X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=xenserver%2Fopt_xensource_libexec_InterfaceReconfigureVswitch.py;h=1379fb4621190a34f20cbea2e4114dc2c8c0b6c3;hb=58fd55c0ebf544a6a031c0542dd6ae2c9a8bd7e1;hp=b7375555f20a86a4612a767c3ece8e4d9aab91ab;hpb=fe19e820e4e543ee29b1b159be8ef8ee03947650;p=sliver-openvswitch.git diff --git a/xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py b/xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py index b7375555f..1379fb462 100644 --- a/xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py +++ b/xenserver/opt_xensource_libexec_InterfaceReconfigureVswitch.py @@ -1,5 +1,5 @@ -# Copyright (c) 2008,2009 Citrix Systems, Inc. -# Copyright (c) 2009,2010 Nicira Networks. +# Copyright (c) 2008,2009,2011 Citrix Systems, Inc. +# Copyright (c) 2009,2010,2011,2012,2013 Nicira, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published @@ -12,7 +12,9 @@ # GNU Lesser General Public License for more details. # from InterfaceReconfigure import * +import os import re +import subprocess # # Bare Network Devices -- network devices without IP configuration @@ -37,6 +39,49 @@ def netdev_up(netdev, mtu=None): run_command(["/sbin/ifconfig", netdev, 'up'] + mtu) +# This is a list of drivers that do support VLAN tx or rx acceleration, but +# to which the VLAN bug workaround should not be applied. This could be +# because these are known-good drivers (that is, they do not have any of +# the bugs that the workaround avoids) or because the VLAN bug workaround +# will not work for them and may cause other problems. +# +# This is a very short list because few drivers have been tested. +NO_VLAN_WORKAROUND_DRIVERS = ( + "bonding", +) +def netdev_get_driver_name(netdev): + """Returns the name of the driver for network device 'netdev'""" + symlink = '%s/sys/class/net/%s/device/driver' % (root_prefix(), netdev) + try: + target = os.readlink(symlink) + except OSError, e: + log("%s: could not read netdev's driver name (%s)" % (netdev, e)) + return None + + slash = target.rfind('/') + if slash < 0: + log("target %s of symbolic link %s does not contain slash" + % (target, symlink)) + return None + + return target[slash + 1:] + +def netdev_get_features(netdev): + """Returns the features bitmap for the driver for 'netdev'. + The features bitmap is a set of NETIF_F_ flags supported by its driver.""" + try: + features = open("%s/sys/class/net/%s/features" % (root_prefix(), netdev)).read().strip() + return int(features, 0) + except: + return 0 # interface prolly doesn't exist + +def netdev_has_vlan_accel(netdev): + """Returns True if 'netdev' supports VLAN acceleration, False otherwise.""" + NETIF_F_HW_VLAN_TX = 128 + NETIF_F_HW_VLAN_RX = 256 + NETIF_F_VLAN = NETIF_F_HW_VLAN_TX | NETIF_F_HW_VLAN_RX + return (netdev_get_features(netdev) & NETIF_F_VLAN) != 0 + # # PIF miscellanea # @@ -146,6 +191,7 @@ def datapath_configure_bond(pif,slaves): "downdelay": "200", "updelay": "31000", "use_carrier": "1", + "hashing-algorithm": "src_mac", } # override defaults with values from other-config whose keys # being with "bond-" @@ -154,6 +200,8 @@ def datapath_configure_bond(pif,slaves): key.startswith("bond-"), oc.items()) overrides = map(lambda (key,val): (key[5:], val), overrides) bond_options.update(overrides) + mode = None + halgo = None argv += ['--', 'set', 'Port', interface] if pifrec['MAC'] != "": @@ -170,10 +218,47 @@ def datapath_configure_bond(pif,slaves): argv += ['bond_%s=%d' % (name, value)] except ValueError: log("bridge %s has invalid %s '%s'" % (bridge, name, value)) + elif name in ['miimon', 'use_carrier']: + try: + value = int(val) + if value < 0: + raise ValueError + + if name == 'use_carrier': + if value: + value = "carrier" + else: + value = "miimon" + argv += ["other-config:bond-detect-mode=%s" % value] + else: + argv += ["other-config:bond-miimon-interval=%d" % value] + except ValueError: + log("bridge %s has invalid %s '%s'" % (bridge, name, value)) + elif name == "mode": + mode = val + elif name == "hashing-algorithm": + halgo = val else: # Pass other bond options into other_config. argv += ["other-config:%s=%s" % (vsctl_escape("bond-%s" % name), vsctl_escape(val))] + + if mode == 'lacp': + argv += ['lacp=active'] + + if halgo == 'src_mac': + argv += ['bond_mode=balance-slb'] + elif halgo == "tcpudp_ports": + argv += ['bond_mode=balance-tcp'] + else: + log("bridge %s has invalid bond-hashing-algorithm '%s'" % (bridge, halgo)) + argv += ['bond_mode=balance-slb'] + elif mode in ['balance-slb', 'active-backup']: + argv += ['lacp=off', 'bond_mode=%s' % mode] + else: + log("bridge %s has invalid bond-mode '%s'" % (bridge, mode)) + argv += ['lacp=off', 'bond_mode=balance-slb'] + return argv def datapath_deconfigure_bond(netdev): @@ -208,10 +293,13 @@ def configure_datapath(pif): - A list containing the necessary vsctl command line arguments - A list of additional devices which should be brought up after the configuration is applied. + - A list containing flows to apply to the pif bridge, note that + port numbers may need to be substituted once ofport is known """ vsctl_argv = [] extra_up_ports = [] + bridge_flows = [] assert not pif_is_vlan(pif) bridge = pif_bridge_name(pif) @@ -308,10 +396,56 @@ def configure_datapath(pif): vsctl_argv += ['--', 'set', 'Bridge', bridge, 'other-config:hwaddr=%s' % vsctl_escape(db().get_pif_record(pif)['MAC'])] + pool = db().get_pool_record() + network = db().get_network_by_bridge(bridge) + network_rec = None + fail_mode = None + valid_fail_modes = ['standalone', 'secure'] + + if network: + network_rec = db().get_network_record(network) + fail_mode = network_rec['other_config'].get('vswitch-controller-fail-mode') + + if (fail_mode not in valid_fail_modes) and pool: + fail_mode = pool['other_config'].get('vswitch-controller-fail-mode') + # Add default flows to allow management traffic if fail-mode + # transitions to secure based on pool fail-mode setting + if fail_mode == 'secure' and db().get_pif_record(pif).get('management', False): + prev_fail_mode = vswitchCfgQuery(['get-fail-mode', bridge]) + if prev_fail_mode != 'secure': + tp = 'idle_timeout=0,priority=0' + host_mgmt_mac = db().get_pif_record(pif)['MAC'] + # account for bond as management interface + if len(physical_devices) > 1: + bridge_flows += ['%s,in_port=local,arp,dl_src=%s,actions=NORMAL' % (tp, host_mgmt_mac)] + bridge_flows += ['%s,in_port=local,dl_src=%s,actions=NORMAL' % (tp, host_mgmt_mac)] + # we don't know slave ofports yet, substitute later + bridge_flows += ['%s,in_port=%%s,arp,nw_proto=1,actions=local' % (tp)] + bridge_flows += ['%s,in_port=%%s,dl_dst=%s,actions=local' % (tp, host_mgmt_mac)] + else: + bridge_flows += ['%s,in_port=%%s,arp,nw_proto=1,actions=local' % (tp)] + bridge_flows += ['%s,in_port=local,arp,dl_src=%s,actions=%%s' % (tp, host_mgmt_mac)] + bridge_flows += ['%s,in_port=%%s,dl_dst=%s,actions=local' % (tp, host_mgmt_mac)] + bridge_flows += ['%s,in_port=local,dl_src=%s,actions=%%s' % (tp, host_mgmt_mac)] + + if fail_mode not in valid_fail_modes: + fail_mode = 'standalone' + + vsctl_argv += ['--', 'set', 'Bridge', bridge, 'fail_mode=%s' % fail_mode] + + if network_rec: + dib = network_rec['other_config'].get('vswitch-disable-in-band') + if not dib: + vsctl_argv += ['--', 'remove', 'Bridge', bridge, 'other_config', 'disable-in-band'] + elif dib in ['true', 'false']: + vsctl_argv += ['--', 'set', 'Bridge', bridge, 'other_config:disable-in-band=' + dib] + else: + log('"' + dib + '"' "isn't a valid setting for other_config:disable-in-band on " + bridge) + vsctl_argv += set_br_external_ids(pif) vsctl_argv += ['## done configuring datapath %s' % bridge] - return vsctl_argv,extra_up_ports + return vsctl_argv,extra_up_ports,bridge_flows def deconfigure_bridge(pif): vsctl_argv = [] @@ -341,12 +475,17 @@ def set_br_external_ids(pif): # log("Network PIF %s not currently attached (%s)" % (rec['uuid'],pifrec['uuid'])) # continue nwrec = db().get_network_record(rec['network']) - xs_network_uuids += [nwrec['uuid']] + + uuid = nwrec['uuid'] + if pif_is_vlan(nwpif): + xs_network_uuids.append(uuid) + else: + xs_network_uuids.insert(0, uuid) vsctl_argv = [] - vsctl_argv += ['# configure network-uuids'] + vsctl_argv += ['# configure xs-network-uuids'] vsctl_argv += ['--', 'br-set-external-id', pif_bridge_name(pif), - 'network-uuids', ';'.join(xs_network_uuids)] + 'xs-network-uuids', ';'.join(xs_network_uuids)] return vsctl_argv @@ -359,6 +498,7 @@ class DatapathVswitch(Datapath): Datapath.__init__(self, pif) self._dp = pif_datapath(pif) self._ipdev = pif_ipdev_name(pif) + self._bridge_flows = [] if pif_is_vlan(pif) and not self._dp: raise Error("Unbridged VLAN devices not implemented yet") @@ -367,6 +507,13 @@ class DatapathVswitch(Datapath): @classmethod def rewrite(cls): + if not os.path.exists("/var/run/openvswitch/db.sock"): + # ovsdb-server is not running, so we can't update the database. + # Probably we are being called as part of system shutdown. Just + # skip the update, since the external-ids will be updated on the + # next boot anyhow. + return + vsctl_argv = [] for pif in db().get_all_pifs(): pifrec = db().get_pif_record(pif) @@ -382,21 +529,23 @@ class DatapathVswitch(Datapath): def preconfigure(self, parent): vsctl_argv = [] extra_ports = [] + bridge_flows = [] pifrec = db().get_pif_record(self._pif) dprec = db().get_pif_record(self._dp) ipdev = self._ipdev - c,e = configure_datapath(self._dp) + c,e,f = configure_datapath(self._dp) bridge = pif_bridge_name(self._pif) vsctl_argv += c extra_ports += e + bridge_flows += f dpname = pif_bridge_name(self._dp) if pif_is_vlan(self._pif): - # XXX this is only needed on XS5.5, because XAPI misguidedly - # creates the fake bridge (via bridge ioctl) before it calls us. + # In some cases XAPI may misguidedly leave an instance of + # 'bridge' which should be deleted. vsctl_argv += ['--', '--if-exists', 'del-br', bridge] # configure_datapath() set up the underlying datapath bridge. @@ -419,27 +568,42 @@ class DatapathVswitch(Datapath): self._vsctl_argv = vsctl_argv self._extra_ports = extra_ports + self._bridge_flows = bridge_flows def bring_down_existing(self): # interface-reconfigure is never explicitly called to down a # bond master. However, when we are called to up a slave it - # is implicit that we are destroying the master. + # is implicit that we are destroying the master. Conversely, + # when we are called to up a bond is is implicit that we are + # taking down the slaves. # - # This is (only) important in the case where the bond master - # uses DHCP. We need to kill the dhclient process, otherwise - # bringing the bond master back up later will fail because - # ifup will refuse to start a duplicate dhclient. + # This is (only) important in the case where the device being + # implicitly taken down uses DHCP. We need to kill the + # dhclient process, otherwise performing the inverse operation + # later later will fail because ifup will refuse to start a + # duplicate dhclient. bond_masters = pif_get_bond_masters(self._pif) for master in bond_masters: log("action_up: bring down bond master %s" % (pif_netdev_name(master))) run_command(["/sbin/ifdown", pif_bridge_name(master)]) + bond_slaves = pif_get_bond_slaves(self._pif) + for slave in bond_slaves: + log("action_up: bring down bond slave %s" % (pif_netdev_name(slave))) + run_command(["/sbin/ifdown", pif_bridge_name(slave)]) + def configure(self): # Bring up physical devices. ovs-vswitchd initially enables or # disables bond slaves based on whether carrier is detected # when they are added, and a network device that is down # always reports "no carrier". physical_devices = datapath_get_physical_pifs(self._dp) + + if pif_is_bond(self._dp): + brec = db().get_pif_record(self._dp) + bond_mtu = mtu_setting(brec['network'], "PIF", brec['other_config']) + else: + bond_mtu = None for p in physical_devices: prec = db().get_pif_record(p) @@ -447,17 +611,54 @@ class DatapathVswitch(Datapath): dev = pif_netdev_name(p) - mtu = mtu_setting(prec['network'], "PIF", oc) + if bond_mtu: + mtu = bond_mtu + else: + mtu = mtu_setting(prec['network'], "PIF", oc) netdev_up(dev, mtu) - settings, offload = ethtool_settings(oc) + settings, offload = ethtool_settings(oc, PIF_OTHERCONFIG_DEFAULTS) if len(settings): run_command(['/sbin/ethtool', '-s', dev] + settings) if len(offload): run_command(['/sbin/ethtool', '-K', dev] + offload) + driver = netdev_get_driver_name(dev) + if 'vlan-bug-workaround' in oc: + vlan_bug_workaround = oc['vlan-bug-workaround'] == 'true' + elif driver in NO_VLAN_WORKAROUND_DRIVERS: + vlan_bug_workaround = False + else: + vlan_bug_workaround = netdev_has_vlan_accel(dev) + + if vlan_bug_workaround: + setting = 'on' + else: + setting = 'off' + run_command(['/usr/sbin/ovs-vlan-bug-workaround', dev, setting]) + datapath_modify_config(self._vsctl_argv) + if self._bridge_flows: + ofports = [] + physical_devices = datapath_get_physical_pifs(self._dp) + if len(physical_devices) > 1: + for slave in physical_devices: + name = pif_netdev_name(slave) + ofport = vswitchCfgQuery(['get', 'interface', name, 'ofport']) + ofports.append(ofport) + else: + name = pif_netdev_name(self._dp) + ofport = vswitchCfgQuery(['get', 'interface', name, 'ofport']) + ofports.append(ofport) + dpname = pif_bridge_name(self._dp) + for flow in self._bridge_flows: + if flow.find('in_port=%s') != -1 or flow.find('actions=%s') != -1: + for port in ofports: + f = flow % (port) + run_command(['/usr/bin/ovs-ofctl', 'add-flow', dpname, f]) + else: + run_command(['/usr/bin/ovs-ofctl', 'add-flow', dpname, flow]) def post(self): for p in self._extra_ports: @@ -472,11 +673,6 @@ class DatapathVswitch(Datapath): bridge = pif_bridge_name(dp) - #nw = db().get_pif_record(self._pif)['network'] - #nwrec = db().get_network_record(nw) - #vsctl_argv += ['# deconfigure network-uuids'] - #vsctl_argv += ['--del-entry=bridge.%s.network-uuids=%s' % (bridge,nwrec['uuid'])] - log("deconfigure ipdev %s on %s" % (ipdev,bridge)) vsctl_argv += ["# deconfigure ipdev %s" % ipdev] vsctl_argv += datapath_deconfigure_ipdev(ipdev) @@ -518,3 +714,17 @@ class DatapathVswitch(Datapath): netdev_down(p) datapath_modify_config(vsctl_argv) + +# +# utility methods +# + +def vswitchCfgQuery(action_args): + cmd = ['%s/usr/bin/ovs-vsctl' % root_prefix(), + '-vconsole:off'] + action_args + output = subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate() + if len(output) == 0 or output[0] == None: + output = "" + else: + output = output[0].strip() + return output