1 /* Copyright (c) 2015, 2016 Nicira, Inc.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include "ovn-controller.h"
28 #include "command-line.h"
32 #include "openvswitch/dynamic-string.h"
34 #include "fatal-signal.h"
35 #include "openvswitch/hmap.h"
37 #include "lib/vswitch-idl.h"
40 #include "openvswitch/vconn.h"
41 #include "openvswitch/vlog.h"
42 #include "ovn/lib/actions.h"
43 #include "ovn/lib/ovn-sb-idl.h"
44 #include "ovn/lib/ovn-util.h"
48 #include "poll-loop.h"
49 #include "lib/bitmap.h"
53 #include "stream-ssl.h"
58 VLOG_DEFINE_THIS_MODULE(main);
60 static unixctl_cb_func ovn_controller_exit;
61 static unixctl_cb_func ct_zone_list;
63 #define DEFAULT_BRIDGE_NAME "br-int"
64 #define DEFAULT_PROBE_INTERVAL_MSEC 5000
66 static void update_probe_interval(struct controller_ctx *);
67 static void parse_options(int argc, char *argv[]);
68 OVS_NO_RETURN static void usage(void);
70 static char *ovs_remote;
72 struct local_datapath *
73 get_local_datapath(const struct hmap *local_datapaths, uint32_t tunnel_key)
75 struct hmap_node *node = hmap_first_with_hash(local_datapaths, tunnel_key);
77 ? CONTAINER_OF(node, struct local_datapath, hmap_node)
81 struct patched_datapath *
82 get_patched_datapath(const struct hmap *patched_datapaths, uint32_t tunnel_key)
84 struct hmap_node *node = hmap_first_with_hash(patched_datapaths,
87 ? CONTAINER_OF(node, struct patched_datapath, hmap_node)
91 const struct sbrec_chassis *
92 get_chassis(struct ovsdb_idl *ovnsb_idl, const char *chassis_id)
94 const struct sbrec_chassis *chassis_rec;
96 SBREC_CHASSIS_FOR_EACH(chassis_rec, ovnsb_idl) {
97 if (!strcmp(chassis_rec->name, chassis_id)) {
106 get_tunnel_type(const char *name)
108 if (!strcmp(name, "geneve")) {
110 } else if (!strcmp(name, "stt")) {
112 } else if (!strcmp(name, "vxlan")) {
119 const struct ovsrec_bridge *
120 get_bridge(struct ovsdb_idl *ovs_idl, const char *br_name)
122 const struct ovsrec_bridge *br;
123 OVSREC_BRIDGE_FOR_EACH (br, ovs_idl) {
124 if (!strcmp(br->name, br_name)) {
131 static const struct ovsrec_bridge *
132 create_br_int(struct controller_ctx *ctx,
133 const struct ovsrec_open_vswitch *cfg,
134 const char *bridge_name)
136 if (!ctx->ovs_idl_txn) {
140 ovsdb_idl_txn_add_comment(ctx->ovs_idl_txn,
141 "ovn-controller: creating integration bridge '%s'", bridge_name);
143 struct ovsrec_interface *iface;
144 iface = ovsrec_interface_insert(ctx->ovs_idl_txn);
145 ovsrec_interface_set_name(iface, bridge_name);
146 ovsrec_interface_set_type(iface, "internal");
148 struct ovsrec_port *port;
149 port = ovsrec_port_insert(ctx->ovs_idl_txn);
150 ovsrec_port_set_name(port, bridge_name);
151 ovsrec_port_set_interfaces(port, &iface, 1);
153 struct ovsrec_bridge *bridge;
154 bridge = ovsrec_bridge_insert(ctx->ovs_idl_txn);
155 ovsrec_bridge_set_name(bridge, bridge_name);
156 ovsrec_bridge_set_fail_mode(bridge, "secure");
157 const struct smap oc = SMAP_CONST1(&oc, "disable-in-band", "true");
158 ovsrec_bridge_set_other_config(bridge, &oc);
159 ovsrec_bridge_set_ports(bridge, &port, 1);
161 struct ovsrec_bridge **bridges;
162 size_t bytes = sizeof *bridges * cfg->n_bridges;
163 bridges = xmalloc(bytes + sizeof *bridges);
164 memcpy(bridges, cfg->bridges, bytes);
165 bridges[cfg->n_bridges] = bridge;
166 ovsrec_open_vswitch_verify_bridges(cfg);
167 ovsrec_open_vswitch_set_bridges(cfg, bridges, cfg->n_bridges + 1);
172 static const struct ovsrec_bridge *
173 get_br_int(struct controller_ctx *ctx)
175 const struct ovsrec_open_vswitch *cfg;
176 cfg = ovsrec_open_vswitch_first(ctx->ovs_idl);
181 const char *br_int_name = smap_get(&cfg->external_ids, "ovn-bridge");
183 br_int_name = DEFAULT_BRIDGE_NAME;
186 const struct ovsrec_bridge *br;
187 br = get_bridge(ctx->ovs_idl, br_int_name);
189 return create_br_int(ctx, cfg, br_int_name);
195 get_chassis_id(const struct ovsdb_idl *ovs_idl)
197 const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_first(ovs_idl);
198 const char *chassis_id = cfg ? smap_get(&cfg->external_ids, "system-id") : NULL;
201 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
202 VLOG_WARN_RL(&rl, "'system-id' in Open_vSwitch database is missing.");
208 /* Retrieves the OVN Southbound remote location from the
209 * "external-ids:ovn-remote" key in 'ovs_idl' and returns a copy of it.
211 * XXX ovn-controller does not support this changing mid-run, but that should
212 * be addressed later. */
214 get_ovnsb_remote(struct ovsdb_idl *ovs_idl)
217 ovsdb_idl_run(ovs_idl);
219 const struct ovsrec_open_vswitch *cfg
220 = ovsrec_open_vswitch_first(ovs_idl);
222 const char *remote = smap_get(&cfg->external_ids, "ovn-remote");
224 return xstrdup(remote);
228 VLOG_INFO("OVN OVSDB remote not specified. Waiting...");
229 ovsdb_idl_wait(ovs_idl);
235 update_ct_zones(struct sset *lports, struct hmap *patched_datapaths,
236 struct simap *ct_zones, unsigned long *ct_zone_bitmap)
238 struct simap_node *ct_zone, *ct_zone_next;
240 struct patched_datapath *pd;
242 struct sset all_users = SSET_INITIALIZER(&all_users);
244 SSET_FOR_EACH(user, lports) {
245 sset_add(&all_users, user);
248 /* Local patched datapath (gateway routers) need zones assigned. */
249 HMAP_FOR_EACH(pd, hmap_node, patched_datapaths) {
254 char *dnat = alloc_nat_zone_key(pd->key, "dnat");
255 char *snat = alloc_nat_zone_key(pd->key, "snat");
256 sset_add(&all_users, dnat);
257 sset_add(&all_users, snat);
262 /* Delete zones that do not exist in above sset. */
263 SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, ct_zones) {
264 if (!sset_contains(&all_users, ct_zone->name)) {
265 bitmap_set0(ct_zone_bitmap, ct_zone->data);
266 simap_delete(ct_zones, ct_zone);
270 /* xxx This is wasteful to assign a zone to each port--even if no
271 * xxx security policy is applied. */
273 /* Assign a unique zone id for each logical port and two zones
274 * to a gateway router. */
275 SSET_FOR_EACH(user, &all_users) {
278 if (simap_contains(ct_zones, user)) {
282 /* We assume that there are 64K zones and that we own them all. */
283 zone = bitmap_scan(ct_zone_bitmap, 0, scan_start, MAX_CT_ZONES + 1);
284 if (zone == MAX_CT_ZONES + 1) {
285 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
286 VLOG_WARN_RL(&rl, "exhausted all ct zones");
289 scan_start = zone + 1;
291 bitmap_set1(ct_zone_bitmap, zone);
292 simap_put(ct_zones, user, zone);
294 /* xxx We should erase any old entries for this
295 * xxx zone, but we need a generic interface to the conntrack
299 sset_destroy(&all_users);
302 /* Contains "struct local_datapath" nodes whose hash values are the
303 * tunnel_key of datapaths with at least one local port binding. */
304 static struct hmap local_datapaths = HMAP_INITIALIZER(&local_datapaths);
305 static struct hmap patched_datapaths = HMAP_INITIALIZER(&patched_datapaths);
307 static struct lport_index lports;
308 static struct mcgroup_index mcgroups;
311 main(int argc, char *argv[])
313 struct unixctl_server *unixctl;
317 ovs_cmdl_proctitle_init(argc, argv);
318 set_program_name(argv[0]);
319 service_start(&argc, &argv);
320 parse_options(argc, argv);
321 fatal_ignore_sigpipe();
323 daemonize_start(false);
325 retval = unixctl_server_create(NULL, &unixctl);
329 unixctl_command_register("exit", "", 0, 0, ovn_controller_exit, &exiting);
331 /* Initialize group ids for loadbalancing. */
332 struct group_table group_table;
333 group_table.group_ids = bitmap_allocate(MAX_OVN_GROUPS);
334 bitmap_set1(group_table.group_ids, 0); /* Group id 0 is invalid. */
335 hmap_init(&group_table.desired_groups);
336 hmap_init(&group_table.existing_groups);
338 daemonize_complete();
347 lport_index_init(&lports);
348 mcgroup_index_init(&mcgroups);
350 /* Connect to OVS OVSDB instance. We do not monitor all tables by
351 * default, so modules must register their interest explicitly. */
352 struct ovsdb_idl_loop ovs_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
353 ovsdb_idl_create(ovs_remote, &ovsrec_idl_class, false, true));
354 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_open_vswitch);
355 ovsdb_idl_add_column(ovs_idl_loop.idl,
356 &ovsrec_open_vswitch_col_external_ids);
357 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_open_vswitch_col_bridges);
358 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_interface);
359 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_interface_col_name);
360 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_interface_col_type);
361 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_interface_col_options);
362 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_port);
363 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_port_col_name);
364 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_port_col_interfaces);
365 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_port_col_external_ids);
366 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_bridge);
367 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_ports);
368 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_name);
369 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_fail_mode);
370 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_other_config);
371 chassis_register_ovs_idl(ovs_idl_loop.idl);
372 encaps_register_ovs_idl(ovs_idl_loop.idl);
373 binding_register_ovs_idl(ovs_idl_loop.idl);
374 physical_register_ovs_idl(ovs_idl_loop.idl);
375 ovsdb_idl_get_initial_snapshot(ovs_idl_loop.idl);
377 /* Connect to OVN SB database. */
378 char *ovnsb_remote = get_ovnsb_remote(ovs_idl_loop.idl);
379 struct ovsdb_idl_loop ovnsb_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
380 ovsdb_idl_create(ovnsb_remote, &sbrec_idl_class, true, true));
382 /* Track the southbound idl. */
383 ovsdb_idl_track_add_all(ovnsb_idl_loop.idl);
385 ovsdb_idl_get_initial_snapshot(ovnsb_idl_loop.idl);
387 /* Initialize connection tracking zones. */
388 struct simap ct_zones = SIMAP_INITIALIZER(&ct_zones);
389 unsigned long ct_zone_bitmap[BITMAP_N_LONGS(MAX_CT_ZONES)];
390 memset(ct_zone_bitmap, 0, sizeof ct_zone_bitmap);
391 bitmap_set1(ct_zone_bitmap, 0); /* Zone 0 is reserved. */
392 unixctl_command_register("ct-zone-list", "", 0, 0,
393 ct_zone_list, &ct_zones);
398 /* Check OVN SB database. */
399 char *new_ovnsb_remote = get_ovnsb_remote(ovs_idl_loop.idl);
400 if (strcmp(ovnsb_remote, new_ovnsb_remote)) {
402 ovnsb_remote = new_ovnsb_remote;
403 ovsdb_idl_set_remote(ovnsb_idl_loop.idl, ovnsb_remote, true);
404 binding_reset_processing();
405 lport_index_clear(&lports);
406 mcgroup_index_clear(&mcgroups);
408 free(new_ovnsb_remote);
411 struct controller_ctx ctx = {
412 .ovs_idl = ovs_idl_loop.idl,
413 .ovs_idl_txn = ovsdb_idl_loop_run(&ovs_idl_loop),
414 .ovnsb_idl = ovnsb_idl_loop.idl,
415 .ovnsb_idl_txn = ovsdb_idl_loop_run(&ovnsb_idl_loop),
418 update_probe_interval(&ctx);
420 struct sset all_lports = SSET_INITIALIZER(&all_lports);
422 const struct ovsrec_bridge *br_int = get_br_int(&ctx);
423 const char *chassis_id = get_chassis_id(ctx.ovs_idl);
426 chassis_run(&ctx, chassis_id);
427 encaps_run(&ctx, br_int, chassis_id);
428 binding_run(&ctx, br_int, chassis_id, &local_datapaths);
431 if (br_int && chassis_id) {
432 patch_run(&ctx, br_int, chassis_id, &local_datapaths,
435 lport_index_fill(&lports, ctx.ovnsb_idl);
436 mcgroup_index_fill(&mcgroups, ctx.ovnsb_idl);
438 enum mf_field_id mff_ovn_geneve = ofctrl_run(br_int);
440 pinctrl_run(&ctx, &lports, br_int, chassis_id, &local_datapaths);
441 update_ct_zones(&all_lports, &patched_datapaths, &ct_zones,
444 lflow_run(&ctx, &lports, &mcgroups, &local_datapaths,
445 &patched_datapaths, &group_table, &ct_zones);
447 physical_run(&ctx, mff_ovn_geneve,
448 br_int, chassis_id, &ct_zones,
449 &local_datapaths, &patched_datapaths);
451 ofctrl_put(&group_table);
454 sset_destroy(&all_lports);
456 unixctl_server_run(unixctl);
458 unixctl_server_wait(unixctl);
460 poll_immediate_wake();
467 ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
468 ovsdb_idl_loop_commit_and_wait(&ovs_idl_loop);
469 ovsdb_idl_track_clear(ovnsb_idl_loop.idl);
471 if (should_service_stop()) {
476 /* It's time to exit. Clean up the databases. */
479 struct controller_ctx ctx = {
480 .ovs_idl = ovs_idl_loop.idl,
481 .ovs_idl_txn = ovsdb_idl_loop_run(&ovs_idl_loop),
482 .ovnsb_idl = ovnsb_idl_loop.idl,
483 .ovnsb_idl_txn = ovsdb_idl_loop_run(&ovnsb_idl_loop),
486 const struct ovsrec_bridge *br_int = get_br_int(&ctx);
487 const char *chassis_id = get_chassis_id(ctx.ovs_idl);
489 /* Run all of the cleanup functions, even if one of them returns false.
490 * We're done if all of them return true. */
491 done = binding_cleanup(&ctx, chassis_id);
492 done = chassis_cleanup(&ctx, chassis_id) && done;
493 done = encaps_cleanup(&ctx, br_int) && done;
495 poll_immediate_wake();
498 ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
499 ovsdb_idl_loop_commit_and_wait(&ovs_idl_loop);
503 unixctl_server_destroy(unixctl);
508 simap_destroy(&ct_zones);
510 bitmap_free(group_table.group_ids);
511 hmap_destroy(&group_table.desired_groups);
513 struct group_info *installed, *next_group;
514 HMAP_FOR_EACH_SAFE(installed, next_group, hmap_node,
515 &group_table.existing_groups) {
516 hmap_remove(&group_table.existing_groups, &installed->hmap_node);
517 ds_destroy(&installed->group);
520 hmap_destroy(&group_table.existing_groups);
522 ovsdb_idl_loop_destroy(&ovs_idl_loop);
523 ovsdb_idl_loop_destroy(&ovnsb_idl_loop);
533 parse_options(int argc, char *argv[])
536 OPT_PEER_CA_CERT = UCHAR_MAX + 1,
537 OPT_BOOTSTRAP_CA_CERT,
542 static struct option long_options[] = {
543 {"help", no_argument, NULL, 'h'},
544 {"version", no_argument, NULL, 'V'},
547 STREAM_SSL_LONG_OPTIONS,
548 {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
549 {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
552 char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
557 c = getopt_long(argc, argv, short_options, long_options, NULL);
567 ovs_print_version(OFP13_VERSION, OFP13_VERSION);
571 DAEMON_OPTION_HANDLERS
572 STREAM_SSL_OPTION_HANDLERS
574 case OPT_PEER_CA_CERT:
575 stream_ssl_set_peer_ca_cert_file(optarg);
578 case OPT_BOOTSTRAP_CA_CERT:
579 stream_ssl_set_ca_cert_file(optarg, true);
595 ovs_remote = xasprintf("unix:%s/db.sock", ovs_rundir());
596 } else if (argc == 1) {
597 ovs_remote = xstrdup(argv[0]);
599 VLOG_FATAL("exactly zero or one non-option argument required; "
600 "use --help for usage");
607 printf("%s: OVN controller\n"
608 "usage %s [OPTIONS] [OVS-DATABASE]\n"
609 "where OVS-DATABASE is a socket on which the OVS OVSDB server is listening.\n",
610 program_name, program_name);
611 stream_usage("OVS-DATABASE", true, false, false);
614 printf("\nOther options:\n"
615 " -h, --help display this help message\n"
616 " -V, --version display version information\n");
621 ovn_controller_exit(struct unixctl_conn *conn, int argc OVS_UNUSED,
622 const char *argv[] OVS_UNUSED, void *exiting_)
624 bool *exiting = exiting_;
627 unixctl_command_reply(conn, NULL);
631 ct_zone_list(struct unixctl_conn *conn, int argc OVS_UNUSED,
632 const char *argv[] OVS_UNUSED, void *ct_zones_)
634 struct simap *ct_zones = ct_zones_;
635 struct ds ds = DS_EMPTY_INITIALIZER;
636 struct simap_node *zone;
638 SIMAP_FOR_EACH(zone, ct_zones) {
639 ds_put_format(&ds, "%s %d\n", zone->name, zone->data);
642 unixctl_command_reply(conn, ds_cstr(&ds));
646 /* Get the desired SB probe timer from the OVS database and configure it into
647 * the SB database. */
649 update_probe_interval(struct controller_ctx *ctx)
651 const struct ovsrec_open_vswitch *cfg
652 = ovsrec_open_vswitch_first(ctx->ovs_idl);
654 ? smap_get_int(&cfg->external_ids,
655 "ovn-remote-probe-interval",
656 DEFAULT_PROBE_INTERVAL_MSEC)
657 : DEFAULT_PROBE_INTERVAL_MSEC);
658 ovsdb_idl_set_probe_interval(ctx->ovnsb_idl, interval);