upstream/oracle/userland-gate: components/openstack/neutron/files/agent/evs_l3

1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	1	# vim: tabstop=4 shiftwidth=4 softtabstop=4
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	2
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	3	# Copyright 2012 VMware, Inc. All rights reserved.
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	4	#
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	5	# Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	6	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	7	# Licensed under the Apache License, Version 2.0 (the "License"); you may
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	8	# not use this file except in compliance with the License. You may obtain
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	9	# a copy of the License at
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	10	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	11	# http://www.apache.org/licenses/LICENSE-2.0
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	12	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	13	# Unless required by applicable law or agreed to in writing, software
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	14	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	15	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	16	# License for the specific language governing permissions and limitations
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	17	# under the License.
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	18	#
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	19
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	20	"""
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	21	Based off generic l3_agent (neutron/agent/l3_agent) code
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	22	"""
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	23
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	24	import errno
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	25	import netaddr
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	26
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	27	from oslo.config import cfg
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	28
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	29	from neutron.agent.common import config
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	30	from neutron.agent import l3_agent
4624 45b5c64ab5bf 21419906 sudo is being used to kill neutron proxy server Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4389 diff changeset	31	from neutron.agent.linux import external_process
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	32	from neutron.agent.linux import utils
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	33	from neutron.agent.solaris import interface
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	34	from neutron.agent.solaris import net_lib
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	35	from neutron.agent.solaris import ra
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	36	from neutron.common import constants as l3_constants
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	37	from neutron.common import utils as common_utils
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	38	from neutron.openstack.common import log as logging
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	39
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	40
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	41	LOG = logging.getLogger(__name__)
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	42	INTERNAL_DEV_PREFIX = 'l3i'
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	43	EXTERNAL_DEV_PREFIX = 'l3e'
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	44	FLOATING_IP_CIDR_SUFFIX = '/32'
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	45
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	46
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	47	class EVSL3NATAgent(l3_agent.L3NATAgentWithStateReport):
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	48	OPTS = [
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	49	cfg.StrOpt('external_network_datalink', default='net0',
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	50	help=_("Name of the datalink that connects to "
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	51	"an external network.")),
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	52	cfg.BoolOpt('allow_forwarding_between_networks', default=False,
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	53	help=_("Allow forwarding of packets between tenant's "
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	54	"networks")),
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	55	]
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	56
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	57	def __init__(self, host, conf=None):
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	58	cfg.CONF.register_opts(self.OPTS)
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	59	cfg.CONF.register_opts(interface.OPTS)
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	60	super(EVSL3NATAgent, self).__init__(host=host, conf=conf)
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	61
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	62	def _router_added(self, router_id, router):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	63	ri = l3_agent.RouterInfo(router_id, None,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	64	self.conf.use_namespaces, router)
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	65	self.router_info[router_id] = ri
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	66
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	67	if self.conf.enable_metadata_proxy:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	68	self._spawn_metadata_proxy(ri.router_id, ri.ns_name)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	69
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	70	def _router_removed(self, router_id):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	71	ri = self.router_info.get(router_id)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	72	if ri is None:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	73	LOG.warn(_("Info for router %s were not found. "
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	74	"Skipping router removal"), router_id)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	75	return
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	76	ri.router['gw_port'] = None
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	77	ri.router[l3_constants.INTERFACE_KEY] = []
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	78	ri.router[l3_constants.FLOATINGIP_KEY] = []
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	79	self.process_router(ri)
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	80	if self.conf.enable_metadata_proxy:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	81	self._destroy_metadata_proxy(ri.router_id, ri.ns_name)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	82
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	83	del self.router_info[router_id]
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	84
4624 45b5c64ab5bf 21419906 sudo is being used to kill neutron proxy server Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4389 diff changeset	85	def _get_metadata_proxy_process_manager(self, router_id, ns_name):
45b5c64ab5bf 21419906 sudo is being used to kill neutron proxy server Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4389 diff changeset	86	return external_process.ProcessManager(
45b5c64ab5bf 21419906 sudo is being used to kill neutron proxy server Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4389 diff changeset	87	self.conf,
45b5c64ab5bf 21419906 sudo is being used to kill neutron proxy server Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4389 diff changeset	88	router_id,
45b5c64ab5bf 21419906 sudo is being used to kill neutron proxy server Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4389 diff changeset	89	root_helper=None,
45b5c64ab5bf 21419906 sudo is being used to kill neutron proxy server Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4389 diff changeset	90	namespace=ns_name)
45b5c64ab5bf 21419906 sudo is being used to kill neutron proxy server Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4389 diff changeset	91
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	92	def _get_metadata_proxy_callback(self, router_id):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	93	"""Need to override this since we need to pass the absolute
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	94	path to neutron-ns-metadata-proxy binary.
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	95	"""
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	96	def callback(pid_file):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	97	metadata_proxy_socket = cfg.CONF.metadata_proxy_socket
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	98	proxy_cmd = ['/usr/lib/neutron/neutron-ns-metadata-proxy',
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	99	'--pid_file=%s' % pid_file,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	100	'--metadata_proxy_socket=%s' % metadata_proxy_socket,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	101	'--router_id=%s' % router_id,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	102	'--state_path=%s' % self.conf.state_path,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	103	'--metadata_port=%s' % self.conf.metadata_port]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	104	proxy_cmd.extend(config.get_log_args(
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	105	cfg.CONF, 'neutron-ns-metadata-proxy-%s.log' %
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	106	router_id))
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	107	return proxy_cmd
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	108
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	109	return callback
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	110
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	111	def external_gateway_snat_rules(self, ex_gw_ip, internal_cidrs,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	112	interface_name):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	113	rules = []
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	114	for cidr in internal_cidrs:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	115	rules.append('map %s %s -> %s/32' %
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	116	(interface_name, cidr, ex_gw_ip))
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	117	return rules
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	118
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	119	def _handle_router_snat_rules(self, ri, ex_gw_port, internal_cidrs,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	120	interface_name, action):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	121	assert not ri.router['distributed']
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	122
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	123	# Remove all the old SNAT rules
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	124	# This is safe because if use_namespaces is set as False
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	125	# then the agent can only configure one router, otherwise
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	126	# each router's SNAT rules will be in their own namespace
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	127
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	128	# get only the SNAT rules
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	129	old_snat_rules = [rule for rule in ri.ipfilters_manager.ipv4['nat']
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	130	if rule.startswith('map')]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	131	ri.ipfilters_manager.remove_nat_rules(old_snat_rules)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	132
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	133	# And add them back if the action is add_rules
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	134	if action == 'add_rules' and ex_gw_port:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	135	# NAT rules are added only if ex_gw_port has an IPv4 address
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	136	for ip_addr in ex_gw_port['fixed_ips']:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	137	ex_gw_ip = ip_addr['ip_address']
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	138	if netaddr.IPAddress(ex_gw_ip).version == 4:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	139	rules = self.external_gateway_snat_rules(ex_gw_ip,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	140	internal_cidrs,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	141	interface_name)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	142	ri.ipfilters_manager.add_nat_rules(rules)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	143	break
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	144
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	145	@common_utils.exception_logger()
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	146	def process_router(self, ri):
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	147	# TODO(mrsmith) - we shouldn't need to check here
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	148	if 'distributed' not in ri.router:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	149	ri.router['distributed'] = False
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	150	ex_gw_port = self._get_ex_gw_port(ri)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	151	internal_ports = ri.router.get(l3_constants.INTERFACE_KEY, [])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	152	existing_port_ids = set([p['id'] for p in ri.internal_ports])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	153	current_port_ids = set([p['id'] for p in internal_ports
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	154	if p['admin_state_up']])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	155	new_ports = [p for p in internal_ports if
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	156	p['id'] in current_port_ids and
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	157	p['id'] not in existing_port_ids]
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	158	old_ports = [p for p in ri.internal_ports if
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	159	p['id'] not in current_port_ids]
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	160	new_ipv6_port = False
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	161	old_ipv6_port = False
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	162	for p in new_ports:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	163	self._set_subnet_info(p)
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	164	self.internal_network_added(ri, p)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	165	ri.internal_ports.append(p)
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	166	if (not new_ipv6_port and
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	167	netaddr.IPNetwork(p['subnet']['cidr']).version == 6):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	168	new_ipv6_port = True
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	169
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	170	for p in old_ports:
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	171	self.internal_network_removed(ri, p)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	172	ri.internal_ports.remove(p)
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	173	if (not old_ipv6_port and
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	174	netaddr.IPNetwork(p['subnet']['cidr']).version == 6):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	175	old_ipv6_port = True
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	176
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	177	if new_ipv6_port or old_ipv6_port:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	178	# refresh ndpd daemon after filling in ndpd.conf
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	179	# with the right entries
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	180	ra.enable_ipv6_ra(ri.router_id,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	181	internal_ports,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	182	self.get_internal_device_name)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	183
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	184	# remove any internal stale router interfaces (i.e., l3i.. VNICs)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	185	existing_devices = net_lib.Datalink.show_vnic()
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	186	current_internal_devs = set([n for n in existing_devices
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	187	if n.startswith(INTERNAL_DEV_PREFIX)])
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	188	current_port_devs = set([self.get_internal_device_name(id) for
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	189	id in current_port_ids])
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	190	stale_devs = current_internal_devs - current_port_devs
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	191	for stale_dev in stale_devs:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	192	LOG.debug(_('Deleting stale internal router device: %s'),
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	193	stale_dev)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	194	self.driver.fini_l3(stale_dev)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	195	self.driver.unplug(stale_dev)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	196
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	197	# TODO(salv-orlando): RouterInfo would be a better place for
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	198	# this logic too
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	199	ex_gw_port_id = (ex_gw_port and ex_gw_port['id'] or
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	200	ri.ex_gw_port and ri.ex_gw_port['id'])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	201
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	202	interface_name = None
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	203	if ex_gw_port_id:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	204	interface_name = self.get_external_device_name(ex_gw_port_id)
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	205	if ex_gw_port:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	206	def _gateway_ports_equal(port1, port2):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	207	def _get_filtered_dict(d, ignore):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	208	return dict((k, v) for k, v in d.iteritems()
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	209	if k not in ignore)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	210
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	211	keys_to_ignore = set(['binding:host_id'])
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	212	port1_filtered = _get_filtered_dict(port1, keys_to_ignore)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	213	port2_filtered = _get_filtered_dict(port2, keys_to_ignore)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	214	return port1_filtered == port2_filtered
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	215
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	216	self._set_subnet_info(ex_gw_port)
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	217	if not ri.ex_gw_port:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	218	self.external_gateway_added(ri, ex_gw_port, interface_name)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	219	elif not _gateway_ports_equal(ex_gw_port, ri.ex_gw_port):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	220	self.external_gateway_updated(ri, ex_gw_port, interface_name)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	221	elif not ex_gw_port and ri.ex_gw_port:
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	222	self.external_gateway_removed(ri, ri.ex_gw_port, interface_name)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	223
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	224	# Remove any external stale router interfaces (i.e., l3e.. VNICs)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	225	stale_devs = [dev for dev in existing_devices
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	226	if dev.startswith(EXTERNAL_DEV_PREFIX)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	227	and dev != interface_name]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	228	for stale_dev in stale_devs:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	229	LOG.debug(_('Deleting stale external router device: %s'),
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	230	stale_dev)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	231	self.driver.fini_l3(stale_dev)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	232	self.driver.unplug(stale_dev)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	233
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	234	# Process static routes for router
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	235	self.routes_updated(ri)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	236
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	237	# Process SNAT rules for external gateway
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	238	if (not ri.router['distributed'] or
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	239	ex_gw_port and self.get_gw_port_host(ri.router) == self.host):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	240	# Get IPv4 only internal CIDRs
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	241	internal_cidrs = [p['ip_cidr'] for p in ri.internal_ports
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	242	if netaddr.IPNetwork(p['ip_cidr']).version == 4]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	243	ri.perform_snat_action(self._handle_router_snat_rules,
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	244	internal_cidrs, interface_name)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	245
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	246	# Process SNAT/DNAT rules for floating IPs
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	247	fip_statuses = {}
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	248	if ex_gw_port:
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	249	existing_floating_ips = ri.floating_ips
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	250	fip_statuses = self.process_router_floating_ips(ri, ex_gw_port)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	251	# Identify floating IPs which were disabled
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	252	ri.floating_ips = set(fip_statuses.keys())
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	253	for fip_id in existing_floating_ips - ri.floating_ips:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	254	fip_statuses[fip_id] = l3_constants.FLOATINGIP_STATUS_DOWN
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	255	# Update floating IP status on the neutron server
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	256	self.plugin_rpc.update_floatingip_statuses(
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	257	self.context, ri.router_id, fip_statuses)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	258
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	259	# Update ex_gw_port and enable_snat on the router info cache
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	260	ri.ex_gw_port = ex_gw_port
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	261	ri.enable_snat = ri.router.get('enable_snat')
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	262
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	263	def process_router_floating_ips(self, ri, ex_gw_port):
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	264	"""Configure the router's floating IPs
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	265	Configures floating ips using ipnat(1m) on the router's gateway device.
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	266
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	267	Cleans up floating ips that should not longer be configured.
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	268	"""
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	269	ifname = self.get_external_device_name(ex_gw_port['id'])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	270	ipintf = net_lib.IPInterface(ifname)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	271	ipaddr_list = ipintf.ipaddr_list()['static']
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	272
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	273	existing_cidrs = set(ipaddr_list)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	274	new_cidrs = set()
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	275
1987 6fa18b7a0af6 19158668 associating a new floating ip removes existing ipnat rules and re-adds them Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	276	existing_nat_rules = [nat_rule for nat_rule in
6fa18b7a0af6 19158668 associating a new floating ip removes existing ipnat rules and re-adds them Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	277	ri.ipfilters_manager.ipv4['nat']]
6fa18b7a0af6 19158668 associating a new floating ip removes existing ipnat rules and re-adds them Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	278	new_nat_rules = []
6fa18b7a0af6 19158668 associating a new floating ip removes existing ipnat rules and re-adds them Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	279
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	280	# Loop once to ensure that floating ips are configured.
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	281	fip_statuses = {}
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	282	for fip in ri.router.get(l3_constants.FLOATINGIP_KEY, []):
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	283	fip_ip = fip['floating_ip_address']
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	284	fip_cidr = str(fip_ip) + FLOATING_IP_CIDR_SUFFIX
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	285	new_cidrs.add(fip_cidr)
1987 6fa18b7a0af6 19158668 associating a new floating ip removes existing ipnat rules and re-adds them Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	286	fixed_cidr = str(fip['fixed_ip_address']) + '/32'
6fa18b7a0af6 19158668 associating a new floating ip removes existing ipnat rules and re-adds them Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	287	nat_rule = 'bimap %s %s -> %s' % (ifname, fixed_cidr, fip_cidr)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	288
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	289	if fip_cidr not in existing_cidrs:
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	290	try:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	291	ipintf.create_address(fip_cidr)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	292	ri.ipfilters_manager.add_nat_rules([nat_rule])
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	293	except Exception as err:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	294	# TODO(gmoodalb): If we fail in add_nat_rules(), then
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	295	# we need to remove the fip_cidr address
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	296
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	297	# any exception occurred here should cause the floating IP
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	298	# to be set in error state
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	299	fip_statuses[fip['id']] = (
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	300	l3_constants.FLOATINGIP_STATUS_ERROR)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	301	LOG.warn(_("Unable to configure IP address for "
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	302	"floating IP: %s: %s") % (fip['id'], err))
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	303	continue
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	304	fip_statuses[fip['id']] = (
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	305	l3_constants.FLOATINGIP_STATUS_ACTIVE)
1987 6fa18b7a0af6 19158668 associating a new floating ip removes existing ipnat rules and re-adds them Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	306	new_nat_rules.append(nat_rule)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	307
1987 6fa18b7a0af6 19158668 associating a new floating ip removes existing ipnat rules and re-adds them Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1977 diff changeset	308	# remove all the old NAT rules
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	309	old_nat_rules = list(set(existing_nat_rules) - set(new_nat_rules))
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	310	# Filter out 'bimap' NAT rules as we don't want to remove NAT rules
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	311	# that were added for Metadata server
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	312	old_nat_rules = [rule for rule in old_nat_rules if "bimap" in rule]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	313	ri.ipfilters_manager.remove_nat_rules(old_nat_rules)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	314
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	315	# Clean up addresses that no longer belong on the gateway interface.
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	316	for ip_cidr in existing_cidrs - new_cidrs:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	317	if ip_cidr.endswith(FLOATING_IP_CIDR_SUFFIX):
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	318	ipintf.delete_address(ip_cidr)
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	319	return fip_statuses
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	320
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	321	def get_internal_device_name(self, port_id):
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	322	# Because of the way how dnsmasq works on Solaris, the length
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	323	# of datalink name cannot exceed 16 (includes terminating nul
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	324	# character). So, the linkname can only have 15 characters and
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	325	# the last two characters are set aside for '_0'. So, we only
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	326	# have 13 characters left.
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	327	dname = (INTERNAL_DEV_PREFIX + port_id)[:13]
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	328	dname += '_0'
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	329	return dname.replace('-', '_')
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	330
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	331	def get_external_device_name(self, port_id):
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	332	# please see the comment above
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	333	dname = (EXTERNAL_DEV_PREFIX + port_id)[:13]
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	334	dname += '_0'
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	335	return dname.replace('-', '_')
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	336
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	337	def external_gateway_added(self, ri, ex_gw_port, external_dlname):
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	338
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	339	if not net_lib.Datalink.datalink_exists(external_dlname):
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	340	dl = net_lib.Datalink(external_dlname)
4057 43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	341	# determine the network type of the external network
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	342	evsname = ex_gw_port['network_id']
4057 43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	343	cmd = ['/usr/sbin/evsadm', 'show-evs', '-co', 'l2type,vid',
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	344	'-f', 'evs=%s' % evsname]
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	345	try:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	346	stdout = utils.execute(cmd)
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	347	except Exception as err:
4057 43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	348	LOG.error(_("Failed to retrieve the network type for "
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	349	"the external network, and it is required "
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	350	"to create an external gateway port: %s") % err)
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	351	return
4057 43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	352	output = stdout.splitlines()[0].strip()
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	353	l2type, vid = output.split(':')
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	354	if l2type != 'flat' and l2type != 'vlan':
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	355	LOG.error(_("External network should be either Flat or "
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	356	"VLAN based, and it is required to "
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	357	"create an external gateway port"))
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	358	return
4057 43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	359	elif (l2type == 'vlan' and
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	360	self.conf.get("external_network_datalink", None)):
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	361	LOG.warning(_("external_network_datalink is deprecated in "
4389 a44bb9a2917e 21086485 neutron-l3-agent service should not report online if trace dump happened Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4057 diff changeset	362	"Juno and will be removed in the next release "
a44bb9a2917e 21086485 neutron-l3-agent service should not report online if trace dump happened Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4057 diff changeset	363	"of Solaris OpenStack. Please use the evsadm "
a44bb9a2917e 21086485 neutron-l3-agent service should not report online if trace dump happened Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4057 diff changeset	364	"set-controlprop subcommand to setup the "
a44bb9a2917e 21086485 neutron-l3-agent service should not report online if trace dump happened Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 4057 diff changeset	365	"uplink-port for an external network"))
4057 43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	366	# proceed with the old-style of doing things
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	367	mac_address = ex_gw_port['mac_address']
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	368	dl.create_vnic(self.conf.external_network_datalink,
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	369	mac_address=mac_address, vid=vid)
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	370	else:
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	371	# This is to handle HA by Solaris Cluster and is similar to
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	372	# the code we already have for the DHCP Agent. So, when
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	373	# the 1st L3 agent is down and the second L3 agent tries to
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	374	# connect its VNIC to EVS, we will end up in "vport in use"
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	375	# error. So, we need to reset the vport before we connect
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	376	# the VNIC to EVS.
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	377	cmd = ['/usr/sbin/evsadm', 'show-vport', '-f',
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	378	'vport=%s' % ex_gw_port['id'], '-co',
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	379	'evs,vport,status']
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	380	stdout = utils.execute(cmd)
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	381	evsname, vportname, status = stdout.strip().split(':')
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	382	tenant_id = ex_gw_port['tenant_id']
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	383	if status == 'used':
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	384	cmd = ['/usr/sbin/evsadm', 'reset-vport', '-T', tenant_id,
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	385	'%s/%s' % (evsname, vportname)]
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	386	utils.execute(cmd)
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	387
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	388	# next remove protection setting on the VPort to allow
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	389	# multiple floating IPs to be configured on the l3e*
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	390	# interface
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	391	evsvport = "%s/%s" % (ex_gw_port['network_id'],
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	392	ex_gw_port['id'])
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	393	cmd = ['/usr/sbin/evsadm', 'set-vportprop', '-T',
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	394	tenant_id, '-p', 'protection=none', evsvport]
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	395	utils.execute(cmd)
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	396	dl.connect_vnic(evsvport, tenant_id)
43172a88ed95 20829672 support flat network type in neutron Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 3998 diff changeset	397
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	398	self.driver.init_l3(external_dlname, [ex_gw_port['ip_cidr']])
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	399
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	400	# TODO(gmoodalb): wrap route(1m) command within a class in net_lib.py
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	401	gw_ip = ex_gw_port['subnet']['gateway_ip']
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	402	if gw_ip:
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	403	cmd = ['/usr/bin/pfexec', '/usr/sbin/route', 'add', 'default',
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	404	gw_ip]
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	405	stdout = utils.execute(cmd, extra_ok_codes=[errno.EEXIST])
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	406	ri.remove_route = True
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	407	if 'entry exists' in stdout:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	408	ri.remove_route = False
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	409
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	410	# for each of the internal ports, add Policy Based
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	411	# Routing (PBR) rule
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	412	for port in ri.internal_ports:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	413	internal_dlname = self.get_internal_device_name(port['id'])
2174 2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	414	rules = ['pass in on %s to %s:%s from any to !%s' %
2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	415	(internal_dlname, external_dlname, gw_ip,
2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	416	port['subnet']['cidr'])]
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	417	ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	418	ri.ipfilters_manager.add_ipf_rules(rules, ipversion)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	419
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	420	def external_gateway_updated(self, ri, ex_gw_port, external_dlname):
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	421	# There is nothing to do on Solaris
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	422	pass
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	423
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	424	def external_gateway_removed(self, ri, ex_gw_port, external_dlname):
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	425	gw_ip = ex_gw_port['subnet']['gateway_ip']
56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	426	if gw_ip:
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	427	# remove PBR rules
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	428	for port in ri.internal_ports:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	429	internal_dlname = self.get_internal_device_name(port['id'])
2174 2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	430	rules = ['pass in on %s to %s:%s from any to !%s' %
2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	431	(internal_dlname, external_dlname, gw_ip,
2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	432	port['subnet']['cidr'])]
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	433	ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	434	ri.ipfilters_manager.remove_ipf_rules(rules, ipversion)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	435
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	436	if ri.remove_route:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	437	cmd = ['/usr/bin/pfexec', '/usr/sbin/route', 'delete',
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	438	'default', gw_ip]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	439	utils.execute(cmd, check_exit_code=False)
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	440
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	441	if net_lib.Datalink.datalink_exists(external_dlname):
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	442	self.driver.fini_l3(external_dlname)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	443	self.driver.unplug(external_dlname)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	444
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	445	# remove the EVS VPort associated with external network
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	446	cmd = ['/usr/sbin/evsadm', 'remove-vport',
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	447	'-T', ex_gw_port['tenant_id'],
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	448	'%s/%s' % (ex_gw_port['network_id'], ex_gw_port['id'])]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	449	try:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	450	utils.execute(cmd)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	451	except Exception as err:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	452	LOG.error(_("Failed to delete the EVS VPort associated with "
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	453	"external network: %s") % err)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	454
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	455	def _get_ippool_name(self, mac_address, suffix=None):
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	456	# Generate a unique-name for ippool(1m) from that last 3
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	457	# bytes of mac-address. It is called pool name, but it is
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	458	# actually a 32 bit integer
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	459	name = mac_address.split(':')[3:]
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	460	if suffix:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	461	name.append(suffix)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	462	return int("".join(name), 16)
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	463
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	464	def internal_network_added(self, ri, port):
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	465	internal_dlname = self.get_internal_device_name(port['id'])
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	466	# driver just returns if datalink and IP interface already exists
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	467	self.driver.plug(port['tenant_id'], port['network_id'], port['id'],
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	468	internal_dlname)
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	469	self.driver.init_l3(internal_dlname, [port['ip_cidr']])
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	470
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	471	# Since we support shared router model, we need to block the new
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	472	# internal port from reaching other tenant's ports
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	473	block_pname = self._get_ippool_name(port['mac_address'])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	474	ri.ipfilters_manager.add_ippool(block_pname, None)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	475	if self.conf.allow_forwarding_between_networks:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	476	# If allow_forwarding_between_networks is set, then we need to
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	477	# allow forwarding of packets between same tenant's ports.
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	478	allow_pname = self._get_ippool_name(port['mac_address'], '0')
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	479	ri.ipfilters_manager.add_ippool(allow_pname, None)
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	480
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	481	# walk through the other internal ports and retrieve their
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	482	# cidrs and at the same time add the new internal port's
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	483	# cidr to them
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	484	port_subnet = port['subnet']['cidr']
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	485	block_subnets = []
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	486	allow_subnets = []
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	487	for internal_port in ri.internal_ports:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	488	if internal_port['mac_address'] == port['mac_address']:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	489	continue
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	490	if (self.conf.allow_forwarding_between_networks and
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	491	internal_port['tenant_id'] == port['tenant_id']):
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	492	allow_subnets.append(internal_port['subnet']['cidr'])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	493	# we need to add the port's subnet to this internal_port's
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	494	# allowed_subnet_pool
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	495	iport_allow_pname = \
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	496	self._get_ippool_name(internal_port['mac_address'], '0')
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	497	ri.ipfilters_manager.add_ippool(iport_allow_pname,
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	498	[port_subnet])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	499	else:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	500	block_subnets.append(internal_port['subnet']['cidr'])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	501	iport_block_pname = \
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	502	self._get_ippool_name(internal_port['mac_address'])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	503	ri.ipfilters_manager.add_ippool(iport_block_pname,
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	504	[port_subnet])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	505	# update the new port's pool with other ports' subnet
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	506	ri.ipfilters_manager.add_ippool(block_pname, block_subnets)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	507	if self.conf.allow_forwarding_between_networks:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	508	ri.ipfilters_manager.add_ippool(allow_pname, allow_subnets)
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	509
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	510	# now setup the IPF rules
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	511	rules = ['block in quick on %s from %s to pool/%d' %
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	512	(internal_dlname, port_subnet, block_pname)]
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	513	# pass in packets between networks that belong to same tenant
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	514	if self.conf.allow_forwarding_between_networks:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	515	rules.append('pass in quick on %s from %s to pool/%d' %
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	516	(internal_dlname, port_subnet, allow_pname))
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	517	# if the external gateway is already setup for the shared router,
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	518	# then we need to add Policy Based Routing (PBR) for this internal
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	519	# network
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	520	ex_gw_port = ri.ex_gw_port
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	521	ex_gw_ip = (ex_gw_port['subnet']['gateway_ip'] if ex_gw_port else None)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	522	if ex_gw_ip:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	523	external_dlname = self.get_external_device_name(ex_gw_port['id'])
2174 2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	524	rules.append('pass in on %s to %s:%s from any to !%s' %
2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	525	(internal_dlname, external_dlname, ex_gw_ip,
2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	526	port_subnet))
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	527
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	528	ipversion = netaddr.IPNetwork(port_subnet).version
1977 12e9c20eef5a 19034270 IPv6 filter rules are not properly handled Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1959 diff changeset	529	ri.ipfilters_manager.add_ipf_rules(rules, ipversion)
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	530
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	531	# if metadata proxy is enabled, then add the necessary
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	532	# IP NAT rules to forward the metadata requests to the
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	533	# metadata proxy server
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	534	if self.conf.enable_metadata_proxy and ipversion == 4:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	535	# TODO(gmoodalb): when IP Filter allows redirection of packets
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	536	# to loopback IP address, then we need to add an IPF rule allowing
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	537	# only packets destined to 127.0.0.1:9697 to
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	538	# neutron-ns-metadata-proxy server
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	539	rules = ['rdr %s 169.254.169.254/32 port 80 -> %s port %d tcp' %
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	540	(internal_dlname, port['fixed_ips'][0]['ip_address'],
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	541	self.conf.metadata_port)]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	542	ri.ipfilters_manager.add_nat_rules(rules)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	543
1944 56ac2df1785b PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 1760 diff changeset	544	def internal_network_removed(self, ri, port):
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	545	internal_dlname = self.get_internal_device_name(port['id'])
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	546	port_subnet = port['subnet']['cidr']
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	547	# remove all the IP filter rules that we added during
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	548	# internal network addition
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	549	block_pname = self._get_ippool_name(port['mac_address'])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	550	rules = ['block in quick on %s from %s to pool/%d' %
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	551	(internal_dlname, port_subnet, block_pname)]
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	552	if self.conf.allow_forwarding_between_networks:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	553	allow_pname = self._get_ippool_name(port['mac_address'], '0')
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	554	rules.append('pass in quick on %s from %s to pool/%d' %
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	555	(internal_dlname, port_subnet, allow_pname))
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	556
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	557	# remove all the IP filter rules that we added during
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	558	# external network addition
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	559	ex_gw_port = ri.ex_gw_port
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	560	ex_gw_ip = (ex_gw_port['subnet']['gateway_ip'] if ex_gw_port else None)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	561	if ex_gw_ip:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	562	external_dlname = self.get_external_device_name(ex_gw_port['id'])
2174 2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	563	rules.append('pass in on %s to %s:%s from any to !%s' %
2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	564	(internal_dlname, external_dlname, ex_gw_ip,
2856bd2e4b18 19898528 PBR rule must not forward packets addressed to internal default gateway Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 2083 diff changeset	565	port_subnet))
2083 87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	566	ipversion = netaddr.IPNetwork(port['subnet']['cidr']).version
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	567	ri.ipfilters_manager.remove_ipf_rules(rules, ipversion)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	568
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	569	# remove the ippool
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	570	ri.ipfilters_manager.remove_ippool(block_pname, None)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	571	if self.conf.allow_forwarding_between_networks:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	572	ri.ipfilters_manager.remove_ippool(allow_pname, None)
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	573
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	574	for internal_port in ri.internal_ports:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	575	if (self.conf.allow_forwarding_between_networks and
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	576	internal_port['tenant_id'] == port['tenant_id']):
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	577	iport_allow_pname = \
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	578	self._get_ippool_name(internal_port['mac_address'], '0')
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	579	ri.ipfilters_manager.remove_ippool(iport_allow_pname,
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	580	[port_subnet])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	581	else:
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	582	iport_block_pname = \
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	583	self._get_ippool_name(internal_port['mac_address'])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	584	ri.ipfilters_manager.remove_ippool(iport_block_pname,
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	585	[port_subnet])
87196737f09f 19571319 datalink protection kicks in if L3 agent and DHCP agent are on the same m/c Girish Moodalbail <Girish.Moodalbail@oracle.COM> parents: 1987 diff changeset	586
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	587	# if metadata proxy is enabled, then remove the IP NAT rules that
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	588	# were added while adding the internal network
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	589	if self.conf.enable_metadata_proxy and ipversion == 4:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	590	rules = ['rdr %s 169.254.169.254/32 port 80 -> %s port %d tcp' %
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	591	(internal_dlname, port['fixed_ips'][0]['ip_address'],
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	592	self.conf.metadata_port)]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	593	ri.ipfilters_manager.remove_nat_rules(rules)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	594
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	595	if net_lib.Datalink.datalink_exists(internal_dlname):
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	596	self.driver.fini_l3(internal_dlname)
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	597	self.driver.unplug(internal_dlname)
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	598
3998 5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	599	# remove the EVS VPort associated with internal network
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	600	cmd = ['/usr/sbin/evsadm', 'remove-vport', '-T', port['tenant_id'],
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	601	'%s/%s' % (port['network_id'], port['id'])]
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	602	try:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	603	utils.execute(cmd)
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	604	except Exception as err:
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	605	LOG.error(_("Failed to delete the EVS VPort associated with "
5bd484384122 PSARC 2015/110 OpenStack service updates for Juno Danek Duvall <danek.duvall@oracle.com> parents: 2174 diff changeset	606	"internal network: %s") % err)
1760 353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	607
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	608	def routes_updated(self, ri):
353323c7bdc1 PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	609	pass

author	Girish Moodalbail <Girish.Moodalbail@oracle.COM>
	Fri, 10 Jul 2015 11:02:29 -0700
changeset 4624	45b5c64ab5bf
parent 4389	a44bb9a2917e
child 4975	6445e44cfccd
permissions	-rw-r--r--