upstream/oracle/userland-gate: components/openstack/neutron/files/neutron-l3-agent@12e9c20eef5a (annotated)

1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	1	#!/usr/bin/python2.6
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	2
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	3	# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	4	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License"); you may
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	6	# not use this file except in compliance with the License. You may obtain
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	7	# a copy of the License at
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	8	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	10	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	13	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	14	# License for the specific language governing permissions and limitations
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	15	# under the License.
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	16
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	17	import os
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	18	import re
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	19	import sys
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	20
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	21	import netaddr
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	22	import smf_include
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	23
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	24	from subprocess import CalledProcessError, Popen, PIPE, check_call
1792 5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	25
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	26
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	27	def start():
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	28	# verify paths are valid
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	29	for f in sys.argv[2:4]:
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	30	if not os.path.exists(f) or not os.access(f, os.R_OK):
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	31	print '%s does not exist or is not readable' % f
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	32	return smf_include.SMF_EXIT_ERR_CONFIG
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	33
1792 5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	34	# System-wide forwarding (either ipv4 or ipv6 or both) must be enabled
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	35	# before neutron-l3-agent can be started.
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	36	cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	37	"-o", "current", "ipv4"]
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	38	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	39	output, error = p.communicate()
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	40	if p.returncode != 0:
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	41	print "failed to determine if IPv4 forwarding is enabled or not"
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	42	return smf_include.SMF_EXIT_ERR_FATAL
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	43	v4fwding = "on" in output
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	44
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	45	cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	46	"-o", "current", "ipv6"]
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	47	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	48	output, error = p.communicate()
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	49	if p.returncode != 0:
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	50	print "failed to determine if IPv6 forwarding is enabled or not"
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	51	return smf_include.SMF_EXIT_ERR_FATAL
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	52	v6fwding = "on" in output
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	53
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	54	if not any((v4fwding, v6fwding)):
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	55	print "System-wide IPv4 or IPv6 (or both) forwarding must be " \
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	56	"enabled before enabling neutron-l3-agent"
1792 5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	57	return smf_include.SMF_EXIT_ERR_CONFIG
5cea652172c6 18416129 neutron-l3-agent should include dependency on ipfilter service Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1760 diff changeset	58
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	59	cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	60	"--config-file %s" % tuple(sys.argv[2:4])
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	61	smf_include.smf_subprocess(cmd)
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	62
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	63
1977 12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	64	def remove_ipfilter_rules(version):
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	65	# remove IP Filter rules added by neutron-l3-agent
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	66	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"]
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	67	if version == 6:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	68	cmd.insert(2, "-6")
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	69	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	70	output, error = p.communicate()
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	71	if p.returncode != 0:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	72	print "failed to retrieve IP Filter rules"
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	73	return smf_include.SMF_EXIT_ERR_FATAL
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	74
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	75	ipfilters = output.splitlines()
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	76	# L3 agent IP Filter rules are of the form
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	77	# block in quick on l3i64cbb496_a_0 from ... to pool/15417332
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	78	prog = re.compile('on l3i[0-9A-Fa-f\_]{10}_0')
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	79	ippool_names = []
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	80	for ipf in ipfilters:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	81	if not prog.search(ipf):
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	82	continue
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	83	# capture the IP pool name
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	84	ippool_names.append(ipf.split('pool/')[1])
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	85
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	86	try:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	87	# remove the IP Filter rule
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	88	p = Popen(["echo", ipf], stdout=PIPE)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	89	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipf", "-r", "-f", "-"]
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	90	if version == 6:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	91	cmd.insert(2, "-6")
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	92	check_call(cmd, stdin=p.stdout)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	93	except CalledProcessError as err:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	94	print "failed to remove IP Filter rule %s: %s" % (ipf, err)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	95	return smf_include.SMF_EXIT_ERR_FATAL
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	96
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	97	# remove IP Pools added by neutron-l3-agent
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	98	for ippool_name in ippool_names:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	99	try:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	100	check_call(["/usr/bin/pfexec", "/usr/sbin/ippool", "-R",
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	101	"-m", ippool_name, "-t", "tree"])
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	102	except CalledProcessError as err:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	103	print "failed to remove IP Pool %s: %s" % (ippool_name, err)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	104	return smf_include.SMF_EXIT_ERR_FATAL
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	105	return smf_include.SMF_EXIT_OK
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	106
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	107
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	108	def stop():
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	109	try:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	110	# first kill the SMF contract
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	111	check_call(["/usr/bin/pkill", "-c", sys.argv[2]])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	112	except CalledProcessError as err:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	113	print "failed to kill the SMF contract: %s" % (err)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	114	return smf_include.SMF_EXIT_ERR_FATAL
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	115	# remove VNICs associated with L3 agent
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	116	cmd = ["/usr/sbin/ipadm", "show-if", "-p", "-o", "ifname"]
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	117	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	118	output, error = p.communicate()
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	119	if p.returncode != 0:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	120	print "failed to retrieve IP interface names"
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	121	return smf_include.SMF_EXIT_ERR_CONFIG
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	122
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	123	ifnames = output.splitlines()
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	124	# L3 agent datalinks are always 15 characters in length. They start
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	125	# with either 'l3i' or 'l3e', end with '_0', and in between they are
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	126	# hexadecimal digits.
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	127	prog = re.compile('l3[ie][0-9A-Fa-f\_]{10}_0')
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	128	for ifname in ifnames:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	129	if not prog.search(ifname):
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	130	continue
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	131	try:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	132	# first remove the IP
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	133	check_call(["/usr/bin/pfexec", "/usr/sbin/ipadm", "delete-ip",
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	134	ifname])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	135	# next remove the VNIC
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	136	check_call(["/usr/bin/pfexec", "/usr/sbin/dladm", "delete-vnic",
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	137	ifname])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	138	except CalledProcessError as err:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	139	print "failed to remove datalinks used by L3 agent: %s" % (err)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	140	return smf_include.SMF_EXIT_ERR_FATAL
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	141
1977 12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	142	# remove IPv4 Filter rules added by neutron-l3-agent
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	143	rv = remove_ipfilter_rules(4)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	144	if rv != smf_include.SMF_EXIT_OK:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	145	return rv
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	146
1977 12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	147	# remove IPv6 Filter rules added by neutron-l3-agent
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	148	rv = remove_ipfilter_rules(6)
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	149	if rv != smf_include.SMF_EXIT_OK:
12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1944 diff changeset	150	return rv
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	151
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	152	# remove IP NAT rules added by neutron-l3-agent
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	153	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipnat", "-lR"]
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	154	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	155	output, error = p.communicate()
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	156	if p.returncode != 0:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	157	print "failed to retrieve IP NAT rules"
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	158	return smf_include.SMF_EXIT_ERR_FATAL
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	159
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	160	ipnat_rules = output.splitlines()
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	161	# L3 agent IP NAT rules are of the form
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	162	# bimap l3e64ccc496_a_0 192.168.1.3/32 -> 172.16.10.3/32
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	163	prog = re.compile('l3e[0-9A-Fa-f\_]{10}_0')
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	164	for ipnat_rule in ipnat_rules:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	165	if not prog.search(ipnat_rule):
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	166	continue
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	167	# remove the IP NAT rule
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	168	try:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	169	p = Popen(["echo", ipnat_rule], stdout=PIPE)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	170	check_call(["/usr/bin/pfexec", "/usr/sbin/ipnat", "-r", "-f", "-"],
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	171	stdin=p.stdout)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	172	except CalledProcessError as err:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	173	print "failed to remove IP NAT rule %s: %s" % (ipnat_rule, err)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	174	return smf_include.SMF_EXIT_ERR_FATAL
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	175
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	176	return smf_include.SMF_EXIT_OK
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1792 diff changeset	177
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	178	if __name__ == "__main__":
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	179	os.putenv("LC_ALL", "C")
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	180	smf_include.smf_main()

author	Girish Moodalbail <Girish.Moodalbail@oracle.COM>
	Thu, 26 Jun 2014 19:18:52 -0700
changeset 1977	12e9c20eef5a
parent 1944	56ac2df1785b
child 2083	87196737f09f
permissions	-rw-r--r--