cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mlsoren...@apache.org
Subject [18/32] git commit: updated refs/heads/resize-root to c02c634
Date Sat, 15 Mar 2014 05:38:49 GMT
adding distributed routing support for KVM OVS

some check style error fixes


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/36541a2f
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/36541a2f
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/36541a2f

Branch: refs/heads/resize-root
Commit: 36541a2f4ca3216e58b835cb1bb33d38bc39692b
Parents: 423a748
Author: Murali Reddy <muralimmreddy@gmail.com>
Authored: Tue Mar 11 13:05:03 2014 +0530
Committer: Murali Reddy <muralimmreddy@gmail.com>
Committed: Fri Mar 14 16:56:38 2014 +0530

----------------------------------------------------------------------
 .../kvm/resource/LibvirtComputingResource.java  |  47 ++++
 .../xen/resource/CitrixResourceBase.java        |   2 +-
 .../api/OvsVpcRoutingPolicyConfigCommand.java   |   1 -
 .../cloud/network/ovs/OvsTunnelManagerImpl.java |  21 +-
 scripts/vm/network/vnet/cloudstack_pluginlib.py | 226 +++++++++++++++++++
 scripts/vm/network/vnet/ovstunnel.py            |  86 ++++++-
 6 files changed, 373 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36541a2f/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
index c1a7721..ec8bc11 100755
--- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
+++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java
@@ -78,6 +78,8 @@ import com.cloud.agent.api.OvsDestroyTunnelCommand;
 import com.cloud.agent.api.OvsFetchInterfaceAnswer;
 import com.cloud.agent.api.OvsFetchInterfaceCommand;
 import com.cloud.agent.api.OvsSetupBridgeCommand;
+import com.cloud.agent.api.OvsVpcPhysicalTopologyConfigCommand;
+import com.cloud.agent.api.OvsVpcRoutingPolicyConfigCommand;
 import com.cloud.agent.api.PingCommand;
 import com.cloud.agent.api.PingRoutingCommand;
 import com.cloud.agent.api.PingRoutingWithNwGroupsCommand;
@@ -1360,6 +1362,10 @@ public class LibvirtComputingResource extends ServerResourceBase implements
Serv
                 return execute((OvsCreateTunnelCommand)cmd);
             } else if (cmd instanceof OvsDestroyTunnelCommand) {
                 return execute((OvsDestroyTunnelCommand)cmd);
+            } else if (cmd instanceof OvsVpcPhysicalTopologyConfigCommand) {
+                return execute((OvsVpcPhysicalTopologyConfigCommand) cmd);
+            } else if (cmd instanceof OvsVpcRoutingPolicyConfigCommand) {
+                return execute((OvsVpcRoutingPolicyConfigCommand) cmd);
             } else {
                 s_logger.warn("Unsupported command ");
                 return Answer.createUnsupportedCommandAnswer(cmd);
@@ -1401,6 +1407,47 @@ public class LibvirtComputingResource extends ServerResourceBase implements
Serv
         return new Answer(cmd, true, null);
     }
 
+    public Answer execute(OvsVpcPhysicalTopologyConfigCommand cmd) {
+
+        String bridge = cmd.getBridgeName();
+        try {
+            Script command = new Script(_ovsTunnelPath, _timeout, s_logger);
+            command.add("configure_ovs_bridge_for_network_topology");
+            command.add("--bridge", bridge);
+            command.add("--config", cmd.getVpcConfigInJson());
+
+            String result = command.execute();
+            if (result.equalsIgnoreCase("SUCCESS")) {
+                return new Answer(cmd, true, result);
+            } else {
+                return new Answer(cmd, false, result);
+            }
+        } catch  (Exception e) {
+            s_logger.warn("caught exception while updating host with latest routing polcies",
e);
+            return new Answer(cmd, false, e.getMessage());
+        }
+    }
+
+    public Answer execute(OvsVpcRoutingPolicyConfigCommand cmd) {
+
+        try {
+            Script command = new Script(_ovsTunnelPath, _timeout, s_logger);
+            command.add("configure_ovs_bridge_for_routing_policies");
+            command.add("--bridge", cmd.getBridgeName());
+            command.add("--config", cmd.getVpcConfigInJson());
+
+            String result = command.execute();
+            if (result.equalsIgnoreCase("SUCCESS")) {
+                return new Answer(cmd, true, result);
+            } else {
+                return new Answer(cmd, false, result);
+            }
+        } catch  (Exception e) {
+            s_logger.warn("caught exception while updating host with latest VPC topology",
e);
+            return new Answer(cmd, false, e.getMessage());
+        }
+    }
+
     private synchronized void destroyTunnelNetwork(String bridge) {
         try {
             findOrCreateTunnelNetwork(bridge);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36541a2f/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index a281002..273c08c 100644
--- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -88,7 +88,6 @@ import org.apache.cloudstack.storage.to.TemplateObjectTO;
 import org.apache.cloudstack.storage.to.VolumeObjectTO;
 
 import com.cloud.agent.IAgentControl;
-
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.AttachIsoCommand;
 import com.cloud.agent.api.AttachVolumeAnswer;
@@ -149,6 +148,7 @@ import com.cloud.agent.api.OvsSetTagAndFlowAnswer;
 import com.cloud.agent.api.OvsSetTagAndFlowCommand;
 import com.cloud.agent.api.OvsSetupBridgeCommand;
 import com.cloud.agent.api.OvsVpcPhysicalTopologyConfigCommand;
+import com.cloud.agent.api.OvsVpcRoutingPolicyConfigCommand;
 import com.cloud.agent.api.PerformanceMonitorAnswer;
 import com.cloud.agent.api.PerformanceMonitorCommand;
 import com.cloud.agent.api.PingCommand;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36541a2f/plugins/network-elements/ovs/src/com/cloud/agent/api/OvsVpcRoutingPolicyConfigCommand.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/ovs/src/com/cloud/agent/api/OvsVpcRoutingPolicyConfigCommand.java
b/plugins/network-elements/ovs/src/com/cloud/agent/api/OvsVpcRoutingPolicyConfigCommand.java
index 8e4d5d1..50f1fdd 100644
--- a/plugins/network-elements/ovs/src/com/cloud/agent/api/OvsVpcRoutingPolicyConfigCommand.java
+++ b/plugins/network-elements/ovs/src/com/cloud/agent/api/OvsVpcRoutingPolicyConfigCommand.java
@@ -18,7 +18,6 @@ package com.cloud.agent.api;
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
-import java.util.UUID;
 
 /**
  * This command represents logical view of VM's connectivity in VPC.

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36541a2f/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
b/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
index 35b0035..eeb22b1 100644
--- a/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
+++ b/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
@@ -16,11 +16,25 @@
 // under the License.
 package com.cloud.network.ovs;
 
-import com.amazonaws.services.ec2.model.NetworkAcl;
-import com.cloud.agent.api.*;
+import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.Command;
+import com.cloud.agent.api.OvsCreateTunnelAnswer;
+import com.cloud.agent.api.OvsCreateTunnelCommand;
+import com.cloud.agent.api.OvsDestroyBridgeCommand;
+import com.cloud.agent.api.OvsDestroyTunnelCommand;
+import com.cloud.agent.api.OvsFetchInterfaceAnswer;
+import com.cloud.agent.api.OvsFetchInterfaceCommand;
+import com.cloud.agent.api.OvsSetupBridgeCommand;
+import com.cloud.agent.api.OvsVpcPhysicalTopologyConfigCommand;
+import com.cloud.agent.api.OvsVpcRoutingPolicyConfigCommand;
 import com.cloud.network.dao.NetworkDao;
 import com.cloud.network.dao.NetworkVO;
-import com.cloud.network.vpc.*;
+import com.cloud.network.vpc.NetworkACLVO;
+import com.cloud.network.vpc.NetworkACLItemDao;
+import com.cloud.network.vpc.NetworkACLItemVO;
+import com.cloud.network.vpc.dao.VpcDao;
+import com.cloud.network.vpc.VpcManager;
+import com.cloud.network.vpc.VpcVO;
 import com.cloud.network.vpc.dao.NetworkACLDao;
 import com.cloud.vm.dao.VMInstanceDao;
 import com.cloud.vm.Nic;
@@ -63,7 +77,6 @@ import com.cloud.network.ovs.dao.OvsTunnelInterfaceVO;
 import com.cloud.network.ovs.dao.OvsTunnelNetworkDao;
 import com.cloud.network.ovs.dao.OvsTunnelNetworkVO;
 import com.cloud.network.ovs.dao.OvsTunnel;
-import com.cloud.network.vpc.dao.VpcDao;
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.concurrency.NamedThreadFactory;
 import com.cloud.utils.db.DB;

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36541a2f/scripts/vm/network/vnet/cloudstack_pluginlib.py
----------------------------------------------------------------------
diff --git a/scripts/vm/network/vnet/cloudstack_pluginlib.py b/scripts/vm/network/vnet/cloudstack_pluginlib.py
index f886aa3..6c24917 100755
--- a/scripts/vm/network/vnet/cloudstack_pluginlib.py
+++ b/scripts/vm/network/vnet/cloudstack_pluginlib.py
@@ -174,6 +174,7 @@ def _build_flow_expr(**kwargs):
     dl_dst = 'dl_dst' in kwargs and ",dl_dst=%s" % kwargs['dl_dst'] or ''
     nw_src = 'nw_src' in kwargs and ",nw_src=%s" % kwargs['nw_src'] or ''
     nw_dst = 'nw_dst' in kwargs and ",nw_dst=%s" % kwargs['nw_dst'] or ''
+    table = 'table' in kwargs and ",table=%s" % kwargs['table'] or ''
     proto = 'proto' in kwargs and ",%s" % kwargs['proto'] or ''
     ip = ('nw_src' in kwargs or 'nw_dst' in kwargs) and ',ip' or ''
     flow = (flow + in_port + dl_type + dl_src + dl_dst +
@@ -217,3 +218,228 @@ def del_all_flows(bridge):
 def del_port(bridge, port):
     delPort = [VSCTL_PATH, "del-port", bridge, port]
     do_cmd(delPort)
+
+
+def get_network_id_for_vif(vif_name):
+    domain_id, device_id = vif_name[3:len(vif_name)].split(".")
+    dom_uuid = do_cmd([XE_PATH, "vm-list", "dom-id=%s" % domain_id, "--minimal"])
+    vif_uuid = do_cmd([XE_PATH, "vif-list", "vm-uuid=%s" % dom_uuid, "device=%s" % device_id,
"--minimal"])
+    vnet = do_cmd([XE_PATH, "vif-param-get", "uuid=%s" % vif_uuid,  "param-name=other-config",
+                             "param-key=cloudstack-network-id"])
+    return vnet
+
+def get_network_id_for_tunnel_port(tunnelif_name):
+    vnet = do_cmd([VSCTL_PATH, "get", "interface", tunnelif_name, "options:cloudstack-network-id"])
+    return vnet
+
+def clear_flooding_rules_for_port(bridge, ofport):
+        del_flows(bridge, in_port=ofport, table=2)
+
+def add_flooding_rules_for_port(bridge, in_ofport, out_ofports):
+        action = "".join("output:%s," %ofport for ofport in out_ofports)[:-1]
+        add_flow(bridge, priority=1100, in_port=in_ofport, table=1, actions=action)
+
+def get_ofport_for_vif(vif_name):
+    return do_cmd([VSCTL_PATH, "get", "interface", vif_name, "ofport"])
+
+def get_macaddress_of_vif(vif_name):
+    domain_id, device_id = vif_name[3:len(vif_name)].split(".")
+    dom_uuid = do_cmd([XE_PATH, "vm-list", "dom-id=%s" % domain_id, "--minimal"])
+    vif_uuid = do_cmd([XE_PATH, "vif-list", "vm-uuid=%s" % dom_uuid, "device=%s" % device_id,
"--minimal"])
+    mac = do_cmd([XE_PATH, "vif-param-get", "uuid=%s" % vif_uuid,  "param-name=MAC"])
+    return mac
+
+def get_vif_name_from_macaddress(macaddress):
+    vif_uuid = do_cmd([XE_PATH, "vif-list", "MAC=%s" % macaddress, "--minimal"])
+    vif_device_id = do_cmd([XE_PATH, "vif-param-get", "uuid=%s" % vif_uuid,  "param-name=device"])
+    vm_uuid = do_cmd([XE_PATH, "vif-param-get", "uuid=%s" % vif_uuid,  "param-name=vm-uuid"])
+    vm_domain_id = do_cmd([XE_PATH, "vm-param-get", "uuid=%s" % vm_uuid,  "param-name=dom-id"])
+    return "vif"+vm_domain_id+"."+vif_device_id
+
+def add_mac_lookup_table_entry(bridge, mac_address, out_of_port):
+    add_flow(bridge, priority=1100, dl_dst=mac_address, table=1, actions="output:%s" % out_of_port)
+
+def delete_mac_lookup_table_entry(bridge, mac_address):
+    del_flows(bridge, dl_dst=mac_address, table=1)
+
+def add_ip_lookup_table_entry(bridge, ip, dst_tier_gateway_mac, dst_vm_mac):
+    action_str = "mod_dl_sr:%s" % dst_tier_gateway_mac + ",mod_dl_dst:%s" % dst_vm_mac +",resubmit(,5)"
+    addflow = [OFCTL_PATH, "add-flow", bridge, "table=4", "nw_dst=%s" % ip, "actions=%s"
%action_str]
+    do_cmd(addflow)
+
+def get_vms_on_host(vpc, host_id):
+    all_vms = vpc.vms
+    vms_on_host = []
+    for vm in all_vms:
+      if vm.hostid == host_id:
+        vms_on_host.append(vm)
+    return vms_on_host
+
+def get_network_details(vpc, network_uuid):
+    tiers = vpc.tiers
+    for tier in tiers:
+      if tier.networkuuid == network_uuid:
+        return tier
+    return None
+
+class jsonLoader(object):
+  def __init__(self, obj):
+        for k in obj:
+            v = obj[k]
+            if isinstance(v, dict):
+                setattr(self, k, jsonLoader(v))
+            elif isinstance(v, (list, tuple)):
+                if len(v) > 0 and isinstance(v[0], dict):
+                    setattr(self, k, [jsonLoader(elem) for elem in v])
+                else:
+                    setattr(self, k, v)
+            else:
+                setattr(self, k, v)
+
+  def __getattr__(self, val):
+        if val in self.__dict__:
+            return self.__dict__[val]
+        else:
+            return None
+
+  def __repr__(self):
+        return '{%s}' % str(', '.join('%s : %s' % (k, repr(v)) for (k, v)
+                                      in self.__dict__.iteritems()))
+
+  def __str__(self):
+        return '{%s}' % str(', '.join('%s : %s' % (k, repr(v)) for (k, v)
+                                      in self.__dict__.iteritems()))
+
+def configure_bridge_for_network_topology(bridge, this_host_id, json_config):
+    vpconfig = jsonLoader(json.loads(json_config)).vpc
+
+    if vpconfig is None:
+        logging.debug("WARNING:Can't find VPC info in json config file")
+        return "FAILURE:IMPROPER_JSON_CONFG_FILE"
+
+    # get the list of Vm's in the VPC from the JSON config
+    this_host_vms = get_vms_on_host(vpconfig, this_host_id)
+
+    for vm in this_host_vms:
+        for nic in vm.nics:
+            mac_addr = nic.macaddress
+            ip = nic.ipaddress
+            vif_name = get_vif_name_from_macaddress(mac_addr)
+            of_port = get_ofport_for_vif(vif_name)
+            network = get_network_details(vpconfig, nic.networkuuid)
+
+            # Add flow rule in L2 look up table, if the destination mac = MAC of the nic
send packet on the found OFPORT
+            add_mac_lookup_table_entry(bridge, mac_addr, of_port)
+
+            # Add flow rule in L3 look up table: if the destination IP = VM's IP then modify
the packet
+            # to set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress table
+            add_ip_lookup_table_entry(bridge, ip, network.gatewaymac, mac_addr)
+
+            # Add flow entry to send with intra tier traffic from the NIC to L2 lookup path)
+            addflow = [OFCTL_PATH, "add-flow", bridge, "table=0", "in_port=%s" % of_port,
+                       "nw_dst=%s" %network.cidr, "actions=resubmit(,1)"]
+            do_cmd(addflow)
+
+            #add flow entry to send inter-tier traffic from the NIC to egress ACL table(to
L3 lookup path)
+            addflow = [OFCTL_PATH, "add-flow", bridge, "table=0", "in_port=%s" % of_port,
+                       "dl_dst=%s" %network.gatewaymac, "nw_dst=%s" %vpconfig.cidr, "actions=resubmit(,3)"]
+            do_cmd(addflow)
+
+    # get the list of hosts on which VPC spans from the JSON config
+    vpc_spanning_hosts = vpconfig.hosts
+
+    for host in vpc_spanning_hosts:
+        if this_host_id == host.hostid:
+            continue
+        other_host_vms = get_vms_on_host(vpconfig, host.hostid)
+        for vm in other_host_vms:
+            for nic in vm.nics:
+                mac_addr = nic.macaddress
+                ip = nic.ipaddress
+                network = get_network_details(vpconfig, nic.networkuuid)
+                gre_key = network.grekey
+
+                # generate tunnel name from tunnel naming convention
+                tunnel_name = "t%s-%s-%s" % (gre_key, this_host_id, host.hostid)
+                of_port = get_ofport_for_vif(tunnel_name)
+
+                # Add flow rule in L2 look up table, if the destination mac = MAC of the
nic send packet tunnel port
+                add_mac_lookup_table_entry(bridge, mac_addr, of_port)
+
+                # Add flow tule in L3 look up table: if the destination IP = VM's IP then
modify the packet
+                # set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress table
+                add_ip_lookup_table_entry(bridge, ip, network.gatewaymac, mac_addr)
+
+    return "SUCCESS: successfully configured bridge as per the VPC topology"
+
+def get_acl(vpcconfig, required_acl_id):
+    acls = vpcconfig.acls
+    for acl in acls:
+        if acl.id == required_acl_id:
+            return acl
+    return None
+
+def configure_ovs_bridge_for_routing_policies(bridge, json_config):
+    vpconfig = jsonLoader(json.loads(json_config)).vpc
+
+    if vpconfig is None:
+        logging.debug("WARNING:Can't find VPC info in json config file")
+        return "FAILURE:IMPROPER_JSON_CONFG_FILE"
+
+    # First flush current egress ACL's before re-applying the ACL's
+    del_flows(bridge, table=3)
+
+    egress_rules_added = False
+    ingress_rules_added = False
+
+    tiers = vpconfig.tiers
+    for tier in tiers:
+        tier_cidr = tier.cidr
+        acl = get_acl(vpconfig, tier.aclid)
+        acl_items = acl.aclitems
+
+        for acl_item in acl_items:
+            number = acl_item.number
+            action = acl_item.action
+            direction = acl_item.direction
+            source_port_start = acl_item.sourceportstart
+            source_port_end = acl_item.sourceportend
+            protocol = acl_item.protocol
+            source_cidrs = acl_item.sourcecidrs
+            acl_priority = 1000 + number
+            for source_cidr in source_cidrs:
+                if direction is "ingress":
+                    ingress_rules_added = True
+                    # add flow rule to do action (allow/deny) for flows where source IP of
the packet is in
+                    # source_cidr and destination ip is in tier_cidr
+                    port = source_port_start
+                    while (port < source_port_end):
+                        if action is "deny":
+                            add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
+                                     nw_proto=protocol, actions='drop')
+                        if action is "allow":
+                            add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
+                                     nw_proto=protocol, actions='resubmit(,1)')
+                        port = port + 1
+
+                elif direction in "egress":
+                    egress_rules_added = True
+                    # add flow rule to do action (allow/deny) for flows where destination
IP of the packet is in
+                    # source_cidr and source ip is in tier_cidr
+                    port = source_port_start
+                    while (port < source_port_end):
+                        if action is "deny":
+                            add_flow(bridge, priority= acl_priority, table=5, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
+                                     nw_proto=protocol, actions='drop')
+                        if action is "allow":
+                            add_flow(bridge, priority= acl_priority, table=5, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
+                                     nw_proto=protocol, actions='resubmit(,1)')
+                        port = port + 1
+
+    if egress_rules_added is False:
+        # add a default rule in egress table to forward packet to L3 lookup table
+        add_flow(bridge, priority=0, table=3, actions='resubmit(,4)')
+
+    if ingress_rules_added is False:
+        # add a default rule in egress table drop packets
+        add_flow(bridge, priority=0, table=5, actions='drop')

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/36541a2f/scripts/vm/network/vnet/ovstunnel.py
----------------------------------------------------------------------
diff --git a/scripts/vm/network/vnet/ovstunnel.py b/scripts/vm/network/vnet/ovstunnel.py
index 9e05413..57085d8 100755
--- a/scripts/vm/network/vnet/ovstunnel.py
+++ b/scripts/vm/network/vnet/ovstunnel.py
@@ -27,6 +27,7 @@ import os
 import sys
 import subprocess
 import time
+import simplejson as json
 from optparse import OptionParser, OptionGroup, OptParseError, BadOptionError, OptionError,
OptionConflictError, OptionValueError
 
 from time import localtime as _localtime, asctime as _asctime
@@ -72,6 +73,58 @@ def setup_ovs_bridge(bridge, key, cs_host_id):
     logging.debug("Setup_ovs_bridge completed with result:%s" % result)
     return result
 
+@echo
+def setup_ovs_bridge_for_distributed_routing(bridge, cs_host_id):
+
+    res = lib.check_switch()
+    if res != "SUCCESS":
+        return "FAILURE:%s" % res
+
+    logging.debug("About to manually create the bridge:%s" % bridge)
+    res = lib.do_cmd([lib.VSCTL_PATH, "--", "--may-exist", "add-br", bridge])
+    logging.debug("Bridge has been manually created:%s" % res)
+
+    # Non empty result means something went wrong
+    if res:
+        result = "FAILURE:%s" % res
+    else:
+        # Verify the bridge actually exists
+        res = lib.do_cmd([lib.VSCTL_PATH, "list", "bridge", bridge])
+
+        res = lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge, "other_config:is-ovs_vpc_distributed_vr_network=True"])
+        conf_hosts = lib.do_cmd([lib.VSCTL_PATH, "get","bridge", bridge,"other:ovs-host-setup"])
+        conf_hosts = cs_host_id + (conf_hosts and ',%s' % conf_hosts or '')
+        lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge,
+                   "other_config:ovs-host-setup=%s" % conf_hosts])
+
+        # add a default flow rule to send broadcast and multi-cast packets to L2 flooding
table
+        lib.add_flow(bridge, priority=1000, dl_dst='ff:ff:ff:ff:ff:ff', table=0, actions='resubmit(,2)')
+        lib.add_flow(bridge, priority=1000, nw_dst='224.0.0.0/24', table=0, actions='resubmit(,2)')
+
+        # add a default flow rule to send uni-cast traffic to L2 lookup table
+        lib.add_flow(bridge, priority=0, table=0, actions='resubmit(,1)')
+
+        # add a default rule to send unknown mac address to L2 flooding table
+        lib.add_flow(bridge, priority=0, table=1, actions='resubmit(,2)')
+
+        # add a default rule in L2 flood table to drop packet
+        lib.add_flow(bridge, priority=0, table=2, actions='drop')
+
+        # add a default rule in egress table to forward packet to L3 lookup table
+        lib.add_flow(bridge, priority=0, table=3, actions='resubmit(,4)')
+
+        # add a default rule in L3 lookup table to forward packet to L2 lookup table
+        lib.add_flow(bridge, priority=0, table=4, actions='resubmit(,1)')
+
+        # add a default rule in ingress table to drop in bound packets
+        lib.add_flow(bridge, priority=0, table=5, actions='drop')
+
+        result = "SUCCESS: successfully setup bridge with flow rules"
+
+        logging.debug("Setup_ovs_bridge completed with result:%s" % result)
+
+    return result
+
 def destroy_ovs_bridge(bridge):
 
     res = lib.check_switch()
@@ -163,12 +216,30 @@ def create_tunnel(bridge, remote_ip, key, src_host, dst_host):
         # Ensure no trailing LF
         if tun_ofport.endswith('\n'):
             tun_ofport = tun_ofport[:-1]
-        # add flow entryies for dropping broadcast coming in from gre tunnel
-        lib.add_flow(bridge, priority=1000, in_port=tun_ofport,
+
+        ovs_tunnel_network = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge", bridge, "other_config:is-ovs-tun-network"])
+        ovs_vpc_distributed_vr_network = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge", bridge,
+                                                     "other_config:is-ovs_vpc_distributed_vr_network"])
+
+        if ovs_tunnel_network == 'True':
+            # add flow entryies for dropping broadcast coming in from gre tunnel
+            lib.add_flow(bridge, priority=1000, in_port=tun_ofport,
+                         dl_dst='ff:ff:ff:ff:ff:ff', actions='drop')
+            lib.add_flow(bridge, priority=1000, in_port=tun_ofport,
+                     nw_dst='224.0.0.0/24', actions='drop')
+            drop_flow_setup = True
+
+        if ovs_vpc_distributed_vr_network == 'True':
+            # add flow rules for dropping broadcast coming in from tunnel ports
+            lib.add_flow(bridge, priority=1000, in_port=tun_ofport, table=0,
                          dl_dst='ff:ff:ff:ff:ff:ff', actions='drop')
-        lib.add_flow(bridge, priority=1000, in_port=tun_ofport,
+            lib.add_flow(bridge, priority=1000, in_port=tun_ofport, table=0,
                      nw_dst='224.0.0.0/24', actions='drop')
-        drop_flow_setup = True
+
+            # add flow rule to send the traffic from tunnel ports to L2 switching table only
+            lib.add_flow(bridge, priority=1000, in_port=tun_ofport, table=0, actions='resubmit(,1)')
+            lib.do_cmd([lib.VSCTL_PATH, "set", "interface", name, "options:cloudstack-network-id=%s"
% network_uuid])
+
         logging.debug("Broadcast drop rules added")
 #        return "SUCCESS:%s" % name
         return 'true'
@@ -210,6 +281,7 @@ if __name__ == '__main__':
     parser.add_option("--src_host", dest="src_host")
     parser.add_option("--dst_host", dest="dst_host")
     parser.add_option("--iface_name", dest="iface_name")
+    parser.ad_option("--config", dest="config")
     (option, args) = parser.parse_args()
     if len(args) == 0:
         logging.debug("No command to execute")
@@ -223,6 +295,12 @@ if __name__ == '__main__':
         create_tunnel(option.bridge, option.remote_ip, option.key, option.src_host, option.dst_host)
     elif cmd == "destroy_tunnel":
         destroy_tunnel(option.bridge, option.iface_name)
+    elif cmd == "setup_ovs_bridge_for_distributed_routing":
+        setup_ovs_bridge_for_distributed_routing(bridge, cs_host_id)
+    elif cmd == "configure_ovs_bridge_for_network_topology":
+        configure_bridge_for_network_topology(brdige, cs_host_id, config)
+    elif cmd == "configure_ovs_bridge_for_routing_policies":
+        configure_ovs_bridge_for_routing_policies(bridge, config)
     else:
         logging.debug("Unknown command: " + cmd)
         sys.exit(1)


Mime
View raw message