upstream/oracle/userland-gate: components/openstack/neutron/files/neutron-l3-agent@25975ce9e810 (annotated)

3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	1	#!/usr/bin/python2.6
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	2
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	3	# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	4	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License"); you may
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	6	# not use this file except in compliance with the License. You may obtain
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	7	# a copy of the License at
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	8	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	10	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	13	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	14	# License for the specific language governing permissions and limitations
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	15	# under the License.
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	16
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	17	import os
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	18	import re
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	19	import sys
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	20
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	21	import netaddr
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	22	import smf_include
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	23
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	24	from subprocess import CalledProcessError, Popen, PIPE, check_call
3077 3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	25
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	26
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	27	def start():
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	28	# verify paths are valid
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	29	for f in sys.argv[2:4]:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	30	if not os.path.exists(f) or not os.access(f, os.R_OK):
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	31	print '%s does not exist or is not readable' % f
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	32	return smf_include.SMF_EXIT_ERR_CONFIG
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	33
3077 3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	34	# System-wide forwarding (either ipv4 or ipv6 or both) must be enabled
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	35	# before neutron-l3-agent can be started.
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	36	cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	37	"-o", "current", "ipv4"]
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	38	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	39	output, error = p.communicate()
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	40	if p.returncode != 0:
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	41	print "failed to determine if IPv4 forwarding is enabled or not"
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	42	return smf_include.SMF_EXIT_ERR_FATAL
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	43	v4fwding = "on" in output
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	44
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	45	cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	46	"-o", "current", "ipv6"]
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	47	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	48	output, error = p.communicate()
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	49	if p.returncode != 0:
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	50	print "failed to determine if IPv6 forwarding is enabled or not"
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	51	return smf_include.SMF_EXIT_ERR_FATAL
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	52	v6fwding = "on" in output
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	53
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	54	if not any((v4fwding, v6fwding)):
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	55	print "System-wide IPv4 or IPv6 (or both) forwarding must be " \
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	56	"enabled before enabling neutron-l3-agent"
3077 3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	57	return smf_include.SMF_EXIT_ERR_CONFIG
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	58
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	59	cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	60	"--config-file %s" % tuple(sys.argv[2:4])
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	61	smf_include.smf_subprocess(cmd)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	62
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	63
3198 46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	64	def remove_ipfilter_rules(version):
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	65	# remove IP Filter rules added by neutron-l3-agent
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	66	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"]
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	67	if version == 6:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	68	cmd.insert(2, "-6")
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	69	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	70	output, error = p.communicate()
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	71	if p.returncode != 0:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	72	print "failed to retrieve IP Filter rules"
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	73	return smf_include.SMF_EXIT_ERR_FATAL
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	74
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	75	ipfilters = output.splitlines()
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	76	# L3 agent IP Filter rules are of the form
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	77	# block in quick on l3i64cbb496_a_0 from ... to pool/15417332
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	78	prog = re.compile('on l3i[0-9A-Fa-f\_]{10}_0')
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	79	ippool_names = []
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	80	for ipf in ipfilters:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	81	if not prog.search(ipf):
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	82	continue
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	83	# capture the IP pool name
3364 25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	84	if 'pool/' in ipf:
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	85	ippool_names.append(ipf.split('pool/')[1])
3198 46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	86
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	87	try:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	88	# remove the IP Filter rule
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	89	p = Popen(["echo", ipf], stdout=PIPE)
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	90	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipf", "-r", "-f", "-"]
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	91	if version == 6:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	92	cmd.insert(2, "-6")
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	93	check_call(cmd, stdin=p.stdout)
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	94	except CalledProcessError as err:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	95	print "failed to remove IP Filter rule %s: %s" % (ipf, err)
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	96	return smf_include.SMF_EXIT_ERR_FATAL
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	97
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	98	# remove IP Pools added by neutron-l3-agent
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	99	for ippool_name in ippool_names:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	100	try:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	101	check_call(["/usr/bin/pfexec", "/usr/sbin/ippool", "-R",
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	102	"-m", ippool_name, "-t", "tree"])
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	103	except CalledProcessError as err:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	104	print "failed to remove IP Pool %s: %s" % (ippool_name, err)
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	105	return smf_include.SMF_EXIT_ERR_FATAL
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	106	return smf_include.SMF_EXIT_OK
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	107
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	108
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	109	def stop():
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	110	try:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	111	# first kill the SMF contract
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	112	check_call(["/usr/bin/pkill", "-c", sys.argv[2]])
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	113	except CalledProcessError as err:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	114	print "failed to kill the SMF contract: %s" % (err)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	115	return smf_include.SMF_EXIT_ERR_FATAL
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	116
3364 25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	117	# We need to first remove the IP filter rules and then remove
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	118	# the IP interfaces on which the rules were applied.
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	119
3198 46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	120	# remove IPv4 Filter rules added by neutron-l3-agent
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	121	rv = remove_ipfilter_rules(4)
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	122	if rv != smf_include.SMF_EXIT_OK:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	123	return rv
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	124
3198 46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	125	# remove IPv6 Filter rules added by neutron-l3-agent
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	126	rv = remove_ipfilter_rules(6)
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	127	if rv != smf_include.SMF_EXIT_OK:
46289f36c1ca 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	128	return rv
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	129
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	130	# remove IP NAT rules added by neutron-l3-agent
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	131	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipnat", "-lR"]
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	132	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	133	output, error = p.communicate()
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	134	if p.returncode != 0:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	135	print "failed to retrieve IP NAT rules"
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	136	return smf_include.SMF_EXIT_ERR_FATAL
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	137
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	138	ipnat_rules = output.splitlines()
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	139	# L3 agent IP NAT rules are of the form
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	140	# bimap l3e64ccc496_a_0 192.168.1.3/32 -> 172.16.10.3/32
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	141	prog = re.compile('l3e[0-9A-Fa-f\_]{10}_0')
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	142	for ipnat_rule in ipnat_rules:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	143	if not prog.search(ipnat_rule):
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	144	continue
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	145	# remove the IP NAT rule
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	146	try:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	147	p = Popen(["echo", ipnat_rule], stdout=PIPE)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	148	check_call(["/usr/bin/pfexec", "/usr/sbin/ipnat", "-r", "-f", "-"],
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	149	stdin=p.stdout)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	150	except CalledProcessError as err:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	151	print "failed to remove IP NAT rule %s: %s" % (ipnat_rule, err)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	152	return smf_include.SMF_EXIT_ERR_FATAL
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	153
3364 25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	154	# remove VNICs associated with L3 agent
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	155	cmd = ["/usr/sbin/ipadm", "show-if", "-p", "-o", "ifname"]
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	156	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	157	output, error = p.communicate()
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	158	if p.returncode != 0:
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	159	print "failed to retrieve IP interface names"
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	160	return smf_include.SMF_EXIT_ERR_CONFIG
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	161
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	162	ifnames = output.splitlines()
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	163	# L3 agent datalinks are always 15 characters in length. They start
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	164	# with either 'l3i' or 'l3e', end with '_0', and in between they are
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	165	# hexadecimal digits.
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	166	prog = re.compile('l3[ie][0-9A-Fa-f\_]{10}_0')
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	167	for ifname in ifnames:
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	168	if not prog.search(ifname):
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	169	continue
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	170	try:
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	171	# first remove the IP
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	172	check_call(["/usr/bin/pfexec", "/usr/sbin/ipadm", "delete-ip",
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	173	ifname])
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	174	# next remove the VNIC
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	175	check_call(["/usr/bin/pfexec", "/usr/sbin/dladm", "delete-vnic",
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	176	ifname])
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	177	except CalledProcessError as err:
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	178	print "failed to remove datalinks used by L3 agent: %s" % (err)
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	179	return smf_include.SMF_EXIT_ERR_FATAL
25975ce9e810 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3198 diff changeset	180
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	181	return smf_include.SMF_EXIT_OK
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	182
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	183	if __name__ == "__main__":
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	184	os.putenv("LC_ALL", "C")
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	185	smf_include.smf_main()

author	Girish Moodalbail <Girish.Moodalbail@oracle.COM>
	Fri, 03 Oct 2014 10:20:17 -0700
branch	s11u2-sru
changeset 3364	25975ce9e810
parent 3198	46289f36c1ca
child 3998	5bd484384122
permissions	-rw-r--r--