XenAPI: Support neutron security group

This implementation is to give support on neutron security group with
XenServer as compute driver. When using neutron+openvswitch, the ovs
agent on compute node cannot run correctly due to lack of qbr linux
bridge on compute node. This change will add qbr linux bridge when
xenserver as hypervisor
Xenserver driver now doesn't have linux bridge, the connection is:
compute node: vm-vif -> br-int -> br-eth
network node: br-eth -> br-int -> br-ex
With this implemented, linux bridge(qbr) will be added in compute
node. Thus the security group rules can be applied on qbr bridge.
The connection will look like:
compute node: vm-vif -> qbr(linux bridge) -> br-int -> br-eth
network node: br-eth -> br-int -> br-ex

Closes-Bug: #1526138

Implements: blueprint support-neutron-security-group

DocImpact: /etc/modprobe.d/blacklist-bridge file in dom0 should be
    deleted since it prevent loading linux bridge module in dom0

Depends-On: I377f8ad51e1d2725c3e0153e64322055fcce7b54

Change-Id: Id9b39aa86558a9f7099caedabd2d517bf8ad3d68

plugins/xenserver/xenapi/etc/xapi.d/plugins/nova_plugin_version

@@ -31,7 +31,8 @@ import utils
 # 1.3 - Add vhd2 functions for doing glance operations by url
 # 1.4 - Add support of Glance v2 api
 # 1.5 - Added function for network configuration on ovs bridge
-PLUGIN_VERSION = "1.5"
+# 1.6 - Add function for network configuration on Linux bridge
+PLUGIN_VERSION = "1.6"
 
 
 def get_version(session):

plugins/xenserver/xenapi/etc/xapi.d/plugins/xenhost

@@ -252,12 +252,105 @@ def _ovs_set_if_external_id(args):
     return _run_command(cmd_args)
 
 
+def _ovs_add_port(args):
+    bridge_name = pluginlib.exists(args, 'bridge_name')
+    port_name = pluginlib.exists(args, 'port_name')
+    cmd_args = ['ovs-vsctl', '--', '--if-exists', 'del-port', port_name,
+                '--', 'add-port', bridge_name, port_name]
+    return _run_command(cmd_args)
+
+
+def _ip_link_get_dev(args):
+    device_name = pluginlib.exists(args, 'device_name')
+    cmd_args = ['ip', 'link', 'show', device_name]
+    return _run_command(cmd_args)
+
+
+def _ip_link_del_dev(args):
+    device_name = pluginlib.exists(args, 'device_name')
+    cmd_args = ['ip', 'link', 'delete', device_name]
+    return _run_command(cmd_args)
+
+def _ip_link_add_veth_pair(args):
+    dev1_name = pluginlib.exists(args, 'dev1_name')
+    dev2_name = pluginlib.exists(args, 'dev2_name')
+    cmd_args = ['ip', 'link', 'add', dev1_name, 'type', 'veth', 'peer',
+                'name', dev2_name]
+    return _run_command(cmd_args)
+
+
+def _ip_link_set_dev(args):
+    device_name = pluginlib.exists(args, 'device_name')
+    option = pluginlib.exists(args, 'option')
+    cmd_args = ['ip', 'link', 'set', device_name, option]
+    return _run_command(cmd_args)
+
+
+def _ip_link_set_promisc(args):
+    device_name = pluginlib.exists(args, 'device_name')
+    option = pluginlib.exists(args, 'option')
+    cmd_args = ['ip', 'link', 'set', device_name, 'promisc', option]
+    return _run_command(cmd_args)
+
+
+def _brctl_add_br(args):
+    bridge_name = pluginlib.exists(args, 'bridge_name')
+    cmd_args = ['brctl', 'addbr', bridge_name]
+    return _run_command(cmd_args)
+
+
+def _brctl_del_br(args):
+    bridge_name = pluginlib.exists(args, 'bridge_name')
+    cmd_args = ['brctl', 'delbr', bridge_name]
+    return _run_command(cmd_args)
+
+
+def _brctl_set_fd(args):
+    bridge_name = pluginlib.exists(args, 'bridge_name')
+    fd = pluginlib.exists(args, 'fd')
+    cmd_args = ['brctl', 'setfd', bridge_name, fd]
+    return _run_command(cmd_args)
+
+
+def _brctl_set_stp(args):
+    bridge_name = pluginlib.exists(args, 'bridge_name')
+    option = pluginlib.exists(args, 'option')
+    cmd_args = ['brctl', 'stp', bridge_name, option]
+    return _run_command(cmd_args)
+
+
+def _brctl_add_if(args):
+    bridge_name = pluginlib.exists(args, 'bridge_name')
+    if_name = pluginlib.exists(args, 'interface_name')
+    cmd_args = ['brctl', 'addif', bridge_name, if_name]
+    return _run_command(cmd_args)
+
+
+def _brctl_del_if(args):
+    bridge_name = pluginlib.exists(args, 'bridge_name')
+    if_name = pluginlib.exists(args, 'interface_name')
+    cmd_args = ['brctl', 'delif', bridge_name, if_name]
+    return _run_command(cmd_args)
+
+
 ALLOWED_NETWORK_CMDS = {
     # allowed cmds to config OVS bridge
     'ovs_add_patch_port': _ovs_add_patch_port,
+    'ovs_add_port': _ovs_add_port,
     'ovs_del_port': _ovs_del_port,
     'ovs_del_br': _ovs_del_br,
-    'ovs_set_if_external_id': _ovs_set_if_external_id
+    'ovs_set_if_external_id': _ovs_set_if_external_id,
+    'ip_link_add_veth_pair': _ip_link_add_veth_pair,
+    'ip_link_del_dev': _ip_link_del_dev,
+    'ip_link_get_dev': _ip_link_get_dev,
+    'ip_link_set_dev': _ip_link_set_dev,
+    'ip_link_set_promisc': _ip_link_set_promisc,
+    'brctl_add_br': _brctl_add_br,
+    'brctl_add_if': _brctl_add_if,
+    'brctl_del_br': _brctl_del_br,
+    'brctl_del_if': _brctl_del_if,
+    'brctl_set_fd': _brctl_set_fd,
+    'brctl_set_stp': _brctl_set_stp
     }