1 /* Copyright (c) 2015, 2016 Nicira, Inc.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
18 #include "ovn-controller.h"
28 #include "command-line.h"
32 #include "openvswitch/dynamic-string.h"
34 #include "fatal-signal.h"
35 #include "openvswitch/hmap.h"
37 #include "lib/vswitch-idl.h"
40 #include "openvswitch/vconn.h"
41 #include "openvswitch/vlog.h"
42 #include "ovn/lib/actions.h"
43 #include "ovn/lib/ovn-sb-idl.h"
44 #include "ovn/lib/ovn-util.h"
48 #include "poll-loop.h"
49 #include "lib/bitmap.h"
53 #include "stream-ssl.h"
58 VLOG_DEFINE_THIS_MODULE(main);
60 static unixctl_cb_func ovn_controller_exit;
61 static unixctl_cb_func ct_zone_list;
63 #define DEFAULT_BRIDGE_NAME "br-int"
64 #define DEFAULT_PROBE_INTERVAL_MSEC 5000
66 static void update_probe_interval(struct controller_ctx *);
67 static void parse_options(int argc, char *argv[]);
68 OVS_NO_RETURN static void usage(void);
70 static char *ovs_remote;
72 struct local_datapath *
73 get_local_datapath(const struct hmap *local_datapaths, uint32_t tunnel_key)
75 struct hmap_node *node = hmap_first_with_hash(local_datapaths, tunnel_key);
77 ? CONTAINER_OF(node, struct local_datapath, hmap_node)
81 struct patched_datapath *
82 get_patched_datapath(const struct hmap *patched_datapaths, uint32_t tunnel_key)
84 struct hmap_node *node = hmap_first_with_hash(patched_datapaths,
87 ? CONTAINER_OF(node, struct patched_datapath, hmap_node)
91 const struct sbrec_chassis *
92 get_chassis(struct ovsdb_idl *ovnsb_idl, const char *chassis_id)
94 const struct sbrec_chassis *chassis_rec;
96 SBREC_CHASSIS_FOR_EACH(chassis_rec, ovnsb_idl) {
97 if (!strcmp(chassis_rec->name, chassis_id)) {
106 get_tunnel_type(const char *name)
108 if (!strcmp(name, "geneve")) {
110 } else if (!strcmp(name, "stt")) {
112 } else if (!strcmp(name, "vxlan")) {
119 const struct ovsrec_bridge *
120 get_bridge(struct ovsdb_idl *ovs_idl, const char *br_name)
122 const struct ovsrec_bridge *br;
123 OVSREC_BRIDGE_FOR_EACH (br, ovs_idl) {
124 if (!strcmp(br->name, br_name)) {
131 static const struct ovsrec_bridge *
132 create_br_int(struct controller_ctx *ctx,
133 const struct ovsrec_open_vswitch *cfg,
134 const char *bridge_name)
136 if (!ctx->ovs_idl_txn) {
140 ovsdb_idl_txn_add_comment(ctx->ovs_idl_txn,
141 "ovn-controller: creating integration bridge '%s'", bridge_name);
143 struct ovsrec_interface *iface;
144 iface = ovsrec_interface_insert(ctx->ovs_idl_txn);
145 ovsrec_interface_set_name(iface, bridge_name);
146 ovsrec_interface_set_type(iface, "internal");
148 struct ovsrec_port *port;
149 port = ovsrec_port_insert(ctx->ovs_idl_txn);
150 ovsrec_port_set_name(port, bridge_name);
151 ovsrec_port_set_interfaces(port, &iface, 1);
153 struct ovsrec_bridge *bridge;
154 bridge = ovsrec_bridge_insert(ctx->ovs_idl_txn);
155 ovsrec_bridge_set_name(bridge, bridge_name);
156 ovsrec_bridge_set_fail_mode(bridge, "secure");
157 const struct smap oc = SMAP_CONST1(&oc, "disable-in-band", "true");
158 ovsrec_bridge_set_other_config(bridge, &oc);
159 ovsrec_bridge_set_ports(bridge, &port, 1);
161 struct ovsrec_bridge **bridges;
162 size_t bytes = sizeof *bridges * cfg->n_bridges;
163 bridges = xmalloc(bytes + sizeof *bridges);
164 memcpy(bridges, cfg->bridges, bytes);
165 bridges[cfg->n_bridges] = bridge;
166 ovsrec_open_vswitch_verify_bridges(cfg);
167 ovsrec_open_vswitch_set_bridges(cfg, bridges, cfg->n_bridges + 1);
172 static const struct ovsrec_bridge *
173 get_br_int(struct controller_ctx *ctx)
175 const struct ovsrec_open_vswitch *cfg;
176 cfg = ovsrec_open_vswitch_first(ctx->ovs_idl);
181 const char *br_int_name = smap_get(&cfg->external_ids, "ovn-bridge");
183 br_int_name = DEFAULT_BRIDGE_NAME;
186 const struct ovsrec_bridge *br;
187 br = get_bridge(ctx->ovs_idl, br_int_name);
189 return create_br_int(ctx, cfg, br_int_name);
195 get_chassis_id(const struct ovsdb_idl *ovs_idl)
197 const struct ovsrec_open_vswitch *cfg = ovsrec_open_vswitch_first(ovs_idl);
198 const char *chassis_id = cfg ? smap_get(&cfg->external_ids, "system-id") : NULL;
201 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(5, 1);
202 VLOG_WARN_RL(&rl, "'system-id' in Open_vSwitch database is missing.");
208 /* Retrieves the OVN Southbound remote location from the
209 * "external-ids:ovn-remote" key in 'ovs_idl' and returns a copy of it.
211 * XXX ovn-controller does not support this changing mid-run, but that should
212 * be addressed later. */
214 get_ovnsb_remote(struct ovsdb_idl *ovs_idl)
217 ovsdb_idl_run(ovs_idl);
219 const struct ovsrec_open_vswitch *cfg
220 = ovsrec_open_vswitch_first(ovs_idl);
222 const char *remote = smap_get(&cfg->external_ids, "ovn-remote");
224 return xstrdup(remote);
228 VLOG_INFO("OVN OVSDB remote not specified. Waiting...");
229 ovsdb_idl_wait(ovs_idl);
235 update_ct_zones(struct sset *lports, struct hmap *patched_datapaths,
236 struct simap *ct_zones, unsigned long *ct_zone_bitmap)
238 struct simap_node *ct_zone, *ct_zone_next;
240 struct patched_datapath *pd;
242 struct sset all_users = SSET_INITIALIZER(&all_users);
244 SSET_FOR_EACH(user, lports) {
245 sset_add(&all_users, user);
248 /* Local patched datapath (gateway routers) need zones assigned. */
249 HMAP_FOR_EACH(pd, hmap_node, patched_datapaths) {
254 char *dnat = alloc_nat_zone_key(pd->key, "dnat");
255 char *snat = alloc_nat_zone_key(pd->key, "snat");
256 sset_add(&all_users, dnat);
257 sset_add(&all_users, snat);
262 /* Delete zones that do not exist in above sset. */
263 SIMAP_FOR_EACH_SAFE(ct_zone, ct_zone_next, ct_zones) {
264 if (!sset_contains(&all_users, ct_zone->name)) {
265 bitmap_set0(ct_zone_bitmap, ct_zone->data);
266 simap_delete(ct_zones, ct_zone);
270 /* xxx This is wasteful to assign a zone to each port--even if no
271 * xxx security policy is applied. */
273 /* Assign a unique zone id for each logical port and two zones
274 * to a gateway router. */
275 SSET_FOR_EACH(user, &all_users) {
278 if (simap_contains(ct_zones, user)) {
282 /* We assume that there are 64K zones and that we own them all. */
283 zone = bitmap_scan(ct_zone_bitmap, 0, scan_start, MAX_CT_ZONES + 1);
284 if (zone == MAX_CT_ZONES + 1) {
285 static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 1);
286 VLOG_WARN_RL(&rl, "exhausted all ct zones");
289 scan_start = zone + 1;
291 bitmap_set1(ct_zone_bitmap, zone);
292 simap_put(ct_zones, user, zone);
294 /* xxx We should erase any old entries for this
295 * xxx zone, but we need a generic interface to the conntrack
299 sset_destroy(&all_users);
303 get_nb_cfg(struct ovsdb_idl *idl)
305 const struct sbrec_sb_global *sb = sbrec_sb_global_first(idl);
306 return sb ? sb->nb_cfg : 0;
309 /* Contains "struct local_datapath" nodes whose hash values are the
310 * tunnel_key of datapaths with at least one local port binding. */
311 static struct hmap local_datapaths = HMAP_INITIALIZER(&local_datapaths);
312 static struct hmap patched_datapaths = HMAP_INITIALIZER(&patched_datapaths);
314 static struct lport_index lports;
315 static struct mcgroup_index mcgroups;
318 main(int argc, char *argv[])
320 struct unixctl_server *unixctl;
324 ovs_cmdl_proctitle_init(argc, argv);
325 set_program_name(argv[0]);
326 service_start(&argc, &argv);
327 parse_options(argc, argv);
328 fatal_ignore_sigpipe();
330 daemonize_start(false);
332 retval = unixctl_server_create(NULL, &unixctl);
336 unixctl_command_register("exit", "", 0, 0, ovn_controller_exit, &exiting);
338 /* Initialize group ids for loadbalancing. */
339 struct group_table group_table;
340 group_table.group_ids = bitmap_allocate(MAX_OVN_GROUPS);
341 bitmap_set1(group_table.group_ids, 0); /* Group id 0 is invalid. */
342 hmap_init(&group_table.desired_groups);
343 hmap_init(&group_table.existing_groups);
345 daemonize_complete();
354 lport_index_init(&lports);
355 mcgroup_index_init(&mcgroups);
357 /* Connect to OVS OVSDB instance. We do not monitor all tables by
358 * default, so modules must register their interest explicitly. */
359 struct ovsdb_idl_loop ovs_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
360 ovsdb_idl_create(ovs_remote, &ovsrec_idl_class, false, true));
361 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_open_vswitch);
362 ovsdb_idl_add_column(ovs_idl_loop.idl,
363 &ovsrec_open_vswitch_col_external_ids);
364 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_open_vswitch_col_bridges);
365 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_interface);
366 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_interface_col_name);
367 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_interface_col_type);
368 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_interface_col_options);
369 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_port);
370 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_port_col_name);
371 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_port_col_interfaces);
372 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_port_col_external_ids);
373 ovsdb_idl_add_table(ovs_idl_loop.idl, &ovsrec_table_bridge);
374 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_ports);
375 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_name);
376 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_fail_mode);
377 ovsdb_idl_add_column(ovs_idl_loop.idl, &ovsrec_bridge_col_other_config);
378 chassis_register_ovs_idl(ovs_idl_loop.idl);
379 encaps_register_ovs_idl(ovs_idl_loop.idl);
380 binding_register_ovs_idl(ovs_idl_loop.idl);
381 physical_register_ovs_idl(ovs_idl_loop.idl);
382 ovsdb_idl_get_initial_snapshot(ovs_idl_loop.idl);
384 /* Connect to OVN SB database. */
385 char *ovnsb_remote = get_ovnsb_remote(ovs_idl_loop.idl);
386 struct ovsdb_idl_loop ovnsb_idl_loop = OVSDB_IDL_LOOP_INITIALIZER(
387 ovsdb_idl_create(ovnsb_remote, &sbrec_idl_class, true, true));
388 ovsdb_idl_omit_alert(ovnsb_idl_loop.idl, &sbrec_chassis_col_nb_cfg);
390 /* Track the southbound idl. */
391 ovsdb_idl_track_add_all(ovnsb_idl_loop.idl);
393 ovsdb_idl_get_initial_snapshot(ovnsb_idl_loop.idl);
395 /* Initialize connection tracking zones. */
396 struct simap ct_zones = SIMAP_INITIALIZER(&ct_zones);
397 unsigned long ct_zone_bitmap[BITMAP_N_LONGS(MAX_CT_ZONES)];
398 memset(ct_zone_bitmap, 0, sizeof ct_zone_bitmap);
399 bitmap_set1(ct_zone_bitmap, 0); /* Zone 0 is reserved. */
400 unixctl_command_register("ct-zone-list", "", 0, 0,
401 ct_zone_list, &ct_zones);
406 /* Check OVN SB database. */
407 char *new_ovnsb_remote = get_ovnsb_remote(ovs_idl_loop.idl);
408 if (strcmp(ovnsb_remote, new_ovnsb_remote)) {
410 ovnsb_remote = new_ovnsb_remote;
411 ovsdb_idl_set_remote(ovnsb_idl_loop.idl, ovnsb_remote, true);
412 binding_reset_processing();
413 lport_index_clear(&lports);
414 mcgroup_index_clear(&mcgroups);
416 free(new_ovnsb_remote);
419 struct controller_ctx ctx = {
420 .ovs_idl = ovs_idl_loop.idl,
421 .ovs_idl_txn = ovsdb_idl_loop_run(&ovs_idl_loop),
422 .ovnsb_idl = ovnsb_idl_loop.idl,
423 .ovnsb_idl_txn = ovsdb_idl_loop_run(&ovnsb_idl_loop),
426 update_probe_interval(&ctx);
428 struct sset all_lports = SSET_INITIALIZER(&all_lports);
430 const struct ovsrec_bridge *br_int = get_br_int(&ctx);
431 const char *chassis_id = get_chassis_id(ctx.ovs_idl);
433 const struct sbrec_chassis *chassis = NULL;
435 chassis = chassis_run(&ctx, chassis_id);
436 encaps_run(&ctx, br_int, chassis_id);
437 binding_run(&ctx, br_int, chassis_id, &local_datapaths);
440 if (br_int && chassis_id) {
441 patch_run(&ctx, br_int, chassis_id, &local_datapaths,
444 lport_index_fill(&lports, ctx.ovnsb_idl);
445 mcgroup_index_fill(&mcgroups, ctx.ovnsb_idl);
447 enum mf_field_id mff_ovn_geneve = ofctrl_run(br_int);
449 pinctrl_run(&ctx, &lports, br_int, chassis_id, &local_datapaths);
450 update_ct_zones(&all_lports, &patched_datapaths, &ct_zones,
453 lflow_run(&ctx, &lports, &mcgroups, &local_datapaths,
454 &patched_datapaths, &group_table, &ct_zones);
456 physical_run(&ctx, mff_ovn_geneve,
457 br_int, chassis_id, &ct_zones,
458 &local_datapaths, &patched_datapaths);
460 ofctrl_put(&group_table, get_nb_cfg(ctx.ovnsb_idl));
461 if (ctx.ovnsb_idl_txn) {
462 int64_t cur_cfg = ofctrl_get_cur_cfg();
463 if (cur_cfg && cur_cfg != chassis->nb_cfg) {
464 sbrec_chassis_set_nb_cfg(chassis, cur_cfg);
469 sset_destroy(&all_lports);
471 unixctl_server_run(unixctl);
473 unixctl_server_wait(unixctl);
475 poll_immediate_wake();
482 ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
483 ovsdb_idl_loop_commit_and_wait(&ovs_idl_loop);
484 ovsdb_idl_track_clear(ovnsb_idl_loop.idl);
486 if (should_service_stop()) {
491 /* It's time to exit. Clean up the databases. */
494 struct controller_ctx ctx = {
495 .ovs_idl = ovs_idl_loop.idl,
496 .ovs_idl_txn = ovsdb_idl_loop_run(&ovs_idl_loop),
497 .ovnsb_idl = ovnsb_idl_loop.idl,
498 .ovnsb_idl_txn = ovsdb_idl_loop_run(&ovnsb_idl_loop),
501 const struct ovsrec_bridge *br_int = get_br_int(&ctx);
502 const char *chassis_id = get_chassis_id(ctx.ovs_idl);
504 /* Run all of the cleanup functions, even if one of them returns false.
505 * We're done if all of them return true. */
506 done = binding_cleanup(&ctx, chassis_id);
507 done = chassis_cleanup(&ctx, chassis_id) && done;
508 done = encaps_cleanup(&ctx, br_int) && done;
510 poll_immediate_wake();
513 ovsdb_idl_loop_commit_and_wait(&ovnsb_idl_loop);
514 ovsdb_idl_loop_commit_and_wait(&ovs_idl_loop);
518 unixctl_server_destroy(unixctl);
523 simap_destroy(&ct_zones);
525 bitmap_free(group_table.group_ids);
526 hmap_destroy(&group_table.desired_groups);
528 struct group_info *installed, *next_group;
529 HMAP_FOR_EACH_SAFE(installed, next_group, hmap_node,
530 &group_table.existing_groups) {
531 hmap_remove(&group_table.existing_groups, &installed->hmap_node);
532 ds_destroy(&installed->group);
535 hmap_destroy(&group_table.existing_groups);
537 ovsdb_idl_loop_destroy(&ovs_idl_loop);
538 ovsdb_idl_loop_destroy(&ovnsb_idl_loop);
548 parse_options(int argc, char *argv[])
551 OPT_PEER_CA_CERT = UCHAR_MAX + 1,
552 OPT_BOOTSTRAP_CA_CERT,
557 static struct option long_options[] = {
558 {"help", no_argument, NULL, 'h'},
559 {"version", no_argument, NULL, 'V'},
562 STREAM_SSL_LONG_OPTIONS,
563 {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT},
564 {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT},
567 char *short_options = ovs_cmdl_long_options_to_short_options(long_options);
572 c = getopt_long(argc, argv, short_options, long_options, NULL);
582 ovs_print_version(OFP13_VERSION, OFP13_VERSION);
586 DAEMON_OPTION_HANDLERS
587 STREAM_SSL_OPTION_HANDLERS
589 case OPT_PEER_CA_CERT:
590 stream_ssl_set_peer_ca_cert_file(optarg);
593 case OPT_BOOTSTRAP_CA_CERT:
594 stream_ssl_set_ca_cert_file(optarg, true);
610 ovs_remote = xasprintf("unix:%s/db.sock", ovs_rundir());
611 } else if (argc == 1) {
612 ovs_remote = xstrdup(argv[0]);
614 VLOG_FATAL("exactly zero or one non-option argument required; "
615 "use --help for usage");
622 printf("%s: OVN controller\n"
623 "usage %s [OPTIONS] [OVS-DATABASE]\n"
624 "where OVS-DATABASE is a socket on which the OVS OVSDB server is listening.\n",
625 program_name, program_name);
626 stream_usage("OVS-DATABASE", true, false, false);
629 printf("\nOther options:\n"
630 " -h, --help display this help message\n"
631 " -V, --version display version information\n");
636 ovn_controller_exit(struct unixctl_conn *conn, int argc OVS_UNUSED,
637 const char *argv[] OVS_UNUSED, void *exiting_)
639 bool *exiting = exiting_;
642 unixctl_command_reply(conn, NULL);
646 ct_zone_list(struct unixctl_conn *conn, int argc OVS_UNUSED,
647 const char *argv[] OVS_UNUSED, void *ct_zones_)
649 struct simap *ct_zones = ct_zones_;
650 struct ds ds = DS_EMPTY_INITIALIZER;
651 struct simap_node *zone;
653 SIMAP_FOR_EACH(zone, ct_zones) {
654 ds_put_format(&ds, "%s %d\n", zone->name, zone->data);
657 unixctl_command_reply(conn, ds_cstr(&ds));
661 /* Get the desired SB probe timer from the OVS database and configure it into
662 * the SB database. */
664 update_probe_interval(struct controller_ctx *ctx)
666 const struct ovsrec_open_vswitch *cfg
667 = ovsrec_open_vswitch_first(ctx->ovs_idl);
669 ? smap_get_int(&cfg->external_ids,
670 "ovn-remote-probe-interval",
671 DEFAULT_PROBE_INTERVAL_MSEC)
672 : DEFAULT_PROBE_INTERVAL_MSEC);
673 ovsdb_idl_set_probe_interval(ctx->ovnsb_idl, interval);