* [PATCH RFC] A script to use with OpenStack instead of vif-bridge
@ 2015-07-15 9:51 Anthony PERARD
2015-07-15 10:14 ` Ian Campbell
0 siblings, 1 reply; 4+ messages in thread
From: Anthony PERARD @ 2015-07-15 9:51 UTC (permalink / raw)
To: Xen Devel; +Cc: Wei Liu, Ian Jackson, Ian Campbell, Stefano Stabellini
Hi,
I have submitted a script to be used by OpenStack instead of our vif-bridge
script: https://review.openstack.org/201257/
This is because vif-bridge is calling iptables and OpenStack (nova-network)
is also updating the iptables (via iptables-{save,restore}).
Could you review this patch that I have append bellow?
Also, would it be better to have a similair script in Xen repo instead of
Nova?
The script is based on another already present in nova:
http://git.openstack.org/cgit/openstack/nova/tree/contrib/xen/vif-openstack
Thanks.
The patch:
>From cb7daaab757f5f744dc9c3698e67b451db3392fe Mon Sep 17 00:00:00 2001
From: Anthony PERARD <anthony.perard@citrix.com>
Date: Mon, 13 Jul 2015 16:39:25 +0100
Subject: [PATCH] contrib: Add vif-bridge-nova-network script for Xen.
This script adds a vif created for a Xen guest to the bridge. This script
is to be called by the Xen toolstack instead of the default one as the
default will make call to iptables in a way that is not compatible with
nova uses of iptables.
To make use of the script, it is to be placed in XEN_SCRIPT_DIR (likely to
be /etc/xen/scripts) and adds the following in nova.conf:
[libvirt]
xen_vif_bridge_script_path = vif-bridge-nova-network
Change-Id: Ief24f0eff85f9b5a5f8cf26c3e08c4d8aeabc789
Partial-Bug: #1461642
Co-Authored-By: Christian Berendt <berendt@b1-systems.de>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---
contrib/xen/vif-bridge-nova-network | 47 +++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
create mode 100755 contrib/xen/vif-bridge-nova-network
diff --git a/contrib/xen/vif-bridge-nova-network b/contrib/xen/vif-bridge-nova-network
new file mode 100755
index 0000000..c6a3a6b
--- /dev/null
+++ b/contrib/xen/vif-bridge-nova-network
@@ -0,0 +1,47 @@
+#!/bin/bash
+# copyright: B1 Systems GmbH <info@b1-systems.de>, 2012.
+# author: Christian Berendt <berendt@b1-systems.de>, 2012.
+# Copyright (C) 2015, Citrix Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Use this script instead of the default one to avoid iptables call from
+# the script which may conflict with Nova use of iptables.
+#
+# usage:
+# place the script in $XEN_SCRIPT_DIR (likely to be /etc/xen/scripts)
+# and set the following in /etc/nova/nova.conf:
+# [libvirt]
+# xen_vif_bridge_script_path = vif-bridge-nova-network
+
+dir=$(dirname "$0")
+. "$dir/vif-common.sh"
+
+bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")
+
+case "$command" in
+ add|online)
+ setup_virtual_bridge_port "$dev"
+ add_to_bridge "$bridge" "$dev"
+ ;;
+
+ remove|offline)
+ do_without_error brctl delif "$bridge" "$dev"
+ do_without_error ip link set $dev down
+ ;;
+esac
+
+if [ "$type_if" = vif -a "$command" = "online" ]
+then
+ success
+fi
--
Anthony PERARD
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH RFC] A script to use with OpenStack instead of vif-bridge
2015-07-15 9:51 [PATCH RFC] A script to use with OpenStack instead of vif-bridge Anthony PERARD
@ 2015-07-15 10:14 ` Ian Campbell
2015-07-15 10:38 ` Anthony PERARD
0 siblings, 1 reply; 4+ messages in thread
From: Ian Campbell @ 2015-07-15 10:14 UTC (permalink / raw)
To: Anthony PERARD; +Cc: Wei Liu, Stefano Stabellini, Ian Jackson, Xen Devel
On Wed, 2015-07-15 at 10:51 +0100, Anthony PERARD wrote:
> Hi,
>
> I have submitted a script to be used by OpenStack instead of our vif-bridge
> script: https://review.openstack.org/201257/
> This is because vif-bridge is calling iptables and OpenStack (nova-network)
> is also updating the iptables (via iptables-{save,restore}).
>
> Could you review this patch that I have append bellow?
>
> Also, would it be better to have a similair script in Xen repo instead of
> Nova?
I think either would be fine, I don't currently know of any out of tree
vif-* scripts but there are a few block-* ones and I don't see why vif-*
should be treated differently e.g. from a compatibility PoV so out of
tree is fine.
[...]
> +# usage:
> +# place the script in $XEN_SCRIPT_DIR (likely to be /etc/xen/scripts)
> +# and set the following in /etc/nova/nova.conf:
> +# [libvirt]
> +# xen_vif_bridge_script_path = vif-bridge-nova-network
Would it be possible/sensible to cause this to be the default if
$somethingelse was set for Xen generally?
> +
> +dir=$(dirname "$0")
> +. "$dir/vif-common.sh"
> +
> +bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")
> +
> +case "$command" in
> + add|online)
> + setup_virtual_bridge_port "$dev"
Do you want/need
set_mtu $bridge $dev
here?
> + add_to_bridge "$bridge" "$dev"
> + ;;
> +
> + remove|offline)
> + do_without_error brctl delif "$bridge" "$dev"
> + do_without_error ip link set $dev down
> + ;;
> +esac
You've omitted the various call_hooks, which means they won't work under
Nova, I don't know if they are useful in that context, but I imagine
they might be.
> +
> +if [ "$type_if" = vif -a "$command" = "online" ]
> +then
> + success
> +fi
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH RFC] A script to use with OpenStack instead of vif-bridge
2015-07-15 10:14 ` Ian Campbell
@ 2015-07-15 10:38 ` Anthony PERARD
2015-07-15 10:46 ` Ian Campbell
0 siblings, 1 reply; 4+ messages in thread
From: Anthony PERARD @ 2015-07-15 10:38 UTC (permalink / raw)
To: Ian Campbell; +Cc: Wei Liu, Stefano Stabellini, Ian Jackson, Xen Devel
On Wed, Jul 15, 2015 at 11:14:18AM +0100, Ian Campbell wrote:
> On Wed, 2015-07-15 at 10:51 +0100, Anthony PERARD wrote:
> > Hi,
> >
> > I have submitted a script to be used by OpenStack instead of our vif-bridge
> > script: https://review.openstack.org/201257/
> > This is because vif-bridge is calling iptables and OpenStack (nova-network)
> > is also updating the iptables (via iptables-{save,restore}).
> >
> > Could you review this patch that I have append bellow?
> >
> > Also, would it be better to have a similair script in Xen repo instead of
> > Nova?
>
> I think either would be fine, I don't currently know of any out of tree
> vif-* scripts but there are a few block-* ones and I don't see why vif-*
> should be treated differently e.g. from a compatibility PoV so out of
> tree is fine.
There is at least one vif-* in Nova.
> [...]
> > +# usage:
> > +# place the script in $XEN_SCRIPT_DIR (likely to be /etc/xen/scripts)
> > +# and set the following in /etc/nova/nova.conf:
> > +# [libvirt]
> > +# xen_vif_bridge_script_path = vif-bridge-nova-network
>
> Would it be possible/sensible to cause this to be the default if
> $somethingelse was set for Xen generally?
If this was to be the default, then that will break Xen guest creation
under OpenStack if the script is not there.
But I intend to write this in the documentation and try to have devstack do
the setup as well.
Beyond that, it would be for the package to set things up properly. I've
seen a specific nova-libvirt-xen package in ubuntu that already set
libvirt.virt_type=xen in nova.conf.
> > +
> > +dir=$(dirname "$0")
> > +. "$dir/vif-common.sh"
> > +
> > +bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")
> > +
> > +case "$command" in
> > + add|online)
> > + setup_virtual_bridge_port "$dev"
>
> Do you want/need
> set_mtu $bridge $dev
> here?
I'll add it.
> > + add_to_bridge "$bridge" "$dev"
> > + ;;
> > +
> > + remove|offline)
> > + do_without_error brctl delif "$bridge" "$dev"
> > + do_without_error ip link set $dev down
> > + ;;
> > +esac
>
> You've omitted the various call_hooks, which means they won't work under
> Nova, I don't know if they are useful in that context, but I imagine
> they might be.
Ok, I'll add the call_hooks.
Thanks,
--
Anthony PERARD
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH RFC] A script to use with OpenStack instead of vif-bridge
2015-07-15 10:38 ` Anthony PERARD
@ 2015-07-15 10:46 ` Ian Campbell
0 siblings, 0 replies; 4+ messages in thread
From: Ian Campbell @ 2015-07-15 10:46 UTC (permalink / raw)
To: Anthony PERARD; +Cc: Wei Liu, Stefano Stabellini, Ian Jackson, Xen Devel
On Wed, 2015-07-15 at 11:38 +0100, Anthony PERARD wrote:
> > > +# usage:
> > > +# place the script in $XEN_SCRIPT_DIR (likely to be /etc/xen/scripts)
> > > +# and set the following in /etc/nova/nova.conf:
> > > +# [libvirt]
> > > +# xen_vif_bridge_script_path = vif-bridge-nova-network
> >
> > Would it be possible/sensible to cause this to be the default if
> > $somethingelse was set for Xen generally?
>
> If this was to be the default, then that will break Xen guest creation
> under OpenStack if the script is not there.
Oh, I assumed this would come as part of OpenStack somehow, but if
that's not how it is structured then fine ;-)
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-07-15 10:46 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-07-15 9:51 [PATCH RFC] A script to use with OpenStack instead of vif-bridge Anthony PERARD
2015-07-15 10:14 ` Ian Campbell
2015-07-15 10:38 ` Anthony PERARD
2015-07-15 10:46 ` Ian Campbell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.