charm-neutron-openvswitch/hooks/neutron_ovs_context.py

import os
import uuid
from charmhelpers.core.hookenv import (
    relation_ids,
    related_units,
    relation_get,
    config,
    unit_get,
)
from charmhelpers.contrib.network.ip import (
    get_address_in_network,
    get_ipv4_addr,
    get_ipv6_addr,
    is_bridge_member,
)
from charmhelpers.contrib.openstack.ip import resolve_address
from charmhelpers.core.host import list_nics, get_nic_hwaddr
from charmhelpers.core.strutils import bool_from_string
from charmhelpers.contrib.openstack import context
from charmhelpers.core.host import service_running, service_start
from charmhelpers.contrib.network.ovs import add_bridge, add_bridge_port
from charmhelpers.contrib.openstack.utils import get_host_ip
from charmhelpers.contrib.openstack.context import (
    OSContextGenerator,
    context_complete,
)

import re

OVS_BRIDGE = 'br-int'
DATA_BRIDGE = 'br-data'


def _neutron_api_settings():
    '''
    Inspects current neutron-plugin relation
    '''
    neutron_settings = {
        'neutron_security_groups': False,
        'l2_population': True,
        'overlay_network_type': 'gre',
        'enable_dvr': False,
    }
    for rid in relation_ids('neutron-plugin-api'):
        for unit in related_units(rid):
            rdata = relation_get(rid=rid, unit=unit)
            if 'l2-population' not in rdata:
                continue
            neutron_settings = {
                'l2_population': bool_from_string(rdata['l2-population']),
                'overlay_network_type': rdata['overlay-network-type'],
                'neutron_security_groups': bool_from_string(
                    rdata['neutron-security-groups']
                ),
            }
            if 'enable-dvr' in rdata:
                neutron_settings['enable_dvr'] = bool_from_string(
                    rdata['enable-dvr']
                )
            # Override with configuration if set to true
            if config('disable-security-groups'):
                neutron_settings['neutron_security_groups'] = False
            return neutron_settings
    return neutron_settings


def use_dvr():
    api_settings = _neutron_api_settings()
    if 'enable_dvr' in api_settings:
        return api_settings['enable_dvr']
    else:
        return False


class OVSPluginContext(context.NeutronContext):
    interfaces = []

    @property
    def plugin(self):
        return 'ovs'

    @property
    def network_manager(self):
        return 'neutron'

    @property
    def neutron_security_groups(self):
        neutron_api_settings = _neutron_api_settings()
        return neutron_api_settings['neutron_security_groups']

    def get_data_port(self):
        data_ports = config('data-port')
        if not data_ports:
            return None
        hwaddrs = {}
        for nic in list_nics(['eth', 'bond']):
            hwaddrs[get_nic_hwaddr(nic).lower()] = nic
        mac_regex = re.compile(r'([0-9A-F]{2}[:-]){5}([0-9A-F]{2})', re.I)
        for entry in data_ports.split():
            entry = entry.strip().lower()
            if re.match(mac_regex, entry):
                if entry in hwaddrs:
                    return hwaddrs[entry]
            else:
                return entry
        return None

    def _ensure_bridge(self):
        if not service_running('openvswitch-switch'):
            service_start('openvswitch-switch')
        add_bridge(OVS_BRIDGE)
        add_bridge(DATA_BRIDGE)
        data_port = self.get_data_port()
        if data_port:
            add_bridge_port(DATA_BRIDGE, data_port, promisc=True)

    def ovs_ctxt(self):
        # In addition to generating config context, ensure the OVS service
        # is running and the OVS bridge exists. Also need to ensure
        # local_ip points to actual IP, not hostname.
        ovs_ctxt = super(OVSPluginContext, self).ovs_ctxt()
        if not ovs_ctxt:
            return {}

        self._ensure_bridge()

        conf = config()
        ovs_ctxt['local_ip'] = \
            get_address_in_network(config('os-data-network'),
                                   get_host_ip(unit_get('private-address')))
        neutron_api_settings = _neutron_api_settings()
        ovs_ctxt['neutron_security_groups'] = self.neutron_security_groups
        ovs_ctxt['l2_population'] = neutron_api_settings['l2_population']
        ovs_ctxt['distributed_routing'] = use_dvr()
        ovs_ctxt['overlay_network_type'] = \
            neutron_api_settings['overlay_network_type']
        # TODO: We need to sort out the syslog and debug/verbose options as a
        # general context helper
        ovs_ctxt['use_syslog'] = conf['use-syslog']
        ovs_ctxt['verbose'] = conf['verbose']
        ovs_ctxt['debug'] = conf['debug']
        return ovs_ctxt


class L3AgentContext(OSContextGenerator):

    def __call__(self):
        neutron_api_settings = _neutron_api_settings()
        ctxt = {}
        if neutron_api_settings['enable_dvr'] == 'True':
            ctxt['agent_mode'] = 'dvr'
        else:
            ctxt['agent_mode'] = 'legacy'
        return ctxt


class NeutronPortContext(OSContextGenerator):

    def _resolve_port(self, config_key):
        if not config(config_key):
            return None
        hwaddr_to_nic = {}
        hwaddr_to_ip = {}
        for nic in list_nics(['eth', 'bond']):
            hwaddr = get_nic_hwaddr(nic)
            hwaddr_to_nic[hwaddr] = nic
            addresses = get_ipv4_addr(nic, fatal=False) + \
                get_ipv6_addr(iface=nic, fatal=False)
            hwaddr_to_ip[hwaddr] = addresses
        mac_regex = re.compile(r'([0-9A-F]{2}[:-]){5}([0-9A-F]{2})', re.I)
        for entry in config(config_key).split():
            entry = entry.strip()
            if re.match(mac_regex, entry):
                if entry in hwaddr_to_nic and len(hwaddr_to_ip[entry]) == 0:
                    # If the nic is part of a bridge then don't use it
                    if is_bridge_member(hwaddr_to_nic[entry]):
                        continue
                    # Entry is a MAC address for a valid interface that doesn't
                    # have an IP address assigned yet.
                    return hwaddr_to_nic[entry]
            else:
                # If the passed entry is not a MAC address, assume it's a valid
                # interface, and that the user put it there on purpose (we can
                # trust it to be the real external network).
                return entry
        return None


class ExternalPortContext(NeutronPortContext):

    def __call__(self):
        port = self._resolve_port('ext-port')
        if port:
            return {"ext_port": port}
        else:
            return None


class NetworkServiceContext(OSContextGenerator):
    interfaces = ['neutron-network-service']

    def __call__(self):
        for rid in relation_ids('neutron-network-service'):
            for unit in related_units(rid):
                rdata = relation_get(rid=rid, unit=unit)
                ctxt = {
                    'service_protocol':
                    rdata.get('service_protocol') or 'http',
                    'keystone_host': rdata.get('keystone_host'),
                    'service_port': rdata.get('service_port'),
                    'region': rdata.get('region'),
                    'service_tenant': rdata.get('service_tenant'),
                    'service_username': rdata.get('service_username'),
                    'service_password': rdata.get('service_password'),
                }
                if context_complete(ctxt):
                    return ctxt


class DVRSharedSecretContext(OSContextGenerator):

    def get_shared_secret(self):
        secret = None
        if not os.path.exists(self.SHARED_SECRET):
            secret = str(uuid.uuid4())
            with open(self.SHARED_SECRET, 'w') as secret_file:
                secret_file.write(secret)
        else:
            with open(self.SHARED_SECRET, 'r') as secret_file:
                secret = secret_file.read().strip()
        return secret

    def __call__(self):
        self.SHARED_SECRET = "/etc/neutron/secret.txt"
        if use_dvr():
            ctxt = {
                'shared_secret': self.get_shared_secret(),
                'local_ip': resolve_address(),
            }
        else:
            ctxt = {}
        return ctxt
Add relation to nova-cc (as neutron-gateway has) to get ks service info 2015-02-04 16:30:03 +00:00			`import os`
			`import uuid`
Principle for Neutron API 2014-06-05 11:59:23 +01:00			`from charmhelpers.core.hookenv import (`
Lint tidyup and unit tests 2014-06-19 10:56:25 +01:00			`relation_ids,`
			`related_units,`
			`relation_get,`
			`config,`
			`unit_get,`
Principle for Neutron API 2014-06-05 11:59:23 +01:00			`)`
Add setup for configuring an external bridge 2015-02-02 15:26:32 +00:00			`from charmhelpers.contrib.network.ip import (`
			`get_address_in_network,`
			`get_ipv4_addr,`
			`get_ipv6_addr,`
			`is_bridge_member,`
			`)`
Add relation to nova-cc (as neutron-gateway has) to get ks service info 2015-02-04 16:30:03 +00:00			`from charmhelpers.contrib.openstack.ip import resolve_address`
Add vlan/flat networking support 2014-07-14 14:47:38 +03:00			`from charmhelpers.core.host import list_nics, get_nic_hwaddr`
Use charmhelper bool_from_string rather than local to_boolean 2015-02-16 11:16:11 +00:00			`from charmhelpers.core.strutils import bool_from_string`
Principle for Neutron API 2014-06-05 11:59:23 +01:00			`from charmhelpers.contrib.openstack import context`
			`from charmhelpers.core.host import service_running, service_start`
Add vlan/flat networking support 2014-07-14 14:47:38 +03:00			`from charmhelpers.contrib.network.ovs import add_bridge, add_bridge_port`
Principle for Neutron API 2014-06-05 11:59:23 +01:00			`from charmhelpers.contrib.openstack.utils import get_host_ip`
Add relation to nova-cc (as neutron-gateway has) to get ks service info 2015-02-04 16:30:03 +00:00			`from charmhelpers.contrib.openstack.context import (`
			`OSContextGenerator,`
			`context_complete,`
			`)`
Support os-data-network 2014-06-27 14:04:10 +01:00
Add vlan/flat networking support 2014-07-14 14:47:38 +03:00			`import re`

Principle for Neutron API 2014-06-05 11:59:23 +01:00			`OVS_BRIDGE = 'br-int'`
Add vlan/flat networking support 2014-07-14 14:47:38 +03:00			`DATA_BRIDGE = 'br-data'`
Principle for Neutron API 2014-06-05 11:59:23 +01:00
Lint tidyup and unit tests 2014-06-19 10:56:25 +01:00
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`def _neutron_api_settings():`
Principle for Neutron API 2014-06-05 11:59:23 +01:00			`'''`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`Inspects current neutron-plugin relation`
Principle for Neutron API 2014-06-05 11:59:23 +01:00			`'''`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`neutron_settings = {`
Fix tests and lint 2014-09-04 15:18:06 +00:00			`'neutron_security_groups': False,`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`'l2_population': True,`
Switch to a more descriptive name for the overlay network type 2014-10-02 10:59:05 +00:00			`'overlay_network_type': 'gre',`
Merged trunk in and tidyup 2015-02-19 15:55:06 +00:00			`'enable_dvr': False,`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`}`
Add support for neutron-plugin-api relation and switch to using that for security group settings 2014-06-17 16:14:17 +01:00			`for rid in relation_ids('neutron-plugin-api'):`
Principle for Neutron API 2014-06-05 11:59:23 +01:00			`for unit in related_units(rid):`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`rdata = relation_get(rid=rid, unit=unit)`
Fix l2-population setting bug 2014-09-04 13:26:03 +00:00			`if 'l2-population' not in rdata:`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`continue`
			`neutron_settings = {`
Use charmhelper bool_from_string rather than local to_boolean 2015-02-16 11:16:11 +00:00			`'l2_population': bool_from_string(rdata['l2-population']),`
Switch to a more descriptive name for the overlay network type 2014-10-02 10:59:05 +00:00			`'overlay_network_type': rdata['overlay-network-type'],`
Use charmhelper bool_from_string rather than local to_boolean 2015-02-16 11:16:11 +00:00			`'neutron_security_groups': bool_from_string(`
Try to fix lint error that osci is seeing although I cannot reproduce locally 2015-02-13 09:15:36 +00:00			`rdata['neutron-security-groups']`
			`),`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`}`
Add dvr support 2015-02-02 13:31:39 +00:00			`if 'enable-dvr' in rdata:`
Merged trunk in and tidyup 2015-02-19 15:55:06 +00:00			`neutron_settings['enable_dvr'] = bool_from_string(`
			`rdata['enable-dvr']`
			`)`
Add config flag to disable security groups, tidy relation usage from neutron-api 2014-10-10 10:55:20 +01:00			`# Override with configuration if set to true`
			`if config('disable-security-groups'):`
			`neutron_settings['neutron_security_groups'] = False`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`return neutron_settings`
			`return neutron_settings`
Principle for Neutron API 2014-06-05 11:59:23 +01:00
Lint tidyup and unit tests 2014-06-19 10:56:25 +01:00
Add dvr support 2015-02-02 13:31:39 +00:00			`def use_dvr():`
			`api_settings = _neutron_api_settings()`
Merged trunk in and tidyup 2015-02-19 15:55:06 +00:00			`if 'enable_dvr' in api_settings:`
			`return api_settings['enable_dvr']`
			`else:`
			`return False`
Add dvr support 2015-02-02 13:31:39 +00:00

Principle for Neutron API 2014-06-05 11:59:23 +01:00			`class OVSPluginContext(context.NeutronContext):`
			`interfaces = []`

			`@property`
			`def plugin(self):`
			`return 'ovs'`

			`@property`
			`def network_manager(self):`
			`return 'neutron'`

			`@property`
			`def neutron_security_groups(self):`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`neutron_api_settings = _neutron_api_settings()`
Fix tests and lint 2014-09-04 15:18:06 +00:00			`return neutron_api_settings['neutron_security_groups']`
Principle for Neutron API 2014-06-05 11:59:23 +01:00
Add vlan/flat networking support 2014-07-14 14:47:38 +03:00			`def get_data_port(self):`
			`data_ports = config('data-port')`
			`if not data_ports:`
			`return None`
			`hwaddrs = {}`
			`for nic in list_nics(['eth', 'bond']):`
			`hwaddrs[get_nic_hwaddr(nic).lower()] = nic`
			`mac_regex = re.compile(r'([0-9A-F]{2}[:-]){5}([0-9A-F]{2})', re.I)`
			`for entry in data_ports.split():`
			`entry = entry.strip().lower()`
			`if re.match(mac_regex, entry):`
			`if entry in hwaddrs:`
			`return hwaddrs[entry]`
			`else:`
			`return entry`
			`return None`

Principle for Neutron API 2014-06-05 11:59:23 +01:00			`def _ensure_bridge(self):`
			`if not service_running('openvswitch-switch'):`
			`service_start('openvswitch-switch')`
			`add_bridge(OVS_BRIDGE)`
Add vlan/flat networking support 2014-07-14 14:47:38 +03:00			`add_bridge(DATA_BRIDGE)`
			`data_port = self.get_data_port()`
			`if data_port:`
			`add_bridge_port(DATA_BRIDGE, data_port, promisc=True)`
Principle for Neutron API 2014-06-05 11:59:23 +01:00
			`def ovs_ctxt(self):`
			`# In addition to generating config context, ensure the OVS service`
			`# is running and the OVS bridge exists. Also need to ensure`
			`# local_ip points to actual IP, not hostname.`
			`ovs_ctxt = super(OVSPluginContext, self).ovs_ctxt()`
			`if not ovs_ctxt:`
			`return {}`

			`self._ensure_bridge()`

Populate use_syslog var for templates 2014-06-05 14:16:54 +00:00			`conf = config()`
Support os-data-network 2014-06-27 14:04:10 +01:00			`ovs_ctxt['local_ip'] = \`
			`get_address_in_network(config('os-data-network'),`
			`get_host_ip(unit_get('private-address')))`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`neutron_api_settings = _neutron_api_settings()`
Fix tests and lint 2014-09-04 15:18:06 +00:00			`ovs_ctxt['neutron_security_groups'] = self.neutron_security_groups`
Collect l2_population settings from neutron-api unit and set them in the ml2 config 2014-09-04 10:56:50 +00:00			`ovs_ctxt['l2_population'] = neutron_api_settings['l2_population']`
Add dvr support 2015-02-02 13:31:39 +00:00			`ovs_ctxt['distributed_routing'] = use_dvr()`
Fix unit tests for vxlan 2014-10-02 14:02:42 +00:00			`ovs_ctxt['overlay_network_type'] = \`
			`neutron_api_settings['overlay_network_type']`
Fixes in response to bug comment 2014-06-23 12:49:58 +01:00			`# TODO: We need to sort out the syslog and debug/verbose options as a`
Tidy up and fix bug causing sec group settings to not be updated by api service 2014-06-23 13:50:23 +01:00			`# general context helper`
Populate use_syslog var for templates 2014-06-05 14:16:54 +00:00			`ovs_ctxt['use_syslog'] = conf['use-syslog']`
General tidyup after initial feedback 2014-06-17 15:31:03 +01:00			`ovs_ctxt['verbose'] = conf['verbose']`
			`ovs_ctxt['debug'] = conf['debug']`
Principle for Neutron API 2014-06-05 11:59:23 +01:00			`return ovs_ctxt`
Add dvr support 2015-02-02 13:31:39 +00:00

			`class L3AgentContext(OSContextGenerator):`

			`def __call__(self):`
			`neutron_api_settings = _neutron_api_settings()`
			`ctxt = {}`
			`if neutron_api_settings['enable_dvr'] == 'True':`
			`ctxt['agent_mode'] = 'dvr'`
			`else:`
			`ctxt['agent_mode'] = 'legacy'`
			`return ctxt`
Add setup for configuring an external bridge 2015-02-02 15:26:32 +00:00

			`class NeutronPortContext(OSContextGenerator):`

			`def _resolve_port(self, config_key):`
			`if not config(config_key):`
			`return None`
			`hwaddr_to_nic = {}`
			`hwaddr_to_ip = {}`
			`for nic in list_nics(['eth', 'bond']):`
			`hwaddr = get_nic_hwaddr(nic)`
			`hwaddr_to_nic[hwaddr] = nic`
			`addresses = get_ipv4_addr(nic, fatal=False) + \`
			`get_ipv6_addr(iface=nic, fatal=False)`
			`hwaddr_to_ip[hwaddr] = addresses`
			`mac_regex = re.compile(r'([0-9A-F]{2}[:-]){5}([0-9A-F]{2})', re.I)`
			`for entry in config(config_key).split():`
			`entry = entry.strip()`
			`if re.match(mac_regex, entry):`
			`if entry in hwaddr_to_nic and len(hwaddr_to_ip[entry]) == 0:`
			`# If the nic is part of a bridge then don't use it`
			`if is_bridge_member(hwaddr_to_nic[entry]):`
			`continue`
			`# Entry is a MAC address for a valid interface that doesn't`
			`# have an IP address assigned yet.`
			`return hwaddr_to_nic[entry]`
			`else:`
			`# If the passed entry is not a MAC address, assume it's a valid`
			`# interface, and that the user put it there on purpose (we can`
			`# trust it to be the real external network).`
			`return entry`
			`return None`


			`class ExternalPortContext(NeutronPortContext):`

			`def __call__(self):`
			`port = self._resolve_port('ext-port')`
			`if port:`
			`return {"ext_port": port}`
			`else:`
			`return None`
Add relation to nova-cc (as neutron-gateway has) to get ks service info 2015-02-04 16:30:03 +00:00

			`class NetworkServiceContext(OSContextGenerator):`
			`interfaces = ['neutron-network-service']`

			`def __call__(self):`
			`for rid in relation_ids('neutron-network-service'):`
			`for unit in related_units(rid):`
			`rdata = relation_get(rid=rid, unit=unit)`
			`ctxt = {`
			`'service_protocol':`
			`rdata.get('service_protocol') or 'http',`
			`'keystone_host': rdata.get('keystone_host'),`
			`'service_port': rdata.get('service_port'),`
			`'region': rdata.get('region'),`
			`'service_tenant': rdata.get('service_tenant'),`
			`'service_username': rdata.get('service_username'),`
			`'service_password': rdata.get('service_password'),`
			`}`
			`if context_complete(ctxt):`
			`return ctxt`


			`class DVRSharedSecretContext(OSContextGenerator):`

			`def get_shared_secret(self):`
			`secret = None`
			`if not os.path.exists(self.SHARED_SECRET):`
			`secret = str(uuid.uuid4())`
			`with open(self.SHARED_SECRET, 'w') as secret_file:`
			`secret_file.write(secret)`
			`else:`
			`with open(self.SHARED_SECRET, 'r') as secret_file:`
			`secret = secret_file.read().strip()`
			`return secret`

			`def __call__(self):`
			`self.SHARED_SECRET = "/etc/neutron/secret.txt"`
			`if use_dvr():`
			`ctxt = {`
			`'shared_secret': self.get_shared_secret(),`
			`'local_ip': resolve_address(),`
			`}`
			`else:`
			`ctxt = {}`
			`return ctxt`