X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=xenserver%2Fetc_xapi.d_plugins_openvswitch-cfg-update;h=60cd7167bfe16bfa8dcb332e6bd6a15b393e7a02;hb=6c88547dd0f75a29e6d1c0cd3c76d9678fa4752f;hp=f001d2f61706cdac56863870cfb48a6b960de582;hpb=2576975552851665507a715ca6de9ed6c4efd95b;p=sliver-openvswitch.git

diff --git a/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update b/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update
index f001d2f61..60cd7167b 100755
--- a/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update
+++ b/xenserver/etc_xapi.d_plugins_openvswitch-cfg-update
@@ -26,8 +26,10 @@ import XenAPI
 import os
 import subprocess
 import syslog
+import re
 
 vsctl="/usr/bin/ovs-vsctl"
+ofctl="/usr/bin/ovs-ofctl"
 cacert_filename="/etc/openvswitch/vswitchd.cacert"
 
 # Delete the CA certificate, so that we go back to boot-strapping mode
@@ -54,6 +56,7 @@ def update(session, args):
         raise XenAPIPlugin.Failure("NO_POOL_FOR_HOST", [])
     if len(pools) > 1:
         raise XenAPIPlugin.Failure("MORE_THAN_ONE_POOL_FOR_HOST", [])
+    new_controller = False
     pool = session.xenapi.pool.get_record(pools[0])
     controller = pool.get("vswitch_controller", "")
     ret_str = ""
@@ -73,6 +76,7 @@ def update(session, args):
         except:
             pass
         setControllerCfg(controller)
+        new_controller = True
         ret_str += "Successfully set controller to %s.  " % controller
 
     try:
@@ -89,6 +93,18 @@ def update(session, args):
         except KeyError:
             pass
 
+    # If new controller, get managagment MAC addresses from XAPI now
+    # in case fail_mode set to secure which may affect XAPI access
+    mgmt_bridge = None
+    host_mgmt_mac = None
+    host_mgmt_device = None
+    pool_mgmt_macs = {}
+    if new_controller:
+        for n in session.xenapi.PIF.get_all():
+            rec = session.xenapi.PIF.get_record(n)
+            if rec.get('management', False):
+                pool_mgmt_macs[rec.get('MAC')] = rec.get('device')
+
     dib_changed = False
     fail_mode_changed = False
     for bridge in vswitchCfgQuery(['list-br']).split():
@@ -141,6 +157,29 @@ def update(session, args):
                 "fail_mode=%s" % fail_mode])
             fail_mode_changed = True
 
+        # Determine local mgmt MAC address if host being added to secure
+        # pool so we can add default flows to allow management traffic
+        if new_controller and fail_mode_changed and pool_fail_mode == "secure":
+            oc = vswitchCfgQuery(["get", "Bridge", bridge, "other-config"])
+            m = re.match('.*hwaddr="([0-9a-fA-F:].*)".*', oc)
+            if m and m.group(1) in pool_mgmt_macs.keys():
+                mgmt_bridge = bridge
+                host_mgmt_mac = m.group(1)
+                host_mgmt_device = pool_mgmt_macs[host_mgmt_mac]
+
+    if host_mgmt_mac is not None and mgmt_bridge is not None and \
+        host_mgmt_device is not None:
+        tp = "idle_timeout=0,priority=0"
+        port = vswitchCfgQuery(["get", "interface", host_mgmt_device, "ofport"])
+        addFlow(mgmt_bridge, "%s,in_port=%s,arp,nw_proto=1,actions=local" % \
+            (tp, port))
+        addFlow(mgmt_bridge, "%s,in_port=local,arp,dl_src=%s,actions=%s" % \
+            (tp, host_mgmt_mac, port))
+        addFlow(mgmt_bridge, "%s,in_port=%s,dl_dst=%s,actions=local" % \
+            (tp, port, host_mgmt_mac))
+        addFlow(mgmt_bridge, "%s,in_port=local,dl_src=%s,actions=%s" % \
+            (tp, host_mgmt_mac, port))
+
     if dib_changed:
         ret_str += "Updated in-band management.  "
     if fail_mode_changed:
@@ -176,7 +215,7 @@ def setControllerCfg(controller):
                    "--", "set-manager", 'ssl:' + controller + ':6632'])
 
 def vswitchCfgQuery(action_args):
-    cmd = [vsctl, "--timeout=5", "-vANY:console:emer"] + action_args
+    cmd = [vsctl, "--timeout=5", "-vANY:console:off"] + action_args
     output = subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate()
     if len(output) == 0 or output[0] == None:
         output = ""
@@ -185,7 +224,7 @@ def vswitchCfgQuery(action_args):
     return output
 
 def vswitchCfgMod(action_args):
-    cmd = [vsctl, "--timeout=5", "-vANY:console:emer"] + action_args
+    cmd = [vsctl, "--timeout=5", "-vANY:console:off"] + action_args
     exitcode = subprocess.call(cmd)
     if exitcode != 0:
         raise XenAPIPlugin.Failure("VSWITCH_CONFIG_MOD_FAILURE",
@@ -199,6 +238,13 @@ def emergency_reset(session, args):
                                    [ str(exitcode) ])
 
     return "Successfully reset configuration"
+
+def addFlow(switch, flow):
+    cmd = [ofctl, "add-flow", switch, flow]
+    exitcode = subprocess.call(cmd)
+    if exitcode != 0:
+        raise XenAPIPlugin.Failure("VSWITCH_ADD_FLOW_FAILURE",
+                                   [ str(exitcode) , str(switch), str(flow) ])
     
 if __name__ == "__main__":
     XenAPIPlugin.dispatch({"update": update,