OVS/GRE: bug fixes (#5446)

* OVS/GRE: fix failed to fetch cloudbr* info on host

* OVS/GRE: move ovstunnel.py to python3

* OVS: add test_privategw_acl_ovs_gre.py for automatic testing

(1) VR <-> VM should work
(2) Private GW should work

* OVS: fix an issue on xenserver

ovs bridges are deleted by xenserver/ovs automatically
```
[root@ref-trl-1797-x-M7-wei-zhou-xs2 ~]# grep -r xapi7 /var/log/ |grep del-br
/var/log/xensource.log:Sep 15 07:13:44 ref-trl-1797-x-M7-wei-zhou-xs2 xcp-networkd: [ info|localhost|611 |org.xen.xapi.xenops.classic events D:4a3d931cd89f|network_utils] /usr/bin/ovs-vsctl --timeout=20 -- --if-exists del-br xapi7
/var/log/daemon.log:Sep 15 07:13:45 ref-trl-1797-x-M7-wei-zhou-xs2 ovs-vsctl: ovs|00001|vsctl|INFO|Called as /usr/bin/ovs-vsctl --timeout=20 -- --if-exists del-br xapi7
```

which results that xe network exists but bridge does not exist, and operation stuck for 20 minutes at
```
2021-09-15 16:06:56    DEBUG [root] #### VMOPS enter  create_tunnel ####
2021-09-15 16:06:56    DEBUG [root] Creating tunnel from host 2 to host 1 with GRE key 2116
2021-09-15 16:06:56    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', '--timeout=0', 'wait-until', 'bridge', 'xapi7', '--', 'get', 'bridge', 'xapi7', 'name']
2021-09-15 16:26:56    DEBUG [root] bridge xapi7 for creating tunnel - VERIFIED
2021-09-15 16:26:56    DEBUG [root] Executing:['/usr/bin/ovs-vsctl', 'add-port', 'xapi7', 't2116-2-1', '--', 'set', 'interface', 't2116-2-1', 'type=gre', 'options:key=2116', 'options:remote_ip=10.0.34.230']
```

* OVS/GRE: component test test_vpc_distributed_routing_offering.py passes on xenserver

* OVS: support Shared network with GRE protocol

* update #5446: use lang3.StringUtils

* OVS/GRE: VPC with distributed routing on kvm (still not working)

Author: weizhouapache

.travis.yml

@@ -88,6 +88,7 @@ env:
              smoke/test_portable_publicip
              smoke/test_portforwardingrules
              smoke/test_privategw_acl
+             smoke/test_privategw_acl_ovs_gre
              smoke/test_projects
              smoke/test_public_ip_range"
 

plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java

@@ -1806,7 +1806,7 @@ public synchronized boolean findOrCreateTunnelNetwork(final String nwName) {
         return true;
     }
 
-    public synchronized boolean configureTunnelNetwork(final long networkId,
+    public synchronized boolean configureTunnelNetwork(final Long networkId,
                                                        final long hostId, final String nwName) {
         try {
             final boolean findResult = findOrCreateTunnelNetwork(nwName);

plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/OvsVifDriver.java

@@ -159,9 +159,8 @@ public InterfaceDef plug(NicTO nic, String guestOsType, String nicAdapter, Map<S
                 String brName = (trafficLabel != null && !trafficLabel.isEmpty()) ? _pifs.get(trafficLabel) : _pifs.get("private");
                 intf.defBridgeNet(brName, null, nic.getMac(), getGuestNicModel(guestOsType, nicAdapter), networkRateKBps);
             } else if (nic.getBroadcastType() == Networks.BroadcastDomainType.Vswitch) {
-                String vnetId = Networks.BroadcastDomainType.getValue(nic.getBroadcastUri());
-                String brName = "OVSTunnel" + vnetId;
-                s_logger.debug("nic " + nic + " needs to be connected to LogicalSwitch " + brName);
+                String brName = getOvsTunnelNetworkName(nic.getBroadcastUri().getAuthority());
+                s_logger.debug("nic " + nic + " needs to be connected to Open vSwitch bridge " + brName);
                 intf.defBridgeNet(brName, null, nic.getMac(), getGuestNicModel(guestOsType, nicAdapter), networkRateKBps);
             } else {
                 intf.defBridgeNet(_bridges.get("guest"), null, nic.getMac(), getGuestNicModel(guestOsType, nicAdapter), networkRateKBps);
@@ -193,6 +192,19 @@ public InterfaceDef plug(NicTO nic, String guestOsType, String nicAdapter, Map<S
         return intf;
     }
 
+    private String getOvsTunnelNetworkName(final String broadcastUri) {
+        if (broadcastUri.contains(".")) {
+            final String[] parts = broadcastUri.split("\\.");
+            return "OVS-DR-VPC-Bridge" + parts[0];
+        } else {
+            try {
+                return "OVSTunnel" + broadcastUri;
+            } catch (final Exception e) {
+                return null;
+            }
+        }
+    }
+
     @Override
     public void unplug(InterfaceDef iface, boolean deleteBr) {
         // Libvirt apparently takes care of this, see BridgeVifDriver unplug

plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtOvsFetchInterfaceCommandWrapper.java

@@ -19,6 +19,7 @@
 
 package com.cloud.hypervisor.kvm.resource.wrapper;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 
 import com.cloud.agent.api.Answer;
@@ -40,9 +41,18 @@ public Answer execute(final OvsFetchInterfaceCommand command, final LibvirtCompu
 
         s_logger.debug("Will look for network with name-label:" + label);
         try {
-            final String ipadd = Script.runSimpleBashScript("ifconfig " + label + " | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'");
-            final String mask = Script.runSimpleBashScript("ifconfig " + label + " | grep 'inet addr:' | cut -d: -f4");
-            final String mac = Script.runSimpleBashScript("ifconfig " + label + " | grep HWaddr | awk -F \" \" '{print $5}'");
+            String ipadd = Script.runSimpleBashScript("ifconfig " + label + " | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}'");
+            if (StringUtils.isEmpty(ipadd)) {
+                ipadd = Script.runSimpleBashScript("ifconfig " + label + " | grep ' inet ' | awk '{ print $2}'");
+            }
+            String mask = Script.runSimpleBashScript("ifconfig " + label + " | grep 'inet addr:' | cut -d: -f4");
+            if (StringUtils.isEmpty(mask)) {
+                mask = Script.runSimpleBashScript("ifconfig " + label + " | grep ' inet ' | awk '{ print $4}'");
+            }
+            String mac = Script.runSimpleBashScript("ifconfig " + label + " | grep HWaddr | awk -F \" \" '{print $5}'");
+            if (StringUtils.isEmpty(mac)) {
+                mac = Script.runSimpleBashScript("ifconfig " + label + " | grep ' ether ' | awk '{ print $2}'");
+            }
             return new OvsFetchInterfaceAnswer(command, true, "Interface " + label
                     + " retrieved successfully", ipadd, mask, mac);
 

plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/CitrixResourceBase.java

@@ -884,33 +884,18 @@ public synchronized Network configureTunnelNetwork(final Connection conn, final
             // Invoke plugin to setup the bridge which will be used by this
             // network
             final String bridge = nw.getBridge(conn);
-            final Map<String, String> nwOtherConfig = nw.getOtherConfig(conn);
-            final String configuredHosts = nwOtherConfig.get("ovs-host-setup");
-            boolean configured = false;
-            if (configuredHosts != null) {
-                final String hostIdsStr[] = configuredHosts.split(",");
-                for (final String hostIdStr : hostIdsStr) {
-                    if (hostIdStr.equals(((Long)hostId).toString())) {
-                        configured = true;
-                        break;
-                    }
-                }
+            String result;
+            if (bridgeName.startsWith("OVS-DR-VPC-Bridge")) {
+                result = callHostPlugin(conn, "ovstunnel", "setup_ovs_bridge_for_distributed_routing", "bridge", bridge, "key", bridgeName, "xs_nw_uuid", nw.getUuid(conn), "cs_host_id",
+                        ((Long)hostId).toString());
+            } else {
+                result = callHostPlugin(conn, "ovstunnel", "setup_ovs_bridge", "bridge", bridge, "key", bridgeName, "xs_nw_uuid", nw.getUuid(conn), "cs_host_id", ((Long)hostId).toString());
             }
 
-            if (!configured) {
-                String result;
-                if (bridgeName.startsWith("OVS-DR-VPC-Bridge")) {
-                    result = callHostPlugin(conn, "ovstunnel", "setup_ovs_bridge_for_distributed_routing", "bridge", bridge, "key", bridgeName, "xs_nw_uuid", nw.getUuid(conn), "cs_host_id",
-                            ((Long)hostId).toString());
-                } else {
-                    result = callHostPlugin(conn, "ovstunnel", "setup_ovs_bridge", "bridge", bridge, "key", bridgeName, "xs_nw_uuid", nw.getUuid(conn), "cs_host_id", ((Long)hostId).toString());
-                }
-
-                // Note down the fact that the ovs bridge has been setup
-                final String[] res = result.split(":");
-                if (res.length != 2 || !res[0].equalsIgnoreCase("SUCCESS")) {
-                    throw new CloudRuntimeException("Unable to pre-configure OVS bridge " + bridge);
-                }
+            // Note down the fact that the ovs bridge has been setup
+            final String[] res = result.split(":");
+            if (res.length != 2 || !res[0].equalsIgnoreCase("SUCCESS")) {
+                throw new CloudRuntimeException("Unable to pre-configure OVS bridge " + bridge);
             }
             return nw;
         } catch (final Exception e) {

plugins/network-elements/ovs/src/main/java/com/cloud/network/guru/OvsGuestNetworkGuru.java

@@ -81,10 +81,14 @@ && isMyIsolationMethod(physicalNetwork)
             && _ntwkOfferingSrvcDao.areServicesSupportedByNetworkOffering(
                 offering.getId(), Service.Connectivity)) {
             return true;
+        } else if (networkType == NetworkType.Advanced
+            && offering.getGuestType() == GuestType.Shared
+            && _ntwkOfferingSrvcDao.isProviderForNetworkOffering(offering.getId(), Network.Provider.Ovs)
+            && physicalNetwork.getIsolationMethods().contains("GRE")) {
+            return true;
         } else {
-            s_logger.trace("We only take care of Guest networks of type   "
-                + GuestType.Isolated + " in zone of type "
-                + NetworkType.Advanced);
+            s_logger.trace(String.format("We only take care of Guest networks of type %s with Service %s or type with %s provider %s in %s zone",
+                    GuestType.Isolated, Service.Connectivity, GuestType.Shared, Network.Provider.Ovs, NetworkType.Advanced));
             return false;
         }
     }
@@ -107,6 +111,9 @@ public Network design(NetworkOffering offering, DeploymentPlan plan,
         }
 
         config.setBroadcastDomainType(BroadcastDomainType.Vswitch);
+        if (config.getBroadcastUri() != null) {
+            config.setBroadcastUri(BroadcastDomainType.Vswitch.toUri(config.getBroadcastUri().toString().replace("vlan://", "")));
+        }
 
         return config;
     }

scripts/vm/hypervisor/xenserver/ovstunnel

@@ -106,9 +106,16 @@ def setup_ovs_bridge(session, args):
                                 "uuid=%s" % xs_nw_uuid,
                                 "param-name=other-config",
                                 "param-key=ovs-host-setup"])
-        conf_hosts = cs_host_id + (conf_hosts and ',%s' % conf_hosts or '')
-        lib.do_cmd([lib.XE_PATH, "network-param-set", "uuid=%s" % xs_nw_uuid,
-                   "other-config:ovs-host-setup=%s" % conf_hosts])
+        host_found = False
+        if conf_hosts:
+            setup_hosts = conf_hosts.split(",")
+            for host in setup_hosts:
+                if host == cs_host_id:
+                    host_found = True
+        if not host_found:
+            conf_hosts = cs_host_id + (conf_hosts and ',%s' % conf_hosts or '')
+            lib.do_cmd([lib.XE_PATH, "network-param-set", "uuid=%s" % xs_nw_uuid,
+                       "other-config:ovs-host-setup=%s" % conf_hosts])
 
         # BLOCK IPv6 - Flow spec changes with ovs version
         # Temporarily no need BLOCK IPv6
@@ -161,9 +168,16 @@ def setup_ovs_bridge_for_distributed_routing(session, args):
                                 "uuid=%s" % xs_nw_uuid,
                                 "param-name=other-config",
                                 "param-key=ovs-host-setup"])
-        conf_hosts = cs_host_id + (conf_hosts and ',%s' % conf_hosts or '')
-        lib.do_cmd([lib.XE_PATH, "network-param-set", "uuid=%s" % xs_nw_uuid,
-                   "other-config:ovs-host-setup=%s" % conf_hosts])
+        host_found = False
+        if conf_hosts:
+            setup_hosts = conf_hosts.split(",")
+            for host in setup_hosts:
+                if host == cs_host_id:
+                    host_found = True
+        if not host_found:
+            conf_hosts = cs_host_id + (conf_hosts and ',%s' % conf_hosts or '')
+            lib.do_cmd([lib.XE_PATH, "network-param-set", "uuid=%s" % xs_nw_uuid,
+                       "other-config:ovs-host-setup=%s" % conf_hosts])
 
         # first clear the default rule (rule for 'NORMAL' processing which makes a bridge simple L2 learn & flood switch)
         lib.del_flows(bridge, table=0)

scripts/vm/network/vnet/cloudstack_pluginlib.py

@@ -104,7 +104,7 @@ def do_cmd(cmd):
                       "%s (stderr output:%s)" % (ret_code, err))
         raise PluginError(err)
     output = proc.stdout.read()
-    if output.endswith('\n'):
+    if output.endswith(b'\n'):
         output = output[:-1]
     return output
 

scripts/vm/network/vnet/ovstunnel.py

@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
@@ -37,7 +37,7 @@ def setup_ovs_bridge(bridge, key, cs_host_id):
     res = lib.check_switch()
     if res != "SUCCESS":
         #return "FAILURE:%s" % res
-	return 'false'
+        return 'false'
 
     logging.debug("About to manually create the bridge:%s" % bridge)
     #set gre_key to bridge
@@ -50,23 +50,23 @@ def setup_ovs_bridge(bridge, key, cs_host_id):
     logging.debug("Bridge has been manually created:%s" % res)
     if res:
 #        result = "FAILURE:%s" % res
-	result = 'false'
+        result = 'false'
     else:
         # Verify the bridge actually exists, with the gre_key properly set
         res = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge",
                                           bridge, "other_config:gre_key"])
-        if key in res:
+        if key in str(res):
 #            result = "SUCCESS:%s" % bridge
             result = 'true'
         else:
 #            result = "FAILURE:%s" % res
             result = 'false'
 
-	lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge, "other_config:is-ovs-tun-network=True"])
+        lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge, "other_config:is-ovs-tun-network=True"])
 	#get list of hosts using this bridge
         conf_hosts = lib.do_cmd([lib.VSCTL_PATH, "get","bridge", bridge,"other_config:ovs-host-setup"])
 	#add cs_host_id to list of hosts using this bridge
-        conf_hosts = cs_host_id + (conf_hosts and ',%s' % conf_hosts or '')
+        conf_hosts = cs_host_id + (conf_hosts and ',%s' % eval(conf_hosts) or '')
         lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge,
                    "other_config:ovs-host-setup=%s" % conf_hosts])
 
@@ -92,7 +92,7 @@ def setup_ovs_bridge_for_distributed_routing(bridge, cs_host_id):
 
         res = lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge, "other_config:is-ovs_vpc_distributed_vr_network=True"])
         conf_hosts = lib.do_cmd([lib.VSCTL_PATH, "get","bridge", bridge,"other:ovs-host-setup"])
-        conf_hosts = cs_host_id + (conf_hosts and ',%s' % conf_hosts or '')
+        conf_hosts = cs_host_id + (conf_hosts and ',%s' % eval(conf_hosts) or '')
         lib.do_cmd([lib.VSCTL_PATH, "set", "bridge", bridge,
                    "other_config:ovs-host-setup=%s" % conf_hosts])
 
@@ -162,7 +162,7 @@ def create_tunnel(bridge, remote_ip, key, src_host, dst_host):
     wait = [lib.VSCTL_PATH, "--timeout=30", "wait-until", "bridge",
                     bridge, "--", "get", "bridge", bridge, "name"]
     res = lib.do_cmd(wait)
-    if bridge not in res:
+    if bridge not in str(res):
         logging.debug("WARNING:Can't find bridge %s for creating " +
                                   "tunnel!" % bridge)
 #        return "FAILURE:NO_BRIDGE"
@@ -185,7 +185,7 @@ def create_tunnel(bridge, remote_ip, key, src_host, dst_host):
         # Expecting python-style list as output
         iface_list = []
         if len(res) > 2:
-            iface_list = res.strip()[1:-1].split(',')
+            iface_list = res.strip()[1:-1].split(b',')
         if len(iface_list) != 1:
             logging.debug("WARNING: Unexpected output while verifying " +
                                       "port %s on bridge %s" % (name, bridge))
@@ -202,7 +202,7 @@ def create_tunnel(bridge, remote_ip, key, src_host, dst_host):
         key_validation = lib.do_cmd(verify_interface_key)
         ip_validation = lib.do_cmd(verify_interface_ip)
 
-        if not key in key_validation or not remote_ip in ip_validation:
+        if not key in str(key_validation) or not remote_ip in str(ip_validation):
             logging.debug("WARNING: Unexpected output while verifying " +
                           "interface %s on bridge %s" % (name, bridge))
 #            return "FAILURE:VERIFY_INTERFACE_FAILED"
@@ -213,12 +213,18 @@ def create_tunnel(bridge, remote_ip, key, src_host, dst_host):
                                           iface_uuid, "ofport"]
         tun_ofport = lib.do_cmd(cmd_tun_ofport)
         # Ensure no trailing LF
-        if tun_ofport.endswith('\n'):
+        if tun_ofport.endswith(b'\n'):
             tun_ofport = tun_ofport[:-1]
 
-        ovs_tunnel_network = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge", bridge, "other_config:is-ovs-tun-network"])
-        ovs_vpc_distributed_vr_network = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge", bridge,
-                                                     "other_config:is-ovs_vpc_distributed_vr_network"])
+        try:
+            ovs_tunnel_network = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge", bridge, "other_config:is-ovs-tun-network"])
+        except:
+            ovs_tunnel_network = 'False'
+        try:
+            ovs_vpc_distributed_vr_network = lib.do_cmd([lib.VSCTL_PATH, "get", "bridge", bridge,
+                                                         "other_config:is-ovs_vpc_distributed_vr_network"])
+        except:
+            ovs_vpc_distributed_vr_network = 'False'
 
         if ovs_tunnel_network == 'True':
             # add flow entryies for dropping broadcast coming in from gre tunnel

server/src/main/java/com/cloud/network/guru/DirectNetworkGuru.java

@@ -148,8 +148,13 @@ && isMyIsolationMethod(physnet)
                 && offering.getGuestType() == GuestType.Shared
                 && !_ntwkOfferingSrvcDao.isProviderForNetworkOffering(offering.getId(), Network.Provider.NiciraNvp)) {
             return true;
+        } else if (dc.getNetworkType() == NetworkType.Advanced
+                && offering.getGuestType() == GuestType.Shared
+                && ! _ntwkOfferingSrvcDao.isProviderForNetworkOffering(offering.getId(), Network.Provider.Ovs)
+                && physnet.getIsolationMethods().contains("GRE")) {
+            return true;
         } else {
-            s_logger.trace("We only take care of Guest networks of type " + GuestType.Shared);
+            s_logger.trace("We only take care of Shared Guest networks without Ovs or NiciraNvp provider");
             return false;
         }
     }