1 /* Copyright (c) 2015 Nicira, Inc.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include "ovn-controller.h"
26 #include "command-line.h"
30 #include "dynamic-string.h"
31 #include "openvswitch/vconn.h"
32 #include "openvswitch/vlog.h"
33 #include "ovn/lib/ovn-sb-idl.h"
34 #include "poll-loop.h"
35 #include "fatal-signal.h"
36 #include "lib/vswitch-idl.h"
39 #include "stream-ssl.h"
50 VLOG_DEFINE_THIS_MODULE(main);
52 static unixctl_cb_func ovn_controller_exit;
53 static unixctl_cb_func ct_zone_list;
55 #define DEFAULT_BRIDGE_NAME "br-int"
57 static void parse_options(int argc, char *argv[]);
58 OVS_NO_RETURN static void usage(void);
60 static char *ovs_remote;
62 const struct sbrec_chassis *
63 get_chassis(struct ovsdb_idl *ovnsb_idl, const char *chassis_id)
65 const struct sbrec_chassis *chassis_rec;
67 SBREC_CHASSIS_FOR_EACH(chassis_rec, ovnsb_idl) {
68 if (!strcmp(chassis_rec->name, chassis_id)) {
76 static const struct ovsrec_bridge *
77 get_bridge(struct ovsdb_idl *ovs_idl, const char *br_name)
79 const struct ovsrec_bridge *br;
80 OVSREC_BRIDGE_FOR_EACH (br, ovs_idl) {
81 if (!strcmp(br->name, br_name)) {
88 static const struct ovsrec_bridge *
89 create_br_int(struct controller_ctx *ctx,
90 const struct ovsrec_open_vswitch *cfg,
91 const char *bridge_name)
93 if (!ctx->ovs_idl_txn) {
97 ovsdb_idl_txn_add_comment(ctx->ovs_idl_txn,
98 "ovn-controller: creating integration bridge '%s'", bridge_name);
100 struct ovsrec_interface *iface;
101 iface = ovsrec_interface_insert(ctx->ovs_idl_txn);
102 ovsrec_interface_set_name(iface, bridge_name);
103 ovsrec_interface_set_type(iface, "internal");
105 struct ovsrec_port *port;
106 port = ovsrec_port_insert(ctx->ovs_idl_txn);
107 ovsrec_port_set_name(port, bridge_name);
108 ovsrec_port_set_interfaces(port, &iface, 1);
110 struct ovsrec_bridge *bridge;
111 bridge = ovsrec_bridge_insert(ctx->ovs_idl_txn);
112 ovsrec_bridge_set_name(bridge, bridge_name);
113 ovsrec_bridge_set_fail_mode(bridge, "secure");
114 const struct smap oc = SMAP_CONST1(&oc, "disable-in-band", "true");
115 ovsrec_bridge_set_other_config(bridge, &oc);
116 ovsrec_bridge_set_ports(bridge, &port, 1);
118 struct ovsrec_bridge **bridges;
119 size_t bytes = sizeof *bridges * cfg->n_bridges;
120 bridges = xmalloc(bytes + sizeof *bridges);
121 memcpy(bridges, cfg->bridges, bytes);
122 bridges[cfg->n_bridges] = bridge;
123 ovsrec_open_vswitch_verify_bridges(cfg);
124 ovsrec_open_vswitch_set_bridges(cfg, bridges, cfg->n_bridges + 1);
129 static const struct ovsrec_bridge *
130 get_br_int(struct controller_ctx *ctx)
132 const struct ovsrec_open_vswitch *cfg;
133 cfg = ovsrec_open_vswitch_first(ctx->ovs_idl);
138 const char *br_int_name = smap_get(&cfg->external_ids, "ovn-bridge");
140 br_int_name = DEFAULT_BRIDGE_NAME;
143 const struct ovsrec_bridge *br;
144 br = get_bridge(ctx->ovs_idl, br_int_name);
146 return create_br_int(ctx, cfg, br_int_name);
152 get_chassis_id(const struct ovsdb_idl *ovs_idl)
154 const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_first(ovs_idl);
155 return cfg ? smap_get(&cfg->external_ids, "system-id") : NULL;
159 patch_port_name(const struct ovsrec_bridge *b1, const struct ovsrec_bridge *b2)
161 return xasprintf("patch-%s-to-%s", b1->name, b2->name);
165 * Return true if the port is a patch port from b1 to b2
168 match_patch_port(const struct ovsrec_port *port,
169 const struct ovsrec_bridge *b1,
170 const struct ovsrec_bridge *b2)
172 struct ovsrec_interface *iface;
174 char *peer_port_name;
177 peer_port_name = patch_port_name(b2, b1);
179 for (i = 0; i < port->n_interfaces; i++) {
180 iface = port->interfaces[i];
181 if (strcmp(iface->type, "patch")) {
185 peer = smap_get(&iface->options, "peer");
186 if (peer && !strcmp(peer, peer_port_name)) {
192 free(peer_port_name);
198 create_patch_port(struct controller_ctx *ctx,
200 const struct ovsrec_bridge *b1,
201 const struct ovsrec_bridge *b2)
203 if (!ctx->ovs_idl_txn) {
207 char *port_name = patch_port_name(b1, b2);
208 char *peer_port_name = patch_port_name(b2, b1);
210 ovsdb_idl_txn_add_comment(ctx->ovs_idl_txn,
211 "ovn-controller: creating patch port '%s' from '%s' to '%s'",
212 port_name, b1->name, b2->name);
214 struct ovsrec_interface *iface;
215 iface = ovsrec_interface_insert(ctx->ovs_idl_txn);
216 ovsrec_interface_set_name(iface, port_name);
217 ovsrec_interface_set_type(iface, "patch");
218 const struct smap options = SMAP_CONST1(&options, "peer", peer_port_name);
219 ovsrec_interface_set_options(iface, &options);
221 struct ovsrec_port *port;
222 port = ovsrec_port_insert(ctx->ovs_idl_txn);
223 ovsrec_port_set_name(port, port_name);
224 ovsrec_port_set_interfaces(port, &iface, 1);
225 const struct smap ids = SMAP_CONST1(&ids, "ovn-patch-port", network);
226 ovsrec_port_set_external_ids(port, &ids);
228 struct ovsrec_port **ports;
229 ports = xmalloc(sizeof *ports * (b1->n_ports + 1));
230 memcpy(ports, b1->ports, sizeof *ports * b1->n_ports);
231 ports[b1->n_ports] = port;
232 ovsrec_bridge_verify_ports(b1);
233 ovsrec_bridge_set_ports(b1, ports, b1->n_ports + 1);
237 free(peer_port_name);
241 create_patch_ports(struct controller_ctx *ctx,
243 struct shash *existing_ports,
244 const struct ovsrec_bridge *b1,
245 const struct ovsrec_bridge *b2)
249 for (i = 0; i < b1->n_ports; i++) {
250 if (match_patch_port(b1->ports[i], b1, b2)) {
251 /* Patch port already exists on b1 */
252 shash_find_and_delete(existing_ports, b1->ports[i]->name);
256 if (i == b1->n_ports) {
257 create_patch_port(ctx, network, b1, b2);
262 init_existing_ports(struct controller_ctx *ctx,
263 struct shash *existing_ports)
265 const struct ovsrec_port *port;
267 OVSREC_PORT_FOR_EACH (port, ctx->ovs_idl) {
268 if (smap_get(&port->external_ids, "ovn-patch-port")) {
269 shash_add(existing_ports, port->name, port);
275 remove_port(struct controller_ctx *ctx,
276 const struct ovsrec_port *port)
278 const struct ovsrec_bridge *bridge;
280 /* We know the port we want to delete, but we have to find the bridge its on
281 * to do so. Note this only runs on a config change that should be pretty
283 OVSREC_BRIDGE_FOR_EACH (bridge, ctx->ovs_idl) {
285 for (i = 0; i < bridge->n_ports; i++) {
286 if (bridge->ports[i] != port) {
289 struct ovsrec_port **new_ports;
290 new_ports = xmemdup(bridge->ports,
291 sizeof *new_ports * (bridge->n_ports - 1));
292 if (i != bridge->n_ports - 1) {
293 /* Removed port was not last */
294 new_ports[i] = bridge->ports[bridge->n_ports - 1];
296 ovsrec_bridge_verify_ports(bridge);
297 ovsrec_bridge_set_ports(bridge, new_ports, bridge->n_ports - 1);
299 ovsrec_port_delete(port);
306 parse_bridge_mappings(struct controller_ctx *ctx,
307 const struct ovsrec_bridge *br_int,
308 const char *mappings_cfg)
310 struct shash existing_ports = SHASH_INITIALIZER(&existing_ports);
311 init_existing_ports(ctx, &existing_ports);
313 char *cur, *next, *start;
314 next = start = xstrdup(mappings_cfg);
315 while ((cur = strsep(&next, ",")) && *cur) {
316 char *network, *bridge = cur;
317 const struct ovsrec_bridge *ovs_bridge;
319 network = strsep(&bridge, ":");
320 if (!bridge || !*network || !*bridge) {
321 VLOG_ERR("Invalid ovn-bridge-mappings configuration: '%s'",
326 ovs_bridge = get_bridge(ctx->ovs_idl, bridge);
328 VLOG_WARN("Bridge '%s' not found for network '%s'",
333 create_patch_ports(ctx, network, &existing_ports, br_int, ovs_bridge);
334 create_patch_ports(ctx, network, &existing_ports, ovs_bridge, br_int);
338 /* Any ports left in existing_ports are related to configuration that has
339 * been removed, so we should delete the ports now. */
340 struct shash_node *port_node, *port_next_node;
341 SHASH_FOR_EACH_SAFE (port_node, port_next_node, &existing_ports) {
342 struct ovsrec_port *port = port_node->data;
343 shash_delete(&existing_ports, port_node);
344 remove_port(ctx, port);
346 shash_destroy(&existing_ports);
350 init_bridge_mappings(struct controller_ctx *ctx,
351 const struct ovsrec_bridge *br_int)
353 const char *mappings_cfg = "";
354 const struct ovsrec_open_vswitch *cfg;
356 cfg = ovsrec_open_vswitch_first(ctx->ovs_idl);
358 mappings_cfg = smap_get(&cfg->external_ids, "ovn-bridge-mappings");
363 parse_bridge_mappings(ctx, br_int, mappings_cfg);
366 /* Retrieves the OVN Southbound remote location from the
367 * "external-ids:ovn-remote" key in 'ovs_idl' and returns a copy of it.
369 * XXX ovn-controller does not support this changing mid-run, but that should
370 * be addressed later. */
372 get_ovnsb_remote(struct ovsdb_idl *ovs_idl)
375 ovsdb_idl_run(ovs_idl);
377 const struct ovsrec_open_vswitch *cfg
378 = ovsrec_open_vswitch_first(ovs_idl);
380 const char *remote = smap_get(&cfg->external_ids, "ovn-remote");
382 return xstrdup(remote);
386 VLOG_INFO("OVN OVSDB remote not specified. Waiting...");
387 ovsdb_idl_wait(ovs_idl);
393 main(int argc, char *argv[])
395 struct unixctl_server *unixctl;
399 ovs_cmdl_proctitle_init(argc, argv);
400 set_program_name(argv[0]);
401 service_start(&argc, &argv);
402 parse_options(argc, argv);
403 fatal_ignore_sigpipe();
405 daemonize_start(false);
407 retval = unixctl_server_create(NULL, &unixctl);
411 unixctl_command_register("exit", "", 0, 0, ovn_controller_exit, &exiting);
413 daemonize_complete();
421 /* Connect to OVS OVSDB instance. We do not monitor all tables by
422 * default, so modules must register their interest explicitly. */
423 struct ovsdb_idl_loop ovs_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
424 ovsdb_idl_create(ovs_remote, &ovsrec_idl_class, false, true));
425 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_open_vswitch);
426 ovsdb_idl_add_column(ovs_idl_loop.idl,
427 &ovsrec_open_vswitch_col_external_ids);
428 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_open_vswitch_col_bridges);
429 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_interface);
430 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_interface_col_name);
431 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_interface_col_type);
432 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_interface_col_options);
433 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_port);
434 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_port_col_name);
435 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_port_col_interfaces);
436 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_port_col_external_ids);
437 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_bridge);
438 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_ports);
439 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_name);
440 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_fail_mode);
441 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_other_config);
442 chassis_register_ovs_idl(ovs_idl_loop.idl);
443 encaps_register_ovs_idl(ovs_idl_loop.idl);
444 binding_register_ovs_idl(ovs_idl_loop.idl);
445 physical_register_ovs_idl(ovs_idl_loop.idl);
446 ovsdb_idl_get_initial_snapshot(ovs_idl_loop.idl);
448 /* Connect to OVN SB database. */
449 char *ovnsb_remote = get_ovnsb_remote(ovs_idl_loop.idl);
450 struct ovsdb_idl_loop ovnsb_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
451 ovsdb_idl_create(ovnsb_remote, &sbrec_idl_class, true, true));
452 ovsdb_idl_get_initial_snapshot(ovnsb_idl_loop.idl);
454 /* Initialize connection tracking zones. */
455 struct simap ct_zones = SIMAP_INITIALIZER(&ct_zones);
456 unsigned long ct_zone_bitmap[BITMAP_N_LONGS(MAX_CT_ZONES)];
457 bitmap_set1(ct_zone_bitmap, 0); /* Zone 0 is reserved. */
458 unixctl_command_register("ct-zone-list", "", 0, 0,
459 ct_zone_list, &ct_zones);
464 struct controller_ctx ctx = {
465 .ovs_idl = ovs_idl_loop.idl,
466 .ovs_idl_txn = ovsdb_idl_loop_run(&ovs_idl_loop),
467 .ovnsb_idl = ovnsb_idl_loop.idl,
468 .ovnsb_idl_txn = ovsdb_idl_loop_run(&ovnsb_idl_loop),
471 const struct ovsrec_bridge *br_int = get_br_int(&ctx);
472 const char *chassis_id = get_chassis_id(ctx.ovs_idl);
474 /* Map bridges to local nets from ovn-bridge-mappings */
476 init_bridge_mappings(&ctx, br_int);
480 chassis_run(&ctx, chassis_id);
481 encaps_run(&ctx, br_int, chassis_id);
482 binding_run(&ctx, br_int, chassis_id, &ct_zones, ct_zone_bitmap);
486 enum mf_field_id mff_ovn_geneve = ofctrl_run(br_int);
488 struct hmap flow_table = HMAP_INITIALIZER(&flow_table);
489 lflow_run(&ctx, &flow_table, &ct_zones);
491 physical_run(&ctx, mff_ovn_geneve,
492 br_int, chassis_id, &ct_zones, &flow_table);
494 ofctrl_put(&flow_table);
495 hmap_destroy(&flow_table);
498 unixctl_server_run(unixctl);
500 unixctl_server_wait(unixctl);
502 poll_immediate_wake();
505 ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
506 ovsdb_idl_loop_commit_and_wait(&ovs_idl_loop);
512 if (should_service_stop()) {
517 /* It's time to exit. Clean up the databases. */
520 struct controller_ctx ctx = {
521 .ovs_idl = ovs_idl_loop.idl,
522 .ovs_idl_txn = ovsdb_idl_loop_run(&ovs_idl_loop),
523 .ovnsb_idl = ovnsb_idl_loop.idl,
524 .ovnsb_idl_txn = ovsdb_idl_loop_run(&ovnsb_idl_loop),
527 const struct ovsrec_bridge *br_int = get_br_int(&ctx);
528 const char *chassis_id = get_chassis_id(ctx.ovs_idl);
530 /* Run all of the cleanup functions, even if one of them returns false.
531 * We're done if all of them return true. */
532 done = binding_cleanup(&ctx, chassis_id);
533 done = chassis_cleanup(&ctx, chassis_id) && done;
534 done = encaps_cleanup(&ctx, br_int) && done;
536 poll_immediate_wake();
539 ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
540 ovsdb_idl_loop_commit_and_wait(&ovs_idl_loop);
544 unixctl_server_destroy(unixctl);
548 simap_destroy(&ct_zones);
550 ovsdb_idl_loop_destroy(&ovs_idl_loop);
551 ovsdb_idl_loop_destroy(&ovnsb_idl_loop);
561 parse_options(int argc, char *argv[])
564 OPT_PEER_CA_CERT = UCHAR_MAX + 1,
565 OPT_BOOTSTRAP_CA_CERT,
570 static struct option long_options[] = {
571 {"help", no_argument, NULL, 'h'},
572 {"version", no_argument, NULL, 'V'},
575 STREAM_SSL_LONG_OPTIONS,
576 {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
577 {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
580 char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
585 c = getopt_long(argc, argv, short_options, long_options, NULL);
595 ovs_print_version(OFP13_VERSION, OFP13_VERSION);
599 DAEMON_OPTION_HANDLERS
600 STREAM_SSL_OPTION_HANDLERS
602 case OPT_PEER_CA_CERT:
603 stream_ssl_set_peer_ca_cert_file(optarg);
606 case OPT_BOOTSTRAP_CA_CERT:
607 stream_ssl_set_ca_cert_file(optarg, true);
623 ovs_remote = xasprintf("unix:%s/db.sock", ovs_rundir());
624 } else if (argc == 1) {
625 ovs_remote = xstrdup(argv[0]);
627 VLOG_FATAL("exactly zero or one non-option argument required; "
628 "use --help for usage");
635 printf("%s: OVN controller\n"
636 "usage %s [OPTIONS] [OVS-DATABASE]\n"
637 "where OVS-DATABASE is a socket on which the OVS OVSDB server is listening.\n",
638 program_name, program_name);
639 stream_usage("OVS-DATABASE", true, false, false);
642 printf("\nOther options:\n"
643 " -h, --help display this help message\n"
644 " -V, --version display version information\n");
649 ovn_controller_exit(struct unixctl_conn *conn, int argc OVS_UNUSED,
650 const char *argv[] OVS_UNUSED, void *exiting_)
652 bool *exiting = exiting_;
655 unixctl_command_reply(conn, NULL);
659 ct_zone_list(struct unixctl_conn *conn, int argc OVS_UNUSED,
660 const char *argv[] OVS_UNUSED, void *ct_zones_)
662 struct simap *ct_zones = ct_zones_;
663 struct ds ds = DS_EMPTY_INITIALIZER;
664 struct simap_node *zone;
666 SIMAP_FOR_EACH(zone, ct_zones) {
667 ds_put_format(&ds, "%s %d\n", zone->name, zone->data);
670 unixctl_command_reply(conn, ds_cstr(&ds));