X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=xenserver%2Fetc_xapi.d_plugins_vswitch-cfg-update;h=7f49e33a9fc7641bd923fa412617758108757b7c;hb=fb892732bac6787c6fb943554f8000e26477dd85;hp=7472d1b476fb0298575b933de7cf365857e629b3;hpb=4d678233e981fa319a338f6b0949e9dc625941a4;p=sliver-openvswitch.git diff --git a/xenserver/etc_xapi.d_plugins_vswitch-cfg-update b/xenserver/etc_xapi.d_plugins_vswitch-cfg-update index 7472d1b47..7f49e33a9 100755 --- a/xenserver/etc_xapi.d_plugins_vswitch-cfg-update +++ b/xenserver/etc_xapi.d_plugins_vswitch-cfg-update @@ -26,8 +26,7 @@ import XenAPI import os import subprocess -cfg_mod="/usr/bin/ovs-cfg-mod" -vswitchd_cfg_filename="/etc/ovs-vswitchd.conf" +vsctl="/usr/bin/ovs-vsctl" cacert_filename="/etc/ovs-vswitchd.cacert" # Delete the CA certificate, so that we go back to boot-strapping mode @@ -50,6 +49,23 @@ def update(session, args): controller = pool["other_config"]["vSwitchController"] except KeyError, e: controller = "" + if controller == "do-not-update": + return "XAPI key set to do-not-update" + if controller.startswith("for-bridges|"): + l = controller.split("|")[1:] + for netctrl in l: + xapiNet = session.xenapi.network + n, t = netctrl.split("=") + blist = xapiNet.get_by_name_label(n) + if len(blist) == 0: + # If there is no bridge for the network, just keep + # going so we bring up as much as possible. + continue + elif len(blist) > 1: + raise XenAPIPlugin.Failure("TOO_MANY_MATCHING_NETWORKS", [n,blist]) + b = xapiNet.get_bridge(blist[0]) + setBrControllerCfg(b, t) + return "Completed setting controllers on specific bridges" currentController = vswitchCurrentController() if controller == "" and currentController != "": delete_cacert() @@ -61,9 +77,9 @@ def update(session, args): return "Successfully set controller to " + controller else: return "No change to configuration" - + def vswitchCurrentController(): - controller = vswitchCfgQuery("mgmt.controller") + controller = vswitchCfgQuery("get-controller") if controller == "": return controller if len(controller) < 4 or controller[0:4] != "ssl:": @@ -72,26 +88,83 @@ def vswitchCurrentController(): return controller[4:] def removeControllerCfg(): - vswitchCfgMod(["--del-match", "mgmt.controller=*", - "--del-match", "ssl.bootstrap-ca-cert=*", - "--del-match", "ssl.ca-cert=*", - "--del-match", "ssl.private-key=*", - "--del-match", "ssl.certificate=*"]) - + vswitchCfgMod(["--", "del-controller", + "--", "del-ssl"]) + +def setBrControllerCfg(br, target): + # Terrible hack... When this is run at boot the required bridges + # may not be present. So, we fork a process for each bridge that + # needs to be set which sits around in the background and updates + # it when it becomes available, finally timing out after a long + # interval if it never becomes available. + # + # The right way to do this is to hook the bridge creation somehow + # but I don't believe this is possible in XenServer 5.5 without + # either listening to XAPI events or writing it in C code in + # brcompatd. + import time + import syslog + import resource + + p = os.fork() + if p != 0: + return + + os.setsid() + p = os.fork() + if p != 0: + sys.exit(0) + + os.chdir("/") + os.umask(0) + maxfd = resource.getrlimit(resource.RLIMIT_NOFILE)[1] + if maxfd == resource.RLIM_INFINITY: + maxfd = 1024 + for fd in range(0, maxfd): + try: + os.close(fd) + except OSError: + pass + os.open("/dev/null", os.O_RDWR) + os.dup2(0, 1) + os.dup2(0, 2) + + syslog.openlog("vswitch-cfg-update", syslog.LOG_PID) + syslog.syslog(syslog.LOG_INFO, + "Started background process waiting on bridge %s" % (br,)) + + count = 0 + error = None + sleep_time = 10 + while count < 60: + count += 1 + try: + vswitchCfgMod(["--", "del-controller", br, + "--", "set-controller", br, target, + "--", "set-fail-mode", br, "secure"]) + except XenAPIPlugin.Failure, e: + error = e + syslog.syslog(syslog.LOG_INFO, + "Attempt to set br %s controller failed" % (br,)) + time.sleep(sleep_time) + continue + syslog.syslog(syslog.LOG_INFO, + "Successfully set br %s controller to %s" % (br, repr(target))) + return + syslog.syslog(syslog.LOG_ERR, + "Giving up on setting br %s controller" % (br,)) + def setControllerCfg(controller): - vswitchCfgMod(["--del-match", "mgmt.controller=*", - "--del-match", "ssl.bootstrap-ca-cert=*", - "--del-match", "ssl.ca-cert=*", - "--del-match", "ssl.private-key=*", - "--del-match", "ssl.certificate=*", - "-a", "mgmt.controller=ssl:" + controller, - "-a", "ssl.bootstrap-ca-cert=true", - "-a", "ssl.ca-cert=/etc/ovs-vswitchd.cacert", - "-a", "ssl.private-key=/etc/xensource/xapi-ssl.pem", - "-a", "ssl.certificate=/etc/xensource/xapi-ssl.pem"]) - -def vswitchCfgQuery(key): - cmd = [cfg_mod, "--config-file=" + vswitchd_cfg_filename, "-q", key] + vswitchCfgMod(["--", "del-controller", + "--", "del-ssl", + "--", "--bootstrap", "set-ssl", + "/etc/xensource/xapi-ssl.pem", + "/etc/xensource/xapi-ssl.pem", + "/etc/ovs-vswitchd.cacert", + "--", "set-controller", "ssl:" + controller]) + +def vswitchCfgQuery(action): + cmd = [vsctl, "-vANY:console:emer", action] output = subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate() if len(output) == 0 or output[0] == None: output = "" @@ -100,19 +173,11 @@ def vswitchCfgQuery(key): return output def vswitchCfgMod(action_args): - cmd = [cfg_mod, "-vANY:console:emer", - "--config-file=" + vswitchd_cfg_filename] + action_args + cmd = [vsctl, "-vANY:console:emer"] + action_args exitcode = subprocess.call(cmd) if exitcode != 0: raise XenAPIPlugin.Failure("VSWITCH_CONFIG_MOD_FAILURE", [ str(exitcode) , str(action_args) ]) - vswitchReload() -def vswitchReload(): - exitcode = subprocess.call(["/sbin/service", "vswitch", "reload"]) - if exitcode != 0: - raise XenAPIPlugin.Failure("VSWITCH_CFG_RELOAD_FAILURE", [ str(exitcode) ]) - - if __name__ == "__main__": XenAPIPlugin.dispatch({"update": update})