|
 |
dddd63 |
From d811e1027f74de0f1eee1af9af8dd3338eadb61d Mon Sep 17 00:00:00 2001
|
|
|
dddd63 |
From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
|
|
|
dddd63 |
Date: Fri, 25 Sep 2020 13:21:58 +0200
|
|
|
dddd63 |
Subject: [PATCH] ovn-nbctl: add --may-exist/--if-exists options for policy
|
|
|
dddd63 |
routing
|
|
|
dddd63 |
|
|
|
dddd63 |
Introduce the following options to avoid error reporting for policy
|
|
|
dddd63 |
routing:
|
|
|
dddd63 |
1) --may-exist: the lr-policy-add does not result in an error if a policy
|
|
|
dddd63 |
with the same priority and match string is already present
|
|
|
dddd63 |
2) --if-exists: the lr-policy-del does not result in an error if a policy
|
|
|
dddd63 |
with the specified uuid is not present in the db
|
|
|
dddd63 |
|
|
|
dddd63 |
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
|
|
|
dddd63 |
Signed-off-by: Han Zhou <hzhou@ovn.org>
|
|
|
dddd63 |
---
|
|
|
dddd63 |
tests/ovn-nbctl.at | 7 ++++++-
|
|
|
dddd63 |
utilities/ovn-nbctl.8.xml | 20 +++++++++++++++-----
|
|
|
dddd63 |
utilities/ovn-nbctl.c | 16 ++++++++++------
|
|
|
dddd63 |
3 files changed, 31 insertions(+), 12 deletions(-)
|
|
|
dddd63 |
|
|
|
dddd63 |
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
|
|
|
dddd63 |
index baf7a87f5..3dbedc843 100644
|
|
|
dddd63 |
--- a/tests/ovn-nbctl.at
|
|
|
dddd63 |
+++ b/tests/ovn-nbctl.at
|
|
|
dddd63 |
@@ -1651,6 +1651,8 @@ AT_CHECK([ovn-nbctl lr-policy-add lr0 100 "ip4.src == 1.1.1.0/24" drop], [1], []
|
|
|
dddd63 |
[ovn-nbctl: Same routing policy already existed on the logical router lr0.
|
|
|
dddd63 |
])
|
|
|
dddd63 |
|
|
|
dddd63 |
+AT_CHECK([ovn-nbctl --may-exist lr-policy-add lr0 100 "ip4.src == 1.1.1.0/24" drop])
|
|
|
dddd63 |
+
|
|
|
dddd63 |
dnl Add duplicated policy
|
|
|
dddd63 |
AT_CHECK([ovn-nbctl lr-policy-add lr0 103 "ip4.src == 1.1.1.0/24" deny], [1], [],
|
|
|
dddd63 |
[ovn-nbctl: deny: action must be one of "allow", "drop", and "reroute"
|
|
|
dddd63 |
@@ -1675,10 +1677,13 @@ Routing Policies
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
dnl Delete policy by specified uuid
|
|
|
dddd63 |
-AT_CHECK([ovn-nbctl lr-policy-del lr0 $(ovn-nbctl --bare --column _uuid list logical_router_policy)])
|
|
|
dddd63 |
+uuid=$(ovn-nbctl --bare --column _uuid list logical_router_policy)
|
|
|
dddd63 |
+AT_CHECK([ovn-nbctl lr-policy-del lr0 $uuid])
|
|
|
dddd63 |
AT_CHECK([ovn-nbctl list logical-router-policy], [0], [dnl
|
|
|
dddd63 |
])
|
|
|
dddd63 |
|
|
|
dddd63 |
+AT_CHECK([ovn-nbctl --if-exists lr-policy-del lr0 $uuid])
|
|
|
dddd63 |
+
|
|
|
dddd63 |
dnl Add policy with reroute action
|
|
|
dddd63 |
AT_CHECK([ovn-nbctl lr-policy-add lr0 102 "ip4.src == 3.1.2.0/24" reroute 3.3.3.3])
|
|
|
dddd63 |
|
|
|
dddd63 |
diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml
|
|
|
dddd63 |
index fcc4312dd..59302296b 100644
|
|
|
dddd63 |
--- a/utilities/ovn-nbctl.8.xml
|
|
|
dddd63 |
+++ b/utilities/ovn-nbctl.8.xml
|
|
|
dddd63 |
@@ -737,8 +737,9 @@
|
|
|
dddd63 |
Logical Router Policy Commands
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
- lr-policy-add router priority
|
|
|
dddd63 |
- match action [nexthop]
|
|
|
dddd63 |
+ [--may-exist]lr-policy-add
|
|
|
dddd63 |
+ router priority match
|
|
|
dddd63 |
+ action [nexthop]
|
|
|
dddd63 |
[options key=value]]
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
@@ -754,6 +755,13 @@
|
|
|
dddd63 |
The supported option is : pkt_mark.
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
+
|
|
|
dddd63 |
+ If --may-exist is specified, adding a duplicated
|
|
|
dddd63 |
+ routing policy with the same priority and match string is not
|
|
|
dddd63 |
+ really created. Without --may-exist, adding a
|
|
|
dddd63 |
+ duplicated routing policy results in error.
|
|
|
dddd63 |
+
|
|
|
dddd63 |
+
|
|
|
dddd63 |
|
|
|
dddd63 |
The following example shows a policy to lr1, which will drop packets
|
|
|
dddd63 |
from192.168.100.0/24.
|
|
|
dddd63 |
@@ -771,8 +779,8 @@
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
- lr-policy-del router [{priority | uuid}
|
|
|
dddd63 |
- [match]]
|
|
|
dddd63 |
+ [--if-exists] lr-policy-del
|
|
|
dddd63 |
+ router [{priority | uuid} [match]]
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
Deletes polices from router. If only router
|
|
|
dddd63 |
@@ -784,7 +792,9 @@
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
If router and uuid are supplied, then the
|
|
|
dddd63 |
- policy with sepcified uuid is deleted.
|
|
|
dddd63 |
+ policy with sepcified uuid is deleted. It is an error if
|
|
|
dddd63 |
+ uuid does not exist, unless --if-exists
|
|
|
dddd63 |
+ is specified.
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
|
|
|
dddd63 |
diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
|
|
|
dddd63 |
index c54e63937..caf99dfeb 100644
|
|
|
dddd63 |
--- a/utilities/ovn-nbctl.c
|
|
|
dddd63 |
+++ b/utilities/ovn-nbctl.c
|
|
|
dddd63 |
@@ -3648,12 +3648,15 @@ nbctl_lr_policy_add(struct ctl_context *ctx)
|
|
|
dddd63 |
|
|
|
dddd63 |
/* Check if same routing policy already exists.
|
|
|
dddd63 |
* A policy is uniquely identified by priority and match */
|
|
|
dddd63 |
+ bool may_exist = !!shash_find(&ctx->options, "--may-exist");
|
|
|
dddd63 |
for (int i = 0; i < lr->n_policies; i++) {
|
|
|
dddd63 |
const struct nbrec_logical_router_policy *policy = lr->policies[i];
|
|
|
dddd63 |
if (policy->priority == priority &&
|
|
|
dddd63 |
!strcmp(policy->match, ctx->argv[3])) {
|
|
|
dddd63 |
- ctl_error(ctx, "Same routing policy already existed on the "
|
|
|
dddd63 |
- "logical router %s.", ctx->argv[1]);
|
|
|
dddd63 |
+ if (!may_exist) {
|
|
|
dddd63 |
+ ctl_error(ctx, "Same routing policy already existed on the "
|
|
|
dddd63 |
+ "logical router %s.", ctx->argv[1]);
|
|
|
dddd63 |
+ }
|
|
|
dddd63 |
return;
|
|
|
dddd63 |
}
|
|
|
dddd63 |
}
|
|
|
dddd63 |
@@ -3733,7 +3736,6 @@ nbctl_lr_policy_del(struct ctl_context *ctx)
|
|
|
dddd63 |
ctx->error = error;
|
|
|
dddd63 |
return;
|
|
|
dddd63 |
}
|
|
|
dddd63 |
-
|
|
|
dddd63 |
}
|
|
|
dddd63 |
/* If uuid was specified, delete routing policy with the
|
|
|
dddd63 |
* specified uuid. */
|
|
|
dddd63 |
@@ -3751,7 +3753,9 @@ nbctl_lr_policy_del(struct ctl_context *ctx)
|
|
|
dddd63 |
}
|
|
|
dddd63 |
}
|
|
|
dddd63 |
if (n_policies == lr->n_policies) {
|
|
|
dddd63 |
- ctl_error(ctx, "Logical router policy uuid is not found.");
|
|
|
dddd63 |
+ if (!shash_find(&ctx->options, "--if-exists")) {
|
|
|
dddd63 |
+ ctl_error(ctx, "Logical router policy uuid is not found.");
|
|
|
dddd63 |
+ }
|
|
|
dddd63 |
return;
|
|
|
dddd63 |
}
|
|
|
dddd63 |
|
|
|
dddd63 |
@@ -6529,9 +6533,9 @@ static const struct ctl_command_syntax nbctl_commands[] = {
|
|
|
dddd63 |
/* Policy commands */
|
|
|
dddd63 |
{ "lr-policy-add", 4, INT_MAX,
|
|
|
dddd63 |
"ROUTER PRIORITY MATCH ACTION [NEXTHOP] [OPTIONS - KEY=VALUE ...]",
|
|
|
dddd63 |
- NULL, nbctl_lr_policy_add, NULL, "", RW },
|
|
|
dddd63 |
+ NULL, nbctl_lr_policy_add, NULL, "--may-exist", RW },
|
|
|
dddd63 |
{ "lr-policy-del", 1, 3, "ROUTER [{PRIORITY | UUID} [MATCH]]", NULL,
|
|
|
dddd63 |
- nbctl_lr_policy_del, NULL, "", RW },
|
|
|
dddd63 |
+ nbctl_lr_policy_del, NULL, "--if-exists", RW },
|
|
|
dddd63 |
{ "lr-policy-list", 1, 1, "ROUTER", NULL, nbctl_lr_policy_list, NULL,
|
|
|
dddd63 |
"", RO },
|
|
|
dddd63 |
|
|
|
dddd63 |
--
|
|
|
dddd63 |
2.26.2
|
|
|
dddd63 |
|