1
# Copyright 2014-2015 Canonical Limited.
3
# This file is part of charm-helpers.
5
# charm-helpers is free software: you can redistribute it and/or modify
6
# it under the terms of the GNU Lesser General Public License version 3 as
7
# published by the Free Software Foundation.
9
# charm-helpers is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU Lesser General Public License for more details.
14
# You should have received a copy of the GNU Lesser General Public License
15
# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.
17
''' Helpers for interacting with OpenvSwitch '''
20
from charmhelpers.core.hookenv import (
23
from charmhelpers.core.host import (
29
''' Add the named bridge to openvswitch '''
30
log('Creating bridge {}'.format(name))
31
subprocess.check_call(["ovs-vsctl", "--", "--may-exist", "add-br", name])
35
''' Delete the named bridge from openvswitch '''
36
log('Deleting bridge {}'.format(name))
37
subprocess.check_call(["ovs-vsctl", "--", "--if-exists", "del-br", name])
40
def add_bridge_port(name, port, promisc=False):
41
''' Add a port to the named openvswitch bridge '''
42
log('Adding port {} to bridge {}'.format(port, name))
43
subprocess.check_call(["ovs-vsctl", "--", "--may-exist", "add-port",
45
subprocess.check_call(["ip", "link", "set", port, "up"])
47
subprocess.check_call(["ip", "link", "set", port, "promisc", "on"])
49
subprocess.check_call(["ip", "link", "set", port, "promisc", "off"])
52
def del_bridge_port(name, port):
53
''' Delete a port from the named openvswitch bridge '''
54
log('Deleting port {} from bridge {}'.format(port, name))
55
subprocess.check_call(["ovs-vsctl", "--", "--if-exists", "del-port",
57
subprocess.check_call(["ip", "link", "set", port, "down"])
58
subprocess.check_call(["ip", "link", "set", port, "promisc", "off"])
61
def set_manager(manager):
62
''' Set the controller for the local openvswitch '''
63
log('Setting manager for local ovs to {}'.format(manager))
64
subprocess.check_call(['ovs-vsctl', 'set-manager',
65
'ssl:{}'.format(manager)])
68
CERT_PATH = '/etc/openvswitch/ovsclient-cert.pem'
71
def get_certificate():
72
''' Read openvswitch certificate from disk '''
73
if os.path.exists(CERT_PATH):
74
log('Reading ovs certificate from {}'.format(CERT_PATH))
75
with open(CERT_PATH, 'r') as cert:
76
full_cert = cert.read()
77
begin_marker = "-----BEGIN CERTIFICATE-----"
78
end_marker = "-----END CERTIFICATE-----"
79
begin_index = full_cert.find(begin_marker)
80
end_index = full_cert.rfind(end_marker)
81
if end_index == -1 or begin_index == -1:
82
raise RuntimeError("Certificate does not contain valid begin"
84
full_cert = full_cert[begin_index:(end_index + len(end_marker))]
87
log('Certificate not found', level=WARNING)
92
''' Full restart and reload of openvswitch '''
93
if os.path.exists('/etc/init/openvswitch-force-reload-kmod.conf'):
94
service('start', 'openvswitch-force-reload-kmod')
96
service('force-reload-kmod', 'openvswitch-switch')