Coverage for neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent : 78%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
# Copyright 2011 VMware, Inc. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License.
import constants import ovs_dvr_neutron_agent
'agent.common.config') 'common.config')
# A placeholder for dead vlans.
# A class to represent a VIF (i.e., a port that has 'iface-id' and 'vif-mac' # attributes set). vif_ports=None): # set of tunnel ports on which packets should be flooded
return ("lv-id = %s type = %s phys-net = %s phys-id = %s" % (self.vlan, self.network_type, self.physical_network, self.segmentation_id))
l2population_rpc.L2populationRpcCallBackTunnelMixin, dvr_rpc.DVRAgentRpcCallbackMixin): '''Implements OVS-based tunneling, VLANs and flat networks.
Two local bridges are created: an integration bridge (defaults to 'br-int') and a tunneling bridge (defaults to 'br-tun'). An additional bridge is created for each physical network interface used for VLANs and/or flat networks.
All VM VIFs are plugged into the integration bridge. VM VIFs on a given virtual network share a common "local" VLAN (i.e. not propagated externally). The VLAN id of this local VLAN is mapped to the physical networking details realizing that virtual network.
For virtual networks realized as GRE tunnels, a Logical Switch (LS) identifier is used to differentiate tenant traffic on inter-HV tunnels. A mesh of tunnels is created to other Hypervisors in the cloud. These tunnels originate and terminate on the tunneling bridge of each hypervisor. Port patching is done to connect local VLANs on the integration bridge to inter-hypervisor tunnels on the tunnel bridge.
For each virtual network realized as a VLAN or flat network, a veth or a pair of patch ports is used to connect the local VLAN on the integration bridge with the physical network bridge, with flow rules adding, modifying, or stripping VLAN tags as necessary. '''
# history # 1.0 Initial version # 1.1 Support Security Group RPC # 1.2 Support DVR (Distributed Virtual Router) RPC # 1.3 Added param devices_to_update to security_groups_provider_updated
bridge_mappings, polling_interval, tunnel_types=None, veth_mtu=None, l2_population=False, enable_distributed_routing=False, minimize_polling=False, ovsdb_monitor_respawn_interval=( constants.DEFAULT_OVSDBMON_RESPAWN), arp_responder=False, prevent_arp_spoofing=True, use_veth_interconnection=False, quitting_rpc_timeout=None, conf=None): '''Constructor.
:param bridge_classes: a dict for bridge classes. :param integ_br: name of the integration bridge. :param tun_br: name of the tunnel bridge. :param local_ip: local IP address of this hypervisor. :param bridge_mappings: mappings from physical network name to bridge. :param polling_interval: interval (secs) to poll DB. :param tunnel_types: A list of tunnel types to enable support for in the agent. If set, will automatically set enable_tunneling to True. :param veth_mtu: MTU size for veth interfaces. :param l2_population: Optional, whether L2 population is turned on :param minimize_polling: Optional, whether to minimize polling by monitoring ovsdb for interface changes. :param ovsdb_monitor_respawn_interval: Optional, when using polling minimization, the number of seconds to wait before respawning the ovsdb monitor. :param arp_responder: Optional, enable local ARP responder if it is supported. :param prevent_arp_spoofing: Optional, enable suppression of any ARP responses from ports that don't match an IP address that belongs to the ports. Spoofing rules will not be added to ports that have port security disabled. :param use_veth_interconnection: use veths instead of patch ports to interconnect the integration bridge to physical bridges. :param quitting_rpc_timeout: timeout in seconds for rpc calls after SIGTERM is received :param conf: an instance of ConfigOpts '''
# init bridge classes with configured datapath type. functools.partial(bridge_classes[b], datapath_type=self.conf.OVS.datapath_type) for b in ('br_int', 'br_phys', 'br_tun'))
p_const.MAX_VLAN_TAG)) # TODO(ethuleau): Change ARP responder so it's not dependent on the # ML2 l2 population mechanism driver.
'binary': 'neutron-openvswitch-agent', 'host': self.conf.host, 'topic': n_const.L2_AGENT_TOPIC, 'configurations': {'bridge_mappings': bridge_mappings, 'tunnel_types': self.tunnel_types, 'tunneling_ip': local_ip, 'l2_population': self.l2_pop, 'arp_responder_enabled': self.arp_responder_enabled, 'enable_distributed_routing': self.enable_distributed_routing, 'log_agent_heartbeats': self.conf.AGENT.log_agent_heartbeats}, 'agent_type': n_const.AGENT_TYPE_OVS, 'start_flag': True}
self.enable_tunneling = True else:
# Validate agent configurations
# Keep track of int_br's device count for use by _report_state()
# Stores port update notifications for processing in main rpc loop # Stores port delete notifications # keeps association between ports and ofports to detect ofport change p_const.TYPE_VXLAN: {}}
# The patch_int_ofport and patch_tun_ofport are updated # here inside the call to setup_tunnel_br() self.setup_tunnel_br(tun_br)
self.context, self.dvr_plugin_rpc, self.int_br, self.tun_br, self.bridge_mappings, self.phys_brs, self.int_ofports, self.phys_ofports, self.patch_int_ofport, self.patch_tun_ofport, self.conf.host, self.enable_tunneling, self.enable_distributed_routing)
self._report_state)
self.setup_tunnel_br_flows()
# Collect additional bridges to monitor
# In order to keep existed device's local vlan unchanged, # restore local vlan mapping at start
# Security group agent support self.sg_plugin_rpc, self.local_vlan_map, defer_refresh_firewall=True)
# Initialize iteration counter
# The initialization is complete; we can start receiving messages
# How many devices are likely used by a VM self.int_br_device_count) self.dvr_agent.in_distributed_mode())
self.agent_state, self.use_call)
"Port", columns=["name", "other_config", "tag"], ports=port_names) # if a port was deleted between get_vif_ports and # get_ports_attributes, we # will get a KeyError and local_vlan != DEAD_VLAN_TAG): local_vlan_map['network_type'], local_vlan_map['physical_network'], local_vlan_map['segmentation_id'], local_vlan)
# RPC network init # Handle updates from service # Define the listening consumers for the agent [topics.PORT, topics.DELETE], [constants.TUNNEL, topics.UPDATE], [constants.TUNNEL, topics.DELETE], [topics.SECURITY_GROUP, topics.UPDATE], [topics.DVR, topics.UPDATE]] consumers.append([topics.L2POPULATION, topics.UPDATE, self.conf.host]) self.topic, consumers, start_listening=False)
ext_manager.AgentExtensionsManager(self.conf)) connection, constants.EXTENSION_DRIVER_TYPE)
# Put the port identifier in the updated_ports set. # Even if full port details might be provided to this call, # they are not used since there is no guarantee the notifications # are processed in the same order as the relevant API requests
# don't try to process removed ports as deleted ports since # they are already gone # Flush firewall rules and move to dead VLAN so deleted ports no # longer have access to the network {"vif_port": port, "port_id": port_id}) # don't log errors since there is a chance someone will be # removing the port from the bridge at the same time
return return LOG.error(_LE("No tunnel_type specified, cannot create tunnels")) return LOG.error(_LE("tunnel_type %s not supported by agent"), tunnel_type) return return tunnel_type)
return LOG.error(_LE("No tunnel_ip specified, cannot delete tunnels")) return LOG.error(_LE("No tunnel_type specified, cannot delete tunnels")) return LOG.error(_LE("tunnel_type %s not supported by agent"), tunnel_type) return
self.local_vlan_map): agent_ports, self._tunnel_port_lookup) else: self.fdb_add_tun(context, self.tun_br, lvm, agent_ports, self._tunnel_port_lookup)
self.local_vlan_map): agent_ports, self._tunnel_port_lookup) else: self.fdb_remove_tun(context, self.tun_br, lvm, agent_ports, self._tunnel_port_lookup)
lvm.tun_ofports) else: port_info.mac_address, port_info.ip_address) lvm.segmentation_id, ofport, port_info.mac_address)
lvm.tun_ofports) else: # This local vlan doesn't require any more tunnelling br.delete_flood_to_tun(lvm.vlan) else: port_info.mac_address, port_info.ip_address)
self.local_ip, self.local_vlan_map)
ip_address): '''Set the ARP respond entry.
When the l2 population mechanism driver and OVS supports to edit ARP fields, a table (ARP_RESPONDER) to resolve ARP locally is added to the tunnel bridge. ''' return
else: LOG.warning(_LW('Action %s not supported'), action)
phys_br = self.phys_brs[physical_network] phys_port = self.phys_ofports[physical_network] int_br = self.int_br int_port = self.int_ofports[physical_network] phys_br.provision_local_vlan(port=phys_port, lvid=lvid, segmentation_id=None, distributed=False) int_br.provision_local_vlan(port=int_port, lvid=lvid, segmentation_id=None)
segmentation_id=segmentation_id, distributed=distributed) segmentation_id=segmentation_id)
segmentation_id, local_vlan=None): '''Provisions a local VLAN.
:param net_uuid: the uuid of the network associated with this vlan. :param network_type: the network type ('gre', 'vxlan', 'vlan', 'flat', 'local') :param physical_network: the physical network for 'vlan' or 'flat' :param segmentation_id: the VID for 'vlan' or tunnel ID for 'tunnel' '''
# On a restart or crash of OVS, the network associated with this VLAN # will already be assigned, so check for that here before assigning a # new one. lvid = lvm.vlan else: lvid = local_vlan self.available_local_vlans.remove(local_vlan) else: LOG.error(_LE("No local VLAN available for net-id=%s"), net_uuid) return network_type, physical_network, segmentation_id)
"net-id=%(net_uuid)s"), {'vlan_id': lvid, 'net_uuid': net_uuid})
# outbound broadcast/multicast self.tun_br.install_flood_to_tun(lvid, segmentation_id, ofports) # inbound from tunnels: set lvid in the right table # and resubmit to Table LEARN_FROM_TUN for mac learning network_type, lvid, segmentation_id) else: self.tun_br.provision_local_vlan( network_type=network_type, lvid=lvid, segmentation_id=segmentation_id) else: LOG.error(_LE("Cannot provision %(network_type)s network for " "net-id=%(net_uuid)s - tunneling disabled"), {'network_type': network_type, 'net_uuid': net_uuid}) if physical_network in self.phys_brs: self._local_vlan_for_flat(lvid, physical_network) else: LOG.error(_LE("Cannot provision flat network for " "net-id=%(net_uuid)s - no bridge for " "physical_network %(physical_network)s"), {'net_uuid': net_uuid, 'physical_network': physical_network}) segmentation_id) else: LOG.error(_LE("Cannot provision VLAN network for " "net-id=%(net_uuid)s - no bridge for " "physical_network %(physical_network)s"), {'net_uuid': net_uuid, 'physical_network': physical_network}) # no flows needed for local networks else: LOG.error(_LE("Cannot provision unknown network type " "%(network_type)s for net-id=%(net_uuid)s"), {'network_type': network_type, 'net_uuid': net_uuid})
'''Reclaim a local VLAN.
:param net_uuid: the network uuid associated with this vlan. ''' LOG.debug("Network %s not used on agent.", net_uuid) return
"net-id = %(net_uuid)s"), {'vlan_id': lvm.vlan, 'net_uuid': net_uuid})
network_type=lvm.network_type, segmentation_id=lvm.segmentation_id) # Try to remove tunnel ports if not used by other networks lvm.network_type) elif lvm.network_type == p_const.TYPE_FLAT: if lvm.physical_network in self.phys_brs: # outbound br = self.phys_brs[lvm.physical_network] br.reclaim_local_vlan( port=self.phys_ofports[lvm.physical_network], lvid=lvm.vlan) # inbound br = self.int_br br.reclaim_local_vlan( port=self.int_ofports[lvm.physical_network], segmentation_id=None) elif lvm.network_type == p_const.TYPE_VLAN: if lvm.physical_network in self.phys_brs: # outbound br = self.phys_brs[lvm.physical_network] br.reclaim_local_vlan( port=self.phys_ofports[lvm.physical_network], lvid=lvm.vlan) # inbound br = self.int_br br.reclaim_local_vlan( port=self.int_ofports[lvm.physical_network], segmentation_id=lvm.segmentation_id) elif lvm.network_type == p_const.TYPE_LOCAL: # no flows needed for local networks pass else: LOG.error(_LE("Cannot reclaim unknown network type " "%(network_type)s for net-id=%(net_uuid)s"), {'network_type': lvm.network_type, 'net_uuid': net_uuid})
network_type, physical_network, segmentation_id, fixed_ips, device_owner, ovs_restarted): '''Bind port to net_uuid/lsw_id and install flow for inbound traffic to vm.
:param port: a ovs_lib.VifPort object. :param net_uuid: the net_uuid this port is to be associated with. :param network_type: the network type ('gre', 'vlan', 'flat', 'local') :param physical_network: the physical network for 'vlan' or 'flat' :param segmentation_id: the VID for 'vlan' or tunnel ID for 'tunnel' :param fixed_ips: the ip addresses assigned to this port :param device_owner: the string indicative of owner of this port :param ovs_restarted: indicates if this is called for an OVS restart. ''' physical_network, segmentation_id)
fixed_ips, device_owner) "other_config") 'network_type': network_type, 'physical_network': physical_network, 'segmentation_id': segmentation_id} port_other_config)
"Port", columns=["name", "tag"], ports=port_names) # network for port was deleted. skip this port since it # will need to be handled as a DEAD port in the next scan # Do not bind a port if it's already bound port, port_detail) "Port", port.port_name, "tag", lvm.vlan)
# update plugin about port status # FIXME(salv-orlando): Failures while updating device status # must be handled appropriately. Otherwise this might prevent # neutron server from sending network-vif-* events to the nova # API server, thus possibly preventing instance spawn. else: self.context, devices_up, devices_down, self.agent_id, self.conf.host) devices_set.get('failed_devices_down')) LOG.error(_LE("Configuration for devices %s failed!"), failed_devices) #TODO(rossella_s) handle better the resync in next patches, # this is just to preserve the current behavior raise DeviceListRetrievalError(devices=failed_devices) "down %(down)s completed."), {'up': devices_up, 'down': devices_down})
def setup_arp_spoofing_protection(bridge, vif, port_details): # clear any previous flows related to this port in our ARP table "it has port security disabled"), vif.port_name) # collect all of the addresses and cidrs that belong to the port for p in port_details['allowed_address_pairs']}
if netaddr.IPNetwork(ip).version == 4} # don't try to install protection because a /0 prefix allows any # address anyway and the ARP_SPA can only match on /1 or more. return
ip_addresses=addresses)
'''Unbind port.
Removes corresponding local vlan mapping object if this is its last VIF.
:param vif_id: the id of the vif :param net_uuid: the net_uuid this port is associated with. '''
net_uuid)
'''Once a port has no binding, put it on the "dead vlan".
:param port: a ovs_lib.VifPort object. ''' # Don't kill a port if it's already dead log_errors=log_errors) DEAD_VLAN_TAG, log_errors=log_errors)
'''Setup the integration bridge.
''' self.int_br.set_agent_uuid_stamp(self.agent_uuid_stamp) # Ensure the integration bridge is created. # ovs_lib.OVSBridge.create() will run # ovs-vsctl -- --may-exist add-br BRIDGE_NAME # which does nothing if bridge already exists. self.int_br.create() self.int_br.set_secure_mode() self.int_br.setup_controllers(self.conf)
self.int_br.delete_port(self.conf.OVS.int_peer_patch_port) if self.conf.AGENT.drop_flows_on_start: self.int_br.delete_flows() self.int_br.setup_default_table()
'''Setup ancillary bridges - for example br-ex.''' # Remove all known bridges ovs_bridges.remove(tun_br) physical_network in self.phys_brs] # Filter list of bridges to those that have external # bridge-id's configured br_names.append(bridge)
'''(re)initialize the tunnel bridge.
Creates tunnel bridge, and links it to the integration bridge using a patch port.
:param tun_br_name: the name of the tunnel bridge. ''' self.tun_br = self.br_tun_cls(tun_br_name)
self.patch_tun_ofport == ovs_lib.INVALID_OFPORT): self.conf.OVS.int_peer_patch_port, self.conf.OVS.tun_peer_patch_port) self.patch_int_ofport == ovs_lib.INVALID_OFPORT): self.conf.OVS.tun_peer_patch_port, self.conf.OVS.int_peer_patch_port) self.patch_int_ofport): LOG.error(_LE("Failed to create OVS patch port. Cannot have " "tunneling enabled on this agent, since this " "version of OVS does not support tunnels or patch " "ports. Agent terminated!")) exit(1)
'''Setup the tunnel bridge.
Add all flows to the tunnel bridge. ''' self.arp_responder_enabled)
"""Construct a peer name based on the prefix and name.
The peer name can not exceed the maximum length allowed for a linux device. Longer names are hashed to help ensure uniqueness. """ # We can't just truncate because bridges may be distinguished # by an ident at the end. A hash over the name should be unique. # Leave part of the bridge name on for easier identification {'prefix': prefix, 'truncated': name[0:namelen], 'hash': hashlib.sha1(name).hexdigest()[0:hashlen]}) "%(limit)d character limitation. It was shortened to " "%(new_name)s to fit."), {'name': name, 'limit': n_const.DEVICE_NAME_MAX_LEN, 'new_name': new_name})
'''Setup the physical network bridges.
Creates physical network bridges and links them to the integration bridge using veths or patch ports.
:param bridge_mappings: map physical network names to bridge names. ''' "bridge %(bridge)s"), {'physical_network': physical_network, 'bridge': bridge}) # setup physical bridge "%(physical_network)s does not exist. Agent " "terminated!"), {'physical_network': physical_network, 'bridge': bridge})
# interconnect physical and integration bridges using veth/patchs bridge) bridge) # Interface type of port for physical and integration bridges must # be same, so check only one of them. # Drop ports if the interface types doesn't match the # configuration value. self.int_br.delete_port(int_if_name) br.delete_port(phys_if_name) # Give udev a chance to process its rules here, to avoid # race conditions between commands launched by udev rules # and the subsequent call to ip_wrapper.add_veth phys_if_name) else: # Drop ports if the interface type doesn't match the # configuration value # Create patch ports without associating them in order to block # untranslated traffic before association int_if_name, constants.NONEXISTENT_PEER) phys_if_name, constants.NONEXISTENT_PEER)
# block all untranslated traffic between bridges
# enable veth to pass traffic # set up mtu size for veth interfaces int_veth.link.set_mtu(self.veth_mtu) phys_veth.link.set_mtu(self.veth_mtu) else: # associate patch ports to pass traffic 'options:peer', phys_if_name) 'options:peer', int_if_name)
# right now the ARP spoofing rules are the only thing that utilizes # ofport-based rules, so make arp_spoofing protection a conditional # until something else uses ofport return []
# if any ofport numbers have changed, re-process the devices as # added ports so any rules based on ofport numbers are updated.
# delete any stale rules based on removed ofports
# store map for next iteration
def _get_ofport_moves(current, previous): """Returns a list of moved ports.
Takes two port->ofport maps and returns a list ports that moved to a different ofport. Deleted ports are not included. """
# FIXME(salv-orlando): It's not really necessary to return early # if nothing has changed. # No added or removed ports to set, just return here # Remove all the known ports not found on the integration bridge
# Some updated ports might have been removed in the # meanwhile, and therefore should not be processed. # In this case the updated port won't be found among # current ports.
"""Return ports which have lost their vlan tag.
The returned value is a set of port ids of the ports concerned by a vlan tag loss. """ port in lvm.vif_ports and lvm.vif_ports[port].port_name in port_tags and port_tags[lvm.vif_ports[port].port_name] != lvm.vlan ): _LI("Port '%(port_name)s' has lost " "its vlan tag '%(vlan_tag)d'!"), {'port_name': lvm.vif_ports[port].port_name, 'vlan_tag': lvm.vlan} )
physical_network, segmentation_id, admin_state_up, fixed_ips, device_owner, ovs_restarted): # When this function is called for a port, the port should have # an OVS ofport configured, as only these ports were considered # for being treated. If that does not happen, it is a potential # error condition of which operators should be aware port_needs_binding = True if not vif_port.ofport: LOG.warn(_LW("VIF port: %s has no ofport configured, " "and might not be able to transmit"), vif_port.vif_id) if vif_port: if admin_state_up: self.port_bound(vif_port, network_id, network_type, physical_network, segmentation_id, fixed_ips, device_owner, ovs_restarted) else: self.port_dead(vif_port) port_needs_binding = False else: LOG.debug("No VIF port for port %s defined on agent.", port_id) return port_needs_binding
remote_ip, self.local_ip, tunnel_type, self.vxlan_udp_port, self.dont_fragment) {'type': tunnel_type, 'ip': remote_ip})
# Add flow in default table to resubmit to the right # tunnelling table (lvid will be set in the latter)
# Update flooding flows to include the new tunnel vlan_mapping.segmentation_id, ofports)
return 0 port_name, remote_ip, network_type)
# Check if this tunnel port is still used # If not, remove it else: self.get_ip_in_hex(remote_ip))
self.plugin_rpc.get_devices_details_list_and_failed_devices( self.context, devices, self.agent_id, self.conf.host)) #TODO(rossella_s) handle better the resync in next patches, # this is just to preserve the current behavior raise DeviceListRetrievalError(devices=devices)
[vif['device'] for vif in devices]) # The port disappeared and cannot be processed "and will therefore not be processed"), device)
{'device': device, 'details': details}) details['network_id'], details['network_type'], details['physical_network'], details['segmentation_id'], details['admin_state_up'], details['fixed_ips'], details['device_owner'], ovs_restarted)
else:
devices_details_list = ( self.plugin_rpc.get_devices_details_list_and_failed_devices( self.context, devices, self.agent_id, self.conf.host)) if devices_details_list.get('failed_devices'): #TODO(rossella_s) handle better the resync in next patches, # this is just to preserve the current behavior raise DeviceListRetrievalError(devices=devices) devices_added = [ d['device'] for d in devices_details_list.get('devices')] LOG.info(_LI("Ancillary Ports %s added"), devices_added)
# update plugin about port status devices_set_up = ( self.plugin_rpc.update_device_list(self.context, devices_added, [], self.agent_id, self.conf.host)) if devices_set_up.get('failed_devices_up'): #TODO(rossella_s) handle better the resync in next patches, # this is just to preserve the current behavior raise DeviceListRetrievalError()
[], devices, self.agent_id, self.conf.host) LOG.debug("Port removal failed for %(devices)s ", failed_devices) resync = True
resync = False LOG.info(_LI("Ancillary ports %s removed"), devices) devices_down = self.plugin_rpc.update_device_list(self.context, [], devices, self.agent_id, self.conf.host) failed_devices = devices_down.get('failed_devices_down') if failed_devices: LOG.debug("Port removal failed for %(devices)s ", failed_devices) resync = True for detail in devices_down.get('devices_down'): if detail['exists']: LOG.info(_LI("Port %s updated."), detail['device']) # Nothing to do regarding local networking else: LOG.debug("Device %s not defined on plugin", detail['device']) return resync
# TODO(salv-orlando): consider a solution for ensuring notifications # are processed exactly in the same order in which they were # received. This is tricky because there are two notification # sources: the neutron server, and the ovs db monitor process # If there is an exception while processing security groups ports # will not be wired anyway, and a resync will be triggered # VIF wiring needs to be performed always for 'new' devices. # For updated ports, re-wiring is not needed in most cases, but needs # to be performed anyway when the admin state of a device is changed. # A device might be both in the 'added' and 'updated' # list at the same time; avoid processing it twice. port_info.get('updated', set())) security_disabled_ports) = ( self.treat_devices_added_or_updated( devices_added_updated, ovs_restarted)) "treat_devices_added_or_updated completed. " "Skipped %(num_skipped)d devices of " "%(num_current)d devices currently available. " "Time elapsed: %(elapsed).3f", {'iter_num': self.iter_num, 'num_skipped': len(skipped_devices), 'num_current': len(port_info['current']), 'elapsed': time.time() - start}) # Update the list of current ports storing only those which # have been actually processed. set(skipped_devices)) except DeviceListRetrievalError: # Need to resync as there was an error with server # communication. LOG.exception(_LE("process_network_ports - iteration:%d - " "failure while retrieving port details " "from server"), self.iter_num) resync_a = True
# TODO(salv-orlando): Optimize avoiding applying filters # unnecessarily, (eg: when there are no IP address changes) port_info.get('updated', set()))
"treat_devices_removed completed in %(elapsed).3f", {'iter_num': self.iter_num, 'elapsed': time.time() - start}) # If one of the above operations fails => resync with plugin
resync_a = False resync_b = False if 'added' in port_info and port_info['added']: start = time.time() try: self.treat_ancillary_devices_added(port_info['added']) LOG.debug("process_ancillary_network_ports - iteration: " "%(iter_num)d - treat_ancillary_devices_added " "completed in %(elapsed).3f", {'iter_num': self.iter_num, 'elapsed': time.time() - start}) except DeviceListRetrievalError: # Need to resync as there was an error with server # communication. LOG.exception(_LE("process_ancillary_network_ports - " "iteration:%d - failure while retrieving " "port details from server"), self.iter_num) resync_a = True if 'removed' in port_info and port_info['removed']: start = time.time() resync_b = self.treat_ancillary_devices_removed( port_info['removed']) LOG.debug("process_ancillary_network_ports - iteration: " "%(iter_num)d - treat_ancillary_devices_removed " "completed in %(elapsed).3f", {'iter_num': self.iter_num, 'elapsed': time.time() - start})
# If one of the above operations fails => resync with plugin return (resync_a | resync_b)
self.local_ip, tunnel_type, self.conf.host) tun_name, tunnel['ip_address'], tunnel_type) except Exception as e: LOG.debug("Unable to sync tunnel IP %(local_ip)s: %(e)s", {'local_ip': self.local_ip, 'e': e}) return True
self.updated_ports or self.sg_agent.firewall_refresh_needed())
port_info.get('removed') or port_info.get('updated'))
# Check for the canary flow status = self.int_br.check_canary_table() if status == constants.OVS_RESTARTED: LOG.warn(_LW("OVS is restarted. OVSNeutronAgent will reset " "bridges and recover ports.")) elif status == constants.OVS_DEAD: LOG.warn(_LW("OVS is dead. OVSNeutronAgent will keep running " "and checking OVS status periodically.")) return status
# sleep till end of polling interval "completed. Processed ports statistics: " "%(port_stats)s. Elapsed:%(elapsed).3f", {'iter_num': self.iter_num, 'port_stats': port_stats, 'elapsed': elapsed}) else: LOG.debug("Loop iteration exceeded interval " "(%(polling_interval)s vs. %(elapsed)s)!", {'polling_interval': self.polling_interval, 'elapsed': elapsed})
'regular': { 'added': len(port_info.get('added', [])), 'updated': len(port_info.get('updated', [])), 'removed': len(port_info.get('removed', []))}} 'added': len(ancillary_port_info.get('added', [])), 'removed': len(ancillary_port_info.get('removed', []))}
bridges.append(self.tun_br)
polling_manager = polling.get_polling_manager( minimize_polling=False)
self.iter_num) self.tun_br, self.patch_int_ofport, self.patch_tun_ofport) # Agent doesn't apply any operations when ovs is dead, to # prevent unexpected failure or crash. Sleep and continue # loop in which ovs status will be checked periodically. # Notify the plugin of tunnel IP except Exception: LOG.exception(_LE("Error while synchronizing tunnels")) tunnel_sync = True "starting polling. Elapsed:%(elapsed).3f", {'iter_num': self.iter_num, 'elapsed': time.time() - start}) # Save updated ports dict to perform rollback in # case resync would be needed, and then clear # self.updated_ports. As the greenthread should not yield # between these two statements, this will be thread-safe ofport_changed_ports) "port information retrieved. " "Elapsed:%(elapsed).3f", {'iter_num': self.iter_num, 'elapsed': time.time() - start})
# Treat ancillary devices if they exist ancillary_ports) LOG.debug("Agent rpc_loop - iteration:%(iter_num)d - " "ancillary port info retrieved. " "Elapsed:%(elapsed).3f", {'iter_num': self.iter_num, 'elapsed': time.time() - start}) # Secure and wire/unwire VIFs and update their status # on Neutron server self.sg_agent.firewall_refresh_needed() or ovs_restarted): port_info) # If treat devices fails - must resync with plugin ovs_restarted) "ports processed. Elapsed:%(elapsed).3f", {'iter_num': self.iter_num, 'elapsed': time.time() - start})
sync |= self.process_ancillary_network_ports( ancillary_port_info) LOG.debug("Agent rpc_loop - iteration: " "%(iter_num)d - ancillary ports " "processed. Elapsed:%(elapsed).3f", {'iter_num': self.iter_num, 'elapsed': time.time() - start}) ancillary_ports = ancillary_port_info['current']
# Keep this flag in the last line of "try" block, # so we can sure that no other Exception occurred. # Put the ports back in self.updated_port
# Start everything. self.minimize_polling, self.ovsdb_monitor_respawn_interval) as pm:
self.catch_sighup = True
LOG.info(_LI("Agent caught SIGTERM, quitting daemon loop.")) self.run_daemon_loop = False self.catch_sigterm = False LOG.info(_LI("Agent caught SIGHUP, resetting.")) self.conf.reload_config_files() config.setup_logging() LOG.debug('Full set of CONF:') self.conf.log_opt_values(LOG, logging.DEBUG) self.catch_sighup = False
self.dvr_plugin_rpc, self.state_rpc):
and not self.l2_pop): "require L2-pop to be enabled, in both the " "Agent and Server side."))
"""Create a map of agent config parameters.
:param config: an instance of cfg.CONF :returns: a map of agent configuration parameters """ except ValueError as e: raise ValueError(_("Parsing bridge_mappings failed: %s.") % e)
integ_br=config.OVS.integration_bridge, tun_br=config.OVS.tunnel_bridge, local_ip=config.OVS.local_ip, bridge_mappings=bridge_mappings, polling_interval=config.AGENT.polling_interval, minimize_polling=config.AGENT.minimize_polling, tunnel_types=config.AGENT.tunnel_types, veth_mtu=config.AGENT.veth_mtu, enable_distributed_routing=config.AGENT.enable_distributed_routing, l2_population=config.AGENT.l2_population, arp_responder=config.AGENT.arp_responder, prevent_arp_spoofing=config.AGENT.prevent_arp_spoofing, use_veth_interconnection=config.OVS.use_veth_interconnection, quitting_rpc_timeout=config.AGENT.quitting_rpc_timeout )
# Verify the tunnel_types specified are valid
"""If tunneling is enabled, verify if the ip exists on the agent's host."""
" IP couldn't be found on this host's interfaces."), local_ip)
is_xen_compute_host = 'rootwrap-xen-dom0' in cfg.CONF.AGENT.root_helper if is_xen_compute_host: # Force ip_lib to always use the root helper to ensure that ip # commands target xen dom0 rather than domU. cfg.CONF.register_opts(ip_lib.OPTS) cfg.CONF.set_default('ip_lib_force_root', True)
try: agent_config = create_agent_config_map(cfg.CONF) except ValueError: LOG.exception(_LE("Agent failed to create agent config map")) raise SystemExit(1) prepare_xen_compute() validate_local_ip(agent_config['local_ip']) try: agent = OVSNeutronAgent(bridge_classes, **agent_config) except (RuntimeError, ValueError) as e: LOG.error(_LE("%s Agent terminated!"), e) sys.exit(1) agent.daemon_loop() |