upstream/oracle/userland-gate: components/openstack/neutron/files/neutron-l3-agent@4c06db2d9388 (annotated)

3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	1	#!/usr/bin/python2.6
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	2
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	3	# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	4	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	5	# Licensed under the Apache License, Version 2.0 (the "License"); you may
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	6	# not use this file except in compliance with the License. You may obtain
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	7	# a copy of the License at
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	8	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	9	# http://www.apache.org/licenses/LICENSE-2.0
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	10	#
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	11	# Unless required by applicable law or agreed to in writing, software
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	12	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	13	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	14	# License for the specific language governing permissions and limitations
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	15	# under the License.
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	16
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	17	import os
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	18	import re
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	19	import sys
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	20
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	21	import netaddr
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	22	import smf_include
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	23
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	24	from subprocess import CalledProcessError, Popen, PIPE, check_call
3077 3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	25
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	26
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	27	def start():
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	28	# verify paths are valid
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	29	for f in sys.argv[2:4]:
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	30	if not os.path.exists(f) or not os.access(f, os.R_OK):
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	31	print '%s does not exist or is not readable' % f
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	32	return smf_include.SMF_EXIT_ERR_CONFIG
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	33
3077 3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	34	# System-wide forwarding (either ipv4 or ipv6 or both) must be enabled
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	35	# before neutron-l3-agent can be started.
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	36	cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	37	"-o", "current", "ipv4"]
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	38	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	39	output, error = p.communicate()
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	40	if p.returncode != 0:
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	41	print "failed to determine if IPv4 forwarding is enabled or not"
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	42	return smf_include.SMF_EXIT_ERR_FATAL
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	43	v4fwding = "on" in output
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	44
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	45	cmd = ["/usr/sbin/ipadm", "show-prop", "-c", "-p", "forwarding",
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	46	"-o", "current", "ipv6"]
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	47	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	48	output, error = p.communicate()
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	49	if p.returncode != 0:
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	50	print "failed to determine if IPv6 forwarding is enabled or not"
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	51	return smf_include.SMF_EXIT_ERR_FATAL
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	52	v6fwding = "on" in output
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	53
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	54	if not any((v4fwding, v6fwding)):
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	55	print "System-wide IPv4 or IPv6 (or both) forwarding must be " \
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	56	"enabled before enabling neutron-l3-agent"
3077 3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	57	return smf_include.SMF_EXIT_ERR_CONFIG
3e8d5f02f4a0 18416129 neutron-l3-agent should include dependency on ipfilter service Drew Fisher <drew.fisher@oracle.com> parents: 3028 diff changeset	58
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	59	cmd = "/usr/lib/neutron/neutron-l3-agent --config-file %s " \
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	60	"--config-file %s" % tuple(sys.argv[2:4])
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	61	smf_include.smf_subprocess(cmd)
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	62
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	63
3196 4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	64	def remove_ipfilter_rules(version):
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	65	# remove IP Filter rules added by neutron-l3-agent
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	66	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipfstat", "-io"]
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	67	if version == 6:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	68	cmd.insert(2, "-6")
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	69	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	70	output, error = p.communicate()
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	71	if p.returncode != 0:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	72	print "failed to retrieve IP Filter rules"
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	73	return smf_include.SMF_EXIT_ERR_FATAL
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	74
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	75	ipfilters = output.splitlines()
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	76	# L3 agent IP Filter rules are of the form
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	77	# block in quick on l3i64cbb496_a_0 from ... to pool/15417332
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	78	prog = re.compile('on l3i[0-9A-Fa-f\_]{10}_0')
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	79	ippool_names = []
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	80	for ipf in ipfilters:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	81	if not prog.search(ipf):
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	82	continue
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	83	# capture the IP pool name
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	84	ippool_names.append(ipf.split('pool/')[1])
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	85
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	86	try:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	87	# remove the IP Filter rule
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	88	p = Popen(["echo", ipf], stdout=PIPE)
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	89	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipf", "-r", "-f", "-"]
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	90	if version == 6:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	91	cmd.insert(2, "-6")
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	92	check_call(cmd, stdin=p.stdout)
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	93	except CalledProcessError as err:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	94	print "failed to remove IP Filter rule %s: %s" % (ipf, err)
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	95	return smf_include.SMF_EXIT_ERR_FATAL
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	96
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	97	# remove IP Pools added by neutron-l3-agent
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	98	for ippool_name in ippool_names:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	99	try:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	100	check_call(["/usr/bin/pfexec", "/usr/sbin/ippool", "-R",
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	101	"-m", ippool_name, "-t", "tree"])
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	102	except CalledProcessError as err:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	103	print "failed to remove IP Pool %s: %s" % (ippool_name, err)
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	104	return smf_include.SMF_EXIT_ERR_FATAL
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	105	return smf_include.SMF_EXIT_OK
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	106
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	107
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	108	def stop():
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	109	try:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	110	# first kill the SMF contract
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	111	check_call(["/usr/bin/pkill", "-c", sys.argv[2]])
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	112	except CalledProcessError as err:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	113	print "failed to kill the SMF contract: %s" % (err)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	114	return smf_include.SMF_EXIT_ERR_FATAL
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	115	# remove VNICs associated with L3 agent
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	116	cmd = ["/usr/sbin/ipadm", "show-if", "-p", "-o", "ifname"]
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	117	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	118	output, error = p.communicate()
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	119	if p.returncode != 0:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	120	print "failed to retrieve IP interface names"
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	121	return smf_include.SMF_EXIT_ERR_CONFIG
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	122
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	123	ifnames = output.splitlines()
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	124	# L3 agent datalinks are always 15 characters in length. They start
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	125	# with either 'l3i' or 'l3e', end with '_0', and in between they are
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	126	# hexadecimal digits.
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	127	prog = re.compile('l3[ie][0-9A-Fa-f\_]{10}_0')
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	128	for ifname in ifnames:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	129	if not prog.search(ifname):
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	130	continue
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	131	try:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	132	# first remove the IP
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	133	check_call(["/usr/bin/pfexec", "/usr/sbin/ipadm", "delete-ip",
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	134	ifname])
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	135	# next remove the VNIC
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	136	check_call(["/usr/bin/pfexec", "/usr/sbin/dladm", "delete-vnic",
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	137	ifname])
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	138	except CalledProcessError as err:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	139	print "failed to remove datalinks used by L3 agent: %s" % (err)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	140	return smf_include.SMF_EXIT_ERR_FATAL
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	141
3196 4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	142	# remove IPv4 Filter rules added by neutron-l3-agent
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	143	rv = remove_ipfilter_rules(4)
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	144	if rv != smf_include.SMF_EXIT_OK:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	145	return rv
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	146
3196 4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	147	# remove IPv6 Filter rules added by neutron-l3-agent
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	148	rv = remove_ipfilter_rules(6)
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	149	if rv != smf_include.SMF_EXIT_OK:
4c06db2d9388 19073547 editing built-in flavors fails with name too long Drew Fisher <drew.fisher@oracle.com> parents: 3178 diff changeset	150	return rv
3178 77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	151
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	152	# remove IP NAT rules added by neutron-l3-agent
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	153	cmd = ["/usr/bin/pfexec", "/usr/sbin/ipnat", "-lR"]
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	154	p = Popen(cmd, stdout=PIPE, stderr=PIPE)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	155	output, error = p.communicate()
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	156	if p.returncode != 0:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	157	print "failed to retrieve IP NAT rules"
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	158	return smf_include.SMF_EXIT_ERR_FATAL
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	159
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	160	ipnat_rules = output.splitlines()
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	161	# L3 agent IP NAT rules are of the form
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	162	# bimap l3e64ccc496_a_0 192.168.1.3/32 -> 172.16.10.3/32
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	163	prog = re.compile('l3e[0-9A-Fa-f\_]{10}_0')
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	164	for ipnat_rule in ipnat_rules:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	165	if not prog.search(ipnat_rule):
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	166	continue
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	167	# remove the IP NAT rule
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	168	try:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	169	p = Popen(["echo", ipnat_rule], stdout=PIPE)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	170	check_call(["/usr/bin/pfexec", "/usr/sbin/ipnat", "-r", "-f", "-"],
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	171	stdin=p.stdout)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	172	except CalledProcessError as err:
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	173	print "failed to remove IP NAT rule %s: %s" % (ipnat_rule, err)
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	174	return smf_include.SMF_EXIT_ERR_FATAL
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	175
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	176	return smf_include.SMF_EXIT_OK
77584387a894 PSARC/2014/207 OpenStack Glance Update to Havana Drew Fisher <drew.fisher@oracle.com> parents: 3077 diff changeset	177
3028 5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	178	if __name__ == "__main__":
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	179	os.putenv("LC_ALL", "C")
5e73a3a3f66a PSARC/2013/350 OpenStack for Solaris (Umbrella) Drew Fisher <drew.fisher@oracle.com> parents: diff changeset	180	smf_include.smf_main()

author	Drew Fisher <drew.fisher@oracle.com>
	Wed, 02 Jul 2014 13:34:33 -0700
branch	s11-update
changeset 3196	4c06db2d9388
parent 3178	77584387a894
child 2083	87196737f09f
permissions	-rw-r--r--