setup-ovs-node.sh 6.43 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
#!/bin/sh

#
# This sets up openvswitch networks (on neutron, the external and data
# networks).  The networkmanager and compute nodes' physical interfaces
# have to get moved into br-ex and br-int, respectively -- on the
# moonshots, that's eth0 and eth1.  The controller is special; it doesn't
# get an openvswitch setup, and gets eth1 10.0.0.3/8 .  The networkmanager
# is also special; it gets eth1 10.0.0.1/8, but its eth0 moves into br-ex,
# and its eth1 moves into br-int.  The compute nodes get IP addrs from
# 10.0.1.1/8 and up, but setup-ovs.sh determines that.
#

set -x

# Gotta know the rules!
if [ $EUID -ne 0 ] ; then
    echo "This script must be run as root" 1>&2
    exit 1
fi

# Grab our libs
. "`dirname $0`/setup-lib.sh"

25 26 27 28 29 30 31 32 33 34 35
#
# Figure out which interfaces need to go where.  We already have 
# $EXTERNAL_NETWORK_INTERFACE from setup-lib.sh , and it and its configuration
# get applied to br-ex .  So, we need to find which interface corresponds to
# DATALAN on this node, if any, and move it (and its configuration OR its new
# new DATAIP iff USE_EXISTING_DATA_IPS was set) to br-int
#
EXTERNAL_NETWORK_BRIDGE="br-ex"
#DATA_NETWORK_INTERFACE=`ip addr show | grep "inet $MYIP" | sed -e "s/.*scope global \(.*\)\$/\1/"`
DATA_NETWORK_BRIDGE="br-data"
INTEGRATION_NETWORK_BRIDGE="br-int"
36 37 38 39 40

#
# If this is the controller, we don't have to do much network setup; just
# setup the data network with its IP.
#
41 42 43 44 45 46
#if [ "$HOSTNAME" = "$CONTROLLER" ]; then
#    if [ ${USE_EXISTING_DATA_IPS} -eq 0 ]; then
#	ifconfig ${DATA_NETWORK_INTERFACE} $DATAIP netmask 255.0.0.0 up
#    fi
#    exit 0;
#fi
47 48 49 50

#
# Otherwise, first we need openvswitch.
#
David Johnson's avatar
David Johnson committed
51
$APTGETINSTALL openvswitch-common openvswitch-switch
52 53 54 55 56 57 58

# Make sure it's running
service openvswitch restart

#
# Setup the external network
#
59 60
ovs-vsctl add-br ${EXTERNAL_NETWORK_BRIDGE}
ovs-vsctl add-port ${EXTERNAL_NETWORK_BRIDGE} ${EXTERNAL_NETWORK_INTERFACE}
61 62 63
#ethtool -K $EXTERNAL_NETWORK_INTERFACE gro off

#
64
# Now move the $EXTERNAL_NETWORK_INTERFACE and default route config to ${EXTERNAL_NETWORK_BRIDGE}
65 66 67 68
#
mynetmask=`ifconfig ${EXTERNAL_NETWORK_INTERFACE} | sed -n -e 's/^.*Mask:\([0-9]*.[0-9]*.[0-9]*.[0-9]*\).*$/\1/p'`
mygw=`ip route show default | sed -n -e 's/^default via \([0-9]*.[0-9]*.[0-9]*.[0-9]*\).*$/\1/p'`

69 70 71
DNSDOMAIN=`cat /etc/resolv.conf | grep search | awk '{ print $2 }'`
DNSSERVER=`cat /etc/resolv.conf | grep nameserver | awk '{ print $2 }'`

72 73 74 75 76
#
# We need to blow away the Emulab config -- no more dhcp
# This would definitely break experiment modify, of course
#
cat <<EOF > /etc/network/interfaces
77 78 79
#
# Openstack Network Node in Cloudlab/Emulab/Apt/Federation
#
80 81

# The loopback network interface
82
auto lo
83 84
iface lo inet loopback

85
auto ${EXTERNAL_NETWORK_BRIDGE}
86 87
iface ${EXTERNAL_NETWORK_BRIDGE} inet static
    address $MYIP
88 89
    netmask $mynetmask
    gateway $mygw
90 91
    dns-search $DNSDOMAIN
    dns-nameservers $DNSSERVER
92

93
auto ${EXTERNAL_NETWORK_INTERFACE}
94 95 96 97 98
iface ${EXTERNAL_NETWORK_INTERFACE} inet static
    address 0.0.0.0
EOF

ifconfig ${EXTERNAL_NETWORK_INTERFACE} 0 up
99
ifconfig ${EXTERNAL_NETWORK_BRIDGE} $MYIP netmask $mynetmask up
100 101 102 103
route add default gw $mygw

service openvswitch-switch restart

104 105 106 107 108 109
#
# Add the management network config if necessary (if not, it's already a VPN)
#
if [ ! -z "$MGMTLAN" ]; then
    cat <<EOF >> /etc/network/interfaces

110
auto ${MGMT_NETWORK_INTERFACE}
111 112 113 114
iface ${MGMT_NETWORK_INTERFACE} inet static
    address $MGMTIP
    netmask $MGMTNETMASK
EOF
David Johnson's avatar
David Johnson committed
115 116 117 118 119
    if [ -n "$MGMTVLANDEV" ]; then
	cat <<EOF >> /etc/network/interfaces
    vlan-raw-device ${MGMTVLANDEV}
EOF
    fi
120 121
fi

122
#
David Johnson's avatar
David Johnson committed
123
# Make sure we have the integration bridge
124
#
125
ovs-vsctl add-br ${INTEGRATION_NETWORK_BRIDGE}
126

David Johnson's avatar
David Johnson committed
127 128 129 130
#
# (Maybe) Setup the data network
#
if [ ${SETUP_FLAT_DATA_NETWORK} -eq 1 ]; then
131
    ovs-vsctl add-br ${DATA_NETWORK_BRIDGE}
David Johnson's avatar
David Johnson committed
132

David Johnson's avatar
David Johnson committed
133
    ovs-vsctl add-port ${DATA_NETWORK_BRIDGE} ${DATA_NETWORK_INTERFACE}
David Johnson's avatar
David Johnson committed
134
    ifconfig ${DATA_NETWORK_INTERFACE} 0 up
135 136
    cat <<EOF >> /etc/network/interfaces

137
auto ${DATA_NETWORK_BRIDGE}
138 139 140
iface ${DATA_NETWORK_BRIDGE} inet static
    address $DATAIP
    netmask $DATANETMASK
David Johnson's avatar
David Johnson committed
141

142
auto ${DATA_NETWORK_INTERFACE}
David Johnson's avatar
David Johnson committed
143 144 145
iface ${DATA_NETWORK_INTERFACE} inet static
    address 0.0.0.0
EOF
David Johnson's avatar
David Johnson committed
146 147 148 149 150 151 152 153 154
    if [ -n "$DATAVLANDEV" ]; then
	cat <<EOF >> /etc/network/interfaces
    vlan-raw-device ${DATAVLANDEV}
EOF
    fi

    ifconfig ${DATA_NETWORK_BRIDGE} $DATAIP netmask $DATANETMASK up
    # XXX!
    route add -net 10.0.0.0/8 dev ${DATA_NETWORK_BRIDGE}
David Johnson's avatar
David Johnson committed
155
else
156
    ifconfig ${DATA_NETWORK_INTERFACE} $DATAIP netmask 255.0.0.0 up
David Johnson's avatar
David Johnson committed
157

158
    cat <<EOF >> /etc/network/interfaces
David Johnson's avatar
David Johnson committed
159

160
auto ${DATA_NETWORK_INTERFACE}
161
iface ${DATA_NETWORK_INTERFACE} inet static
162 163
    address $DATAIP
    netmask $DATANETMASK
164
EOF
David Johnson's avatar
David Johnson committed
165 166 167 168 169
    if [ -n "$DATAVLANDEV" ]; then
	cat <<EOF >> /etc/network/interfaces
    vlan-raw-device ${DATAVLANDEV}
EOF
    fi
170 171
fi

172 173 174 175 176
#
# Set the hostname for later after reboot!
#
echo `hostname` > /etc/hostname

David Johnson's avatar
David Johnson committed
177
service openvswitch-switch restart
178 179 180 181 182 183

ip route flush cache

# Just wait a bit
#sleep 8

184 185 186 187
echo "*** Removing Emulab rc.hostnames and rc.ifconfig boot scripts"
mv /usr/local/etc/emulab/rc/rc.hostnames /usr/local/etc/emulab/rc/rc.hostnames.NO
mv /usr/local/etc/emulab/rc/rc.ifconfig /usr/local/etc/emulab/rc/rc.ifconfig.NO

188 189 190 191 192 193 194 195 196 197 198
#
# Install a basic ARP reply filter that prevents us from sending ARP replies on
# the control net for anything we're not allowed to use (i.e., we can reply for
# ourselves, and any public addresses we're allowed to use).  Really, we only
# need the public address part on the network manager, but may as well let
# any node reply as any public address we're allowed to use).
#

# Cheat and use our IPADDR/NETMASK instead of NETWORK/NETMASK below...
OURNET=`ip addr show br-ex | sed -n -e 's/.*inet \([0-9\.\/]*\) .*/\1/p'`
# Grab the port that corresponds to our
David Johnson's avatar
David Johnson committed
199
OURPORT=`ovs-ofctl show br-ex | sed -n -e "s/[ \t]*\([0-9]*\)(${EXTERNAL_NETWORK_INTERFACE}.*\$/\1/p"`
200 201 202 203 204 205 206 207 208 209 210 211 212

ovs-ofctl add-flow br-ex \
    "dl_type=0x0806,nw_proto=0x2,arp_spa=${MYIP},actions=NORMAL"
for addr in $PUBLICADDRS ; do
    ovs-ofctl add-flow br-ex \
	"dl_type=0x0806,nw_proto=0x2,arp_spa=${addr},actions=NORMAL"
done
# Allow any inbound ARP replies on the control network.
ovs-ofctl add-flow br-ex \
    "dl_type=0x0806,nw_proto=0x2,arp_spa=${OURNET},in_port=${OURPORT},actions=NORMAL"
# Drop any other control network addr ARP replies on the br-ex switch.
ovs-ofctl add-flow br-ex \
    "dl_type=0x0806,nw_proto=0x2,arp_spa=${OURNET},actions=drop"
213 214 215 216
# Also, drop Emulab vnode control network addr ARP replies on br-ex!
ovs-ofctl add-flow br-ex \
    "dl_type=0x0806,nw_proto=0x2,arp_spa=172.16.0.0/12,actions=drop"

217

218
exit 0