2)')
# add a default flow rule to send uni-cast traffic to L2 lookup table
lib.add_flow(bridge, priority=0, table=0, actions='resubmit(,1)')
# add a default rule to send unknown mac address to L2 flooding table
lib.add_flow(bridge, priority=0, table=1, actions='resubmit(,2)')
# add a default rule in L2 flood table to drop packet
lib.add_flow(bridge, priority=0, table=2, actions='drop')
# add a default rule in egress table to forward packet to L3 lookup table
lib.add_flow(bridge, priority=0, table=3, actions='resubmit(,4)')
# add a default rule in L3 lookup table to forward packet to L2 lookup table
lib.add_flow(bridge, priority=0, table=4, actions='resubmit(,1)')
# add a default rule in ingress table to drop in bound packets
lib.add_flow(bridge, priority=0, table=5, actions='drop')
result = "SUCCESS: successfully setup bridge with flow rules"
logging.debug("Setup_ovs_bridge completed with result:%s" % result)
return result
def destroy_ovs_bridge(bridge):
res = lib.check_switch()
if res != "SUCCESS":
# return res
return 'false'
res = lib.do_cmd([lib.VSCTL_PATH, "del-br", bridge])
logging.debug("Bridge has been manually removed:%s" % res)
if res:
# result = "FAILURE:%s" % res
result = 'false'
else:
# result = "SUCCESS:%s" % bridge
result = 'true'
logging.debug("Destroy_ovs_bridge completed with result:%s" % result)
return result
def create_tunnel(bridge, remote_ip, key, src_host, dst_host):
logging.debug("Entering create_tunnel")
res = lib.check_switch()
if res != "SUCCESS":
logging.debug("Openvswitch running: NO")
# return "FAILURE:%s" % res
return 'false'
# We need to keep the name below 14 characters
# src and target are enough - consider a fixed length hash
name = "t%s-%s-%s" % (key, src_host, dst_host)
# Verify the bridge to be created
# NOTE: Timeout should not be necessary anymore
wait = [lib.VSCTL_PATH, "--timeout=30", "wait-until", "bridge",
bridge, "--", "get", "bridge", bridge, "name"]
res = lib.do_cmd(wait)
if bridge not in str(res):
logging.debug("WARNING:Can't find bridge %s for creating " +
"tunnel!" % bridge)
# return "FAILURE:NO_BRIDGE"
return 'false'
logging.debug("bridge %s for creating tunnel - VERIFIED" % bridge)
tunnel_setup = False
drop_flow_setup = False
try:
# Create a port and configure the tunnel interface for it
add_tunnel = [lib.VSCTL_PATH, "add-port", bridge,
name, "--", "set", "interface",
name, "type=gre", "options:key=%s" % key,
"options:remote_ip=%s" % remote_ip]
lib.do_cmd(add_tunnel)
tunnel_setup = True
# verify port
verify_port = [lib.VSCTL_PATH, "get", "port", name, "interfaces"]
res = lib.do_cmd(verify_port)
# Expecting python-style list as output
iface_list = []
if len(res) > 2:
iface_list = res.strip()[1:-1].split(b',')
if len(iface_list) != 1:
logging.debug("WARNING: Unexpected output while verifying " +
"port %s on bridge %s" % (name, bridge))
# return "FAILURE:VERIFY_PORT_FAILED"
return 'false'
# verify interface
iface_uuid = iface_list[0]
verify_interface_key = [lib.VSCTL_PATH, "get", "interface",
iface_uuid, "options:key"]
verify_interface_ip = [lib.VSCTL_PATH, "get", "interface",
iface_uuid, "options:remote_ip"]
key_validation = lib.do_cmd(verify_interface_key)
ip_validation = lib.do_cmd(verify_interface_ip)
if not key in str(key_validation) or not remote_ip in str(ip_validation):
logging.debug("WARNING: Unexpected output while verifying " +
"interface %s on bridge %s" % (name, bridge))
# return "FAILURE:VERIFY_INTERFACE_FAILED"
return 'false'
logging.debug("Tunnel interface validated:%s" % verify_interface_ip)
cmd_tun_ofport = [lib.VSCTL_PATH, "get", "interface",
iface_uuid, "ofport"]
tun_ofport = lib.do_cmd(cmd_tun_ofport)
# Ensure no trailing LF
if tun_ofport.endswith(b'\n'):
tun_ofport = tun_ofport[:-1]
try:
ovs_tunnel_network = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge", bridge, "other_config:is-ovs-tun-network"])
except:
ovs_tunnel_network = 'False'
try:
ovs_vpc_distributed_vr_network = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge", bridge,
"other_config:is-ovs_vpc_distributed_vr_network"])
except:
ovs_vpc_distributed_vr_network = 'False'
if ovs_tunnel_network == 'True':
# add flow entryies for dropping broadcast coming in from gre tunnel
lib.add_flow(bridge, priority=1000, in_port=tun_ofport,
dl_dst='ff:ff:ff:ff:ff:ff', actions='drop')
lib.add_flow(bridge, priority=1000, in_port=tun_ofport,
nw_dst='224.0.0.0/24', actions='drop')
drop_flow_setup = True
if ovs_vpc_distributed_vr_network == 'True':
# add flow rules for dropping broadcast coming in from tunnel ports
lib.add_flow(bridge, priority=1000, in_port=tun_ofport, table=0,
dl_dst='ff:ff:ff:ff:ff:ff', actions='drop')
lib.add_flow(bridge, priority=1000, in_port=tun_ofport, table=0,
nw_dst='224.0.0.0/24', actions='drop')
# add flow rule to send the traffic from tunnel ports to L2 switching table only
lib.add_flow(bridge, priority=1000, in_port=tun_ofport, table=0, actions='resubmit(,1)')
lib.do_cmd([lib.VSCTL_PATH, "set", "interface", name, "options:cloudstack-network-id=%s" % network_uuid])
logging.debug("Broadcast drop rules added")
# return "SUCCESS:%s" % name
return 'true'
except:
logging.debug("An unexpected error occurred. Rolling back")
if tunnel_setup:
logging.debug("Deleting GRE interface")
# Destroy GRE port and interface
lib.del_port(bridge, name)
if drop_flow_setup:
# Delete flows
logging.debug("Deleting flow entries from GRE interface")
lib.del_flows(bridge, in_port=tun_ofport)
# This will not cancel the original exception
raise
def destroy_tunnel(bridge, iface_name):
logging.debug("Destroying tunnel at port %s for bridge %s"
% (iface_name, bridge))
ofport = get_field_of_interface(iface_name, "ofport")
lib.del_flows(bridge, in_port=ofport)
lib.del_port(bridge, iface_name)
# return "SUCCESS"
return 'true'
def get_field_of_interface(iface_name, field):
get_iface_cmd = [lib.VSCTL_PATH, "get", "interface", iface_name, field]
res = lib.do_cmd(get_iface_cmd)
return res
if __name__ == '__main__':
logging.basicConfig(filename="/var/log/cloudstack/agent/ovstunnel.log", format="%(asctime)s - %(message)s", level=logging.DEBUG)
parser = OptionParser()
parser.add_option("--key", dest="key")
parser.add_option("--cs_host_id", dest="cs_host_id")
parser.add_option("--bridge", dest="bridge")
parser.add_option("--remote_ip", dest="remote_ip")
parser.add_option("--src_host", dest="src_host")
parser.add_option("--dst_host", dest="dst_host")
parser.add_option("--iface_name", dest="iface_name")
parser.add_option("--config", dest="config")
(option, args) = parser.parse_args()
if len(args) == 0:
logging.debug("No command to execute")
sys.exit(1)
cmd = args[0]
if cmd == "setup_ovs_bridge":
setup_ovs_bridge(option.bridge, option.key, option.cs_host_id)
elif cmd == "destroy_ovs_bridge":
destroy_ovs_bridge(option.bridge)
elif cmd == "create_tunnel":
create_tunnel(option.bridge, option.remote_ip, option.key, option.src_host, option.dst_host)
elif cmd == "destroy_tunnel":
destroy_tunnel(option.bridge, option.iface_name)
elif cmd == "setup_ovs_bridge_for_distributed_routing":
setup_ovs_bridge_for_distributed_routing(bridge, cs_host_id)
elif cmd == "configure_ovs_bridge_for_network_topology":
configure_bridge_for_network_topology(brdige, cs_host_id, config)
elif cmd == "configure_ovs_bridge_for_routing_policies":
configure_ovs_bridge_for_routing_policies(bridge, config)
else:
logging.debug("Unknown command: " + cmd)
sys.exit(1)
Reference in New Issue View Git Blame Copy Permalink