[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH RFC] A script to use with OpenStack instead of vif-bridge


I have submitted a script to be used by OpenStack instead of our vif-bridge
script: https://review.openstack.org/201257/
This is because vif-bridge is calling iptables and OpenStack (nova-network)
is also updating the iptables (via iptables-{save,restore}).

Could you review this patch that I have append bellow?

Also, would it be better to have a similair script in Xen repo instead of

The script is based on another already present in nova:


The patch:

From cb7daaab757f5f744dc9c3698e67b451db3392fe Mon Sep 17 00:00:00 2001
From: Anthony PERARD <anthony.perard@xxxxxxxxxx>
Date: Mon, 13 Jul 2015 16:39:25 +0100
Subject: [PATCH] contrib: Add vif-bridge-nova-network script for Xen.

This script adds a vif created for a Xen guest to the bridge. This script
is to be called by the Xen toolstack instead of the default one as the
default will make call to iptables in a way that is not compatible with
nova uses of iptables.

To make use of the script, it is to be placed in XEN_SCRIPT_DIR (likely to
be /etc/xen/scripts) and adds the following in nova.conf:
xen_vif_bridge_script_path = vif-bridge-nova-network

Change-Id: Ief24f0eff85f9b5a5f8cf26c3e08c4d8aeabc789
Partial-Bug: #1461642
Co-Authored-By: Christian Berendt <berendt@xxxxxxxxxxxxx>
Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
 contrib/xen/vif-bridge-nova-network | 47 +++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100755 contrib/xen/vif-bridge-nova-network

diff --git a/contrib/xen/vif-bridge-nova-network 
new file mode 100755
index 0000000..c6a3a6b
--- /dev/null
+++ b/contrib/xen/vif-bridge-nova-network
@@ -0,0 +1,47 @@
+# copyright: B1 Systems GmbH <info@xxxxxxxxxxxxx>, 2012.
+# author: Christian Berendt <berendt@xxxxxxxxxxxxx>, 2012.
+# Copyright (C) 2015, Citrix Ltd.
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#         http://www.apache.org/licenses/LICENSE-2.0
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+# Use this script instead of the default one to avoid iptables call from
+# the script which may conflict with Nova use of iptables.
+# usage:
+#   place the script in $XEN_SCRIPT_DIR (likely to be /etc/xen/scripts)
+#   and set the following in /etc/nova/nova.conf:
+#     [libvirt]
+#     xen_vif_bridge_script_path = vif-bridge-nova-network
+dir=$(dirname "$0")
+. "$dir/vif-common.sh"
+bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")
+case "$command" in
+    add|online)
+        setup_virtual_bridge_port "$dev"
+        add_to_bridge "$bridge" "$dev"
+        ;;
+    remove|offline)
+      do_without_error brctl delif "$bridge" "$dev"
+      do_without_error ip link set $dev down
+      ;;
+if [ "$type_if" = vif -a "$command" = "online" ]
+  success

Anthony PERARD

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.