+ elif pif_is_tunnel(pif):
+ datapath_configure_tunnel(pif)
+
+ vsctl_argv += ['# configure Bridge MAC']
+ vsctl_argv += ['--', 'set', 'Bridge', bridge,
+ 'other-config:hwaddr=%s' % vsctl_escape(db().get_pif_record(pif)['MAC'])]
+
+ pool = db().get_pool_record()
+ network = db().get_network_by_bridge(bridge)
+ network_rec = None
+ fail_mode = None
+ valid_fail_modes = ['standalone', 'secure']
+
+ if network:
+ network_rec = db().get_network_record(network)
+ fail_mode = network_rec['other_config'].get('vswitch-controller-fail-mode')
+
+ if (fail_mode not in valid_fail_modes) and pool:
+ fail_mode = pool['other_config'].get('vswitch-controller-fail-mode')
+ # Add default flows to allow management traffic if fail-mode
+ # transitions to secure based on pool fail-mode setting
+ if fail_mode == 'secure' and db().get_pif_record(pif).get('management', False):
+ prev_fail_mode = vswitchCfgQuery(['get-fail-mode', bridge])
+ if prev_fail_mode != 'secure':
+ tp = 'idle_timeout=0,priority=0'
+ host_mgmt_mac = db().get_pif_record(pif)['MAC']
+ # account for bond as management interface
+ if len(physical_devices) > 1:
+ bridge_flows += ['%s,in_port=local,arp,dl_src=%s,actions=NORMAL' % (tp, host_mgmt_mac)]
+ bridge_flows += ['%s,in_port=local,dl_src=%s,actions=NORMAL' % (tp, host_mgmt_mac)]
+ # we don't know slave ofports yet, substitute later
+ bridge_flows += ['%s,in_port=%%s,arp,nw_proto=1,actions=local' % (tp)]
+ bridge_flows += ['%s,in_port=%%s,dl_dst=%s,actions=local' % (tp, host_mgmt_mac)]
+ else:
+ bridge_flows += ['%s,in_port=%%s,arp,nw_proto=1,actions=local' % (tp)]
+ bridge_flows += ['%s,in_port=local,arp,dl_src=%s,actions=%%s' % (tp, host_mgmt_mac)]
+ bridge_flows += ['%s,in_port=%%s,dl_dst=%s,actions=local' % (tp, host_mgmt_mac)]
+ bridge_flows += ['%s,in_port=local,dl_src=%s,actions=%%s' % (tp, host_mgmt_mac)]
+
+ if fail_mode not in valid_fail_modes:
+ fail_mode = 'standalone'
+
+ vsctl_argv += ['--', 'set', 'Bridge', bridge, 'fail_mode=%s' % fail_mode]
+
+ if network_rec:
+ dib = network_rec['other_config'].get('vswitch-disable-in-band')
+ if not dib:
+ vsctl_argv += ['--', 'remove', 'Bridge', bridge, 'other_config', 'disable-in-band']
+ elif dib in ['true', 'false']:
+ vsctl_argv += ['--', 'set', 'Bridge', bridge, 'other_config:disable-in-band=' + dib]
+ else:
+ log('"' + dib + '"' "isn't a valid setting for other_config:disable-in-band on " + bridge)