| Matteo Scandolo | f044103 | 2017-08-08 13:05:26 -0700 | [diff] [blame^] | 1 | |
| 2 | {# |
| 3 | Copyright 2017-present Open Networking Foundation |
| 4 | |
| 5 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | you may not use this file except in compliance with the License. |
| 7 | You may obtain a copy of the License at |
| 8 | |
| 9 | http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | |
| 11 | Unless required by applicable law or agreed to in writing, software |
| 12 | distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | See the License for the specific language governing permissions and |
| 15 | limitations under the License. |
| 16 | #} |
| 17 | |
| 18 | |
| Scott Baker | b63ea79 | 2016-08-11 10:24:48 -0700 | [diff] [blame] | 19 | #!/bin/bash |
| 20 | |
| 21 | iptables -L > /dev/null |
| 22 | ip6tables -L > /dev/null |
| 23 | |
| 24 | CONTAINER={{ container_name }} |
| 25 | IMAGE={{ docker_image }} |
| 26 | |
| 27 | function mac_to_iface { |
| 28 | PARENT_MAC=$1 |
| 29 | ifconfig|grep $PARENT_MAC| awk '{print $1}'|grep -v '\.' |
| 30 | } |
| 31 | |
| 32 | function encapsulate_stag { |
| 33 | LAN_IFACE=$1 |
| 34 | STAG=$2 |
| 35 | ifconfig $LAN_IFACE >> /dev/null |
| 36 | if [ "$?" == 0 ]; then |
| 37 | STAG_IFACE=$LAN_IFACE.$STAG |
| 38 | ifconfig $LAN_IFACE up |
| 39 | ifconfig $STAG_IFACE |
| 40 | if [ "$?" == 0 ]; then |
| 41 | echo $STAG_IFACE is already created |
| 42 | else |
| 43 | ifconfig $STAG_IFACE >> /dev/null || ip link add link $LAN_IFACE name $STAG_IFACE type vlan id $STAG |
| 44 | fi |
| 45 | ifconfig $STAG_IFACE up |
| 46 | else |
| 47 | echo There is no $LAN_IFACE. Aborting. |
| 48 | exit -1 |
| 49 | fi |
| 50 | } |
| 51 | |
| 52 | |
| 53 | {% if volumes %} |
| 54 | {% for volume in volumes %} |
| 55 | DEST_DIR=/var/container_volumes/$CONTAINER/{{ volume }} |
| 56 | mkdir -p $DEST_DIR |
| 57 | VOLUME_ARGS="$VOLUME_ARGS -v $DEST_DIR:{{ volume }}" |
| 58 | {% endfor %} |
| 59 | {% endif %} |
| 60 | |
| 61 | docker inspect $CONTAINER > /dev/null 2>&1 |
| 62 | if [ "$?" == 1 ] |
| 63 | then |
| 64 | docker pull $IMAGE |
| 65 | {% if network_method=="host" %} |
| 66 | docker run -d --name=$CONTAINER --privileged=true --net=host $VOLUME_ARGS $IMAGE |
| 67 | {% elif network_method=="bridged" %} |
| 68 | docker run -d --name=$CONTAINER --privileged=true --net=bridge $VOLUME_ARGS $IMAGE |
| 69 | {% else %} |
| 70 | docker run -d --name=$CONTAINER --privileged=true --net=none $VOLUME_ARGS $IMAGE |
| 71 | {% endif %} |
| 72 | else |
| 73 | docker start $CONTAINER |
| 74 | fi |
| 75 | |
| 76 | {% if ports %} |
| 77 | {% for port in ports %} |
| 78 | |
| 79 | {% if port.next_hop %} |
| 80 | NEXTHOP_ARG="@{{ port.next_hop }}" |
| 81 | {% else %} |
| 82 | NEXTHOP_ARG="" |
| 83 | {% endif %} |
| 84 | |
| 85 | {% if port.c_tag %} |
| 86 | CTAG_ARG="@{{ port.c_tag }}" |
| 87 | {% else %} |
| 88 | CTAG_ARG="" |
| 89 | {% endif %} |
| 90 | |
| 91 | {% if port.parent_mac %} |
| 92 | # container-in-VM |
| 93 | SRC_DEV=$( mac_to_iface "{{ port.parent_mac }}" ) |
| 94 | CMD="docker exec $CONTAINER ifconfig $SRC_DEV >> /dev/null || pipework $SRC_DEV -i {{ port.device }} $CONTAINER {{ port.ip }}/24$NEXTHOP_ARG {{ port.mac }} $CTAG_ARG" |
| 95 | echo $CMD |
| 96 | eval $CMD |
| 97 | |
| 98 | {% else %} |
| 99 | # container-on-metal |
| 100 | IP="{{ port.ip }}" |
| 101 | {% if port.mac %} |
| 102 | MAC="{{ port.mac }}" |
| 103 | {% else %} |
| 104 | MAC="" |
| 105 | {% endif %} |
| 106 | |
| 107 | DEVICE="{{ port.device }}"
|
| 108 | BRIDGE="{{ port.bridge }}"
|
| 109 | {% if port.s_tag %}
|
| 110 | # This is intended for lan_network. Assume that BRIDGE is set to br_lan. We
|
| 111 | # create a device that strips off the S-TAG.
|
| 112 | STAG="{{ port.s_tag }}"
|
| 113 | encapsulate_stag $BRIDGE $STAG
|
| 114 | SRC_DEV=$STAG_IFACE
|
| 115 | {% else %}
|
| 116 | # This is for a standard neutron private network. We use a donor VM to setup
|
| 117 | # openvswitch for us, and we snoop at its devices and create a tap using the
|
| 118 | # same settings.
|
| 119 | XOS_NETWORK_ID="{{ port.xos_network_id }}"
|
| 120 | INSTANCE_MAC="{{ port.snoop_instance_mac }}" |
| 121 | INSTANCE_ID="{{ port.snoop_instance_id }}" |
| 122 | INSTANCE_TAP=`virsh domiflist $INSTANCE_ID | grep -i $INSTANCE_MAC | awk '{print $1}'` |
| 123 | INSTANCE_TAP=${INSTANCE_TAP:3} |
| 124 | VLAN_ID=`ovs-vsctl show | grep -i -A 1 port.*$INSTANCE_TAP | grep -i tag | awk '{print $2}'` |
| 125 | # One tap for all containers per XOS/neutron network. Included the VLAN_ID in the |
| 126 | # hash, to cover the case where XOS is reinstalled and the XOS network ids |
| 127 | # get reused. |
| 128 | TAP="con`echo ${XOS_NETWORK_ID}_$VLAN_ID|md5sum|awk '{print $1}'`" |
| 129 | TAP=${TAP:0:10} |
| 130 | echo im=$INSTANCE_MAC ii=$INSTANCE_ID it=$INSTANCE_TAP vlan=$VLAN_ID tap=$TAP con=$CONTAINER dev=$DEVICE mac=$MAC |
| 131 | ovs-vsctl show | grep -i $TAP |
| 132 | if [[ $? == 1 ]]; then |
| 133 | echo creating tap |
| 134 | ovs-vsctl add-port $BRIDGE $TAP tag=$VLAN_ID -- set interface $TAP type=internal |
| 135 | else |
| 136 | echo tap exists |
| 137 | fi |
| 138 | SRC_DEV=$TAP |
| 139 | {% endif %} |
| 140 | |
| 141 | CMD="docker exec $CONTAINER ifconfig $DEVICE >> /dev/null || pipework $SRC_DEV -i $DEVICE $CONTAINER $IP/24$NEXTHOP_ARG $MAC $CTAG_ARG" |
| 142 | echo $CMD |
| 143 | eval $CMD |
| 144 | {% endif %} |
| 145 | {% endfor %} |
| 146 | {% endif %} |
| 147 | |
| 148 | # Attach to container |
| 149 | # (this is only done when using upstart, since upstart expects to be attached |
| 150 | # to a running service) |
| 151 | if [[ "$1" == "ATTACH" ]]; then |
| 152 | docker start -a $CONTAINER |
| 153 | fi |
| 154 | |