mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-23 17:33:56 +03:00
feature #476: install hooks under remotes and place the source the under vnm_mad
This commit is contained in:
parent
5e3258c6f6
commit
224de5871d
30
install.sh
30
install.sh
@ -157,8 +157,7 @@ else
|
||||
fi
|
||||
|
||||
SHARE_DIRS="$SHARE_LOCATION/examples \
|
||||
$SHARE_LOCATION/examples/tm \
|
||||
$SHARE_LOCATION/hooks"
|
||||
$SHARE_LOCATION/examples/tm"
|
||||
|
||||
ETC_DIRS="$ETC_LOCATION/im_kvm \
|
||||
$ETC_LOCATION/im_xen \
|
||||
@ -197,6 +196,8 @@ VAR_DIRS="$VAR_LOCATION/remotes \
|
||||
$VAR_LOCATION/remotes/im/ganglia.d \
|
||||
$VAR_LOCATION/remotes/vmm/xen \
|
||||
$VAR_LOCATION/remotes/vmm/kvm \
|
||||
$VAR_LOCATION/remotes/hooks \
|
||||
$VAR_LOCATION/remotes/hooks/vnm \
|
||||
$VAR_LOCATION/remotes/image \
|
||||
$VAR_LOCATION/remotes/image/fs"
|
||||
|
||||
@ -271,10 +272,12 @@ INSTALL_FILES=(
|
||||
DUMMY_TM_COMMANDS_LIB_FILES:$LIB_LOCATION/tm_commands/dummy
|
||||
LVM_TM_COMMANDS_LIB_FILES:$LIB_LOCATION/tm_commands/lvm
|
||||
IMAGE_DRIVER_FS_SCRIPTS:$VAR_LOCATION/remotes/image/fs
|
||||
NETWORK_HOOK_SCRIPTS:$VAR_LOCATION/remotes/vnm
|
||||
EXAMPLE_SHARE_FILES:$SHARE_LOCATION/examples
|
||||
INSTALL_NOVNC_SHARE_FILE:$SHARE_LOCATION
|
||||
TM_EXAMPLE_SHARE_FILES:$SHARE_LOCATION/examples/tm
|
||||
HOOK_SHARE_FILES:$SHARE_LOCATION/hooks
|
||||
HOOK_FILES:$VAR_LOCATION/remotes/hooks
|
||||
HOOK_NETWORK_FILES:$VAR_LOCATION/remotes/hooks/vnm
|
||||
COMMON_CLOUD_LIB_FILES:$LIB_LOCATION/ruby/cloud
|
||||
ECO_LIB_FILES:$LIB_LOCATION/ruby/cloud/econe
|
||||
ECO_LIB_VIEW_FILES:$LIB_LOCATION/ruby/cloud/econe/views
|
||||
@ -533,6 +536,7 @@ IMAGE_DRIVER_FS_SCRIPTS="src/image_mad/remotes/fs/cp \
|
||||
src/image_mad/remotes/fs/fsrc \
|
||||
src/image_mad/remotes/fs/rm"
|
||||
|
||||
|
||||
#-------------------------------------------------------------------------------
|
||||
# Migration scripts for onedb command, to be installed under $LIB_LOCATION
|
||||
#-------------------------------------------------------------------------------
|
||||
@ -622,15 +626,25 @@ TM_EXAMPLE_SHARE_FILES="share/examples/tm/tm_clone.sh \
|
||||
share/examples/tm/tm_mv.sh"
|
||||
|
||||
#-------------------------------------------------------------------------------
|
||||
# HOOK scripts, to be installed under $SHARE_LOCATION/hooks
|
||||
# HOOK scripts, to be installed under $VAR_LOCATION/remotes/hooks
|
||||
#-------------------------------------------------------------------------------
|
||||
|
||||
HOOK_SHARE_FILES="share/hooks/ebtables-xen \
|
||||
share/hooks/ebtables-kvm \
|
||||
share/hooks/ebtables-flush \
|
||||
share/hooks/host_error.rb \
|
||||
HOOK_FILES="share/hooks/host_error.rb \
|
||||
share/hooks/image.rb"
|
||||
|
||||
#-------------------------------------------------------------------------------
|
||||
# Network Hook scripts, to be installed under $VAR_LOCATION/remotes/hooks
|
||||
#-------------------------------------------------------------------------------
|
||||
|
||||
HOOK_NETWORK_FILES="src/vnm_mad/OpenNebulaVLAN.rb \
|
||||
src/vnm_mad/KVMVLAN.rb \
|
||||
src/vnm_mad/ebtables-vlan \
|
||||
src/vnm_mad/firewall \
|
||||
src/vnm_mad/hm-vlan \
|
||||
src/vnm_mad/XenVLAN.rb \
|
||||
src/vnm_mad/openvswitch-vlan"
|
||||
|
||||
|
||||
INSTALL_NOVNC_SHARE_FILE="share/install_novnc.sh"
|
||||
|
||||
#-------------------------------------------------------------------------------
|
||||
|
@ -1,93 +0,0 @@
|
||||
#!/usr/bin/env ruby
|
||||
|
||||
# -------------------------------------------------------------------------- #
|
||||
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) #
|
||||
# #
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
||||
# not use this file except in compliance with the License. You may obtain #
|
||||
# a copy of the License at #
|
||||
# #
|
||||
# http://www.apache.org/licenses/LICENSE-2.0 #
|
||||
# #
|
||||
# Unless required by applicable law or agreed to in writing, software #
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, #
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
||||
# See the License for the specific language governing permissions and #
|
||||
# limitations under the License. #
|
||||
#--------------------------------------------------------------------------- #
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Configuration Options for the script. Change it to fit your installation
|
||||
#------------------------------------------------------------------------------
|
||||
CONF = {
|
||||
:ebtables => "sudo /sbin/ebtables",
|
||||
:brctl => "/usr/sbin/brctl"
|
||||
}
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
RULE_TYPES=[
|
||||
/-i ([\w\.\-]+) /,
|
||||
/-o ([\w\.\-]+) /
|
||||
]
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Applies a given rule to the ebtables
|
||||
#------------------------------------------------------------------------------
|
||||
def deactivate(rule)
|
||||
system "#{CONF[:ebtables]} -D #{rule}"
|
||||
end
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Gets the interfaces attached to a given bridge
|
||||
#------------------------------------------------------------------------------
|
||||
def get_interfaces
|
||||
brctl_exit =`#{CONF[:brctl]} show`
|
||||
brctl_exit.split("\n")[1..-1].collect{|l| l.split.last }
|
||||
end
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Gets the interfaces attached to a given bridge
|
||||
#------------------------------------------------------------------------------
|
||||
def get_rules
|
||||
rules = Array.new
|
||||
|
||||
RULE_TYPES.each do |reg|
|
||||
ebtables_exit = `#{CONF[:ebtables]} -L FORWARD`
|
||||
|
||||
rules << ebtables_exit.split("\n")[3..-1].collect do |l|
|
||||
line = l.strip
|
||||
m = line.match(reg)
|
||||
|
||||
if m
|
||||
interface=m[1]
|
||||
{
|
||||
:interface => interface,
|
||||
:rule => line
|
||||
}
|
||||
else
|
||||
nil
|
||||
end
|
||||
end.compact
|
||||
end
|
||||
|
||||
rules.flatten
|
||||
end
|
||||
|
||||
###############################################################################
|
||||
# Main
|
||||
###############################################################################
|
||||
|
||||
# on "done", it waits a bit until the tap is detached from the bridge
|
||||
sleep 1
|
||||
|
||||
interfaces = get_interfaces
|
||||
all_rules = get_rules
|
||||
|
||||
all_rules.each do |rule|
|
||||
if !interfaces.include?(rule[:interface])
|
||||
deactivate("FORWARD #{rule[:rule]}")
|
||||
end
|
||||
end
|
||||
|
@ -1,93 +0,0 @@
|
||||
#!/usr/bin/env ruby
|
||||
|
||||
# -------------------------------------------------------------------------- #
|
||||
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) #
|
||||
# #
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
||||
# not use this file except in compliance with the License. You may obtain #
|
||||
# a copy of the License at #
|
||||
# #
|
||||
# http://www.apache.org/licenses/LICENSE-2.0 #
|
||||
# #
|
||||
# Unless required by applicable law or agreed to in writing, software #
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, #
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
||||
# See the License for the specific language governing permissions and #
|
||||
# limitations under the License. #
|
||||
#--------------------------------------------------------------------------- #
|
||||
|
||||
require 'rexml/document'
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Configuration Options for the script. Change it to fit your installation
|
||||
#------------------------------------------------------------------------------
|
||||
CONF = {
|
||||
:ebtables => "sudo /sbin/ebtables",
|
||||
:brctl => "/usr/sbin/brctl",
|
||||
:virsh => "virsh -c qemu:///system"
|
||||
}
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Applies a given rule to the ebtables
|
||||
#------------------------------------------------------------------------------
|
||||
def activate(rule)
|
||||
system "#{CONF[:ebtables]} -A #{rule}"
|
||||
end
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Gets the interfaces attached to a given bridge
|
||||
#------------------------------------------------------------------------------
|
||||
def get_interfaces
|
||||
bridges = Hash.new
|
||||
brctl_exit =`#{CONF[:brctl]} show`
|
||||
cur_bridge = ""
|
||||
|
||||
brctl_exit.split("\n")[1..-1].each do |l|
|
||||
l = l.split
|
||||
|
||||
if l.length > 1
|
||||
cur_bridge = l[0]
|
||||
|
||||
bridges[cur_bridge] = Array.new
|
||||
bridges[cur_bridge] << l[3]
|
||||
else
|
||||
bridges[cur_bridge] << l[0]
|
||||
end
|
||||
end
|
||||
|
||||
bridges
|
||||
end
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
###############################################################################
|
||||
# Main
|
||||
###############################################################################
|
||||
|
||||
VM_NAME = ARGV[0]
|
||||
|
||||
nets = `#{CONF[:virsh]} dumpxml #{VM_NAME}`
|
||||
doc = REXML::Document.new(nets).root
|
||||
|
||||
interfaces = get_interfaces()
|
||||
|
||||
doc.elements.each('/domain/devices/interface') {|net|
|
||||
|
||||
tap = net.elements['target'].attributes['dev']
|
||||
|
||||
if interfaces.include? tap
|
||||
iface_mac = net.elements['mac'].attributes['address']
|
||||
|
||||
mac = iface_mac.split(':')
|
||||
mac[-1] = '00'
|
||||
|
||||
net_mac = mac.join(':')
|
||||
|
||||
in_rule="FORWARD -s ! #{net_mac}/ff:ff:ff:ff:ff:00 -o #{tap} -j DROP"
|
||||
out_rule="FORWARD -s ! #{iface_mac} -i #{tap} -j DROP"
|
||||
|
||||
activate(in_rule)
|
||||
activate(out_rule)
|
||||
end
|
||||
}
|
@ -1,93 +0,0 @@
|
||||
#!/usr/bin/env ruby
|
||||
|
||||
# -------------------------------------------------------------------------- #
|
||||
# Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) #
|
||||
# #
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
|
||||
# not use this file except in compliance with the License. You may obtain #
|
||||
# a copy of the License at #
|
||||
# #
|
||||
# http://www.apache.org/licenses/LICENSE-2.0 #
|
||||
# #
|
||||
# Unless required by applicable law or agreed to in writing, software #
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, #
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
|
||||
# See the License for the specific language governing permissions and #
|
||||
# limitations under the License. #
|
||||
#--------------------------------------------------------------------------- #
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Configuration Options for the script. Change it to fit your installation
|
||||
#------------------------------------------------------------------------------
|
||||
CONF = {
|
||||
:ebtables => "sudo /sbin/ebtables",
|
||||
:brctl => "/usr/sbin/brctl",
|
||||
:xm => "sudo /usr/sbin/xm"
|
||||
}
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Applies a given rule to the ebtables
|
||||
#------------------------------------------------------------------------------
|
||||
def activate(rule)
|
||||
system "#{CONF[:ebtables]} -A #{rule}"
|
||||
end
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# Gets the interfaces attached to a given bridge
|
||||
#------------------------------------------------------------------------------
|
||||
def get_interfaces
|
||||
bridges = Hash.new
|
||||
brctl_exit =`#{CONF[:brctl]} show`
|
||||
cur_bridge = ""
|
||||
|
||||
brctl_exit.split("\n")[1..-1].each do |l|
|
||||
l = l.split
|
||||
|
||||
if l.length > 1
|
||||
cur_bridge = l[0]
|
||||
|
||||
bridges[cur_bridge] = Array.new
|
||||
bridges[cur_bridge] << l[3]
|
||||
else
|
||||
bridges[cur_bridge] << l[0]
|
||||
end
|
||||
end
|
||||
|
||||
bridges
|
||||
end
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
###############################################################################
|
||||
# Main
|
||||
###############################################################################
|
||||
|
||||
VM_NAME = ARGV[0]
|
||||
|
||||
vm_id =`#{CONF[:xm]} domid #{VM_NAME}`.strip
|
||||
networks =`#{CONF[:xm]} network-list #{vm_id}`.split("\n")[1..-1]
|
||||
|
||||
interfaces = get_interfaces
|
||||
|
||||
networks.each {|net|
|
||||
n = net.split
|
||||
|
||||
iface_id = n[0]
|
||||
iface_mac = n[2]
|
||||
|
||||
tap = "vif#{vm_id}.#{iface_id}"
|
||||
|
||||
if interfaces.include? tap
|
||||
mac = iface_mac.split(':')
|
||||
mac[-1] = '00'
|
||||
|
||||
net_mac = mac.join(':')
|
||||
|
||||
in_rule = "FORWARD -s ! #{net_mac}/ff:ff:ff:ff:ff:00 -o #{tap} -j DROP"
|
||||
out_rule = "FORWARD -s ! #{iface_mac} -i #{tap} -j DROP"
|
||||
|
||||
activate(in_rule)
|
||||
activate(out_rule)
|
||||
end
|
||||
}
|
@ -27,7 +27,9 @@ CONF = {
|
||||
COMMANDS = {
|
||||
:ebtables => "sudo /sbin/ebtables",
|
||||
:iptables => "sudo /usr/sbin/iptables",
|
||||
:brctl => "/usr/sbin/brctl",
|
||||
:brctl => "sudo /usr/sbin/brctl",
|
||||
:ip => "sudo /usr/sbin/ip",
|
||||
:vconfig => "sudo /usr/sbin/vconfig",
|
||||
:virsh => "virsh -c qemu:///system",
|
||||
:xm => "sudo /usr/sbin/xm",
|
||||
:ovs_vsctl=> "sudo /usr/local/bin/ovs-vsctl",
|
||||
@ -399,3 +401,59 @@ class OpenNebulaFirewall < OpenNebulaVLAN
|
||||
"#{COMMANDS[:iptables]} #{rule}"
|
||||
end
|
||||
end
|
||||
|
||||
class OpenNebulaHM < OpenNebulaVLAN
|
||||
def initialize(vm, hypervisor = nil)
|
||||
super(vm,hypervisor)
|
||||
@bridges = get_interfaces
|
||||
end
|
||||
|
||||
def activate
|
||||
vm_id = @vm['ID']
|
||||
process do |nic|
|
||||
bridge = nic[:bridge]
|
||||
dev = nic[:phydev]
|
||||
vlan = CONF[:start_vlan] + nic[:network_id].to_i
|
||||
|
||||
create_bridge bridge if !bridge_exists? bridge
|
||||
create_dev_vlan(dev, vlan) if !device_exists?(dev, vlan)
|
||||
if !attached_bridge_dev?(bridge, dev, vlan)
|
||||
attach_brigde_dev(bridge, dev, vlan)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def deactivate
|
||||
vm_id = @vm['ID']
|
||||
process do |nic|
|
||||
end
|
||||
end
|
||||
|
||||
def bridge_exists?(bridge)
|
||||
@bridges.keys.include? bridge
|
||||
end
|
||||
|
||||
def create_bridge(bridge)
|
||||
system("#{COMMANDS[:brctl]} addbr #{bridge}")
|
||||
end
|
||||
|
||||
def device_exists?(dev, vlan=nil)
|
||||
dev = "#{dev}.#{vlan}" if vlan
|
||||
system("#{COMMANDS[:ip]} link show #{dev}")
|
||||
end
|
||||
|
||||
def create_dev_vlan(dev, vlan)
|
||||
system("#{COMMANDS[:vconfig]} add #{dev} #{vlan}")
|
||||
end
|
||||
|
||||
def attached_bridge_dev?(bridge, dev, vlan=nil)
|
||||
return false if !bridge_exists? bridge
|
||||
dev = "#{dev}.#{vlan}" if vlan
|
||||
@bridges[bridge].include? dev
|
||||
end
|
||||
|
||||
def attach_brigde_dev(bridge, dev, vlan=nil)
|
||||
dev = "#{dev}.#{vlan}" if vlan
|
||||
system("#{COMMANDS[:brctl]} addif #{bridge} #{dev}")
|
||||
end
|
||||
end
|
12
src/vnm_mad/hm-vlan
Executable file
12
src/vnm_mad/hm-vlan
Executable file
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/env ruby
|
||||
|
||||
$: << File.dirname(__FILE__)
|
||||
|
||||
require 'base64'
|
||||
require 'OpenNebulaVLAN'
|
||||
|
||||
template = ARGV[0]
|
||||
vm_xml = Base64::decode64(template)
|
||||
|
||||
hm = OpenNebulaHM.new(vm_xml)
|
||||
hm.activate
|
Loading…
Reference in New Issue
Block a user