3 # Copyright (c) Citrix Systems 2008. All rights reserved.
4 # Copyright (c) 2009 Nicira Networks.
8 %(command-name)s --session <SESSION-REF> --pif <PIF-REF> [up|down|rewrite]
9 %(command-name)s --force <BRIDGE> [up|down|rewrite <CONFIG>]
10 %(command-name)s --force all down
13 <CONFIG> = --device=<INTERFACE> --mode=dhcp
14 <CONFIG> = --device=<INTERFACE> --mode=static --ip=<IPADDR> --netmask=<NM> [--gateway=<GW>]
17 --session A session reference to use to access the xapi DB
18 --pif A PIF reference.
19 --force-interface An interface name. Mutually exclusive with --session/--pif.
21 Either both --session and --pif or just --pif-uuid.
23 <ACTION> is either "up" or "down" or "rewrite"
27 # Undocumented parameters for test & dev:
29 # --output-directory=<DIR> Write configuration to <DIR>. Also disables actually
30 # raising/lowering the interfaces
31 # --pif-uuid A PIF UUID, use instead of --session/--pif.
36 # 1. Every pif belongs to exactly one network
37 # 2. Every network has zero or one pifs
38 # 3. A network may have an associated bridge, allowing vifs to be attached
39 # 4. A network may be bridgeless (there's no point having a bridge over a storage pif)
41 # XXX: --force-interface=all down
43 # XXX: --force-interface rewrite
45 # XXX: Sometimes this leaves "orphaned" datapaths, e.g. a datapath whose
46 # only port is the local port. Should delete those.
48 # XXX: This can leave crud in ovs-vswitchd.conf in this scenario:
49 # - Create bond in XenCenter.
50 # - Create VLAN on bond in XenCenter.
51 # - Attempt to delete bond in XenCenter (this will fail because there
52 # is a VLAN on the bond, although the error may not be reported
53 # until the next step)
54 # - Delete VLAN in XenCenter.
55 # - Delete bond in XenCenter.
56 # At this point there will still be some configuration data for the bond
57 # or the VLAN in ovs-vswitchd.conf.
60 import os, sys, getopt, time, signal
67 output_directory = None
72 dbcache_file = "/etc/ovs-vswitch.dbcache"
73 vswitch_config_dir = "/etc/openvswitch"
75 class Usage(Exception):
76 def __init__(self, msg):
77 Exception.__init__(self)
80 class Error(Exception):
81 def __init__(self, msg):
82 Exception.__init__(self)
85 class ConfigurationFile(object):
86 """Write a file, tracking old and new versions.
88 Supports writing a new version of a file and applying and
89 reverting those changes.
92 __STATE = {"OPEN":"OPEN",
93 "NOT-APPLIED":"NOT-APPLIED", "APPLIED":"APPLIED",
94 "REVERTED":"REVERTED", "COMMITTED": "COMMITTED"}
96 def __init__(self, fname, path="/etc/sysconfig/network-scripts"):
98 self.__state = self.__STATE['OPEN']
103 dirname = output_directory
107 self.__path = os.path.join(dirname, fname)
108 self.__oldpath = os.path.join(dirname, "." + fname + ".xapi-old")
109 self.__newpath = os.path.join(dirname, "." + fname + ".xapi-new")
110 self.__unlink = False
112 self.__f = open(self.__newpath, "w")
114 def attach_child(self, child):
115 self.__children.append(child)
122 return open(self.path()).readlines()
126 def write(self, args):
127 if self.__state != self.__STATE['OPEN']:
128 raise Error("Attempt to write to file in state %s" % self.__state)
132 if self.__state != self.__STATE['OPEN']:
133 raise Error("Attempt to unlink file in state %s" % self.__state)
136 self.__state = self.__STATE['NOT-APPLIED']
139 if self.__state != self.__STATE['OPEN']:
140 raise Error("Attempt to close file in state %s" % self.__state)
143 self.__state = self.__STATE['NOT-APPLIED']
146 if self.__state != self.__STATE['NOT-APPLIED']:
147 raise Error("Attempt to compare file in state %s" % self.__state)
152 if self.__state != self.__STATE['NOT-APPLIED']:
153 raise Error("Attempt to apply configuration from state %s" % self.__state)
155 for child in self.__children:
158 log("Applying changes to %s configuration" % self.__fname)
160 # Remove previous backup.
161 if os.access(self.__oldpath, os.F_OK):
162 os.unlink(self.__oldpath)
164 # Save current configuration.
165 if os.access(self.__path, os.F_OK):
166 os.link(self.__path, self.__oldpath)
167 os.unlink(self.__path)
169 # Apply new configuration.
170 assert(os.path.exists(self.__newpath))
171 if not self.__unlink:
172 os.link(self.__newpath, self.__path)
174 pass # implicit unlink of original file
176 # Remove temporary file.
177 os.unlink(self.__newpath)
179 self.__state = self.__STATE['APPLIED']
182 if self.__state != self.__STATE['APPLIED']:
183 raise Error("Attempt to revert configuration from state %s" % self.__state)
185 for child in self.__children:
188 log("Reverting changes to %s configuration" % self.__fname)
190 # Remove existing new configuration
191 if os.access(self.__newpath, os.F_OK):
192 os.unlink(self.__newpath)
194 # Revert new configuration.
195 if os.access(self.__path, os.F_OK):
196 os.link(self.__path, self.__newpath)
197 os.unlink(self.__path)
199 # Revert to old configuration.
200 if os.access(self.__oldpath, os.F_OK):
201 os.link(self.__oldpath, self.__path)
202 os.unlink(self.__oldpath)
204 # Leave .*.xapi-new as an aid to debugging.
206 self.__state = self.__STATE['REVERTED']
209 if self.__state != self.__STATE['APPLIED']:
210 raise Error("Attempt to commit configuration from state %s" % self.__state)
212 for child in self.__children:
215 log("Committing changes to %s configuration" % self.__fname)
217 if os.access(self.__oldpath, os.F_OK):
218 os.unlink(self.__oldpath)
219 if os.access(self.__newpath, os.F_OK):
220 os.unlink(self.__newpath)
222 self.__state = self.__STATE['COMMITTED']
225 return output_directory is not None
229 print >>sys.stderr, s
233 def check_allowed(pif):
234 pifrec = db.get_pif_record(pif)
236 f = open("/proc/ardence")
237 macline = filter(lambda x: x.startswith("HWaddr:"), f.readlines())
239 if len(macline) == 1:
240 p = re.compile(".*\s%(MAC)s\s.*" % pifrec, re.IGNORECASE)
241 if p.match(macline[0]):
242 log("Skipping PVS device %(device)s (%(MAC)s)" % pifrec)
248 def interface_exists(i):
249 return os.path.exists("/sys/class/net/" + i)
251 class DatabaseCache(object):
252 def __init__(self, session_ref=None, cache_file=None):
253 if session_ref and cache_file:
254 raise Error("can't specify session reference and cache file")
256 if cache_file == None:
257 session = XenAPI.xapi_local()
260 log("No session ref given on command line, logging in.")
261 session.xenapi.login_with_password("root", "")
263 session._session = session_ref
266 self.__vlans = session.xenapi.VLAN.get_all_records()
267 self.__bonds = session.xenapi.Bond.get_all_records()
268 self.__pifs = session.xenapi.PIF.get_all_records()
269 self.__networks = session.xenapi.network.get_all_records()
272 session.xenapi.session.logout()
274 log("Loading xapi database cache from %s" % cache_file)
275 f = open(cache_file, 'r')
276 members = pickle.load(f)
277 self.extras = pickle.load(f)
280 self.__vlans = members['vlans']
281 self.__bonds = members['bonds']
282 self.__pifs = members['pifs']
283 self.__networks = members['networks']
285 def save(self, cache_file, extras):
286 f = open(cache_file, 'w')
287 pickle.dump({'vlans': self.__vlans,
288 'bonds': self.__bonds,
290 'networks': self.__networks}, f)
291 pickle.dump(extras, f)
294 def get_pif_by_uuid(self, uuid):
295 pifs = map(lambda (ref,rec): ref,
296 filter(lambda (ref,rec): uuid == rec['uuid'],
297 self.__pifs.items()))
299 raise Error("Unknown PIF \"%s\"" % uuid)
301 raise Error("Non-unique PIF \"%s\"" % uuid)
305 def get_pifs_by_record(self, record):
306 """record is partial pif record.
307 Get the pif(s) whose record matches.
311 if record[key] != pifrec[key]:
315 return map(lambda (ref,rec): ref,
316 filter(lambda (ref,rec): match(rec),
317 self.__pifs.items()))
319 def get_pif_by_record(self, record):
320 """record is partial pif record.
321 Get the pif whose record matches.
323 pifs = self.get_pifs_by_record(record)
325 raise Error("No matching PIF \"%s\"" % str(record))
327 raise Error("Multiple matching PIFs \"%s\"" % str(record))
331 def get_pif_by_bridge(self, host, bridge):
332 networks = map(lambda (ref,rec): ref,
333 filter(lambda (ref,rec): rec['bridge'] == bridge,
334 self.__networks.items()))
335 if len(networks) == 0:
336 raise Error("No matching network \"%s\"")
339 for network in networks:
340 nwrec = self.get_network_record(network)
341 for pif in nwrec['PIFs']:
342 pifrec = self.get_pif_record(pif)
343 if pifrec['host'] != host:
346 raise Error("Multiple PIFs on %s for network %s" % (host, bridge))
349 raise Error("No PIF on %s for network %s" % (host, bridge))
352 def get_pif_record(self, pif):
353 if self.__pifs.has_key(pif):
354 return self.__pifs[pif]
355 raise Error("Unknown PIF \"%s\"" % pif)
356 def get_all_pifs(self):
358 def pif_exists(self, pif):
359 return self.__pifs.has_key(pif)
361 def get_management_pif(self, host):
362 """ Returns the management pif on host
364 all = self.get_all_pifs()
366 pifrec = self.get_pif_record(pif)
367 if pifrec['management'] and pifrec['host'] == host :
371 def get_network_record(self, network):
372 if self.__networks.has_key(network):
373 return self.__networks[network]
374 raise Error("Unknown network \"%s\"" % network)
375 def get_all_networks(self):
376 return self.__networks
378 def get_bond_record(self, bond):
379 if self.__bonds.has_key(bond):
380 return self.__bonds[bond]
384 def get_vlan_record(self, vlan):
385 if self.__vlans.has_key(vlan):
386 return self.__vlans[vlan]
390 def bridge_name(pif):
391 """Return the bridge name associated with pif, or None if network is bridgeless"""
392 pifrec = db.get_pif_record(pif)
393 nwrec = db.get_network_record(pifrec['network'])
396 # TODO: sanity check that nwrec['bridgeless'] != 'true'
397 return nwrec['bridge']
399 # TODO: sanity check that nwrec['bridgeless'] == 'true'
402 def interface_name(pif):
403 """Construct an interface name from the given PIF record."""
405 pifrec = db.get_pif_record(pif)
407 if pifrec['VLAN'] == '-1':
408 return pifrec['device']
410 return "%(device)s.%(VLAN)s" % pifrec
412 def datapath_name(pif):
413 """Return the OpenFlow datapath name associated with pif.
414 For a non-VLAN PIF, the datapath name is the bridge name.
415 For a VLAN PIF, the datapath name is the bridge name for the PIF's VLAN slave.
416 (xapi will create a datapath named with the bridge name even though we won't
420 pifrec = db.get_pif_record(pif)
422 if pifrec['VLAN'] == '-1':
423 return bridge_name(pif)
425 return bridge_name(get_vlan_slave_of_pif(pif))
428 """Return the the name of the network device that carries the
429 IP configuration (if any) associated with pif.
430 The ipdev name is the same as the bridge name.
433 pifrec = db.get_pif_record(pif)
434 return bridge_name(pif)
436 def physdev_names(pif):
437 """Return the name(s) of the physical network device(s) associated with pif.
438 For a VLAN PIF, the physical devices are the VLAN slave's physical devices.
439 For a bond master PIF, the physical devices are the bond slaves.
440 For a non-VLAN, non-bond master PIF, the physical device is the PIF itself.
443 pifrec = db.get_pif_record(pif)
445 if pifrec['VLAN'] != '-1':
446 return physdev_names(get_vlan_slave_of_pif(pif))
447 elif len(pifrec['bond_master_of']) != 0:
449 for slave in get_bond_slaves_of_pif(pif):
450 physdevs += physdev_names(slave)
453 return [pifrec['device']]
455 def log_pif_action(action, pif):
456 pifrec = db.get_pif_record(pif)
457 pifrec['action'] = action
458 pifrec['interface-name'] = interface_name(pif)
459 if action == "rewrite":
460 pifrec['message'] = "Rewrite PIF %(uuid)s configuration" % pifrec
462 pifrec['message'] = "Bring %(action)s PIF %(uuid)s" % pifrec
463 log("%(message)s: %(interface-name)s configured as %(ip_configuration_mode)s" % pifrec)
465 def get_bond_masters_of_pif(pif):
466 """Returns a list of PIFs which are bond masters of this PIF"""
468 pifrec = db.get_pif_record(pif)
470 bso = pifrec['bond_slave_of']
472 # bond-slave-of is currently a single reference but in principle a
473 # PIF could be a member of several bonds which are not
474 # concurrently attached. Be robust to this possibility.
475 if not bso or bso == "OpaqueRef:NULL":
477 elif not type(bso) == list:
480 bondrecs = [db.get_bond_record(bond) for bond in bso]
481 bondrecs = [rec for rec in bondrecs if rec]
483 return [bond['master'] for bond in bondrecs]
485 def get_bond_slaves_of_pif(pif):
486 """Returns a list of PIFs which make up the given bonded pif."""
488 pifrec = db.get_pif_record(pif)
489 host = pifrec['host']
491 bmo = pifrec['bond_master_of']
493 raise Error("Bond-master-of contains too many elements")
498 bondrec = db.get_bond_record(bmo[0])
500 raise Error("No bond record for bond master PIF")
502 return bondrec['slaves']
504 def get_vlan_slave_of_pif(pif):
505 """Find the PIF which is the VLAN slave of pif.
507 Returns the 'physical' PIF underneath the a VLAN PIF @pif."""
509 pifrec = db.get_pif_record(pif)
511 vlan = pifrec['VLAN_master_of']
512 if not vlan or vlan == "OpaqueRef:NULL":
513 raise Error("PIF is not a VLAN master")
515 vlanrec = db.get_vlan_record(vlan)
517 raise Error("No VLAN record found for PIF")
519 return vlanrec['tagged_PIF']
521 def get_vlan_masters_of_pif(pif):
522 """Returns a list of PIFs which are VLANs on top of the given pif."""
524 pifrec = db.get_pif_record(pif)
525 vlans = [db.get_vlan_record(v) for v in pifrec['VLAN_slave_of']]
526 return [v['untagged_PIF'] for v in vlans if v and db.pif_exists(v['untagged_PIF'])]
528 def interface_deconfigure_commands(interface):
529 # The use of [!0-9] keeps an interface of 'eth0' from matching
530 # VLANs attached to eth0 (such as 'eth0.123'), which are distinct
532 return ['--del-match=bridge.*.port=%s' % interface,
533 '--del-match=bonding.%s.[!0-9]*' % interface,
534 '--del-match=bonding.*.slave=%s' % interface,
535 '--del-match=vlan.%s.[!0-9]*' % interface,
536 '--del-match=port.%s.[!0-9]*' % interface,
537 '--del-match=iface.%s.[!0-9]*' % interface]
539 def run_command(command):
540 log("Running command: " + ' '.join(command))
541 if os.spawnl(os.P_WAIT, command[0], *command) != 0:
542 log("Command failed: " + ' '.join(command))
546 def down_netdev(interface, deconfigure=True):
547 if not interface_exists(interface):
548 log("down_netdev: interface %s does not exist, ignoring" % interface)
550 argv = ["/sbin/ifconfig", interface, 'down']
555 pidfile_name = '/var/run/dhclient-%s.pid' % interface
558 pidfile = open(pidfile_name, 'r')
559 os.kill(int(pidfile.readline()), signal.SIGTERM)
565 # Remove dhclient pidfile.
567 os.remove(pidfile_name)
572 def up_netdev(interface):
573 run_command(["/sbin/ifconfig", interface, 'up'])
575 def find_distinguished_pifs(pif):
576 """Returns the PIFs on host that own DNS and the default route.
577 The peerdns pif will be the one with pif::other-config:peerdns=true, or the mgmt pif if none have this set.
578 The gateway pif will be the one with pif::other-config:defaultroute=true, or the mgmt pif if none have this set.
580 Note: we prune out the bond master pif (if it exists).
581 This is because when we are called to bring up an interface with a bond master, it is implicit that
582 we should bring down that master."""
584 pifrec = db.get_pif_record(pif)
585 host = pifrec['host']
587 pifs_on_host = [ __pif for __pif in db.get_all_pifs() if
588 db.get_pif_record(__pif)['host'] == host and
589 (not __pif in get_bond_masters_of_pif(pif)) ]
592 defaultroute_pif = None
594 # loop through all the pifs on this host looking for one with
595 # other-config:peerdns = true, and one with
596 # other-config:default-route=true
597 for __pif in pifs_on_host:
598 __pifrec = db.get_pif_record(__pif)
599 __oc = __pifrec['other_config']
600 if __oc.has_key('peerdns') and __oc['peerdns'] == 'true':
601 if peerdns_pif == None:
604 log('Warning: multiple pifs with "peerdns=true" - choosing %s and ignoring %s' % \
605 (db.get_pif_record(peerdns_pif)['device'], __pifrec['device']))
606 if __oc.has_key('defaultroute') and __oc['defaultroute'] == 'true':
607 if defaultroute_pif == None:
608 defaultroute_pif = __pif
610 log('Warning: multiple pifs with "defaultroute=true" - choosing %s and ignoring %s' % \
611 (db.get_pif_record(defaultroute_pif)['device'], __pifrec['device']))
613 # If no pif is explicitly specified then use the mgmt pif for peerdns/defaultroute
614 if peerdns_pif == None:
615 peerdns_pif = management_pif
616 if defaultroute_pif == None:
617 defaultroute_pif = management_pif
619 return peerdns_pif, defaultroute_pif
621 def ethtool_settings(oc):
622 # Options for "ethtool -s"
624 if oc.has_key('ethtool-speed'):
625 val = oc['ethtool-speed']
626 if val in ["10", "100", "1000"]:
627 settings += ['speed', val]
629 log("Invalid value for ethtool-speed = %s. Must be 10|100|1000." % val)
630 if oc.has_key('ethtool-duplex'):
631 val = oc['ethtool-duplex']
632 if val in ["10", "100", "1000"]:
633 settings += ['duplex', 'val']
635 log("Invalid value for ethtool-duplex = %s. Must be half|full." % val)
636 if oc.has_key('ethtool-autoneg'):
637 val = oc['ethtool-autoneg']
638 if val in ["true", "on"]:
639 settings += ['autoneg', 'on']
640 elif val in ["false", "off"]:
641 settings += ['autoneg', 'off']
643 log("Invalid value for ethtool-autoneg = %s. Must be on|true|off|false." % val)
645 # Options for "ethtool -K"
647 for opt in ("rx", "tx", "sg", "tso", "ufo", "gso"):
648 if oc.has_key("ethtool-" + opt):
649 val = oc["ethtool-" + opt]
650 if val in ["true", "on"]:
651 offload += [opt, 'on']
652 elif val in ["false", "off"]:
653 offload += [opt, 'off']
655 log("Invalid value for ethtool-%s = %s. Must be on|true|off|false." % (opt, val))
657 return settings, offload
659 def configure_netdev(pif):
660 pifrec = db.get_pif_record(pif)
661 datapath = datapath_name(pif)
662 ipdev = ipdev_name(pif)
664 host = pifrec['host']
665 nw = pifrec['network']
666 nwrec = db.get_network_record(nw)
668 ifconfig_argv = ['/sbin/ifconfig', ipdev, 'up']
670 if pifrec['ip_configuration_mode'] == "DHCP":
672 elif pifrec['ip_configuration_mode'] == "Static":
673 ifconfig_argv += [pifrec['IP']]
674 ifconfig_argv += ['netmask', pifrec['netmask']]
675 gateway = pifrec['gateway']
676 elif pifrec['ip_configuration_mode'] == "None":
680 raise Error("Unknown IP-configuration-mode %s" % pifrec['ip_configuration_mode'])
683 if pifrec.has_key('other_config'):
684 oc = pifrec['other_config']
685 if oc.has_key('mtu'):
686 int(oc['mtu']) # Check that the value is an integer
687 ifconfig_argv += ['mtu', oc['mtu']]
689 run_command(ifconfig_argv)
691 (peerdns_pif, defaultroute_pif) = find_distinguished_pifs(pif)
693 if peerdns_pif == pif:
694 f = ConfigurationFile('resolv.conf', "/etc")
695 if oc.has_key('domain'):
696 f.write("search %s\n" % oc['domain'])
697 for dns in pifrec['DNS'].split(","):
698 f.write("nameserver %s\n" % dns)
703 if defaultroute_pif == pif and gateway != '':
704 run_command(['/sbin/ip', 'route', 'replace', 'default',
705 'via', gateway, 'dev', ipdev])
707 if oc.has_key('static-routes'):
708 for line in oc['static-routes'].split(','):
709 network, masklen, gateway = line.split('/')
710 run_command(['/sbin/ip', 'route', 'add',
711 '%s/%s' % (netmask, masklen), 'via', gateway,
714 settings, offload = ethtool_settings(oc)
716 run_command(['/sbin/ethtool', '-s', ipdev] + settings)
718 run_command(['/sbin/ethtool', '-K', ipdev] + offload)
720 if pifrec['ip_configuration_mode'] == "DHCP":
722 print "Determining IP information for %s..." % ipdev,
723 argv = ['/sbin/dhclient', '-q',
724 '-lf', '/var/lib/dhclient/dhclient-%s.leases' % ipdev,
725 '-pf', '/var/run/dhclient-%s.pid' % ipdev,
727 if run_command(argv):
732 def modify_config(commands):
733 run_command(['/root/vswitch/bin/ovs-cfg-mod', '-vANY:console:emer',
734 '-F', '/etc/ovs-vswitchd.conf']
736 run_command(['/sbin/service', 'vswitch', 'reload'])
738 def is_bond_pif(pif):
739 pifrec = db.get_pif_record(pif)
740 return len(pifrec['bond_master_of']) != 0
742 def configure_bond(pif):
743 pifrec = db.get_pif_record(pif)
744 interface = interface_name(pif)
745 ipdev = ipdev_name(pif)
746 datapath = datapath_name(pif)
747 physdevs = physdev_names(pif)
749 argv = ['--del-match=bonding.%s.[!0-9]*' % interface]
750 argv += ["--add=bonding.%s.slave=%s" % (interface, slave)
751 for slave in physdevs]
755 "mode": "balance-slb",
761 # override defaults with values from other-config whose keys
763 oc = pifrec['other_config']
764 overrides = filter(lambda (key,val):
765 key.startswith("bond-"), oc.items())
766 overrides = map(lambda (key,val): (key[5:], val), overrides)
767 bond_options.update(overrides)
768 for (name,val) in bond_options.items():
769 argv += ["--add=bonding.%s.%s=%s" % (interface, name, val)]
773 pifrec = db.get_pif_record(pif)
775 bridge = bridge_name(pif)
776 interface = interface_name(pif)
777 ipdev = ipdev_name(pif)
778 datapath = datapath_name(pif)
779 physdevs = physdev_names(pif)
781 if pifrec['VLAN'] != '-1':
782 vlan_slave = get_vlan_slave_of_pif(pif)
783 if vlan_slave and is_bond_pif(vlan_slave):
784 bond_master = vlan_slave
785 elif is_bond_pif(pif):
790 bond_slaves = get_bond_slaves_of_pif(bond_master)
793 bond_masters = get_bond_masters_of_pif(pif)
795 # Support "rpm -e vswitch" gracefully by keeping Centos configuration
796 # files up-to-date, even though we don't use them or need them.
797 f = configure_pif(pif)
798 mode = pifrec['ip_configuration_mode']
800 log("Configuring %s using %s configuration" % (bridge, mode))
801 br = open_network_ifcfg(pif)
802 configure_network(pif, br)
806 log("Configuring %s using %s configuration" % (interface, mode))
807 configure_network(pif, f)
809 for master in bond_masters:
810 master_bridge = bridge_name(master)
811 removed = unconfigure_pif(master)
812 f.attach_child(removed)
814 removed = open_network_ifcfg(master)
815 log("Unlinking stale file %s" % removed.path())
817 f.attach_child(removed)
819 # /etc/xensource/scripts/vif needs to know where to add VIFs.
821 if not os.path.exists(vswitch_config_dir):
822 os.mkdir(vswitch_config_dir)
823 br = ConfigurationFile("br-%s" % bridge, vswitch_config_dir)
824 br.write("VLAN_SLAVE=%s\n" % datapath)
825 br.write("VLAN_VID=%s\n" % pifrec['VLAN'])
829 # Update all configuration files (both ours and Centos's).
833 # "ifconfig down" the network device and delete its IP address, etc.
835 for physdev in physdevs:
838 # If we are bringing up a bond, remove IP addresses from the
839 # slaves (because we are implicitly being asked to take them down).
841 # Conversely, if we are bringing up an interface that has bond
842 # masters, remove IP addresses from the bond master (because we
843 # are implicitly being asked to take it down).
844 for bond_pif in bond_slaves + bond_masters:
845 run_command(["/sbin/ifconfig", ipdev_name(bond_pif), '0.0.0.0'])
847 # Remove all keys related to pif and any bond masters linked to PIF.
848 del_ports = [ipdev] + physdevs + bond_masters
849 if vlan_slave and bond_master:
850 del_ports += [interface_name(bond_master)]
852 # What ports do we need to add to the datapath?
854 # We definitely need the ipdev, and ordinarily we want the
855 # physical devices too, but for bonds we need the bond as bridge
857 add_ports = [ipdev, datapath]
859 add_ports += physdevs
861 add_ports += [interface_name(bond_master)]
863 # What ports do we need to delete?
865 # - All the ports that we add, to avoid duplication and to drop
866 # them from another datapath in case they're misassigned.
868 # - The physical devices, since they will either be in add_ports
869 # or added to the bonding device (see below).
871 # - The bond masters for pif. (Ordinarily pif shouldn't have any
872 # bond masters. If it does then interface-reconfigure is
873 # implicitly being asked to take them down.)
874 del_ports = add_ports + physdevs + bond_masters
876 # What networks does this datapath carry?
878 # - The network corresponding to the datapath's PIF.
880 # - The networks corresponding to any VLANs attached to the
883 for nwpif in db.get_pifs_by_record({'device': pifrec['device'],
884 'host': pifrec['host']}):
885 net = db.get_pif_record(nwpif)['network']
886 network_uuids += [db.get_network_record(net)['uuid']]
888 # Bring up bond slaves early, because ovs-vswitchd initially
889 # enables or disables bond slaves based on whether carrier is
890 # detected when they are added, and a network device that is down
891 # always reports "no carrier".
892 bond_slave_physdevs = []
893 for slave in bond_slaves:
894 bond_slave_physdevs += physdev_names(slave)
895 for slave_physdev in bond_slave_physdevs:
896 up_netdev(slave_physdev)
898 # Now modify the ovs-vswitchd config file.
900 for port in set(del_ports):
901 argv += interface_deconfigure_commands(port)
902 for port in set(add_ports):
903 argv += ['--add=bridge.%s.port=%s' % (datapath, port)]
905 argv += ['--add=vlan.%s.tag=%s' % (ipdev, pifrec['VLAN'])]
906 argv += ['--add=iface.%s.internal=true' % (ipdev)]
908 # xapi creates a bridge by the name of the ipdev and requires
909 # that the IP address will be on it. We need to delete this
910 # bridge because we need that device to be a member of our
912 argv += ['--del-match=bridge.%s.[!0-9]*' % ipdev]
914 # xapi insists that its attempts to create the bridge succeed,
915 # so force that to happen.
916 argv += ['--add=iface.%s.fake-bridge=true' % (ipdev)]
919 os.unlink("%s/br-%s" % (vswitch_config_dir, bridge))
922 argv += ['--del-match=bridge.%s.xs-network-uuids=*' % datapath]
923 argv += ['--add=bridge.%s.xs-network-uuids=%s' % (datapath, uuid)
924 for uuid in set(network_uuids)]
926 argv += configure_bond(bond_master)
929 # Configure network devices.
930 configure_netdev(pif)
932 # Bring up VLAN slave, plus physical devices other than bond
933 # slaves (which we brought up earlier).
935 up_netdev(ipdev_name(vlan_slave))
936 for physdev in set(physdevs) - set(bond_slave_physdevs):
939 # Update /etc/issue (which contains the IP address of the management interface)
940 os.system("/sbin/update-issue")
943 # There seems to be a race somewhere: without this sleep, using
944 # XenCenter to create a bond that becomes the management interface
945 # fails with "The underlying connection was closed: A connection that
946 # was expected to be kept alive was closed by the server." on every
947 # second or third try, even though /var/log/messages doesn't show
950 # The race is probably present even without vswitch, but bringing up a
951 # bond without vswitch involves a built-in pause of 10 seconds or more
952 # to wait for the bond to transition from learning to forwarding state.
955 def action_down(pif):
956 rec = db.get_pif_record(pif)
957 interface = interface_name(pif)
958 bridge = bridge_name(pif)
959 ipdev = ipdev_name(pif)
961 # Support "rpm -e vswitch" gracefully by keeping Centos configuration
962 # files up-to-date, even though we don't use them or need them.
963 f = unconfigure_pif(pif)
965 br = open_network_ifcfg(pif)
966 log("Unlinking stale file %s" % br.path())
973 log("action_down failed to apply changes: %s" % e.msg)
978 if rec['VLAN'] != '-1':
979 # Get rid of the VLAN device itself.
981 argv += interface_deconfigure_commands(ipdev)
983 # If the VLAN's slave is attached, stop here.
984 slave = get_vlan_slave_of_pif(pif)
985 if db.get_pif_record(slave)['currently_attached']:
986 log("VLAN slave is currently attached")
990 # If the VLAN's slave has other VLANs that are attached, stop here.
991 masters = get_vlan_masters_of_pif(slave)
993 if m != pif and db.get_pif_record(m)['currently_attached']:
994 log("VLAN slave has other master %s" % interface_naem(m))
998 # Otherwise, take down the VLAN's slave too.
999 log("No more masters, bring down vlan slave %s" % interface_name(slave))
1002 # Stop here if this PIF has attached VLAN masters.
1003 vlan_masters = get_vlan_masters_of_pif(pif)
1004 log("VLAN masters of %s - %s" % (rec['device'], [interface_name(m) for m in vlan_masters]))
1005 for m in vlan_masters:
1006 if db.get_pif_record(m)['currently_attached']:
1007 log("Leaving %s up due to currently attached VLAN master %s" % (interface, interface_name(m)))
1010 # pif is now either a bond or a physical device which needs to be
1011 # brought down. pif might have changed so re-check all its attributes.
1012 rec = db.get_pif_record(pif)
1013 interface = interface_name(pif)
1014 bridge = bridge_name(pif)
1015 ipdev = ipdev_name(pif)
1018 bond_slaves = get_bond_slaves_of_pif(pif)
1019 log("bond slaves of %s - %s" % (rec['device'], [interface_name(s) for s in bond_slaves]))
1020 for slave in bond_slaves:
1021 slave_interface = interface_name(slave)
1022 log("bring down bond slave %s" % slave_interface)
1023 argv += interface_deconfigure_commands(slave_interface)
1024 down_netdev(slave_interface)
1026 argv += interface_deconfigure_commands(ipdev)
1029 argv += ['--del-match', 'bridge.%s.*' % datapath_name(pif)]
1030 argv += ['--del-match', 'bonding.%s.[!0-9]*' % interface]
1033 def action_rewrite(pif):
1034 # Support "rpm -e vswitch" gracefully by keeping Centos configuration
1035 # files up-to-date, even though we don't use them or need them.
1036 pifrec = db.get_pif_record(pif)
1037 f = configure_pif(pif)
1038 interface = interface_name(pif)
1039 bridge = bridge_name(pif)
1040 mode = pifrec['ip_configuration_mode']
1042 log("Configuring %s using %s configuration" % (bridge, mode))
1043 br = open_network_ifcfg(pif)
1044 configure_network(pif, br)
1048 log("Configuring %s using %s configuration" % (interface, mode))
1049 configure_network(pif, f)
1055 log("failed to apply changes: %s" % e.msg)
1059 # We have no code of our own to run here.
1062 def main(argv=None):
1063 global output_directory, management_pif
1069 force_interface = None
1070 force_management = False
1078 longops = [ "output-directory=",
1079 "pif=", "pif-uuid=",
1085 "device=", "mode=", "ip=", "netmask=", "gateway=",
1087 arglist, args = getopt.gnu_getopt(argv[1:], shortops, longops)
1088 except getopt.GetoptError, msg:
1091 force_rewrite_config = {}
1094 if o == "--output-directory":
1095 output_directory = a
1098 elif o == "--pif-uuid":
1100 elif o == "--session":
1102 elif o == "--force-interface" or o == "--force":
1104 elif o == "--management":
1105 force_management = True
1106 elif o in ["--device", "--mode", "--ip", "--netmask", "--gateway"]:
1107 force_rewrite_config[o[2:]] = a
1108 elif o == "-h" or o == "--help":
1109 print __doc__ % {'command-name': os.path.basename(argv[0])}
1112 if not debug_mode():
1113 syslog.openlog(os.path.basename(argv[0]))
1114 log("Called as " + str.join(" ", argv))
1116 raise Usage("Required option <action> not present")
1118 raise Usage("Too many arguments")
1121 # backwards compatibility
1122 if action == "rewrite-configuration": action = "rewrite"
1124 if output_directory and ( session or pif ):
1125 raise Usage("--session/--pif cannot be used with --output-directory")
1126 if ( session or pif ) and pif_uuid:
1127 raise Usage("--session/--pif and --pif-uuid are mutually exclusive.")
1128 if ( session and not pif ) or ( not session and pif ):
1129 raise Usage("--session and --pif must be used together.")
1130 if force_interface and ( session or pif or pif_uuid ):
1131 raise Usage("--force is mutually exclusive with --session, --pif and --pif-uuid")
1132 if len(force_rewrite_config) and not (force_interface and action == "rewrite"):
1133 raise Usage("\"--force rewrite\" needed for --device, --mode, --ip, --netmask, and --gateway")
1137 log("Force interface %s %s" % (force_interface, action))
1139 if action == "rewrite":
1140 action_force_rewrite(force_interface, force_rewrite_config)
1142 db = DatabaseCache(cache_file=dbcache_file)
1143 host = db.extras['host']
1144 pif = db.get_pif_by_bridge(host, force_interface)
1145 management_pif = db.get_management_pif(host)
1149 elif action == "down":
1152 raise Usage("Unknown action %s" % action)
1154 db = DatabaseCache(session_ref=session)
1157 pif = db.get_pif_by_uuid(pif_uuid)
1160 raise Usage("No PIF given")
1162 if force_management:
1163 # pif is going to be the management pif
1164 management_pif = pif
1166 # pif is not going to be the management pif.
1167 # Search DB cache for pif on same host with management=true
1168 pifrec = db.get_pif_record(pif)
1169 host = pifrec['host']
1170 management_pif = db.get_management_pif(host)
1172 log_pif_action(action, pif)
1174 if not check_allowed(pif):
1179 elif action == "down":
1181 elif action == "rewrite":
1184 raise Usage("Unknown action %s" % action)
1187 pifrec = db.get_pif_record(pif)
1188 db.save(dbcache_file, {'host': pifrec['host']})
1191 print >>sys.stderr, err.msg
1192 print >>sys.stderr, "For help use --help."
1200 # The following code allows interface-reconfigure to keep Centos
1201 # network configuration files up-to-date, even though the vswitch
1202 # never uses them. In turn, that means that "rpm -e vswitch" does not
1203 # have to update any configuration files.
1205 def configure_ethtool(oc, f):
1206 # Options for "ethtool -s"
1208 setting_opts = ["autoneg", "speed", "duplex"]
1209 # Options for "ethtool -K"
1211 offload_opts = ["rx", "tx", "sg", "tso", "ufo", "gso"]
1213 for opt in [opt for opt in setting_opts + offload_opts if oc.has_key("ethtool-" + opt)]:
1214 val = oc["ethtool-" + opt]
1216 if opt in ["speed"]:
1217 if val in ["10", "100", "1000"]:
1218 val = "speed " + val
1220 log("Invalid value for ethtool-speed = %s. Must be 10|100|1000." % val)
1222 elif opt in ["duplex"]:
1223 if val in ["half", "full"]:
1224 val = "duplex " + val
1226 log("Invalid value for ethtool-duplex = %s. Must be half|full." % val)
1228 elif opt in ["autoneg"] + offload_opts:
1229 if val in ["true", "on"]:
1231 elif val in ["false", "off"]:
1234 log("Invalid value for ethtool-%s = %s. Must be on|true|off|false." % (opt, val))
1237 if opt in setting_opts:
1238 if val and settings:
1239 settings = settings + " " + val
1242 elif opt in offload_opts:
1244 offload = offload + " " + val
1249 f.write("ETHTOOL_OPTS=\"%s\"\n" % settings)
1251 f.write("ETHTOOL_OFFLOAD_OPTS=\"%s\"\n" % offload)
1253 def configure_mtu(oc, f):
1254 if not oc.has_key('mtu'):
1258 mtu = int(oc['mtu'])
1259 f.write("MTU=%d\n" % mtu)
1260 except ValueError, x:
1261 log("Invalid value for mtu = %s" % mtu)
1263 def configure_static_routes(interface, oc, f):
1264 """Open a route-<interface> file for static routes.
1266 Opens the static routes configuration file for interface and writes one
1267 line for each route specified in the network's other config "static-routes" value.
1269 interface ( RO): xenbr1
1270 other-config (MRW): static-routes: 172.16.0.0/15/192.168.0.3,172.18.0.0/16/192.168.0.4;...
1272 Then route-xenbr1 should be
1273 172.16.0.0/15 via 192.168.0.3 dev xenbr1
1274 172.18.0.0/16 via 192.168.0.4 dev xenbr1
1276 fname = "route-%s" % interface
1277 if oc.has_key('static-routes'):
1278 # The key is present - extract comma seperates entries
1279 lines = oc['static-routes'].split(',')
1281 # The key is not present, i.e. there are no static routes
1284 child = ConfigurationFile(fname)
1285 child.write("# DO NOT EDIT: This file (%s) was autogenerated by %s\n" % \
1286 (os.path.basename(child.path()), os.path.basename(sys.argv[0])))
1290 network, masklen, gateway = l.split('/')
1291 child.write("%s/%s via %s dev %s\n" % (network, masklen, gateway, interface))
1293 f.attach_child(child)
1296 except ValueError, e:
1297 log("Error in other-config['static-routes'] format for network %s: %s" % (interface, e))
1299 def __open_ifcfg(interface):
1300 """Open a network interface configuration file.
1302 Opens the configuration file for interface, writes a header and
1303 common options and returns the file object.
1305 fname = "ifcfg-%s" % interface
1306 f = ConfigurationFile(fname)
1308 f.write("# DO NOT EDIT: This file (%s) was autogenerated by %s\n" % \
1309 (os.path.basename(f.path()), os.path.basename(sys.argv[0])))
1310 f.write("XEMANAGED=yes\n")
1311 f.write("DEVICE=%s\n" % interface)
1312 f.write("ONBOOT=no\n")
1316 def open_network_ifcfg(pif):
1317 bridge = bridge_name(pif)
1318 interface = interface_name(pif)
1320 return __open_ifcfg(bridge)
1322 return __open_ifcfg(interface)
1325 def open_pif_ifcfg(pif):
1326 pifrec = db.get_pif_record(pif)
1328 log("Configuring %s (%s)" % (interface_name(pif), pifrec['MAC']))
1330 f = __open_ifcfg(interface_name(pif))
1332 if pifrec.has_key('other_config'):
1333 configure_ethtool(pifrec['other_config'], f)
1334 configure_mtu(pifrec['other_config'], f)
1338 def configure_network(pif, f):
1339 """Write the configuration file for a network.
1341 Writes configuration derived from the network object into the relevant
1342 ifcfg file. The configuration file is passed in, but if the network is
1343 bridgeless it will be ifcfg-<interface>, otherwise it will be ifcfg-<bridge>.
1345 This routine may also write ifcfg files of the networks corresponding to other PIFs
1346 in order to maintain consistency.
1349 pif: Opaque_ref of pif
1350 f : ConfigurationFile(/path/to/ifcfg) to which we append network configuration
1353 pifrec = db.get_pif_record(pif)
1354 host = pifrec['host']
1355 nw = pifrec['network']
1356 nwrec = db.get_network_record(nw)
1358 bridge = bridge_name(pif)
1359 interface = interface_name(pif)
1365 if nwrec.has_key('other_config'):
1366 configure_ethtool(nwrec['other_config'], f)
1367 configure_mtu(nwrec['other_config'], f)
1368 configure_static_routes(device, nwrec['other_config'], f)
1371 if pifrec.has_key('other_config'):
1372 oc = pifrec['other_config']
1374 if device == bridge:
1375 f.write("TYPE=Bridge\n")
1376 f.write("DELAY=0\n")
1377 f.write("STP=off\n")
1378 f.write("PIFDEV=%s\n" % interface_name(pif))
1380 if pifrec['ip_configuration_mode'] == "DHCP":
1381 f.write("BOOTPROTO=dhcp\n")
1382 f.write("PERSISTENT_DHCLIENT=yes\n")
1383 elif pifrec['ip_configuration_mode'] == "Static":
1384 f.write("BOOTPROTO=none\n")
1385 f.write("NETMASK=%(netmask)s\n" % pifrec)
1386 f.write("IPADDR=%(IP)s\n" % pifrec)
1387 f.write("GATEWAY=%(gateway)s\n" % pifrec)
1388 elif pifrec['ip_configuration_mode'] == "None":
1389 f.write("BOOTPROTO=none\n")
1391 raise Error("Unknown ip-configuration-mode %s" % pifrec['ip_configuration_mode'])
1393 if pifrec.has_key('DNS') and pifrec['DNS'] != "":
1394 ServerList = pifrec['DNS'].split(",")
1395 for i in range(len(ServerList)): f.write("DNS%d=%s\n" % (i+1, ServerList[i]))
1396 if oc and oc.has_key('domain'):
1397 f.write("DOMAIN='%s'\n" % oc['domain'].replace(',', ' '))
1399 # We only allow one ifcfg-xenbr* to have PEERDNS=yes and there can be only one GATEWAYDEV in /etc/sysconfig/network.
1400 # The peerdns pif will be the one with pif::other-config:peerdns=true, or the mgmt pif if none have this set.
1401 # The gateway pif will be the one with pif::other-config:defaultroute=true, or the mgmt pif if none have this set.
1403 # Work out which pif on this host should be the one with PEERDNS=yes and which should be the GATEWAYDEV
1405 # Note: we prune out the bond master pif (if it exists).
1406 # This is because when we are called to bring up an interface with a bond master, it is implicit that
1407 # we should bring down that master.
1408 pifs_on_host = [ __pif for __pif in db.get_all_pifs() if
1409 db.get_pif_record(__pif)['host'] == host and
1410 (not __pif in get_bond_masters_of_pif(pif)) ]
1411 other_pifs_on_host = [ __pif for __pif in pifs_on_host if __pif != pif ]
1414 defaultroute_pif = None
1416 # loop through all the pifs on this host looking for one with
1417 # other-config:peerdns = true, and one with
1418 # other-config:default-route=true
1419 for __pif in pifs_on_host:
1420 __pifrec = db.get_pif_record(__pif)
1421 __oc = __pifrec['other_config']
1422 if __oc.has_key('peerdns') and __oc['peerdns'] == 'true':
1423 if peerdns_pif == None:
1426 log('Warning: multiple pifs with "peerdns=true" - choosing %s and ignoring %s' % \
1427 (db.get_pif_record(peerdns_pif)['device'], __pifrec['device']))
1428 if __oc.has_key('defaultroute') and __oc['defaultroute'] == 'true':
1429 if defaultroute_pif == None:
1430 defaultroute_pif = __pif
1432 log('Warning: multiple pifs with "defaultroute=true" - choosing %s and ignoring %s' % \
1433 (db.get_pif_record(defaultroute_pif)['device'], __pifrec['device']))
1435 # If no pif is explicitly specified then use the mgmt pif for peerdns/defaultroute
1436 if peerdns_pif == None:
1437 peerdns_pif = management_pif
1438 if defaultroute_pif == None:
1439 defaultroute_pif = management_pif
1441 # Update all the other network's ifcfg files and ensure consistency
1442 for __pif in other_pifs_on_host:
1443 __f = open_network_ifcfg(__pif)
1444 peerdns_line_wanted = 'PEERDNS=%s\n' % ((__pif == peerdns_pif) and 'yes' or 'no')
1445 lines = __f.readlines()
1447 if not peerdns_line_wanted in lines:
1448 # the PIF selected for DNS has changed and as a result this ifcfg file needs rewriting
1450 if not line.lstrip().startswith('PEERDNS'):
1452 log("Setting %s in %s" % (peerdns_line_wanted.strip(), __f.path()))
1453 __f.write(peerdns_line_wanted)
1458 # There is no need to change this ifcfg file. So don't attach_child.
1461 # ... and for this pif too
1462 f.write('PEERDNS=%s\n' % ((pif == peerdns_pif) and 'yes' or 'no'))
1465 fnetwork = ConfigurationFile("network", "/etc/sysconfig")
1466 for line in fnetwork.readlines():
1467 if line.lstrip().startswith('GATEWAY') :
1469 fnetwork.write(line)
1470 if defaultroute_pif:
1471 gatewaydev = bridge_name(defaultroute_pif)
1473 gatewaydev = interface_name(defaultroute_pif)
1474 fnetwork.write('GATEWAYDEV=%s\n' % gatewaydev)
1476 f.attach_child(fnetwork)
1481 def configure_physical_interface(pif):
1482 """Write the configuration for a physical interface.
1484 Writes the configuration file for the physical interface described by
1487 Returns the open file handle for the interface configuration file.
1490 pifrec = db.get_pif_record(pif)
1492 f = open_pif_ifcfg(pif)
1494 f.write("TYPE=Ethernet\n")
1495 f.write("HWADDR=%(MAC)s\n" % pifrec)
1499 def configure_bond_interface(pif):
1500 """Write the configuration for a bond interface.
1502 Writes the configuration file for the bond interface described by
1503 the pif object. Handles writing the configuration for the slave
1506 Returns the open file handle for the bond interface configuration
1510 pifrec = db.get_pif_record(pif)
1511 oc = pifrec['other_config']
1512 f = open_pif_ifcfg(pif)
1514 if pifrec['MAC'] != "":
1515 f.write("MACADDR=%s\n" % pifrec['MAC'])
1517 for slave in get_bond_slaves_of_pif(pif):
1518 s = configure_physical_interface(slave)
1519 s.write("MASTER=%(device)s\n" % pifrec)
1520 s.write("SLAVE=yes\n")
1524 # The bond option defaults
1526 "mode": "balance-slb",
1533 # override defaults with values from other-config whose keys being with "bond-"
1534 overrides = filter(lambda (key,val): key.startswith("bond-"), oc.items())
1535 overrides = map(lambda (key,val): (key[5:], val), overrides)
1536 bond_options.update(overrides)
1538 # write the bond options to ifcfg-bondX
1539 f.write('BONDING_OPTS="')
1540 for (name,val) in bond_options.items():
1541 f.write("%s=%s " % (name,val))
1545 def configure_vlan_interface(pif):
1546 """Write the configuration for a VLAN interface.
1548 Writes the configuration file for the VLAN interface described by
1549 the pif object. Handles writing the configuration for the master
1550 interface if necessary.
1552 Returns the open file handle for the VLAN interface configuration
1556 slave = configure_pif(get_vlan_slave_of_pif(pif))
1559 f = open_pif_ifcfg(pif)
1560 f.write("VLAN=yes\n")
1561 f.attach_child(slave)
1565 def configure_pif(pif):
1566 """Write the configuration for a PIF object.
1568 Writes the configuration file the PIF and all dependent
1569 interfaces (bond slaves and VLAN masters etc).
1571 Returns the open file handle for the interface configuration file.
1574 pifrec = db.get_pif_record(pif)
1576 if pifrec['VLAN'] != '-1':
1577 f = configure_vlan_interface(pif)
1578 elif len(pifrec['bond_master_of']) != 0:
1579 f = configure_bond_interface(pif)
1581 f = configure_physical_interface(pif)
1583 bridge = bridge_name(pif)
1585 f.write("BRIDGE=%s\n" % bridge)
1589 def unconfigure_pif(pif):
1590 """Clear up the files created by configure_pif"""
1591 f = open_pif_ifcfg(pif)
1592 log("Unlinking stale file %s" % f.path())
1596 if __name__ == "__main__":
1602 err = traceback.format_exception(*ex)
1606 if not debug_mode():